crylock 2.0.0.0 В сеть компании попал вирус шифровальщик [flydragon@mailfence.com][sel4auto].[A15F580C-524AC4DB]

[AndrewCott 0]

Доброго дня!

 

Попались на вирус шифровальщик. Логи приложил. 

17.11 была первая волна. 19.11 пронеслась ещё. Ещё не всё зашифровал. Помогите. 

Спасибо. 

Addition.txt FRST.txt Файлы злоумышленников.rar

[Sandor 875]

Здравствуйте!

 

Расшифровки нет.

Помощь в очистке системы нужна или планируете переустановку?

[AndrewCott 0]

Нужна и очень.

Переустановка крайне нежелательна. Прошу помочь. 

 

2 часа назад, Sandor сказал:

Здравствуйте!

 

Расшифровки нет.

Помощь в очистке системы нужна или планируете переустановку?

Нужна и очень.

Переустановка крайне нежелательна. Прошу помочь. 

[Sandor 875]

• Отключите до перезагрузки антивирус.
• Выделите следующий код:

  Start::
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1001\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1008\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1012\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1046\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1057\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1088\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1091\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-500\...\Run: [A15F580C-524AC4DB] => "C:\users\836d~1\appdata\local\temp\2\svcdee.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-500\...\MountPoints2: {96b89058-1a96-11e7-94ee-806e6f6e6963} - D:\setup.exe
  2020-11-19 17:30 - 2020-11-19 17:30 - 000006038 _____ C:\how_to_decrypt.hta
  2020-11-19 17:19 - 2020-11-19 17:19 - 000006038 _____ C:\Users\invent4\Desktop\how_to_decrypt.hta
  2020-11-19 17:19 - 2020-11-19 17:19 - 000006038 _____ C:\Users\invent4\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:19 - 2020-11-19 17:19 - 000006038 _____ C:\Users\invent3.TERMINALAPP\Desktop\how_to_decrypt.hta
  2020-11-19 17:19 - 2020-11-19 17:19 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:18 - 2020-11-19 17:18 - 000006038 _____ C:\Users\invent2.TERMINALAPP\Desktop\how_to_decrypt.hta
  2020-11-19 17:18 - 2020-11-19 17:18 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:17 - 2020-11-19 17:17 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:11 - 2020-11-19 17:11 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:08 - 2020-11-19 17:08 - 000006038 _____ C:\Users\1cuser\Documents\how_to_decrypt.hta
  2020-11-19 17:08 - 2020-11-19 17:08 - 000006038 _____ C:\Users\1cuser\Desktop\how_to_decrypt.hta
  2020-11-19 17:07 - 2020-11-19 17:07 - 000006038 _____ C:\Users\Все пользователи\Documents\how_to_decrypt.hta
  2020-11-19 17:07 - 2020-11-19 17:07 - 000006038 _____ C:\Users\Public\Documents\how_to_decrypt.hta
  2020-11-19 17:07 - 2020-11-19 17:07 - 000006038 _____ C:\ProgramData\Documents\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\Downloads\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\Documents\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\Desktop\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\Roaming\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\Local\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\Downloads\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\Documents\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\AppData\Roaming\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\AppData\Local\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\AppData\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\Downloads\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\Documents\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\Roaming\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\Local\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\Downloads\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\Documents\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\Roaming\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\Local\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\Downloads\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\Documents\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\Roaming\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\Local\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\Downloads\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\Documents\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\Desktop\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\AppData\how_to_decrypt.hta
  2020-11-17 17:30 - 2020-11-17 17:30 - 000006038 _____ C:\Users\Администратор\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\Администратор\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\Downloads\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\Documents\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\Desktop\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vparshin\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vparshin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\Downloads\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\Documents\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\Desktop\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\AppData\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\Downloads\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\Documents\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\Desktop\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\Downloads\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\Documents\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\Desktop\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\AppData\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vladikv\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\Downloads\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\Documents\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\Desktop\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\Downloads\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\Documents\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\Desktop\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.ustinov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.ustinov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.ustinov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.ustinov\AppData\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\Downloads\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\Documents\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\Desktop\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\Downloads\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\Documents\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\Desktop\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\AppData\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.osmirko\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\Downloads\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\Documents\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\Desktop\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\AppData\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.konovalchyk\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\Downloads\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\Documents\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\Desktop\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\AppData\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.davidchuk\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\Downloads\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\Documents\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\Desktop\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\AppData\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\v.atapina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\v.atapina\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\Downloads\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\Documents\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\Desktop\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\Downloads\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\Documents\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\Desktop\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\Downloads\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\Documents\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\Desktop\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\systembackup\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\Downloads\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\Documents\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\Desktop\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\AppData\how_to_decrypt.hta
  2020-11-17 17:13 - 2020-11-17 17:13 - 000006038 _____ C:\Users\s.zhirkov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:13 - 2020-11-17 17:13 - 000006038 _____ C:\Users\s.konkova\how_to_decrypt.hta
  2020-11-17 17:13 - 2020-11-17 17:13 - 000006038 _____ C:\Users\s.konkova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\Downloads\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\Documents\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\Desktop\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\AppData\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\Downloads\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\Documents\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\Desktop\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\Public\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\Public\Downloads\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\proskurin\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\proskurin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\Downloads\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\Documents\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\Desktop\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\AppData\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\Downloads\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\Documents\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\Desktop\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\AppData\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\polyakova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\Downloads\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\Documents\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\Desktop\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\Downloads\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\Documents\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\Desktop\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\AppData\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\o.nadina\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\Downloads\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\Documents\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\Desktop\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.gurova\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.gurova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\Downloads\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\Documents\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\Desktop\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\AppData\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\Downloads\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\Documents\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\Downloads\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\Documents\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\Desktop\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\AppData\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.kuzmin\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\Downloads\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\Documents\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\Desktop\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\Downloads\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\Documents\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\Desktop\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\Downloads\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\Documents\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\Desktop\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\lmarushkina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\lmarushkina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\lmarushkina\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\lmarushkina\AppData\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\Downloads\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\Documents\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\Desktop\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\Downloads\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\Documents\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\Desktop\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\AppData\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\korobkova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\korobkova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\Downloads\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\Documents\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\Desktop\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\Downloads\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\Documents\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\Desktop\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent1\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent1\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\Downloads\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\Documents\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\Desktop\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\AppData\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\Downloads\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\Documents\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\Desktop\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\Downloads\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\Documents\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\Desktop\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\AppData\how_to_decrypt.hta
  2020-11-17 17:03 - 2020-11-17 17:03 - 000006038 _____ C:\Users\i.kirillov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\i.kirillov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\Downloads\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\Documents\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\Desktop\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\AppData\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\frolkina\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\Downloads\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\Documents\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\Desktop\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\AppData\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\Downloads\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\Documents\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\Desktop\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\AppData\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\d.antaeva\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\d.antaeva\Downloads\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\d.antaeva\Documents\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\d.antaeva\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\Desktop\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\AppData\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\Downloads\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\Documents\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\Desktop\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\belcovaIV\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\belcovaIV\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\Downloads\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\Documents\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\Desktop\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\AppData\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\Downloads\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\Documents\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\Desktop\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\Downloads\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\Documents\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\Desktop\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\AppData\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\auditor\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\Downloads\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\Documents\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\AppData\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admin\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\Downloads\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\Documents\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\Desktop\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\Downloads\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\Documents\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\Desktop\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpet\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpet\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\Downloads\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\Documents\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\Desktop\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\AppData\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\Downloads\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\Documents\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\Desktop\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\Downloads\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\Documents\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\Desktop\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\AppData\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.peterman\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\Downloads\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\Documents\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\Desktop\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\AppData\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.pantyukhina\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\Downloads\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\Documents\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\Desktop\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\Downloads\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\Documents\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\Desktop\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.gavrilov\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\Downloads\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\Documents\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\Desktop\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\AppData\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.gavrilov\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\Downloads\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\Documents\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\Desktop\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\AppData\how_to_decrypt.hta
  2020-11-17 16:49 - 2020-11-17 16:49 - 000006038 _____ C:\Users\a.avvakumov\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:49 - 2020-11-17 16:49 - 000006038 _____ C:\Users\a.akhmetkireeva\how_to_decrypt.hta
  2020-11-17 16:49 - 2020-11-17 16:49 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\Downloads\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\Documents\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\Desktop\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\how_to_decrypt.hta
  2020-11-17 16:47 - 2020-11-17 16:47 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:47 - 2020-11-17 16:47 - 000006038 _____ C:\Users\1cuser\how_to_decrypt.hta
  2020-11-17 16:47 - 2020-11-17 16:47 - 000006038 _____ C:\Users\1cuser\Downloads\how_to_decrypt.hta
  2020-11-17 16:47 - 2020-11-17 16:47 - 000006038 _____ C:\Users\1cuser\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:40 - 2020-11-17 16:40 - 000006038 _____ C:\Users\1cuser\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:40 - 2020-11-17 16:40 - 000006038 _____ C:\Users\1cuser\AppData\how_to_decrypt.hta
  2020-11-17 16:39 - 2020-11-17 16:57 - 000001182 _____ C:\Users\Все пользователи\CleverenceStickerForRevaluationSettings.xml
  2020-11-17 16:39 - 2020-11-17 16:57 - 000001182 _____ C:\ProgramData\CleverenceStickerForRevaluationSettings.xml
  2020-11-17 16:39 - 2020-11-17 16:39 - 000006038 _____ C:\Users\1cuser\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:23 - 2020-11-17 16:23 - 000006038 _____ C:\Users\1cuser\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:22 - 2020-11-17 16:22 - 000006038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:19 - 2020-11-17 16:19 - 000006038 _____ C:\Users\Все пользователи\how_to_decrypt.hta
  2020-11-17 16:19 - 2020-11-17 16:19 - 000006038 _____ C:\ProgramData\how_to_decrypt.hta
  2020-11-17 16:18 - 2020-11-17 16:18 - 000006038 _____ C:\Users\how_to_decrypt.hta
  End::

   

• Скопируйте выделенный текст (правой кнопкой - Копировать).
• Запустите FRST (FRST64) от имени администратора.
• Нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.

 

Компьютер перезагрузите вручную.

Подробнее читайте в этом руководстве.

 

Меняйте пароли на RDP и на учётные записи администраторов.

Проверьте разрешения в фаерволе на эти порты:

Цитата

FirewallRules: [{D2E98787-90E4-4348-B263-E6ADE39A72A7}] => (Allow) LPort=475
FirewallRules: [{F665418F-A808-4255-A77B-D8C43AF6D320}] => (Allow) LPort=475
FirewallRules: [{9B642628-DE74-4BA3-89AD-E1B0A324D498}] => (Allow) LPort=55599
FirewallRules: [{59BE62F6-1AEA-4000-B7CF-24476501F724}] => (Allow) LPort=1688
FirewallRules: [{6A233A6A-5D3F-4E5A-BDE0-015B067D7AB6}] => (Allow) LPort=55566
FirewallRules: [{EA3CCBDC-80D7-4DD5-9361-BFA7A0BC1733}] => (Allow) LPort=10502
FirewallRules: [{985CC487-DD31-42C7-90B8-2ABF5451A3CB}] => (Allow) LPort=10501
 

 

Изменено 20 ноября, 2020 пользователем Sandor

[AndrewCott 0]

56 минут назад, Sandor сказал:

• Отключите до перезагрузки антивирус.
• Выделите следующий код:

  
  Start::
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1001\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1008\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1012\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1046\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1057\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1088\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-1091\...\Run: [A15F580C-524AC4DB] => "C:\Users\Admim\appdata\local\temp\svcykc.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-500\...\Run: [A15F580C-524AC4DB] => "C:\users\836d~1\appdata\local\temp\2\svcdee.exe" -id "A15F580C-524AC4DB" -wid "sel4auto" <==== ATTENTION
  HKU\S-1-5-21-3036972003-2015236240-3138228504-500\...\MountPoints2: {96b89058-1a96-11e7-94ee-806e6f6e6963} - D:\setup.exe
  2020-11-19 17:30 - 2020-11-19 17:30 - 000006038 _____ C:\how_to_decrypt.hta
  2020-11-19 17:19 - 2020-11-19 17:19 - 000006038 _____ C:\Users\invent4\Desktop\how_to_decrypt.hta
  2020-11-19 17:19 - 2020-11-19 17:19 - 000006038 _____ C:\Users\invent4\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:19 - 2020-11-19 17:19 - 000006038 _____ C:\Users\invent3.TERMINALAPP\Desktop\how_to_decrypt.hta
  2020-11-19 17:19 - 2020-11-19 17:19 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:18 - 2020-11-19 17:18 - 000006038 _____ C:\Users\invent2.TERMINALAPP\Desktop\how_to_decrypt.hta
  2020-11-19 17:18 - 2020-11-19 17:18 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:17 - 2020-11-19 17:17 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:11 - 2020-11-19 17:11 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-19 17:08 - 2020-11-19 17:08 - 000006038 _____ C:\Users\1cuser\Documents\how_to_decrypt.hta
  2020-11-19 17:08 - 2020-11-19 17:08 - 000006038 _____ C:\Users\1cuser\Desktop\how_to_decrypt.hta
  2020-11-19 17:07 - 2020-11-19 17:07 - 000006038 _____ C:\Users\Все пользователи\Documents\how_to_decrypt.hta
  2020-11-19 17:07 - 2020-11-19 17:07 - 000006038 _____ C:\Users\Public\Documents\how_to_decrypt.hta
  2020-11-19 17:07 - 2020-11-19 17:07 - 000006038 _____ C:\ProgramData\Documents\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\Downloads\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\Documents\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\Desktop\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\Roaming\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\Local\how_to_decrypt.hta
  2020-11-19 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Admim.TERMINALAPP\AppData\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\Downloads\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\Documents\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\AppData\Roaming\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\AppData\Local\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\AppData\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\Downloads\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\Documents\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\Roaming\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\Local\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\Downloads\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\Documents\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\Roaming\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\Local\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\Downloads\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\Documents\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\Roaming\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\Local\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\Downloads\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\Documents\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\Desktop\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:31 - 2020-11-17 17:31 - 000006038 _____ C:\Users\Администратор\AppData\how_to_decrypt.hta
  2020-11-17 17:30 - 2020-11-17 17:30 - 000006038 _____ C:\Users\Администратор\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\Администратор\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\Downloads\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\Documents\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\Desktop\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vparshin\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vparshin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\Downloads\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\Documents\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\Desktop\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\AppData\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\Downloads\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\Documents\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\Desktop\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\Downloads\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\Documents\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\Desktop\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vladikv\AppData\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vladikv\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\Downloads\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\Documents\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\Desktop\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\Downloads\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\Documents\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\Desktop\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\v.ustinov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.ustinov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.ustinov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.ustinov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.ustinov\AppData\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\Downloads\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\Documents\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\Desktop\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\Downloads\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\Documents\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\Desktop\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\AppData\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.osmirko\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\Downloads\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\Documents\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\Desktop\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\AppData\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.konovalchyk\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\Downloads\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\Documents\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\Desktop\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\AppData\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.davidchuk\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\Downloads\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\Documents\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\Desktop\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:16 - 2020-11-17 17:16 - 000006038 _____ C:\Users\v.atapina\AppData\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\v.atapina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\v.atapina\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\Downloads\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\Documents\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\Desktop\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\Downloads\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\Documents\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\Desktop\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\Downloads\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\Documents\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\Desktop\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\systembackup\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\Downloads\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\Documents\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\Desktop\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\AppData\how_to_decrypt.hta
  2020-11-17 17:13 - 2020-11-17 17:13 - 000006038 _____ C:\Users\s.zhirkov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:13 - 2020-11-17 17:13 - 000006038 _____ C:\Users\s.konkova\how_to_decrypt.hta
  2020-11-17 17:13 - 2020-11-17 17:13 - 000006038 _____ C:\Users\s.konkova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\Downloads\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\Documents\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\Desktop\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\AppData\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\Downloads\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\Documents\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\Desktop\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\Public\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\Public\Downloads\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\proskurin\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\proskurin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\Downloads\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\Documents\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\Desktop\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\AppData\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\Downloads\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\Documents\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\Desktop\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\AppData\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\polyakova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\Downloads\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\Documents\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\Desktop\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\Downloads\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\Documents\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\Desktop\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\AppData\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\o.nadina\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\Downloads\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\Documents\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\Desktop\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.gurova\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.gurova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\Downloads\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\Documents\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\Desktop\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\AppData\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\Downloads\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\Documents\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\Downloads\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\Documents\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\Desktop\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\AppData\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.kuzmin\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\Downloads\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\Documents\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\Desktop\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\Downloads\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\Documents\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\Desktop\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\Downloads\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\Documents\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\Desktop\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\lmarushkina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\lmarushkina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\lmarushkina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\lmarushkina\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\lmarushkina\AppData\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\Downloads\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\Documents\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\Desktop\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\Downloads\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\Documents\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\Desktop\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\korobkova\AppData\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\korobkova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\korobkova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\Downloads\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\Documents\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\Desktop\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\Downloads\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\Documents\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\Desktop\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent1\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent1\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\Downloads\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\Documents\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\Desktop\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\AppData\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\Downloads\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\Documents\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\Desktop\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\Downloads\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\Documents\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\Desktop\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.kirillov\AppData\how_to_decrypt.hta
  2020-11-17 17:03 - 2020-11-17 17:03 - 000006038 _____ C:\Users\i.kirillov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\i.kirillov\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\Downloads\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\Documents\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\Desktop\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\AppData\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\frolkina\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\Downloads\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\Documents\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\Desktop\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\AppData\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\Downloads\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\Documents\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\Desktop\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\AppData\Local\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\AppData\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\d.antaeva\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\d.antaeva\Downloads\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\d.antaeva\Documents\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\d.antaeva\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\Desktop\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\AppData\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\Downloads\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\Documents\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\Desktop\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\belcovaIV\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\belcovaIV\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\Downloads\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\Documents\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\Desktop\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\AppData\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\Downloads\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\Documents\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\Desktop\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\Downloads\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\Documents\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\Desktop\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor\AppData\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\auditor\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\Downloads\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\Documents\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\AppData\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admin\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\Downloads\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\Documents\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\Desktop\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\Admim\AppData\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\Downloads\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\Documents\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\Desktop\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpet\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpet\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\Downloads\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\Documents\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\Desktop\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\AppData\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\Downloads\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\Documents\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\Desktop\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\Downloads\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\Documents\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\Desktop\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.peterman\AppData\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.peterman\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\Downloads\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\Documents\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\Desktop\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\AppData\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.pantyukhina\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\Downloads\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\Documents\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\Desktop\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\Downloads\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\Documents\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\Desktop\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.gavrilov\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\Downloads\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\Documents\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\Desktop\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\AppData\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.gavrilov\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\Downloads\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\Documents\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\Desktop\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:50 - 2020-11-17 16:50 - 000006038 _____ C:\Users\a.avvakumov\AppData\how_to_decrypt.hta
  2020-11-17 16:49 - 2020-11-17 16:49 - 000006038 _____ C:\Users\a.avvakumov\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:49 - 2020-11-17 16:49 - 000006038 _____ C:\Users\a.akhmetkireeva\how_to_decrypt.hta
  2020-11-17 16:49 - 2020-11-17 16:49 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\Downloads\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\Documents\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\Desktop\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\how_to_decrypt.hta
  2020-11-17 16:47 - 2020-11-17 16:47 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:47 - 2020-11-17 16:47 - 000006038 _____ C:\Users\1cuser\how_to_decrypt.hta
  2020-11-17 16:47 - 2020-11-17 16:47 - 000006038 _____ C:\Users\1cuser\Downloads\how_to_decrypt.hta
  2020-11-17 16:47 - 2020-11-17 16:47 - 000006038 _____ C:\Users\1cuser\AppData\Roaming\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:40 - 2020-11-17 16:40 - 000006038 _____ C:\Users\1cuser\AppData\Roaming\how_to_decrypt.hta
  2020-11-17 16:40 - 2020-11-17 16:40 - 000006038 _____ C:\Users\1cuser\AppData\how_to_decrypt.hta
  2020-11-17 16:39 - 2020-11-17 16:57 - 000001182 _____ C:\Users\Все пользователи\CleverenceStickerForRevaluationSettings.xml
  2020-11-17 16:39 - 2020-11-17 16:57 - 000001182 _____ C:\ProgramData\CleverenceStickerForRevaluationSettings.xml
  2020-11-17 16:39 - 2020-11-17 16:39 - 000006038 _____ C:\Users\1cuser\AppData\LocalLow\how_to_decrypt.hta
  2020-11-17 16:23 - 2020-11-17 16:23 - 000006038 _____ C:\Users\1cuser\AppData\Local\how_to_decrypt.hta
  2020-11-17 16:22 - 2020-11-17 16:22 - 000006038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\how_to_decrypt.hta
  2020-11-17 16:19 - 2020-11-17 16:19 - 000006038 _____ C:\Users\Все пользователи\how_to_decrypt.hta
  2020-11-17 16:19 - 2020-11-17 16:19 - 000006038 _____ C:\ProgramData\how_to_decrypt.hta
  2020-11-17 16:18 - 2020-11-17 16:18 - 000006038 _____ C:\Users\how_to_decrypt.hta
  End::

   

• Скопируйте выделенный текст (правой кнопкой - Копировать).
• Запустите FRST (FRST64) от имени администратора.
• Нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.

 

Компьютер перезагрузите вручную.

Подробнее читайте в этом руководстве.

 

Меняйте пароли на RDP и на учётные записи администраторов.

Проверьте разрешения в фаерволе на эти порты:

 

Сделал по инструкции, прикрепил лог. 

Fixlog.txt

[Sandor 875]

Достаточно было один раз выполнить скрипт.

 

Проверьте уязвимые места:

Выполните скрипт в AVZ при наличии доступа в интернет:

var
LogPath : string;
ScriptPath : string;
begin
 LogPath := GetAVZDirectory + 'log\avz_log.txt';
 if FileExists(LogPath) Then DeleteFile(LogPath);
 ScriptPath := GetAVZDirectory +'ScanVuln.txt';
  if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else
begin
    if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath)
else begin
       ShowMessage('Невозможно загрузить скрипт AVZ для обнаружения наиболее часто используемых уязвимостей!');
       exit;
      end;
  end;
 if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.

После его работы, если будут найдены уязвимости, в блокноте откроется файл avz_log.txt со ссылками на обновления системы и критичных к безопасности программ, которые нужно загрузить и установить. 
В первую очередь это относится к браузерам, Java, Adobe Acrobat/Reader и Adobe Flash Player.

Пройдитесь по ссылкам из файла avz_log.txt и установите все рекомендуемые обновления (если таковые будут).
Перезагрузите компьютер.
Снова выполните этот скрипт и убедитесь, что уязвимости устранены.

[AndrewCott 0]

20.11.2020 в 15:44, Sandor сказал:

Достаточно было один раз выполнить скрипт.

 

Проверьте уязвимые места:

Выполните скрипт в AVZ при наличии доступа в интернет:

 

var
LogPath : string;
ScriptPath : string;
begin
 LogPath := GetAVZDirectory + 'log\avz_log.txt';
 if FileExists(LogPath) Then DeleteFile(LogPath);
 ScriptPath := GetAVZDirectory +'ScanVuln.txt';
  if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else
begin
    if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath)
else begin
       ShowMessage('Невозможно загрузить скрипт AVZ для обнаружения наиболее часто используемых уязвимостей!');
       exit;
      end;
  end;
 if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.

 

После его работы, если будут найдены уязвимости, в блокноте откроется файл avz_log.txt со ссылками на обновления системы и критичных к безопасности программ, которые нужно загрузить и установить. 
В первую очередь это относится к браузерам, Java, Adobe Acrobat/Reader и Adobe Flash Player.

Пройдитесь по ссылкам из файла avz_log.txt и установите все рекомендуемые обновления (если таковые будут).
Перезагрузите компьютер.
Снова выполните этот скрипт и убедитесь, что уязвимости устранены.

Добрый день! 

 

Подскажите, пожалуйста, после данного скрипта должны были удалится зашифрованные файлы и файлы-послания? Просто дело такое, вроде ничего больше не шифруется, а куча файлов и на пользователях они присутствуют... Как быть с ними?  их удалять вручную?  

[Sandor 875]

Последний скрипт только проверяет уязвимые места. Предыдущий скрипт должен был удалить все "файлы-послания". Зашифрованные файлы я скриптами не удалял. Если есть необходимость, можете удалить вручную.

[AndrewCott 0]

46 минут назад, Sandor сказал:

Последний скрипт только проверяет уязвимые места. Предыдущий скрипт должен был удалить все "файлы-послания". Зашифрованные файлы я скриптами не удалял. Если есть необходимость, можете удалить вручную.

Сегодня опять обнаружил их уже как сетевое размещение. фото скрина приложил. 

[Sandor 875]

Так возможно это на другом компьютере в общей папке, куда у вас есть доступ?

Для верности соберите новые логи FRST. (Если никто из коллег не подхватит тему, быстро ответить не смогу).

[AndrewCott 0]

24 минуты назад, Sandor сказал:

Так возможно это на другом компьютере в общей папке, куда у вас есть доступ?

Для верности соберите новые логи FRST. (Если никто из коллег не подхватит тему, быстро ответить не смогу).

 

Вот логи. Спасибо Вам

Addition.txt FRST.txt

Изменено 23 ноября, 2020 пользователем AndrewCott

[AndrewCott 0]

Будет ли ответ по новым логам? 

[Sandor 875]

Да, извините за задержку.

 

• Отключите до перезагрузки антивирус, сеть не отключайте.
• Выделите следующий код:

  Start::
  virustotal:C:\Users\Admim\appdata\local\temp\svcykc.exe
  2020-11-23 11:18 - 2020-11-17 17:00 - 000006038 _____ C:\Users\t.kovaleva\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-23 10:39 - 2020-11-17 17:00 - 000006038 _____ C:\Users\d.borisova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-18 17:15 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent4\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-18 16:51 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent2.TERMINALAPP\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-18 16:50 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent3.TERMINALAPP\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-18 16:43 - 2020-11-17 17:00 - 000006038 _____ C:\Users\invent1.TERMINALAPP\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:30 - 2020-11-17 17:30 - 000006038 _____ C:\Users\Администратор\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:24 - 2020-11-17 17:24 - 000006038 _____ C:\Users\vs.Pavlov\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:23 - 2020-11-17 17:23 - 000006038 _____ C:\Users\vparshin\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:22 - 2020-11-17 17:22 - 000006038 _____ C:\Users\vmayer\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vladikv\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:21 - 2020-11-17 17:21 - 000006038 _____ C:\Users\vkutaev\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.ustinov\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.tenenev\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:20 - 2020-11-17 17:20 - 000006038 _____ C:\Users\v.osmirko\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:19 - 2020-11-17 17:19 - 000006038 _____ C:\Users\v.konovalchyk\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:18 - 2020-11-17 17:18 - 000006038 _____ C:\Users\v.davidchuk\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\v.atapina\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\urmashev\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:15 - 2020-11-17 17:15 - 000006038 _____ C:\Users\ural\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\t.kurbatova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:14 - 2020-11-17 17:14 - 000006038 _____ C:\Users\s.zhirkov\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\s.konkova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:12 - 2020-11-17 17:12 - 000006038 _____ C:\Users\rdpuser\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\proskurin\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:11 - 2020-11-17 17:11 - 000006038 _____ C:\Users\polyakova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\ozikanova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:10 - 2020-11-17 17:10 - 000006038 _____ C:\Users\o.nadina\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:09 - 2020-11-17 17:09 - 000006038 _____ C:\Users\n.izyumov\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\n.gurova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\mag002\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:08 - 2020-11-17 17:08 - 000006038 _____ C:\Users\m.kuzmin\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.ivanov\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:07 - 2020-11-17 17:07 - 000006038 _____ C:\Users\m.afanaseva\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\lmarushkina\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:06 - 2020-11-17 17:06 - 000006038 _____ C:\Users\kovalevaTP\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\korobkova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent3\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:05 - 2020-11-17 17:05 - 000006038 _____ C:\Users\invent2\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\invent1\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:04 - 2020-11-17 17:04 - 000006038 _____ C:\Users\i.tsyganova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:03 - 2020-11-17 17:03 - 000006038 _____ C:\Users\i.kirillov\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:02 - 2020-11-17 17:02 - 000006038 _____ C:\Users\frolkina\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 17:00 - 2020-11-17 17:00 - 000006038 _____ C:\Users\Default User\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\d.antaeva\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:59 - 2020-11-17 16:59 - 000006038 _____ C:\Users\blohinai\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\belcovaIV\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:58 - 2020-11-17 16:58 - 000006038 _____ C:\Users\auditor2\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\auditor\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:57 - 2020-11-17 16:57 - 000006038 _____ C:\Users\Admin\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:56 - 2020-11-17 16:56 - 000006038 _____ C:\Users\a.shpunt\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.shpet\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:55 - 2020-11-17 16:55 - 000006038 _____ C:\Users\a.sadilova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.peterman\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:54 - 2020-11-17 16:54 - 000006038 _____ C:\Users\a.pantyukhina\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.kravcova\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:53 - 2020-11-17 16:53 - 000006038 _____ C:\Users\a.korchagin\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:52 - 2020-11-17 16:52 - 000006038 _____ C:\Users\a.gavrilov\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:49 - 2020-11-17 16:49 - 000006038 _____ C:\Users\a.avvakumov\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:48 - 2020-11-17 16:48 - 000006038 _____ C:\Users\a.akhmetkireeva\AppData\Local\Temp\how_to_decrypt.hta
  2020-11-17 16:39 - 2020-11-17 16:39 - 000006038 _____ C:\Users\1cuser\AppData\Local\Temp\how_to_decrypt.hta
  End::

   

  
  
• Скопируйте выделенный текст (правой кнопкой - Копировать).
• Запустите FRST (FRST64) от имени администратора.
• Нажмите Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Прикрепите его к своему следующему сообщению.

 

Подробнее читайте в этом руководстве.

[AndrewCott 0]

Добрый день!

 

Спасибо. 

 

Подскажите, а скрипт чистит только temp? У нас они (how to decrypt.hta) практически везде и в каждой папке. 

Fixlog.txt

[Sandor 875]

Ещё раз удалите старые и соберите новые логи FRST, только предварительно отметьте галочкой "90 Days Files".