sihvgt.exe
Windows Exe (x86-32)
Created at 2019-05-06T19:42:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: sihvgt.exe
6770
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\sihvgt.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sihvgt.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:33, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:07, Reason: Self Terminated |
| Monitor Duration | 00:00:33 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x73c |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7B8
0x
4E8
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| sihvgt.exe | 0x00400000 | 0x0040EFFF | Content Changed | - | 32-bit | 0x00409F1B, 0x0040A224 |
|
|
|
| sihvgt.exe | 0x00400000 | 0x0040EFFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sihvgt.exe | 55.50 KB |
MD5:
fc4bc20b3282f77a8df2aaac289bca5f
SHA1: e5015876c0106d4f289f47b3c90840bbfd11ed21 SHA256: 0de352279272470dcc6e175e3148c8843856063a8502fada64a54fe6e6af3894 SSDeep: 1536:pm2bgutzZi79QlgTHf4tq6KhxXwr3+SaG8:Vtz479QlOWWXK5 |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | 859.71 KB |
MD5:
cefbb5c863f2fadba57ec2296ed5c402
SHA1: 77cfece336944848b0e1758f17039925099aa798 SHA256: 042faa72b8e4980735eee368968dff71471dd410890f7d2390299acc194d13d7 SSDeep: 24576:dhpI/rb2U81AVyLITc1mwTKwKOpVG4D77yliWs1rz:2nM1AAKIVG4DPyliWs1rz |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | 758.45 KB |
MD5:
bbe64bd9a7985770cbb9224e6b6c19f5
SHA1: db6f89f1b6dc82a2bb5c434b198c5c242093b65d SHA256: 41a2c9b1b7396f3dc8a9754ad0e74ad89d9ad88159ecd8a69235429930b13513 SSDeep: 12288:exo8w+TqosAlnsaO1ViSr1pHUj+k9nh32qieVtwmu6TfD2J1VtWv9p0zX:e68w+TqFoZsJw+6h3FYmu6T4jtWv9wX |
|
|
| C:\Users\Public\Music\Sample Music\desktop.ini | 1.50 KB |
MD5:
7bd1d1e27ae2dd4d8c6771ef23a7c09b
SHA1: 554dc67739686457122cb1f50274c7864855e356 SHA256: 10445b9fcc4f7d734ce00b216716624e95009ffc9d415844172d7e74d0c38459 SSDeep: 24:pJZ6s/hgikqSBUuR6MIc6Jl/Em1FPLYeC97wctpjUAB+G8qC7ArA6vFI8id3vFu0:pr//Gik6/JWGPLaJdtx3y3Aa8iVtO6bZ |
|
|
| C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | 3.92 MB |
MD5:
256d7c9972cfabf24258042a1042cdfe
SHA1: a860b0433087b276c7c9be5ae4ad993ebe3e389f SHA256: 31d88bde7564c82def781bb93d3dfb1741ab34204b76bd5b65ff08fd4137bbe6 SSDeep: 49152:UpjvEsoij/ADyXCiKbrAffGo8dpo5WqhlrPTZiubuOL9ukaWZtuXJMB455JUOFqw:B/Dyyhqvqqhhd7buOIW6lUE |
|
|
| C:\Users\Public\Desktop\Mozilla Firefox.lnk | 2.06 KB |
MD5:
a613393d9c6aad793c96e12ca74347cb
SHA1: 06e002aee4409c11818e10eb3b48a4114b319ef8 SHA256: b70ff41d91c5a880c3f81ffbdae00c8339da34f1ecd93d4ee90f026cda2f7321 SSDeep: 24:b/nNvFRKZmsyYfnmvWPK1vcYewN3O1vnVfseupuypc/mWA3adHqC7ArA6vFI8idn:hvFRKMOflBfB4q/Xeo3Aa8iVtO6bCO |
|
|
| C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | 512.92 KB |
MD5:
4f8acff4cae65055cb1ac92aed74db9a
SHA1: d7394ffa65d4476029afe73b7385e38f697ad2b3 SHA256: 101810cb20056934deb87c3be5be552fa3e45e8b1856e874b0b9d69fdffcc971 SSDeep: 6144:EO3lF8dNyTaTa1iFkYdy9bvw4FmVAns6sYy1Ikr:EO3f8dDuMF8Fbsx |
|
|
| C:\Users\Default\Searches\Everywhere.search-ms | 1.17 KB |
MD5:
00d0d87b5660c06c7f1cf22b7ea3d1e6
SHA1: e7697854dbbcce990ad8a1ec9c271262e7a73069 SHA256: 48718c84d4a8ddaf9dc6b03d00b3e7b19e7979f1ea102150de6a2e2e32f8cc68 SSDeep: 24:vXBaoQ8DTUTjfZVY62hqC7ArA6vFI8id3vFuA2lkB5C6OMIg:vsoQ3f3v2h3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Saved Games\desktop.ini | 1.20 KB |
MD5:
2e5ccadf7801d2b0e5ce3671a91b278d
SHA1: 2b6099318ac4c34dede4410d22a3dc376fe1c5e4 SHA256: 98ba63af9443a25da29959cb1b5a326601692796acbeb24714dfba1938673e17 SSDeep: 24:FaVYZ8l632ltGg4L9qC7ArA6vFI8id3vFuA2lkB5C6OMIg:vCMs+p3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Music\desktop.ini | 1.42 KB |
MD5:
ba66b63620c3733c42d71148bc48fd66
SHA1: 732378896e1cf2a7746058c861acff6059841319 SHA256: 9e35b96bdc803bdc514a4759423e25420917a773eca65c4ba8d2dea521ac805b SSDeep: 24:cLzPP+DAj+xg3uq4+gXt+vWR+2oT0qC7ArA6vFI8id3vFuA2lkB5C6OMIg:6iK3149t+v6R3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Links\desktop.ini | 1.50 KB |
MD5:
1329746180ae70fb521bd04fdd84fc24
SHA1: 44e285e381261174f69c64374233accff33a0cd3 SHA256: 85ec3bd14b83a908a7f72507e528876a5129cc580bdd4d465fd303ccbc8c3780 SSDeep: 24:ftdZKucoa5U151Oe/XspWPZWCHKiWaU+i14R7DqC7ArA6vFI8id3vFuA2lkB5C6N:fxz8e/cWhHKiW+i1y7D3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Links\Desktop.lnk | 1.39 KB |
MD5:
21feba2acf0aa814c51ef9d524d660a9
SHA1: 0e3c885990bf19a873884dff65bb4cd9131eb8a8 SHA256: d43322d0ac57f42579e28c985045303c277635b236b37081b8d05f53b09186e1 SSDeep: 24:PNXfIKYAW4fCFAFsRVqTv/bsqC7ArA6vFI8id3vFuA2lkB5C6OMIg:PNXAK3WRqTv/43Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | 1.06 KB |
MD5:
52fd44138c42a258847f8fcc978e5448
SHA1: cdddd6ada2c16c0d9cdcdae996ab52f5eab68088 SHA256: 24ad4a19fc76423e8bce14b5e3133309621705d9ed1d3eca5db5c14377b88c42 SSDeep: 24:rwb/rBV+Cmt6mHwrboVfqC7ArA6vFI8id3vFuA2lkB5C6OMIg:kb/rBV+VMmHsboZ3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | 1.06 KB |
MD5:
52c0088d0df7f27ef11a6bb17ac2d0d6
SHA1: 85c69b77506c5db6ff25872e6012715c580bee7f SHA256: 935601a86b4b47556a88512718c4710b02317edd7dbd2e200114f6d26ee19edc SSDeep: 24:CtbC3JoqC7ArA6vFI8id3vFuA2lkB5C6OMIg:KCZo3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN Money.url | 1.06 KB |
MD5:
f8be5b30ccd5f942c97012ed9f39f64c
SHA1: 3601534ffa6c90e04fb2c0852477264b423eac5b SHA256: 64f1cef85bac58f1c8092de80bfe5c59df29b6fae0c1c66580415f0392e18fef SSDeep: 24:BpE0pGIfSNzRdJqC7ArA6vFI8id3vFuA2lkB5C6OMIg:MJx1dJ3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | 1.06 KB |
MD5:
34c5c79522c662f1fab6f69c35187b15
SHA1: 7842da6b011922fd031e785f2346361a4c7f14d7 SHA256: 3928212f3c8e9e36a68fdfdd3889881e83ca749198da9ec92ca394f69eb6843d SSDeep: 24:HTP/z83UjUjieWkvJqC7ArA6vFI8id3vFuA2lkB5C6OMIg:rbmUjiimvJ3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | 1.06 KB |
MD5:
f004fc125c7a73cb95a4e699ef1907d4
SHA1: 87a13349eb944de67ea8e8927e5a030f06802ca9 SHA256: 642d9b47157eca2ec38e8ee7667fb882c3cccb0148cd5c8ce113337bb0102a52 SSDeep: 24:51XnJ98gZdBHYHBqC7ArA6vFI8id3vFuA2lkB5C6OMIg:L/8N3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Contacts\desktop.ini | 1.33 KB |
MD5:
59e676753cfceb2af0f4106094f3d153
SHA1: d011e28944bb566b5acaf861e411db3ceaa76604 SHA256: e474714823c168ad7ab6aa0e967603abad085fffbde45cfdc7fc15abbd5da11b SSDeep: 24:s1rd76amtbFvSpkYE+IhDmRmnIz1xT7uqC7ArA6vFI8id3vFuA2lkB5C6OMIg:urUamJFqeYRxRmab7u3Aa8iVtO6bCO |
|
|
| C:\Users\Default\AppData\Local\IconCache.db | 758.91 KB |
MD5:
d4eb60133d96aae21e0f2e5df688ab5d
SHA1: 2b5f9c0864a753803017a532fc8cd2681e74e244 SHA256: 13f216cd2701d3213eec6c110b8cac4c6cd2c870410630c52515137c08f04830 SSDeep: 6144:pf+qm+la0RVudmE5jA3byy0RiLqE9E9zxX3kGMC1P967UyvjL9giN5PBYc8uq1f:pfwKI/Eyy0RiLZrGMkPs7ZjhdYc83 |
|
|
| C:\\decrypt_files.html | 5.43 KB |
MD5:
28c708395588b1984606e54a3abd061d
SHA1: b754f9dfcf7e8cb402fc2a8af77158aef8325844 SHA256: c215e4c6116c2dd4409a2bbcf9c77a9bc8cec40bce33941d5dccfc0aa1d42127 SSDeep: 96:zsKu4nhWnohjmO8p23vN1bOdSSx+sTdjw7f/+Vd/PMZyH7O3W:zsKu4nhWnohjmOT7hW19F |
|
|
| C:\Users\Public\93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887 | 1.00 KB |
MD5:
b4f2eef4d240527bf1dc8dec4061eef2
SHA1: 8dad711c23ecd87bcb27adc53a593944193518f3 SHA256: 28c871ae05ac4d46b890fe624f6024fda45782a4530585fc3afc77b680211749 SSDeep: 24:3AQLwUqC7ArA6vFI8id3vFuA2lkB5C6OMIg:QI3Aa8iVtO6bCO |
|
|
| C:\BOOTSECT.BAK | 8.92 KB |
MD5:
4779b8a2eca47bfa0bda0ede4e86e6af
SHA1: 92436cb7693952f978150dd8606eac0101ffda88 SHA256: 9ca3299d4cb4f622fa47b2c39074cbd42b5e607f0fdbe273b46cf34e692fce1b SSDeep: 192:hXmT+f4rxD3xbB+DLKiP46O/XJivZF+jjSaHfjZbqZcw8MnCZFbIxlnn7Z:UJljxbBiL9m/Jix4Nb5TunCZpIxNnd |
|
|
| C:\Users\desktop.ini | 1.09 KB |
MD5:
f58548c0a54b501001f591b4b20097cf
SHA1: e334b3176e430c90bb3b44362e3f058f9f34ec10 SHA256: a8f2c63265958a9dad3890c6fac18095cb1867987de3bdcef81186188ff5c183 SSDeep: 24:t+EQII7HDtRK2p/hEgDKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:t7QII7HxRt7K3Aa8iVtO6bCO |
|
|
| C:\Users\Public\desktop.ini | 1.09 KB |
MD5:
ae94034fb7104d6beeb13f3ab72491b0
SHA1: da25acf807e9728c18463c383fc4d7d0dcf908eb SHA256: 0178b433c51c05c084d8b1eeef0c3a798b648ebdeda85b53f64bba7662b4ff12 SSDeep: 24:DB6s8ZmyKwsv2KqC7ArA6vFI8id3vFuA2lkB5C6OMIg:4myKwsOK3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Videos\desktop.ini | 1.30 KB |
MD5:
20d1f7128b9efd36aef02f4a87f40a5c
SHA1: 2a392a5e7406d231df6f35e5bc14e830e99cdfe4 SHA256: 8df78283bb35eb27a7e522e3ab5eecd7340d13c951c5b0ea3e99026cd751d550 SSDeep: 24:JWoW0w9I9WNt3iX8C3//e44wqC7ArA6vFI8id3vFuA2lkB5C6OMIg:JWozkoXVf3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Videos\Sample Videos\desktop.ini | 1.25 KB |
MD5:
0e121a6f09c13752d9f56847b5af3177
SHA1: 3557a4525b30ad15df765bc042cb781b2ec6fcbe SHA256: 49b9decf53a4946cf90c78d337d5b6b8d66bcc08c7ceac4e4c4af26f90989e8f SSDeep: 24:Qy1FWfeZ+GKpTlqy2nhMUzNvl+BqC7ArA6vFI8id3vFuA2lkB5C6OMIg:PCfeIbpWaCO3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | 25.03 MB |
MD5:
127487b026874ced3b1695bf3bbc4b49
SHA1: 906626500d41c650cc1141718c3dd0d2732d78e9 SHA256: ecc0dd11aef57eb9141cb0e9e582d38e9ba6ef96f0910c9eafee6acffb5c3774 SSDeep: 196608:XK8RUUDRmeHiGo+IzqmWYlX6uaZTL0hU+Z2i0SOIeFlfZ8lPQGvwGj5Yza:7XDRCPWYnKL0hUw0SZeFZwPQGj |
|
|
| C:\Users\Public\Recorded TV\desktop.ini | 1.00 KB |
MD5:
00ca6c266cbb8cecab85536396851263
SHA1: 4ecc9ce2347123a588e45acb4aebb6c4ad81b4b1 SHA256: 8118683396adefc0b115ceaaaca0f91bccf4eb85bf8749a9059bd3e0c61d72ff SSDeep: 24:IRxrdI7qf3tzIs5UpqC7ArA6vFI8id3vFuA2lkB5C6OMIg:ca7y90OUp3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Recorded TV\Sample Media\desktop.ini | 1.09 KB |
MD5:
e6e4bd1c9635ef30a7f44890b1f6fe83
SHA1: 489c632a0093ee9341f2c5873fda89408fb54ade SHA256: d8de020e310cb49016c3a940bca8fcdd54194c4605419eb311ca8ab5b782ea99 SSDeep: 24:8sPt1Ss+DYjyocVzfNqC7ArA6vFI8id3vFuA2lkB5C6OMIg:8sPD2YjjcVzF3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | 9.25 MB |
MD5:
39ad4669f5642950a2122a8c90f3f03b
SHA1: 0caa3b8b63f5a9408e127ce5a75ee5477f4e06e8 SHA256: afe7a29994c559aa2cf6ed531dbb5d00caab9120b9f22615d13205d8d6ca1e03 SSDeep: 196608:T5EuCQDQgkgzBfbW33PZKAOhely/pQcEEnluDbBHsz8LDa6HojGEo2ijcHPJw:XCIvBy33PZKxhELIluug/a3ucvJw |
|
|
| C:\Users\Public\Pictures\desktop.ini | 1.30 KB |
MD5:
ca0334134f2151883d258b49968e117c
SHA1: d6b0bcd8952df5ff9456b3f7b6fb8fedc974630e SHA256: ac6a18fe337ee49d407eb2ba2290444e0390af5ff28d87f27053444006ab8739 SSDeep: 24:1xUNJJhkKj6DSfyMEx5mpq/6j1qC7ArA6vFI8id3vFuA2lkB5C6OMIg:1KLsKdfyMEx5mE/6Z3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | 827.04 KB |
MD5:
c18c476c88d9c42a4973e8955176d136
SHA1: 0b9719c71cc44cf7c66b3189bd7dbc2eff295e1e SHA256: ad5f225c7052d28b0e1e132129d3062a7b58f81b39348835b6d9afc2e64ad0a6 SSDeep: 12288:+hOsW+cTqXqCuHM59owHDr9NZ6hxTEGT73pq1kYJpjsEk7Gscw0:dsW+c2CM511NZyTEGxY7jsEl1w0 |
|
|
| C:\Users\Public\Pictures\Sample Pictures\desktop.ini | 2.02 KB |
MD5:
56e964ecfd5fc36248a648b2ea867f39
SHA1: 4839c1b508807126ea49d062bcdc9c7e4ceb4afd SHA256: c5e1f52b5a7d75daf6d4dec33d6789ee7535b061bf9d20b573ad6d4e36a6ef80 SSDeep: 48:OxSsJj5+1TWMw8w4mKT3ESL+IEs/T3Aa8iVtO6bCO:OxSsJlY9VZxb3vN1bZ |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | 582.27 KB |
MD5:
6404390826b4b71cd151b9937e24f4d5
SHA1: f194a435e270fadfb335e353e87e85cd267740de SHA256: aafa0b0590579ac8cbcd0b18933ccf58b1c21b688029abc14621500932ae363c SSDeep: 12288:uQx+iLo0eoF2AaN/jpUrl1GhPZsuKu3riGAAlZ6L8N6Tglja7p/I:G2jeoFp2kl1GF5+xIZ6a6Wc/I |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | 763.45 KB |
MD5:
4befbf2972069e843a684b900732793d
SHA1: e505046911556d59e31a35651df5581ffa1f8ef3 SHA256: 512c5b0ae74b956a3de430c96d68a44aa76e416db67be0c6cbc7e35096af26b6 SSDeep: 12288:1wAi/QmQQUVzvMH/Z5PP2HIWIFPQqKjqcL8KOYmyLTG+ZOwG989j9IYloUGrV:149U9u/HPtLRQBPIumyLl9fhIV |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | 549.05 KB |
MD5:
b4f4b7d6e32928ddd51e366d73e70e4b
SHA1: 4b9b75e853ea6f6bbc4a47204f9c03ff1a21dd97 SHA256: 0b6aa414500da4086c1bd95cdc65675800932aee289c8b620c429f0530a6c681 SSDeep: 12288:qcazkch0QfN2D2Ti4RDTjdWg7d4fusy8dFADxp9xeWLMMXS92Q8p7Vhn:vchNl6d4RHvRWsVbEWrz |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | 760.53 KB |
MD5:
7c8b382f31c7e9fa1967b14b079ea7f2
SHA1: 6528833705f41ebcdff08ab980ba9b53002900b9 SHA256: e82286908b76919e34586be71a1709406852685a818acef0b8eaae18d54ef74c SSDeep: 12288:fjZ/TGc90TrpRL2dj80viHvBaotLEYLrL3uRNnvB6HTRmwlO1MRHbhLA8j2:7Z7jCTjL2djWBaot1P+TvBYTRvjHbh72 |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | 607.26 KB |
MD5:
8b65c96dcf44e7617c1b7c7ffa8599ab
SHA1: c9e1b6da6dfaea9a1dfb04ed73fda148dc3fd707 SHA256: 785262b3c1f862e6b95f33b27a2afd9b089dc9a9787e23751e171067e9869ec5 SSDeep: 12288:f3S8NOG0DQ7gYtHZA7kicu7BuPYmcCXFXKRh9cg7aJVs:vS8UDCHZAgicuoP4MFXKRhCg7aJVs |
|
|
| C:\Users\Public\Music\desktop.ini | 1.30 KB |
MD5:
1c98c0b83cc1253282d1d01a4adfa403
SHA1: 9286d0e23926ab95dd756e76eae4e60f9179d89a SHA256: a6353609e723e2ff13cf7f899468e8980fbbf69f6a7a29c08005c2702a8bf354 SSDeep: 24:IApFGWkCOsNdK9/JntyOL7HwNoKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:5pFGsNd8/pP7Hwx3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Music\Sample Music\Kalimba.mp3 | 8.03 MB |
MD5:
12ffc61d6d1b59cbd4000bf54948d4bc
SHA1: 35aaaa8752166cc1efa90e52a1268e75a29966d5 SHA256: 0cf4b04d0067c5a208c1ca3b81ae47f9cf87186aa5f4953361adcb7f81a3b1cc SSDeep: 196608:YNrrs8xpbDZAaSCUQsJgvWCh2QFQtZMoeXS+GqzcakaYBR6w:YBF3/ZJQuOC8MaMo3+Gq4hpRZ |
|
|
| C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | 4.62 MB |
MD5:
bdf026f472d948b57c22a7de42b6074b
SHA1: 2655b5932415db9ab07e567ec56362cc7d0f62cb SHA256: e8cd4f4e4c365eda73a5ea9c82206b7a0edada9bb1db014ea9fbe800b80dae33 SSDeep: 98304:2s7zD5wTuxRL95vGrnrGlp8wXxW9LLFAX3Z+25ztMjRjTu4VVkWsb+/e:3DQQeHGlC7A3jujNufWz/e |
|
|
| C:\Users\Public\Libraries\desktop.ini | 1.02 KB |
MD5:
3ba2632d189c7b4d5a138267ec2f2da3
SHA1: 5cce4157d2a41e1561c30392ea8efa44f9fd311d SHA256: 51962ba135ce80d78439c4cab963e66008a04c997ef3f71ba398d8b0438962a5 SSDeep: 24:MAi32vy181BfNyjWqC7ArA6vFI8id3vFuA2lkB5C6OMIg:MXm88TfNP3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Libraries\RecordedTV.library-ms | 1.78 KB |
MD5:
5f3f5330a98e94bb0077242c15c2b21c
SHA1: 69b9ee57eb49d90e86c914981d724e9efbd61027 SHA256: f382bc538a0c9e934deba60918dc500c5461e18c12c1d21525015bdefecbc86c SSDeep: 48:G6xEsvo4P34/yBXbb7IYL5Kin+Je3Aa8iVtO6bCO:mGo4g/orXxKPe3vN1bZ |
|
|
| C:\Users\Public\Downloads\desktop.ini | 1.09 KB |
MD5:
36f6628b858ebbb02963be04e2467127
SHA1: 06b1e62aac55782739534886efc4f46853f34726 SHA256: a8a2d970ed171bd7fb0137e7537237580e5e3f66068be659905140dfe9062c29 SSDeep: 24:sblrX6Lp9RySqC7ArA6vFI8id3vFuA2lkB5C6OMIg:CT4d3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Documents\desktop.ini | 1.20 KB |
MD5:
6282ad62262de419c0cb9846653a4b60
SHA1: 6b4b3d052327f677448536bf8312789ae6cfe0c0 SHA256: 157b86fe14d794a9b24291b7be00ce66d79ae9c68f629d3e29685856358e0b8d SSDeep: 24:UwZ0Uq9Ui+TN+BqC7ArA6vFI8id3vFuA2lkB5C6OMIg:UwWZ9Wi3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Desktop\Adobe Reader X.lnk | 2.91 KB |
MD5:
659a22d7de5f9fdc8268c872dc7ff8cf
SHA1: 8cf3dd26bd925218e5c88494f8bc4599e327a906 SHA256: 59350094949cae931186a341f7875841fa3e89849833e2ea7f1a3d9627a61e25 SSDeep: 48:7lNrViWtUf7ir0eO1gJtQQZ9dxzRXPMgVhMoP53Aa8iVtO6bCO:ZNrVZtUAk1AVxNU0hDx3vN1bZ |
|
|
| C:\Users\Public\Desktop\desktop.ini | 1.09 KB |
MD5:
04a78d22064ce3a578f9ae98002288fd
SHA1: 431dc46a5eb7bd062ffdae57b7bbb803d1ba585f SHA256: ae10daa41959103860a68c06a0d92bfddf72c451df061a23e79f8b8ec4e1d129 SSDeep: 24:EB52SIXHZE/c+qC7ArA6vFI8id3vFuA2lkB5C6OMIg:dJE/v3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Desktop\Google Chrome.lnk | 3.14 KB |
MD5:
40f09169a7a2d304eee7e80775adaa99
SHA1: 2971985abcd0bc25b6b37c937343eb310483ac97 SHA256: 7cdf01f0d369c5098336c69aac46b3889ead538d1e68f97687b64b9aa0622146 SSDeep: 48:LuldhysQbCm8UWLDSMCb7fTOp+6K4DDnmC1PgGQq3Aa8iVtO6bCO:Lul29HAnzWhODmCNlQq3vN1bZ |
|
|
| C:\Users\Default\NTUSER.DAT | 768.92 KB |
MD5:
dead151d5f3cd19c4775558ea1c1c9ab
SHA1: 967dcda4f74c31d66f2c9d74dfc3aec32777ae10 SHA256: 6ff77d91ce728f983900cca7b0aa2b8c94ea276c7741095adec9e341e5a3049f SSDeep: 12288:pwlQ5ehZmsGoGfze+b3iUr420Q+idAAMkdAJJ:GQehZsoGre+cIykdk |
|
|
| C:\Users\Default\NTUSER.DAT.LOG | 1.92 KB |
MD5:
77286bc439c15538e34eaa8671b0f728
SHA1: e736b80dccfa16dfc99b60f65b489404ce8736f6 SHA256: dae40d9b5f6c6efcc3c564c9dc277a5a8212f7e4ec5005a6b9a2798b06de4f60 SSDeep: 48:4YwwoxY33hk+LLynUi+V2v3Aa8iVtO6bCO:4YvfvCnUif3vN1bZ |
|
|
| C:\Users\Default\NTUSER.DAT.LOG1 | 185.92 KB |
MD5:
ef543cc8cee6b5022d4bab931f26b8d0
SHA1: 40bd000c7c7db3f634df791b1d8e7090bb25a44c SHA256: da5b91b60ba55e92b083a306f80843db2c43b41cbf2f3c29aac408972cafe18e SSDeep: 1536:ewZ+ERJcAvPHIjvyxxUoRlK46w49wqHE+LMiYB5akwZ7lHMhGZULaxVCqLjCulbv:ewZ+EzbFU+kE42qHk55eZdCGCLPqPD5 |
|
|
| C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | 64.92 KB |
MD5:
d3addb70b6224a8524f265367f1c2ffa
SHA1: f70704239082cb557c5753e45c3ecef724e1f298 SHA256: 9e2d485335cf5fb3fa2da3ed83ad731056a1f244430d39c3bdf8f487eff9cad3 SSDeep: 768:n9JTYqdkcpFCgIn1Oow6uLx+CNkoe9ULvSN8lrsZd:nDBk4CgI1Nw6uLxzGoNvS4rsn |
|
|
| C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | 512.92 KB |
MD5:
aa7ae9725dd6047a37a09382df82e419
SHA1: d6be734b86fc9891dbdaef51097e560dbe0fc8fc SHA256: 0d8bad0bcae1ed770f3b3c75ea76e3a7f51f5ee6ef55c19f63b7cc0dffc00401 SSDeep: 6144:o/2mnU+VL/xaPGG8QWeOGgTtoNNzidq0oW0B6Fl:o/pnU+VL/xE8HeOGgyp0fA6j |
|
|
| C:\Users\Default\ntuser.ini | 976 bytes |
MD5:
f5351ed3ae27e0fb8a9d94f83ff46c07
SHA1: c253a380e4ca580c732026668ed6c2e2f0926d64 SHA256: 0f96e8ee052dbe0397b7ed2e3f5218f207a1f2a329a81390f59a16c89a6afb4c SSDeep: 24:qoGLMNuqC7ArA6vFI8id3vFuA2lkB5C6OMIg:q1LP3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Videos\desktop.ini | 1.42 KB |
MD5:
66e00526b0b543e966510e2c2155d23b
SHA1: 3504e4e7b07643e2c8bc5c47a9d1e173afa1a864 SHA256: 1afafa18edbe4070dfc6ef68650b53ac68399696740bc0060e491a85e9fbdc7e SSDeep: 24:JkZgb38ov5LskwUV0H7M+O2wwqC7ArA6vFI8id3vFuA2lkB5C6OMIg:WZK8ov3ZV0H75uw3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Searches\desktop.ini | 1.44 KB |
MD5:
c13cd3366cb31a29871a95d770838af2
SHA1: e0852f5ac32163e97fd562116eb926d382ab06d9 SHA256: 2688327c82ef81584ccec3955a813c4dc3a16c7cd0d4464bf14a280a5f51b5a5 SSDeep: 24:4H73RyPRgHucgT4jD9itxbazCTGj3dwm/pPiqC7ArA6vFI8id3vFuA2lkB5C6OMT:4byRgH04jDU7aOqwydi3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Searches\Indexed Locations.search-ms | 1.17 KB |
MD5:
dd3b342a4a7f0e5c3040adb1af7c3f62
SHA1: bce30ade095d9057b7ada213f4648aadce9235d5 SHA256: 2c6de859a8a9273acb96702f558460ee0e3551bcc9e22308b6096bb051aaa918 SSDeep: 24:CN3KLjNeyS0vid4WSbeZLPjKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:EKG0v+Sbe1P+3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Pictures\desktop.ini | 1.42 KB |
MD5:
cbf6556cde549e0606f8335b74996db1
SHA1: 54d4d7d7125085ded981ebe744203f71131560f6 SHA256: 44ffc460f1c538cee7df9948100f03524ad18807406284b88046c45a2870e544 SSDeep: 24:SlmoX4qyc5tDao3JwRnaPGzSGLcDDug5BqC7ArA6vFI8id3vFuA2lkB5C6OMIg:SrXZycnDNEjSQM6M3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Links\Downloads.lnk | 1.80 KB |
MD5:
a063d190bd1f1582c7ca1aa2823b9f31
SHA1: 752190eb7a03cf13647381763eb82930db6d4365 SHA256: 3ce83fa0ee503ce32bcab9e9eb4ce74427f05437876f2600ac24dd573a44f214 SSDeep: 48:CJp462zUbyOQZ/1fasR6LNIsN8A3Aa8iVtO6bCO:C34zOQqtLNIO8A3vN1bZ |
|
|
| C:\Users\Default\Links\RecentPlaces.lnk | 1.28 KB |
MD5:
d238ec93fa9890b0648541f2c6a77ab4
SHA1: 49825bce719825096abbf53158554a0552f2d87f SHA256: e555ba67818216805c2cddc89d43625c4c162369c14e06a942bc161a9de60524 SSDeep: 24:Bxo60nUJsMV5hN1Dk/HwiKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:tWSbm/E3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\desktop.ini | 1.33 KB |
MD5:
61ae74e082bfbd9c39f835e1eefa3ea7
SHA1: 979d2c3a1707f99c7f5c5564f385734342206c6f SHA256: 92f91cc41cdc1efd645e902b954fbb070facc6143f5611a8aec68ae98f5f41b4 SSDeep: 24:aIIMWauuTVp+7vkLjbm6i9k3+DXTZwkSk5x4uz0GBqC7ArA6vFI8id3vFuA2lkB7:aI/uQp6sLW6i+3awRkguz0o3Aa8iVtOg |
|
|
| C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | 1.06 KB |
MD5:
eb68bc16a53ac00db407958096cf0d97
SHA1: 9d0842a57cb50430b1ca6cd320787509471dd3c5 SHA256: a890ba1b29881c8a2c57c4bdcbdd56defe088401fde7815d711c4a78063e2e73 SSDeep: 24:e5brOkMnvQJTCSpqC7ArA6vFI8id3vFuA2lkB5C6OMIg:YXMvM3p3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | 1.06 KB |
MD5:
6596008312eb62c3efcbf0122286d7e7
SHA1: 7dfdba7d979c2498272c662eeed3097ceef68bb7 SHA256: 6a7e2c3c7b5123ae9e5b0d08bbb13d23a8c6657d8af48b068be2a850e25ddd5a SSDeep: 24:NJ/dNN6OulhqqC7ArA6vFI8id3vFuA2lkB5C6OMIg:P/dN4rk3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | 1.06 KB |
MD5:
f4c68b52bd0d0f3958a27b47bd992abc
SHA1: 0a9c242d1f5c335aca0269f43dffcdb1f38f6466 SHA256: c12ce57a4b136910b8d3196adc64d1fb6459a41e643f54d975074b83fa5e7955 SSDeep: 24:q9aviz/FJqC7ArA6vFI8id3vFuA2lkB5C6OMIg:q9avipJ3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | 1.06 KB |
MD5:
36b486013ea3bd0651ea9a82dc7c883a
SHA1: 40df789bd7b32696d786be7fe716fb04d7afb350 SHA256: 02456378e3fd580d3a0114e2c8e22e7e0b41e67f83e4f8f73bb08371e12d5a91 SSDeep: 24:ZN3x8Gs5Vb6MZPfd5qC7ArA6vFI8id3vFuA2lkB5C6OMIg:nh8GeVR/3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | 1.06 KB |
MD5:
f53da115bb836681987220a6081e9a87
SHA1: b2891f2c5c53d3318c3d104171247118d8162bde SHA256: f0edc213219dea851291a52c39e3f62ffb462431b71032d7c5363900769494be SSDeep: 24:ytxkXbfv53UqC7ArA6vFI8id3vFuA2lkB5C6OMIg:yEi3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN.url | 1.06 KB |
MD5:
e79d62162e50e60e9dd266a30370f149
SHA1: 459ce0f2cb493f51a5e2cb50f9f0c092cc28c1ff SHA256: d97a3c430a83f1c4343b2540b0313a63f9783257999fc211e4de0a2091640a4d SSDeep: 24:Pk5k7FeNjWcq6VsKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:7xeNjWH6T3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | 1.06 KB |
MD5:
e6ffcee18679df05566a870050d8ef89
SHA1: a79510bb7788afbc4500ec423c0803dcc04375c8 SHA256: d4d8e1ad6b036f612bbda2fe9608c2baae512a39015316766daf4c3c6d8dc566 SSDeep: 24:5zbvyrYQDMu+BuyqC7ArA6vFI8id3vFuA2lkB5C6OMIg:5zbvyXoB13Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | 1.06 KB |
MD5:
d41932c3bcc62d6c78f000dc6bc89257
SHA1: 0d97e30b0cb6dfdd91864d926afc56a1f9719dca SHA256: d41c655fa7237bd974609f91671f5079804315a54abeb50550e245998c98f560 SSDeep: 24:+n4fQqfx6qC7ArA6vFI8id3vFuA2lkB5C6OMIg:+mQYx63Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | 1.06 KB |
MD5:
4afdcacd152efe9fbb9a3535f938a63c
SHA1: 75c04f89927b072fc4ff6f9e537ecb32c684f9bd SHA256: e503901d53d087ada7ef61bf49e177c30905f5494ffd1dfbe81e2caca98ddb54 SSDeep: 24:dgbd2lzmpK1KGXcrC2bqC7ArA6vFI8id3vFuA2lkB5C6OMIg:dgB2lzWCXcvb3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | 1.06 KB |
MD5:
35860cd8f3ebcf74a312f03f3c0ad9ca
SHA1: 295783d72571895aa446483a4f665725708ce049 SHA256: 00bb4e1636b739dac08fd87d8493529049381da5b1ed8852de0298fde01d31bc SSDeep: 24:jxEIu6RaFo2ATfVOoqC7ArA6vFI8id3vFuA2lkB5C6OMIg:Fu6Rqo2ATNOo3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Links\desktop.ini | 1.00 KB |
MD5:
f1e3f08cb0ff3afdddc11c7c766c058d
SHA1: 66068541e1751ba00dbc0ac067a0e210f2a072a9 SHA256: 2d7557c337160321deb2c6b31e7d9330eb8707f1d4c54e4c59a5bb9ae903ad12 SSDeep: 24:Bqdmedo1OKX8qC7ArA6vFI8id3vFuA2lkB5C6OMIg:gDeX83Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Links\Web Slice Gallery.url | 1.16 KB |
MD5:
16b892e1f59bea4947249b3991ff35ce
SHA1: 1f796d1213ca69d553379b0efecbec0c43ed3cf6 SHA256: 719b127fa5b5f71c5812f316da5c645875a4ad0b755dbd9c72c919b4d7236595 SSDeep: 24:vzSJiYVQwX8BO9xRZWqC7ArA6vFI8id3vFuA2lkB5C6OMIg:u8W38BO9xRZW3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Downloads\desktop.ini | 1.20 KB |
MD5:
899e1dae3e7e5c5b83a7d82e210fe9d1
SHA1: 8d4c4292706dedb7a419edb0c1825bafdb628641 SHA256: d0bd9ef632dca134fdd6a30b527cca7b332f26d92a6486364057ecd2f99a6d35 SSDeep: 24:ykcxnbW5WycB9r2uCNlqC7ArA6vFI8id3vFuA2lkB5C6OMIg:+xnK5W19r2u6l3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Documents\desktop.ini | 1.33 KB |
MD5:
4130d2f278a38754c42a7652e7fa0f8b
SHA1: 4f80e1ca0fa8dfa5cf23fcd9f6c08a65834a5a68 SHA256: b67de7c1ca690a69c1d090f44e91a58aaf3e3da91a4e5fcf27500e5722078c12 SSDeep: 24:7pft72dRlW4zIxtcICLDC93vs048h8qC7ArA6vFI8id3vFuA2lkB5C6OMIg:3mlWZ/cPLDC93vk8h83Aa8iVtO6bCO |
|
|
| C:\Users\Default\Desktop\desktop.ini | 1.20 KB |
MD5:
5953a6f7b2a8f0bbdea95abf46212c6b
SHA1: c3b336cd9e5e508f32bd0f861df7de35d9903d76 SHA256: e0514c74f668c7ee9662ec54c0a495667cf82b0f3ee6b39f40da39e3c87c3e50 SSDeep: 24:0B2nESYDx38zQFgYHROx1qAF8NatqC7ArA6vFI8id3vFuA2lkB5C6OMIg:0B2EVVsQe7uat3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Contacts\Administrator.contact | 67.70 KB |
MD5:
713d7793cc0d35b3250f5557805b3bf7
SHA1: a2e871aa09f215c14a60ce85b6830ce8aeb5d019 SHA256: 2d1ed8835e39af70bd8873a360c7d5c079e66be40451821f3a1ba0e2f91b7c42 SSDeep: 768:SJdsZiOhMFPh8DKAx/mu18Jo0aVHP48yYbbSslMQOfHx6VUTAngSilCfkWTwd+gr:KdsZ/3N12iQBsb32fHYVU6g50PwToH6z |
|
|
| C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml.{Killback@protonmail.com}KBK | 1.05 KB |
MD5:
ad956477e7d847a883f6f590fe9293ba
SHA1: a810809792b5758c80b42517f0f3b9e358e4919c SHA256: b4797168c18ac0409d11d4a15a6c799b200ad0844d2dc5b9ec6f19c82fb8a8c3 SSDeep: 24:KAOKQ7H9RY0seXA8jqC7ArA6vFI8id3vFuA2lkB5C6OMIg:KnK4Hs43Aa8iVtO6bCO |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | 859.71 KB |
MD5:
cefbb5c863f2fadba57ec2296ed5c402
SHA1: 77cfece336944848b0e1758f17039925099aa798 SHA256: 042faa72b8e4980735eee368968dff71471dd410890f7d2390299acc194d13d7 SSDeep: 24576:dhpI/rb2U81AVyLITc1mwTKwKOpVG4D77yliWs1rz:2nM1AAKIVG4DPyliWs1rz |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | 758.45 KB |
MD5:
bbe64bd9a7985770cbb9224e6b6c19f5
SHA1: db6f89f1b6dc82a2bb5c434b198c5c242093b65d SHA256: 41a2c9b1b7396f3dc8a9754ad0e74ad89d9ad88159ecd8a69235429930b13513 SSDeep: 12288:exo8w+TqosAlnsaO1ViSr1pHUj+k9nh32qieVtwmu6TfD2J1VtWv9p0zX:e68w+TqFoZsJw+6h3FYmu6T4jtWv9wX |
|
|
| C:\Users\Public\Music\Sample Music\desktop.ini | 1.50 KB |
MD5:
7bd1d1e27ae2dd4d8c6771ef23a7c09b
SHA1: 554dc67739686457122cb1f50274c7864855e356 SHA256: 10445b9fcc4f7d734ce00b216716624e95009ffc9d415844172d7e74d0c38459 SSDeep: 24:pJZ6s/hgikqSBUuR6MIc6Jl/Em1FPLYeC97wctpjUAB+G8qC7ArA6vFI8id3vFu0:pr//Gik6/JWGPLaJdtx3y3Aa8iVtO6bZ |
|
|
| C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | 3.92 MB |
MD5:
256d7c9972cfabf24258042a1042cdfe
SHA1: a860b0433087b276c7c9be5ae4ad993ebe3e389f SHA256: 31d88bde7564c82def781bb93d3dfb1741ab34204b76bd5b65ff08fd4137bbe6 SSDeep: 49152:UpjvEsoij/ADyXCiKbrAffGo8dpo5WqhlrPTZiubuOL9ukaWZtuXJMB455JUOFqw:B/Dyyhqvqqhhd7buOIW6lUE |
|
|
| C:\Users\Public\Desktop\Mozilla Firefox.lnk | 2.06 KB |
MD5:
a613393d9c6aad793c96e12ca74347cb
SHA1: 06e002aee4409c11818e10eb3b48a4114b319ef8 SHA256: b70ff41d91c5a880c3f81ffbdae00c8339da34f1ecd93d4ee90f026cda2f7321 SSDeep: 24:b/nNvFRKZmsyYfnmvWPK1vcYewN3O1vnVfseupuypc/mWA3adHqC7ArA6vFI8idn:hvFRKMOflBfB4q/Xeo3Aa8iVtO6bCO |
|
|
| C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | 512.92 KB |
MD5:
4f8acff4cae65055cb1ac92aed74db9a
SHA1: d7394ffa65d4476029afe73b7385e38f697ad2b3 SHA256: 101810cb20056934deb87c3be5be552fa3e45e8b1856e874b0b9d69fdffcc971 SSDeep: 6144:EO3lF8dNyTaTa1iFkYdy9bvw4FmVAns6sYy1Ikr:EO3f8dDuMF8Fbsx |
|
|
| C:\Users\Default\Searches\Everywhere.search-ms | 1.17 KB |
MD5:
00d0d87b5660c06c7f1cf22b7ea3d1e6
SHA1: e7697854dbbcce990ad8a1ec9c271262e7a73069 SHA256: 48718c84d4a8ddaf9dc6b03d00b3e7b19e7979f1ea102150de6a2e2e32f8cc68 SSDeep: 24:vXBaoQ8DTUTjfZVY62hqC7ArA6vFI8id3vFuA2lkB5C6OMIg:vsoQ3f3v2h3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Saved Games\desktop.ini | 1.20 KB |
MD5:
2e5ccadf7801d2b0e5ce3671a91b278d
SHA1: 2b6099318ac4c34dede4410d22a3dc376fe1c5e4 SHA256: 98ba63af9443a25da29959cb1b5a326601692796acbeb24714dfba1938673e17 SSDeep: 24:FaVYZ8l632ltGg4L9qC7ArA6vFI8id3vFuA2lkB5C6OMIg:vCMs+p3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Music\desktop.ini | 1.42 KB |
MD5:
ba66b63620c3733c42d71148bc48fd66
SHA1: 732378896e1cf2a7746058c861acff6059841319 SHA256: 9e35b96bdc803bdc514a4759423e25420917a773eca65c4ba8d2dea521ac805b SSDeep: 24:cLzPP+DAj+xg3uq4+gXt+vWR+2oT0qC7ArA6vFI8id3vFuA2lkB5C6OMIg:6iK3149t+v6R3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Links\desktop.ini | 1.50 KB |
MD5:
1329746180ae70fb521bd04fdd84fc24
SHA1: 44e285e381261174f69c64374233accff33a0cd3 SHA256: 85ec3bd14b83a908a7f72507e528876a5129cc580bdd4d465fd303ccbc8c3780 SSDeep: 24:ftdZKucoa5U151Oe/XspWPZWCHKiWaU+i14R7DqC7ArA6vFI8id3vFuA2lkB5C6N:fxz8e/cWhHKiW+i1y7D3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Links\Desktop.lnk | 1.39 KB |
MD5:
21feba2acf0aa814c51ef9d524d660a9
SHA1: 0e3c885990bf19a873884dff65bb4cd9131eb8a8 SHA256: d43322d0ac57f42579e28c985045303c277635b236b37081b8d05f53b09186e1 SSDeep: 24:PNXfIKYAW4fCFAFsRVqTv/bsqC7ArA6vFI8id3vFuA2lkB5C6OMIg:PNXAK3WRqTv/43Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | 1.06 KB |
MD5:
52fd44138c42a258847f8fcc978e5448
SHA1: cdddd6ada2c16c0d9cdcdae996ab52f5eab68088 SHA256: 24ad4a19fc76423e8bce14b5e3133309621705d9ed1d3eca5db5c14377b88c42 SSDeep: 24:rwb/rBV+Cmt6mHwrboVfqC7ArA6vFI8id3vFuA2lkB5C6OMIg:kb/rBV+VMmHsboZ3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | 1.06 KB |
MD5:
52c0088d0df7f27ef11a6bb17ac2d0d6
SHA1: 85c69b77506c5db6ff25872e6012715c580bee7f SHA256: 935601a86b4b47556a88512718c4710b02317edd7dbd2e200114f6d26ee19edc SSDeep: 24:CtbC3JoqC7ArA6vFI8id3vFuA2lkB5C6OMIg:KCZo3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN Money.url | 1.06 KB |
MD5:
f8be5b30ccd5f942c97012ed9f39f64c
SHA1: 3601534ffa6c90e04fb2c0852477264b423eac5b SHA256: 64f1cef85bac58f1c8092de80bfe5c59df29b6fae0c1c66580415f0392e18fef SSDeep: 24:BpE0pGIfSNzRdJqC7ArA6vFI8id3vFuA2lkB5C6OMIg:MJx1dJ3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | 1.06 KB |
MD5:
34c5c79522c662f1fab6f69c35187b15
SHA1: 7842da6b011922fd031e785f2346361a4c7f14d7 SHA256: 3928212f3c8e9e36a68fdfdd3889881e83ca749198da9ec92ca394f69eb6843d SSDeep: 24:HTP/z83UjUjieWkvJqC7ArA6vFI8id3vFuA2lkB5C6OMIg:rbmUjiimvJ3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | 1.06 KB |
MD5:
f004fc125c7a73cb95a4e699ef1907d4
SHA1: 87a13349eb944de67ea8e8927e5a030f06802ca9 SHA256: 642d9b47157eca2ec38e8ee7667fb882c3cccb0148cd5c8ce113337bb0102a52 SSDeep: 24:51XnJ98gZdBHYHBqC7ArA6vFI8id3vFuA2lkB5C6OMIg:L/8N3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Contacts\desktop.ini | 1.33 KB |
MD5:
59e676753cfceb2af0f4106094f3d153
SHA1: d011e28944bb566b5acaf861e411db3ceaa76604 SHA256: e474714823c168ad7ab6aa0e967603abad085fffbde45cfdc7fc15abbd5da11b SSDeep: 24:s1rd76amtbFvSpkYE+IhDmRmnIz1xT7uqC7ArA6vFI8id3vFuA2lkB5C6OMIg:urUamJFqeYRxRmab7u3Aa8iVtO6bCO |
|
|
| C:\Users\Default\AppData\Local\IconCache.db | 758.91 KB |
MD5:
d4eb60133d96aae21e0f2e5df688ab5d
SHA1: 2b5f9c0864a753803017a532fc8cd2681e74e244 SHA256: 13f216cd2701d3213eec6c110b8cac4c6cd2c870410630c52515137c08f04830 SSDeep: 6144:pf+qm+la0RVudmE5jA3byy0RiLqE9E9zxX3kGMC1P967UyvjL9giN5PBYc8uq1f:pfwKI/Eyy0RiLZrGMkPs7ZjhdYc83 |
|
|
| C:\BOOTSECT.BAK | 8.92 KB |
MD5:
4779b8a2eca47bfa0bda0ede4e86e6af
SHA1: 92436cb7693952f978150dd8606eac0101ffda88 SHA256: 9ca3299d4cb4f622fa47b2c39074cbd42b5e607f0fdbe273b46cf34e692fce1b SSDeep: 192:hXmT+f4rxD3xbB+DLKiP46O/XJivZF+jjSaHfjZbqZcw8MnCZFbIxlnn7Z:UJljxbBiL9m/Jix4Nb5TunCZpIxNnd |
|
|
| C:\Users\desktop.ini | 1.09 KB |
MD5:
f58548c0a54b501001f591b4b20097cf
SHA1: e334b3176e430c90bb3b44362e3f058f9f34ec10 SHA256: a8f2c63265958a9dad3890c6fac18095cb1867987de3bdcef81186188ff5c183 SSDeep: 24:t+EQII7HDtRK2p/hEgDKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:t7QII7HxRt7K3Aa8iVtO6bCO |
|
|
| C:\Users\Public\desktop.ini | 1.09 KB |
MD5:
ae94034fb7104d6beeb13f3ab72491b0
SHA1: da25acf807e9728c18463c383fc4d7d0dcf908eb SHA256: 0178b433c51c05c084d8b1eeef0c3a798b648ebdeda85b53f64bba7662b4ff12 SSDeep: 24:DB6s8ZmyKwsv2KqC7ArA6vFI8id3vFuA2lkB5C6OMIg:4myKwsOK3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Videos\desktop.ini | 1.30 KB |
MD5:
20d1f7128b9efd36aef02f4a87f40a5c
SHA1: 2a392a5e7406d231df6f35e5bc14e830e99cdfe4 SHA256: 8df78283bb35eb27a7e522e3ab5eecd7340d13c951c5b0ea3e99026cd751d550 SSDeep: 24:JWoW0w9I9WNt3iX8C3//e44wqC7ArA6vFI8id3vFuA2lkB5C6OMIg:JWozkoXVf3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Videos\Sample Videos\desktop.ini | 1.25 KB |
MD5:
0e121a6f09c13752d9f56847b5af3177
SHA1: 3557a4525b30ad15df765bc042cb781b2ec6fcbe SHA256: 49b9decf53a4946cf90c78d337d5b6b8d66bcc08c7ceac4e4c4af26f90989e8f SSDeep: 24:Qy1FWfeZ+GKpTlqy2nhMUzNvl+BqC7ArA6vFI8id3vFuA2lkB5C6OMIg:PCfeIbpWaCO3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | 25.03 MB |
MD5:
127487b026874ced3b1695bf3bbc4b49
SHA1: 906626500d41c650cc1141718c3dd0d2732d78e9 SHA256: ecc0dd11aef57eb9141cb0e9e582d38e9ba6ef96f0910c9eafee6acffb5c3774 SSDeep: 196608:XK8RUUDRmeHiGo+IzqmWYlX6uaZTL0hU+Z2i0SOIeFlfZ8lPQGvwGj5Yza:7XDRCPWYnKL0hUw0SZeFZwPQGj |
|
|
| C:\Users\Public\Recorded TV\desktop.ini | 1.00 KB |
MD5:
00ca6c266cbb8cecab85536396851263
SHA1: 4ecc9ce2347123a588e45acb4aebb6c4ad81b4b1 SHA256: 8118683396adefc0b115ceaaaca0f91bccf4eb85bf8749a9059bd3e0c61d72ff SSDeep: 24:IRxrdI7qf3tzIs5UpqC7ArA6vFI8id3vFuA2lkB5C6OMIg:ca7y90OUp3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Recorded TV\Sample Media\desktop.ini | 1.09 KB |
MD5:
e6e4bd1c9635ef30a7f44890b1f6fe83
SHA1: 489c632a0093ee9341f2c5873fda89408fb54ade SHA256: d8de020e310cb49016c3a940bca8fcdd54194c4605419eb311ca8ab5b782ea99 SSDeep: 24:8sPt1Ss+DYjyocVzfNqC7ArA6vFI8id3vFuA2lkB5C6OMIg:8sPD2YjjcVzF3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | 9.25 MB |
MD5:
39ad4669f5642950a2122a8c90f3f03b
SHA1: 0caa3b8b63f5a9408e127ce5a75ee5477f4e06e8 SHA256: afe7a29994c559aa2cf6ed531dbb5d00caab9120b9f22615d13205d8d6ca1e03 SSDeep: 196608:T5EuCQDQgkgzBfbW33PZKAOhely/pQcEEnluDbBHsz8LDa6HojGEo2ijcHPJw:XCIvBy33PZKxhELIluug/a3ucvJw |
|
|
| C:\Users\Public\Pictures\desktop.ini | 1.30 KB |
MD5:
ca0334134f2151883d258b49968e117c
SHA1: d6b0bcd8952df5ff9456b3f7b6fb8fedc974630e SHA256: ac6a18fe337ee49d407eb2ba2290444e0390af5ff28d87f27053444006ab8739 SSDeep: 24:1xUNJJhkKj6DSfyMEx5mpq/6j1qC7ArA6vFI8id3vFuA2lkB5C6OMIg:1KLsKdfyMEx5mE/6Z3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | 827.04 KB |
MD5:
c18c476c88d9c42a4973e8955176d136
SHA1: 0b9719c71cc44cf7c66b3189bd7dbc2eff295e1e SHA256: ad5f225c7052d28b0e1e132129d3062a7b58f81b39348835b6d9afc2e64ad0a6 SSDeep: 12288:+hOsW+cTqXqCuHM59owHDr9NZ6hxTEGT73pq1kYJpjsEk7Gscw0:dsW+c2CM511NZyTEGxY7jsEl1w0 |
|
|
| C:\Users\Public\Pictures\Sample Pictures\desktop.ini | 2.02 KB |
MD5:
56e964ecfd5fc36248a648b2ea867f39
SHA1: 4839c1b508807126ea49d062bcdc9c7e4ceb4afd SHA256: c5e1f52b5a7d75daf6d4dec33d6789ee7535b061bf9d20b573ad6d4e36a6ef80 SSDeep: 48:OxSsJj5+1TWMw8w4mKT3ESL+IEs/T3Aa8iVtO6bCO:OxSsJlY9VZxb3vN1bZ |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | 582.27 KB |
MD5:
6404390826b4b71cd151b9937e24f4d5
SHA1: f194a435e270fadfb335e353e87e85cd267740de SHA256: aafa0b0590579ac8cbcd0b18933ccf58b1c21b688029abc14621500932ae363c SSDeep: 12288:uQx+iLo0eoF2AaN/jpUrl1GhPZsuKu3riGAAlZ6L8N6Tglja7p/I:G2jeoFp2kl1GF5+xIZ6a6Wc/I |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | 763.45 KB |
MD5:
4befbf2972069e843a684b900732793d
SHA1: e505046911556d59e31a35651df5581ffa1f8ef3 SHA256: 512c5b0ae74b956a3de430c96d68a44aa76e416db67be0c6cbc7e35096af26b6 SSDeep: 12288:1wAi/QmQQUVzvMH/Z5PP2HIWIFPQqKjqcL8KOYmyLTG+ZOwG989j9IYloUGrV:149U9u/HPtLRQBPIumyLl9fhIV |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | 549.05 KB |
MD5:
b4f4b7d6e32928ddd51e366d73e70e4b
SHA1: 4b9b75e853ea6f6bbc4a47204f9c03ff1a21dd97 SHA256: 0b6aa414500da4086c1bd95cdc65675800932aee289c8b620c429f0530a6c681 SSDeep: 12288:qcazkch0QfN2D2Ti4RDTjdWg7d4fusy8dFADxp9xeWLMMXS92Q8p7Vhn:vchNl6d4RHvRWsVbEWrz |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | 760.53 KB |
MD5:
7c8b382f31c7e9fa1967b14b079ea7f2
SHA1: 6528833705f41ebcdff08ab980ba9b53002900b9 SHA256: e82286908b76919e34586be71a1709406852685a818acef0b8eaae18d54ef74c SSDeep: 12288:fjZ/TGc90TrpRL2dj80viHvBaotLEYLrL3uRNnvB6HTRmwlO1MRHbhLA8j2:7Z7jCTjL2djWBaot1P+TvBYTRvjHbh72 |
|
|
| C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | 607.26 KB |
MD5:
8b65c96dcf44e7617c1b7c7ffa8599ab
SHA1: c9e1b6da6dfaea9a1dfb04ed73fda148dc3fd707 SHA256: 785262b3c1f862e6b95f33b27a2afd9b089dc9a9787e23751e171067e9869ec5 SSDeep: 12288:f3S8NOG0DQ7gYtHZA7kicu7BuPYmcCXFXKRh9cg7aJVs:vS8UDCHZAgicuoP4MFXKRhCg7aJVs |
|
|
| C:\Users\Public\Music\desktop.ini | 1.30 KB |
MD5:
1c98c0b83cc1253282d1d01a4adfa403
SHA1: 9286d0e23926ab95dd756e76eae4e60f9179d89a SHA256: a6353609e723e2ff13cf7f899468e8980fbbf69f6a7a29c08005c2702a8bf354 SSDeep: 24:IApFGWkCOsNdK9/JntyOL7HwNoKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:5pFGsNd8/pP7Hwx3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Music\Sample Music\Kalimba.mp3 | 8.03 MB |
MD5:
12ffc61d6d1b59cbd4000bf54948d4bc
SHA1: 35aaaa8752166cc1efa90e52a1268e75a29966d5 SHA256: 0cf4b04d0067c5a208c1ca3b81ae47f9cf87186aa5f4953361adcb7f81a3b1cc SSDeep: 196608:YNrrs8xpbDZAaSCUQsJgvWCh2QFQtZMoeXS+GqzcakaYBR6w:YBF3/ZJQuOC8MaMo3+Gq4hpRZ |
|
|
| C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | 4.62 MB |
MD5:
bdf026f472d948b57c22a7de42b6074b
SHA1: 2655b5932415db9ab07e567ec56362cc7d0f62cb SHA256: e8cd4f4e4c365eda73a5ea9c82206b7a0edada9bb1db014ea9fbe800b80dae33 SSDeep: 98304:2s7zD5wTuxRL95vGrnrGlp8wXxW9LLFAX3Z+25ztMjRjTu4VVkWsb+/e:3DQQeHGlC7A3jujNufWz/e |
|
|
| C:\Users\Public\Libraries\desktop.ini | 1.02 KB |
MD5:
3ba2632d189c7b4d5a138267ec2f2da3
SHA1: 5cce4157d2a41e1561c30392ea8efa44f9fd311d SHA256: 51962ba135ce80d78439c4cab963e66008a04c997ef3f71ba398d8b0438962a5 SSDeep: 24:MAi32vy181BfNyjWqC7ArA6vFI8id3vFuA2lkB5C6OMIg:MXm88TfNP3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Libraries\RecordedTV.library-ms | 1.78 KB |
MD5:
5f3f5330a98e94bb0077242c15c2b21c
SHA1: 69b9ee57eb49d90e86c914981d724e9efbd61027 SHA256: f382bc538a0c9e934deba60918dc500c5461e18c12c1d21525015bdefecbc86c SSDeep: 48:G6xEsvo4P34/yBXbb7IYL5Kin+Je3Aa8iVtO6bCO:mGo4g/orXxKPe3vN1bZ |
|
|
| C:\Users\Public\Downloads\desktop.ini | 1.09 KB |
MD5:
36f6628b858ebbb02963be04e2467127
SHA1: 06b1e62aac55782739534886efc4f46853f34726 SHA256: a8a2d970ed171bd7fb0137e7537237580e5e3f66068be659905140dfe9062c29 SSDeep: 24:sblrX6Lp9RySqC7ArA6vFI8id3vFuA2lkB5C6OMIg:CT4d3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Documents\desktop.ini | 1.20 KB |
MD5:
6282ad62262de419c0cb9846653a4b60
SHA1: 6b4b3d052327f677448536bf8312789ae6cfe0c0 SHA256: 157b86fe14d794a9b24291b7be00ce66d79ae9c68f629d3e29685856358e0b8d SSDeep: 24:UwZ0Uq9Ui+TN+BqC7ArA6vFI8id3vFuA2lkB5C6OMIg:UwWZ9Wi3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Desktop\Adobe Reader X.lnk | 2.91 KB |
MD5:
659a22d7de5f9fdc8268c872dc7ff8cf
SHA1: 8cf3dd26bd925218e5c88494f8bc4599e327a906 SHA256: 59350094949cae931186a341f7875841fa3e89849833e2ea7f1a3d9627a61e25 SSDeep: 48:7lNrViWtUf7ir0eO1gJtQQZ9dxzRXPMgVhMoP53Aa8iVtO6bCO:ZNrVZtUAk1AVxNU0hDx3vN1bZ |
|
|
| C:\Users\Public\Desktop\desktop.ini | 1.09 KB |
MD5:
04a78d22064ce3a578f9ae98002288fd
SHA1: 431dc46a5eb7bd062ffdae57b7bbb803d1ba585f SHA256: ae10daa41959103860a68c06a0d92bfddf72c451df061a23e79f8b8ec4e1d129 SSDeep: 24:EB52SIXHZE/c+qC7ArA6vFI8id3vFuA2lkB5C6OMIg:dJE/v3Aa8iVtO6bCO |
|
|
| C:\Users\Public\Desktop\Google Chrome.lnk | 3.14 KB |
MD5:
40f09169a7a2d304eee7e80775adaa99
SHA1: 2971985abcd0bc25b6b37c937343eb310483ac97 SHA256: 7cdf01f0d369c5098336c69aac46b3889ead538d1e68f97687b64b9aa0622146 SSDeep: 48:LuldhysQbCm8UWLDSMCb7fTOp+6K4DDnmC1PgGQq3Aa8iVtO6bCO:Lul29HAnzWhODmCNlQq3vN1bZ |
|
|
| C:\Users\Default\NTUSER.DAT | 768.92 KB |
MD5:
dead151d5f3cd19c4775558ea1c1c9ab
SHA1: 967dcda4f74c31d66f2c9d74dfc3aec32777ae10 SHA256: 6ff77d91ce728f983900cca7b0aa2b8c94ea276c7741095adec9e341e5a3049f SSDeep: 12288:pwlQ5ehZmsGoGfze+b3iUr420Q+idAAMkdAJJ:GQehZsoGre+cIykdk |
|
|
| C:\Users\Default\NTUSER.DAT.LOG | 1.92 KB |
MD5:
77286bc439c15538e34eaa8671b0f728
SHA1: e736b80dccfa16dfc99b60f65b489404ce8736f6 SHA256: dae40d9b5f6c6efcc3c564c9dc277a5a8212f7e4ec5005a6b9a2798b06de4f60 SSDeep: 48:4YwwoxY33hk+LLynUi+V2v3Aa8iVtO6bCO:4YvfvCnUif3vN1bZ |
|
|
| C:\Users\Default\NTUSER.DAT.LOG1 | 185.92 KB |
MD5:
ef543cc8cee6b5022d4bab931f26b8d0
SHA1: 40bd000c7c7db3f634df791b1d8e7090bb25a44c SHA256: da5b91b60ba55e92b083a306f80843db2c43b41cbf2f3c29aac408972cafe18e SSDeep: 1536:ewZ+ERJcAvPHIjvyxxUoRlK46w49wqHE+LMiYB5akwZ7lHMhGZULaxVCqLjCulbv:ewZ+EzbFU+kE42qHk55eZdCGCLPqPD5 |
|
|
| C:\Users\Default\NTUSER.DAT.LOG2 | 896 bytes |
MD5:
28c78b7526e1a9502784c4054a34ba48
SHA1: ac010e69b62957d90497c5dd7881ecf2a01d2a21 SHA256: 4830d2eda822ec46affbf2c02eba4b2b8b23877cda00ab7a0ace807bb4d39afb SSDeep: 24:/I7qTgqC7ArA6vFI8id3vFuA2lkB5C6OMIg:/I7B3Aa8iVtO6bCO |
|
|
| C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | 64.92 KB |
MD5:
d3addb70b6224a8524f265367f1c2ffa
SHA1: f70704239082cb557c5753e45c3ecef724e1f298 SHA256: 9e2d485335cf5fb3fa2da3ed83ad731056a1f244430d39c3bdf8f487eff9cad3 SSDeep: 768:n9JTYqdkcpFCgIn1Oow6uLx+CNkoe9ULvSN8lrsZd:nDBk4CgI1Nw6uLxzGoNvS4rsn |
|
|
| C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | 512.92 KB |
MD5:
aa7ae9725dd6047a37a09382df82e419
SHA1: d6be734b86fc9891dbdaef51097e560dbe0fc8fc SHA256: 0d8bad0bcae1ed770f3b3c75ea76e3a7f51f5ee6ef55c19f63b7cc0dffc00401 SSDeep: 6144:o/2mnU+VL/xaPGG8QWeOGgTtoNNzidq0oW0B6Fl:o/pnU+VL/xE8HeOGgyp0fA6j |
|
|
| C:\Users\Default\ntuser.ini | 976 bytes |
MD5:
f5351ed3ae27e0fb8a9d94f83ff46c07
SHA1: c253a380e4ca580c732026668ed6c2e2f0926d64 SHA256: 0f96e8ee052dbe0397b7ed2e3f5218f207a1f2a329a81390f59a16c89a6afb4c SSDeep: 24:qoGLMNuqC7ArA6vFI8id3vFuA2lkB5C6OMIg:q1LP3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Videos\desktop.ini | 1.42 KB |
MD5:
66e00526b0b543e966510e2c2155d23b
SHA1: 3504e4e7b07643e2c8bc5c47a9d1e173afa1a864 SHA256: 1afafa18edbe4070dfc6ef68650b53ac68399696740bc0060e491a85e9fbdc7e SSDeep: 24:JkZgb38ov5LskwUV0H7M+O2wwqC7ArA6vFI8id3vFuA2lkB5C6OMIg:WZK8ov3ZV0H75uw3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Searches\desktop.ini | 1.44 KB |
MD5:
c13cd3366cb31a29871a95d770838af2
SHA1: e0852f5ac32163e97fd562116eb926d382ab06d9 SHA256: 2688327c82ef81584ccec3955a813c4dc3a16c7cd0d4464bf14a280a5f51b5a5 SSDeep: 24:4H73RyPRgHucgT4jD9itxbazCTGj3dwm/pPiqC7ArA6vFI8id3vFuA2lkB5C6OMT:4byRgH04jDU7aOqwydi3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Searches\Indexed Locations.search-ms | 1.17 KB |
MD5:
dd3b342a4a7f0e5c3040adb1af7c3f62
SHA1: bce30ade095d9057b7ada213f4648aadce9235d5 SHA256: 2c6de859a8a9273acb96702f558460ee0e3551bcc9e22308b6096bb051aaa918 SSDeep: 24:CN3KLjNeyS0vid4WSbeZLPjKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:EKG0v+Sbe1P+3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Pictures\desktop.ini | 1.42 KB |
MD5:
cbf6556cde549e0606f8335b74996db1
SHA1: 54d4d7d7125085ded981ebe744203f71131560f6 SHA256: 44ffc460f1c538cee7df9948100f03524ad18807406284b88046c45a2870e544 SSDeep: 24:SlmoX4qyc5tDao3JwRnaPGzSGLcDDug5BqC7ArA6vFI8id3vFuA2lkB5C6OMIg:SrXZycnDNEjSQM6M3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Links\Downloads.lnk | 1.80 KB |
MD5:
a063d190bd1f1582c7ca1aa2823b9f31
SHA1: 752190eb7a03cf13647381763eb82930db6d4365 SHA256: 3ce83fa0ee503ce32bcab9e9eb4ce74427f05437876f2600ac24dd573a44f214 SSDeep: 48:CJp462zUbyOQZ/1fasR6LNIsN8A3Aa8iVtO6bCO:C34zOQqtLNIO8A3vN1bZ |
|
|
| C:\Users\Default\Links\RecentPlaces.lnk | 1.28 KB |
MD5:
d238ec93fa9890b0648541f2c6a77ab4
SHA1: 49825bce719825096abbf53158554a0552f2d87f SHA256: e555ba67818216805c2cddc89d43625c4c162369c14e06a942bc161a9de60524 SSDeep: 24:Bxo60nUJsMV5hN1Dk/HwiKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:tWSbm/E3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\desktop.ini | 1.33 KB |
MD5:
61ae74e082bfbd9c39f835e1eefa3ea7
SHA1: 979d2c3a1707f99c7f5c5564f385734342206c6f SHA256: 92f91cc41cdc1efd645e902b954fbb070facc6143f5611a8aec68ae98f5f41b4 SSDeep: 24:aIIMWauuTVp+7vkLjbm6i9k3+DXTZwkSk5x4uz0GBqC7ArA6vFI8id3vFuA2lkB7:aI/uQp6sLW6i+3awRkguz0o3Aa8iVtOg |
|
|
| C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | 1.06 KB |
MD5:
eb68bc16a53ac00db407958096cf0d97
SHA1: 9d0842a57cb50430b1ca6cd320787509471dd3c5 SHA256: a890ba1b29881c8a2c57c4bdcbdd56defe088401fde7815d711c4a78063e2e73 SSDeep: 24:e5brOkMnvQJTCSpqC7ArA6vFI8id3vFuA2lkB5C6OMIg:YXMvM3p3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | 1.06 KB |
MD5:
6596008312eb62c3efcbf0122286d7e7
SHA1: 7dfdba7d979c2498272c662eeed3097ceef68bb7 SHA256: 6a7e2c3c7b5123ae9e5b0d08bbb13d23a8c6657d8af48b068be2a850e25ddd5a SSDeep: 24:NJ/dNN6OulhqqC7ArA6vFI8id3vFuA2lkB5C6OMIg:P/dN4rk3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | 1.06 KB |
MD5:
f4c68b52bd0d0f3958a27b47bd992abc
SHA1: 0a9c242d1f5c335aca0269f43dffcdb1f38f6466 SHA256: c12ce57a4b136910b8d3196adc64d1fb6459a41e643f54d975074b83fa5e7955 SSDeep: 24:q9aviz/FJqC7ArA6vFI8id3vFuA2lkB5C6OMIg:q9avipJ3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | 1.06 KB |
MD5:
36b486013ea3bd0651ea9a82dc7c883a
SHA1: 40df789bd7b32696d786be7fe716fb04d7afb350 SHA256: 02456378e3fd580d3a0114e2c8e22e7e0b41e67f83e4f8f73bb08371e12d5a91 SSDeep: 24:ZN3x8Gs5Vb6MZPfd5qC7ArA6vFI8id3vFuA2lkB5C6OMIg:nh8GeVR/3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | 1.06 KB |
MD5:
f53da115bb836681987220a6081e9a87
SHA1: b2891f2c5c53d3318c3d104171247118d8162bde SHA256: f0edc213219dea851291a52c39e3f62ffb462431b71032d7c5363900769494be SSDeep: 24:ytxkXbfv53UqC7ArA6vFI8id3vFuA2lkB5C6OMIg:yEi3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSN.url | 1.06 KB |
MD5:
e79d62162e50e60e9dd266a30370f149
SHA1: 459ce0f2cb493f51a5e2cb50f9f0c092cc28c1ff SHA256: d97a3c430a83f1c4343b2540b0313a63f9783257999fc211e4de0a2091640a4d SSDeep: 24:Pk5k7FeNjWcq6VsKqC7ArA6vFI8id3vFuA2lkB5C6OMIg:7xeNjWH6T3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | 1.06 KB |
MD5:
e6ffcee18679df05566a870050d8ef89
SHA1: a79510bb7788afbc4500ec423c0803dcc04375c8 SHA256: d4d8e1ad6b036f612bbda2fe9608c2baae512a39015316766daf4c3c6d8dc566 SSDeep: 24:5zbvyrYQDMu+BuyqC7ArA6vFI8id3vFuA2lkB5C6OMIg:5zbvyXoB13Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | 1.06 KB |
MD5:
d41932c3bcc62d6c78f000dc6bc89257
SHA1: 0d97e30b0cb6dfdd91864d926afc56a1f9719dca SHA256: d41c655fa7237bd974609f91671f5079804315a54abeb50550e245998c98f560 SSDeep: 24:+n4fQqfx6qC7ArA6vFI8id3vFuA2lkB5C6OMIg:+mQYx63Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | 1.06 KB |
MD5:
4afdcacd152efe9fbb9a3535f938a63c
SHA1: 75c04f89927b072fc4ff6f9e537ecb32c684f9bd SHA256: e503901d53d087ada7ef61bf49e177c30905f5494ffd1dfbe81e2caca98ddb54 SSDeep: 24:dgbd2lzmpK1KGXcrC2bqC7ArA6vFI8id3vFuA2lkB5C6OMIg:dgB2lzWCXcvb3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | 1.06 KB |
MD5:
35860cd8f3ebcf74a312f03f3c0ad9ca
SHA1: 295783d72571895aa446483a4f665725708ce049 SHA256: 00bb4e1636b739dac08fd87d8493529049381da5b1ed8852de0298fde01d31bc SSDeep: 24:jxEIu6RaFo2ATfVOoqC7ArA6vFI8id3vFuA2lkB5C6OMIg:Fu6Rqo2ATNOo3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Links\desktop.ini | 1.00 KB |
MD5:
f1e3f08cb0ff3afdddc11c7c766c058d
SHA1: 66068541e1751ba00dbc0ac067a0e210f2a072a9 SHA256: 2d7557c337160321deb2c6b31e7d9330eb8707f1d4c54e4c59a5bb9ae903ad12 SSDeep: 24:Bqdmedo1OKX8qC7ArA6vFI8id3vFuA2lkB5C6OMIg:gDeX83Aa8iVtO6bCO |
|
|
| C:\Users\Default\Favorites\Links\Web Slice Gallery.url | 1.16 KB |
MD5:
16b892e1f59bea4947249b3991ff35ce
SHA1: 1f796d1213ca69d553379b0efecbec0c43ed3cf6 SHA256: 719b127fa5b5f71c5812f316da5c645875a4ad0b755dbd9c72c919b4d7236595 SSDeep: 24:vzSJiYVQwX8BO9xRZWqC7ArA6vFI8id3vFuA2lkB5C6OMIg:u8W38BO9xRZW3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Downloads\desktop.ini | 1.20 KB |
MD5:
899e1dae3e7e5c5b83a7d82e210fe9d1
SHA1: 8d4c4292706dedb7a419edb0c1825bafdb628641 SHA256: d0bd9ef632dca134fdd6a30b527cca7b332f26d92a6486364057ecd2f99a6d35 SSDeep: 24:ykcxnbW5WycB9r2uCNlqC7ArA6vFI8id3vFuA2lkB5C6OMIg:+xnK5W19r2u6l3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Documents\desktop.ini | 1.33 KB |
MD5:
4130d2f278a38754c42a7652e7fa0f8b
SHA1: 4f80e1ca0fa8dfa5cf23fcd9f6c08a65834a5a68 SHA256: b67de7c1ca690a69c1d090f44e91a58aaf3e3da91a4e5fcf27500e5722078c12 SSDeep: 24:7pft72dRlW4zIxtcICLDC93vs048h8qC7ArA6vFI8id3vFuA2lkB5C6OMIg:3mlWZ/cPLDC93vk8h83Aa8iVtO6bCO |
|
|
| C:\Users\Default\Desktop\desktop.ini | 1.20 KB |
MD5:
5953a6f7b2a8f0bbdea95abf46212c6b
SHA1: c3b336cd9e5e508f32bd0f861df7de35d9903d76 SHA256: e0514c74f668c7ee9662ec54c0a495667cf82b0f3ee6b39f40da39e3c87c3e50 SSDeep: 24:0B2nESYDx38zQFgYHROx1qAF8NatqC7ArA6vFI8id3vFuA2lkB5C6OMIg:0B2EVVsQe7uat3Aa8iVtO6bCO |
|
|
| C:\Users\Default\Contacts\Administrator.contact | 67.70 KB |
MD5:
713d7793cc0d35b3250f5557805b3bf7
SHA1: a2e871aa09f215c14a60ce85b6830ce8aeb5d019 SHA256: 2d1ed8835e39af70bd8873a360c7d5c079e66be40451821f3a1ba0e2f91b7c42 SSDeep: 768:SJdsZiOhMFPh8DKAx/mu18Jo0aVHP48yYbbSslMQOfHx6VUTAngSilCfkWTwd+gr:KdsZ/3N12iQBsb32fHYVU6g50PwToH6z |
|
|
| C:\Users\Default\AppData\Local\Temp\FXSAPIDebugLogFile.txt | 896 bytes |
MD5:
873a12054a09d2a9b4de744cf2d7ec79
SHA1: 9d819c87454b23f6e2770b341b531b80c1b5c5c6 SHA256: c1e19ec1a3c2d43d43c24392b9e87f8b5ec5af0d0021c3ac8a41375c1d50fd2e SSDeep: 24:ZDssqC7ArA6vFI8id3vFuA2lkB5C6OMIg:Zd3Aa8iVtO6bCO |
|
|
| C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml.{Killback@protonmail.com}KBK | 1.05 KB |
MD5:
ad956477e7d847a883f6f590fe9293ba
SHA1: a810809792b5758c80b42517f0f3b9e358e4919c SHA256: b4797168c18ac0409d11d4a15a6c799b200ad0844d2dc5b9ec6f19c82fb8a8c3 SSDeep: 24:KAOKQ7H9RY0seXA8jqC7ArA6vFI8id3vFuA2lkB5C6OMIg:KnK4Hs43Aa8iVtO6bCO |
|
|
Host Behavior
File (5336)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\Public\93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\hiberfil.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\pagefile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Videos\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Videos\Sample Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Videos\Sample Videos\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Recorded TV\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Recorded TV\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Recorded TV\Sample Media\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Recorded TV\Sample Media\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Music\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Music\Sample Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Music\Sample Music\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Libraries\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Libraries\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Libraries\RecordedTV.library-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Downloads\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Downloads\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Documents\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\Adobe Reader X.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\Google Chrome.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Public\Desktop\Mozilla Firefox.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\ntuser.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Videos\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Videos\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Searches\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Searches\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Searches\Everywhere.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Searches\Indexed Locations.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Saved Games\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Saved Games\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Pictures\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Pictures\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Music\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Music\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Links\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Links\Desktop.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Links\Downloads.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Links\RecentPlaces.lnk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Windows Live\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\MSN Websites\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\MSN Websites\MSN Money.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\MSN Websites\MSN.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Microsoft Websites\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Links\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Links\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Favorites\Links\Web Slice Gallery.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Downloads\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Downloads\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Documents\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Documents\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Desktop\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Desktop\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Contacts\Administrator.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Contacts\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\Contacts\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\AppData\Local\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\AppData\Local\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\All Users\Sun\Java\Java Update\decrypt_files.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\sihvgt.exe | type = file_attributes |
|
1 | |
| Get Info | C:\BOOTSECT.BAK | type = size, size_out = 8192 |
|
1 | |
| Get Info | C:\\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\desktop.ini | type = size, size_out = 174 |
|
1 | |
| Get Info | C:\Users\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\desktop.ini | type = size, size_out = 174 |
|
1 | |
| Get Info | C:\Users\Public\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Videos\desktop.ini | type = size, size_out = 380 |
|
1 | |
| Get Info | C:\Users\Public\Videos\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Videos\Sample Videos\desktop.ini | type = size, size_out = 326 |
|
1 | |
| Get Info | C:\Users\Public\Videos\Sample Videos\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | type = size, size_out = 26246026 |
|
1 | |
| Get Info | C:\Users\Public\Videos\Sample Videos\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Recorded TV\desktop.ini | type = size, size_out = 80 |
|
1 | |
| Get Info | C:\Users\Public\Recorded TV\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Recorded TV\Sample Media\desktop.ini | type = size, size_out = 171 |
|
1 | |
| Get Info | C:\Users\Public\Recorded TV\Sample Media\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | type = size, size_out = 9699328 |
|
1 | |
| Get Info | C:\Users\Public\Recorded TV\Sample Media\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\desktop.ini | type = size, size_out = 380 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | type = size, size_out = 879394 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | type = size, size_out = 845941 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\decrypt_files.html | type = file_attributes |
|
8 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | type = size, size_out = 1120 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | type = size, size_out = 595284 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | type = size, size_out = 775702 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | type = size, size_out = 780831 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | type = size, size_out = 561276 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | type = size, size_out = 777835 |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | type = size, size_out = 620888 |
|
1 | |
| Get Info | C:\Users\Public\Music\desktop.ini | type = size, size_out = 380 |
|
1 | |
| Get Info | C:\Users\Public\Music\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Music\Sample Music\desktop.ini | type = size, size_out = 586 |
|
1 | |
| Get Info | C:\Users\Public\Music\Sample Music\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | type = size, size_out = 8414449 |
|
1 | |
| Get Info | C:\Users\Public\Music\Sample Music\decrypt_files.html | type = file_attributes |
|
3 | |
| Get Info | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | type = size, size_out = 4113874 |
|
1 | |
| Get Info | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | type = size, size_out = 4842585 |
|
1 | |
| Get Info | C:\Users\Public\Libraries\desktop.ini | type = size, size_out = 88 |
|
1 | |
| Get Info | C:\Users\Public\Libraries\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Libraries\RecordedTV.library-ms | type = size, size_out = 876 |
|
1 | |
| Get Info | C:\Users\Public\Libraries\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Downloads\desktop.ini | type = size, size_out = 174 |
|
1 | |
| Get Info | C:\Users\Public\Downloads\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Documents\desktop.ini | type = size, size_out = 278 |
|
1 | |
| Get Info | C:\Users\Public\Documents\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Desktop\Adobe Reader X.lnk | type = size, size_out = 2025 |
|
1 | |
| Get Info | C:\Users\Public\Desktop\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Desktop\desktop.ini | type = size, size_out = 174 |
|
1 | |
| Get Info | C:\Users\Public\Desktop\decrypt_files.html | type = file_attributes |
|
3 | |
| Get Info | C:\Users\Public\Desktop\Google Chrome.lnk | type = size, size_out = 2257 |
|
1 | |
| Get Info | C:\Users\Public\Desktop\Mozilla Firefox.lnk | type = size, size_out = 1157 |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT | type = size, size_out = 786432 |
|
1 | |
| Get Info | C:\Users\Default\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT.LOG | type = size, size_out = 1024 |
|
1 | |
| Get Info | C:\Users\Default\decrypt_files.html | type = file_attributes |
|
6 | |
| Get Info | C:\Users\Default\NTUSER.DAT.LOG1 | type = size, size_out = 189440 |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT.LOG2 | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | type = size, size_out = 65536 |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | type = size, size_out = 524288 |
|
1 | |
| Get Info | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | type = size, size_out = 524288 |
|
1 | |
| Get Info | C:\Users\Default\ntuser.ini | type = size, size_out = 20 |
|
1 | |
| Get Info | C:\Users\Default\Videos\desktop.ini | type = size, size_out = 504 |
|
1 | |
| Get Info | C:\Users\Default\Videos\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Searches\desktop.ini | type = size, size_out = 524 |
|
1 | |
| Get Info | C:\Users\Default\Searches\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Searches\Everywhere.search-ms | type = size, size_out = 248 |
|
1 | |
| Get Info | C:\Users\Default\Searches\decrypt_files.html | type = file_attributes |
|
2 | |
| Get Info | C:\Users\Default\Searches\Indexed Locations.search-ms | type = size, size_out = 248 |
|
1 | |
| Get Info | C:\Users\Default\Saved Games\desktop.ini | type = size, size_out = 282 |
|
1 | |
| Get Info | C:\Users\Default\Saved Games\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Pictures\desktop.ini | type = size, size_out = 504 |
|
1 | |
| Get Info | C:\Users\Default\Pictures\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Music\desktop.ini | type = size, size_out = 504 |
|
1 | |
| Get Info | C:\Users\Default\Music\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Links\desktop.ini | type = size, size_out = 580 |
|
1 | |
| Get Info | C:\Users\Default\Links\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Links\Desktop.lnk | type = size, size_out = 467 |
|
1 | |
| Get Info | C:\Users\Default\Links\decrypt_files.html | type = file_attributes |
|
3 | |
| Get Info | C:\Users\Default\Links\Downloads.lnk | type = size, size_out = 894 |
|
1 | |
| Get Info | C:\Users\Default\Links\RecentPlaces.lnk | type = size, size_out = 363 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\desktop.ini | type = size, size_out = 402 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Windows Live\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Windows Live\decrypt_files.html | type = file_attributes |
|
3 | |
| Get Info | C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\MSN Websites\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\MSN Websites\decrypt_files.html | type = file_attributes |
|
5 | |
| Get Info | C:\Users\Default\Favorites\MSN Websites\MSN Money.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\MSN Websites\MSN.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Microsoft Websites\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Microsoft Websites\decrypt_files.html | type = file_attributes |
|
4 | |
| Get Info | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | type = size, size_out = 133 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | type = size, size_out = 134 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Links\desktop.ini | type = size, size_out = 80 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Links\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Links\Web Slice Gallery.url | type = size, size_out = 226 |
|
1 | |
| Get Info | C:\Users\Default\Favorites\Links\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Downloads\desktop.ini | type = size, size_out = 282 |
|
1 | |
| Get Info | C:\Users\Default\Downloads\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Documents\desktop.ini | type = size, size_out = 402 |
|
1 | |
| Get Info | C:\Users\Default\Documents\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Desktop\desktop.ini | type = size, size_out = 282 |
|
1 | |
| Get Info | C:\Users\Default\Desktop\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Contacts\Administrator.contact | type = size, size_out = 68382 |
|
1 | |
| Get Info | C:\Users\Default\Contacts\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\Contacts\desktop.ini | type = size, size_out = 412 |
|
1 | |
| Get Info | C:\Users\Default\Contacts\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\AppData\Local\IconCache.db | type = size, size_out = 776176 |
|
1 | |
| Get Info | C:\Users\Default\AppData\Local\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\AppData\Local\Temp\FXSAPIDebugLogFile.txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml | type = size, size_out = 119 |
|
1 | |
| Get Info | C:\Users\All Users\Sun\Java\Java Update\decrypt_files.html | type = file_attributes |
|
1 | |
| Get Info | C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab | type = size, size_out = 4932896 |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Copy | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\sihvgt.exe | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sihvgt.exe |
|
1 | |
| Move | C:\BOOTSECT.BAK.{Killback@protonmail.com}KBK | source_filename = C:\BOOTSECT.BAK, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Videos\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Videos\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Videos\Sample Videos\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Videos\Sample Videos\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Recorded TV\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Recorded TV\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Recorded TV\Sample Media\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Recorded TV\Sample Media\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\Sample Pictures\Desert.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\Sample Pictures\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\Sample Pictures\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\Sample Pictures\Koala.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Music\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Music\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Music\Sample Music\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Music\Sample Music\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Music\Sample Music\Kalimba.mp3.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Music\Sample Music\Kalimba.mp3, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Music\Sample Music\Sleep Away.mp3.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Music\Sample Music\Sleep Away.mp3, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Libraries\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Libraries\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Libraries\RecordedTV.library-ms.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Libraries\RecordedTV.library-ms, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Downloads\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Downloads\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Documents\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Documents\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Desktop\Adobe Reader X.lnk.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Desktop\Adobe Reader X.lnk, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Desktop\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Desktop\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Desktop\Google Chrome.lnk.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Desktop\Google Chrome.lnk, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Public\Desktop\Mozilla Firefox.lnk.{Killback@protonmail.com}KBK | source_filename = C:\Users\Public\Desktop\Mozilla Firefox.lnk, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\NTUSER.DAT.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\NTUSER.DAT, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\NTUSER.DAT.LOG.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\NTUSER.DAT.LOG, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\NTUSER.DAT.LOG1.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\NTUSER.DAT.LOG1, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\ntuser.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\ntuser.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Videos\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Videos\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Searches\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Searches\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Searches\Everywhere.search-ms.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Searches\Everywhere.search-ms, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Searches\Indexed Locations.search-ms.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Searches\Indexed Locations.search-ms, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Saved Games\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Saved Games\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Pictures\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Pictures\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Music\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Music\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Links\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Links\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Links\Desktop.lnk.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Links\Desktop.lnk, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Links\Downloads.lnk.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Links\Downloads.lnk, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Links\RecentPlaces.lnk.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Links\RecentPlaces.lnk, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Windows Live\Get Windows Live.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Windows Live\Get Windows Live.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\MSN Websites\MSN Autos.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\MSN Websites\MSN Autos.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\MSN Websites\MSN Money.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\MSN Websites\MSN Money.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\MSN Websites\MSN Sports.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\MSN Websites\MSN Sports.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\MSN Websites\MSN.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\MSN Websites\MSN.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\MSN Websites\MSNBC News.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\MSN Websites\MSNBC News.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Links\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Links\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Favorites\Links\Web Slice Gallery.url.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Favorites\Links\Web Slice Gallery.url, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Downloads\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Downloads\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Documents\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Documents\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Desktop\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Desktop\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Contacts\Administrator.contact.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Contacts\Administrator.contact, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\Contacts\desktop.ini.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\Contacts\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\Default\AppData\Local\IconCache.db.{Killback@protonmail.com}KBK | source_filename = C:\Users\Default\AppData\Local\IconCache.db, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml.{Killback@protonmail.com}KBK | source_filename = C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Read | C:\BOOTSECT.BAK | size = 8192, size_out = 8192 |
|
1 | |
| Read | C:\Users\desktop.ini | size = 8192, size_out = 174 |
|
1 | |
| Read | C:\Users\Public\desktop.ini | size = 8192, size_out = 174 |
|
1 | |
| Read | C:\Users\Public\Videos\desktop.ini | size = 8192, size_out = 380 |
|
1 | |
| Read | C:\Users\Public\Videos\Sample Videos\desktop.ini | size = 8192, size_out = 326 |
|
1 | |
| Read | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | size = 8192, size_out = 8192 |
|
314 | |
| Read | C:\Users\Public\Recorded TV\desktop.ini | size = 8192, size_out = 80 |
|
1 | |
| Read | C:\Users\Public\Recorded TV\Sample Media\desktop.ini | size = 8192, size_out = 171 |
|
1 | |
| Read | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | size = 8192, size_out = 8192 |
|
321 | |
| Read | C:\Users\Public\Pictures\desktop.ini | size = 8192, size_out = 380 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | size = 8192, size_out = 8192 |
|
54 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 8192, size_out = 8192 |
|
52 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | size = 8192, size_out = 1120 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 8192, size_out = 8192 |
|
36 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 8192, size_out = 5460 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 8192, size_out = 8192 |
|
47 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 8192, size_out = 5654 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 8192, size_out = 8192 |
|
48 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 8192, size_out = 8192 |
|
34 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 8192, size_out = 4220 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 8192, size_out = 8192 |
|
47 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 8192, size_out = 7787 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 8192, size_out = 8192 |
|
38 | |
| Read | C:\Users\Public\Music\desktop.ini | size = 8192, size_out = 380 |
|
1 | |
| Read | C:\Users\Public\Music\Sample Music\desktop.ini | size = 8192, size_out = 586 |
|
1 | |
| Read | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | size = 8192, size_out = 8192 |
|
250 | |
| Read | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | size = 8192, size_out = 8192 |
|
250 | |
| Read | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | size = 8192, size_out = 8192 |
|
296 | |
| Read | C:\Users\Public\Libraries\desktop.ini | size = 8192, size_out = 88 |
|
1 | |
| Read | C:\Users\Public\Libraries\RecordedTV.library-ms | size = 8192, size_out = 876 |
|
1 | |
| Read | C:\Users\Public\Downloads\desktop.ini | size = 8192, size_out = 174 |
|
1 | |
| Read | C:\Users\Public\Documents\desktop.ini | size = 8192, size_out = 278 |
|
1 | |
| Read | C:\Users\Public\Desktop\Adobe Reader X.lnk | size = 8192, size_out = 2025 |
|
1 | |
| Read | C:\Users\Public\Desktop\desktop.ini | size = 8192, size_out = 174 |
|
1 | |
| Read | C:\Users\Public\Desktop\Google Chrome.lnk | size = 8192, size_out = 2257 |
|
1 | |
| Read | C:\Users\Public\Desktop\Mozilla Firefox.lnk | size = 8192, size_out = 1157 |
|
1 | |
| Read | C:\Users\Default\NTUSER.DAT | size = 8192, size_out = 8192 |
|
48 | |
| Read | C:\Users\Default\NTUSER.DAT | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\Default\NTUSER.DAT.LOG | size = 8192, size_out = 1024 |
|
1 | |
| Read | C:\Users\Default\NTUSER.DAT.LOG1 | size = 8192, size_out = 8192 |
|
12 | |
| Read | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | size = 8192, size_out = 8192 |
|
4 | |
| Read | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | size = 8192, size_out = 8192 |
|
32 | |
| Read | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | size = 8192, size_out = 8192 |
|
32 | |
| Read | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | size = 8192, size_out = 0 |
|
1 | |
| Read | C:\Users\Default\ntuser.ini | size = 8192, size_out = 20 |
|
1 | |
| Read | C:\Users\Default\Videos\desktop.ini | size = 8192, size_out = 504 |
|
1 | |
| Read | C:\Users\Default\Searches\desktop.ini | size = 8192, size_out = 524 |
|
1 | |
| Read | C:\Users\Default\Searches\Everywhere.search-ms | size = 8192, size_out = 248 |
|
1 | |
| Read | C:\Users\Default\Searches\Indexed Locations.search-ms | size = 8192, size_out = 248 |
|
1 | |
| Read | C:\Users\Default\Saved Games\desktop.ini | size = 8192, size_out = 282 |
|
1 | |
| Read | C:\Users\Default\Pictures\desktop.ini | size = 8192, size_out = 504 |
|
1 | |
| Read | C:\Users\Default\Music\desktop.ini | size = 8192, size_out = 504 |
|
1 | |
| Read | C:\Users\Default\Links\desktop.ini | size = 8192, size_out = 580 |
|
1 | |
| Read | C:\Users\Default\Links\Desktop.lnk | size = 8192, size_out = 467 |
|
1 | |
| Read | C:\Users\Default\Links\Downloads.lnk | size = 8192, size_out = 894 |
|
1 | |
| Read | C:\Users\Default\Links\RecentPlaces.lnk | size = 8192, size_out = 363 |
|
1 | |
| Read | C:\Users\Default\Favorites\desktop.ini | size = 8192, size_out = 402 |
|
1 | |
| Read | C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\MSN Websites\MSN Money.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\MSN Websites\MSN.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | size = 8192, size_out = 133 |
|
1 | |
| Read | C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | size = 8192, size_out = 134 |
|
1 | |
| Read | C:\Users\Default\Favorites\Links\desktop.ini | size = 8192, size_out = 80 |
|
1 | |
| Read | C:\Users\Default\Favorites\Links\Web Slice Gallery.url | size = 8192, size_out = 226 |
|
1 | |
| Read | C:\Users\Default\Downloads\desktop.ini | size = 8192, size_out = 282 |
|
1 | |
| Read | C:\Users\Default\Documents\desktop.ini | size = 8192, size_out = 402 |
|
1 | |
| Read | C:\Users\Default\Desktop\desktop.ini | size = 8192, size_out = 282 |
|
1 | |
| Read | C:\Users\Default\Contacts\Administrator.contact | size = 8192, size_out = 8192 |
|
4 | |
| Read | C:\Users\Default\Contacts\Administrator.contact | size = 8192, size_out = 2846 |
|
1 | |
| Read | C:\Users\Default\Contacts\desktop.ini | size = 8192, size_out = 412 |
|
1 | |
| Read | C:\Users\Default\AppData\Local\IconCache.db | size = 8192, size_out = 8192 |
|
47 | |
| Read | C:\Users\Default\AppData\Local\IconCache.db | size = 8192, size_out = 6128 |
|
1 | |
| Read | C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml | size = 8192, size_out = 119 |
|
1 | |
| Read | C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab | size = 8192, size_out = 8192 |
|
297 | |
| Write | C:\Users\Public\93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887 | size = 258 |
|
1 | |
| Write | C:\Users\Public\93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887 | size = 768 |
|
1 | |
| Write | System Paging File | size = 128 |
|
3 | |
| Write | System Paging File | size = 768 |
|
3 | |
| Write | C:\BOOTSECT.BAK | size = 8192 |
|
1 | |
| Write | C:\BOOTSECT.BAK | size = 32 |
|
1 | |
| Write | C:\BOOTSECT.BAK | size = 16 |
|
1 | |
| Write | C:\BOOTSECT.BAK | size = 128 |
|
1 | |
| Write | C:\BOOTSECT.BAK | size = 768 |
|
1 | |
| Write | C:\\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\desktop.ini | size = 176 |
|
1 | |
| Write | C:\Users\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\desktop.ini | size = 176 |
|
1 | |
| Write | C:\Users\Public\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Videos\desktop.ini | size = 384 |
|
1 | |
| Write | C:\Users\Public\Videos\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Videos\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Videos\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Videos\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Videos\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\desktop.ini | size = 336 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | size = 8192 |
|
313 | |
| Write | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | size = 32 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | size = 16 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | size = 128 |
|
1 | |
| Write | C:\Users\Public\Videos\Sample Videos\Wildlife.wmv | size = 768 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\desktop.ini | size = 176 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | size = 8192 |
|
320 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | size = 32 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | size = 16 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | size = 128 |
|
1 | |
| Write | C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\desktop.ini | size = 384 |
|
1 | |
| Write | C:\Users\Public\Pictures\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | size = 8192 |
|
54 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 8192 |
|
52 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | size = 1120 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 8192 |
|
36 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 5472 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 8192 |
|
47 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 5664 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 8192 |
|
48 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 8192 |
|
34 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 4224 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 8192 |
|
47 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 7792 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 768 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 8192 |
|
38 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 32 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 16 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 128 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 768 |
|
1 | |
| Write | C:\Users\Public\Music\desktop.ini | size = 384 |
|
1 | |
| Write | C:\Users\Public\Music\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Music\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Music\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Music\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Music\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\desktop.ini | size = 592 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | size = 8192 |
|
249 | |
| Write | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | size = 128 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Kalimba.mp3 | size = 768 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | size = 8192 |
|
249 | |
| Write | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | size = 32 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | size = 16 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | size = 128 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 | size = 768 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | size = 8192 |
|
296 | |
| Write | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | size = 32 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | size = 16 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | size = 128 |
|
1 | |
| Write | C:\Users\Public\Music\Sample Music\Sleep Away.mp3 | size = 768 |
|
1 | |
| Write | C:\Users\Public\Libraries\desktop.ini | size = 96 |
|
1 | |
| Write | C:\Users\Public\Libraries\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Libraries\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Libraries\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Libraries\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Libraries\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Libraries\RecordedTV.library-ms | size = 880 |
|
1 | |
| Write | C:\Users\Public\Libraries\RecordedTV.library-ms | size = 32 |
|
1 | |
| Write | C:\Users\Public\Libraries\RecordedTV.library-ms | size = 16 |
|
1 | |
| Write | C:\Users\Public\Libraries\RecordedTV.library-ms | size = 128 |
|
1 | |
| Write | C:\Users\Public\Libraries\RecordedTV.library-ms | size = 768 |
|
1 | |
| Write | C:\Users\Public\Downloads\desktop.ini | size = 176 |
|
1 | |
| Write | C:\Users\Public\Downloads\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Downloads\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Downloads\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Downloads\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Downloads\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Documents\desktop.ini | size = 288 |
|
1 | |
| Write | C:\Users\Public\Documents\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Documents\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Documents\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Documents\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Documents\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Desktop\Adobe Reader X.lnk | size = 2032 |
|
1 | |
| Write | C:\Users\Public\Desktop\Adobe Reader X.lnk | size = 32 |
|
1 | |
| Write | C:\Users\Public\Desktop\Adobe Reader X.lnk | size = 16 |
|
1 | |
| Write | C:\Users\Public\Desktop\Adobe Reader X.lnk | size = 128 |
|
1 | |
| Write | C:\Users\Public\Desktop\Adobe Reader X.lnk | size = 768 |
|
1 | |
| Write | C:\Users\Public\Desktop\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Public\Desktop\desktop.ini | size = 176 |
|
1 | |
| Write | C:\Users\Public\Desktop\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Public\Desktop\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Public\Desktop\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Public\Desktop\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Public\Desktop\Google Chrome.lnk | size = 2272 |
|
1 | |
| Write | C:\Users\Public\Desktop\Google Chrome.lnk | size = 32 |
|
1 | |
| Write | C:\Users\Public\Desktop\Google Chrome.lnk | size = 16 |
|
1 | |
| Write | C:\Users\Public\Desktop\Google Chrome.lnk | size = 128 |
|
1 | |
| Write | C:\Users\Public\Desktop\Google Chrome.lnk | size = 768 |
|
1 | |
| Write | C:\Users\Public\Desktop\Mozilla Firefox.lnk | size = 1168 |
|
1 | |
| Write | C:\Users\Public\Desktop\Mozilla Firefox.lnk | size = 32 |
|
1 | |
| Write | C:\Users\Public\Desktop\Mozilla Firefox.lnk | size = 16 |
|
1 | |
| Write | C:\Users\Public\Desktop\Mozilla Firefox.lnk | size = 128 |
|
1 | |
| Write | C:\Users\Public\Desktop\Mozilla Firefox.lnk | size = 768 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT | size = 8192 |
|
48 | |
| Write | C:\Users\Default\NTUSER.DAT | size = 32 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT | size = 16 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT | size = 128 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT | size = 768 |
|
1 | |
| Write | C:\Users\Default\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG | size = 1024 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG | size = 32 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG | size = 16 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG | size = 128 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG | size = 768 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG1 | size = 8192 |
|
12 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG1 | size = 32 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG1 | size = 16 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG1 | size = 128 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG1 | size = 768 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG2 | size = 128 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT.LOG2 | size = 768 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | size = 8192 |
|
4 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | size = 32 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | size = 16 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | size = 128 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf | size = 768 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | size = 8192 |
|
32 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | size = 32 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | size = 16 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | size = 128 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms | size = 768 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | size = 8192 |
|
32 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | size = 32 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | size = 16 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | size = 128 |
|
1 | |
| Write | C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms | size = 768 |
|
1 | |
| Write | C:\Users\Default\ntuser.ini | size = 32 |
|
2 | |
| Write | C:\Users\Default\ntuser.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\ntuser.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\ntuser.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Videos\desktop.ini | size = 512 |
|
1 | |
| Write | C:\Users\Default\Videos\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Videos\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Videos\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Videos\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Videos\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Searches\desktop.ini | size = 528 |
|
1 | |
| Write | C:\Users\Default\Searches\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Searches\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Searches\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Searches\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Searches\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Searches\Everywhere.search-ms | size = 256 |
|
1 | |
| Write | C:\Users\Default\Searches\Everywhere.search-ms | size = 32 |
|
1 | |
| Write | C:\Users\Default\Searches\Everywhere.search-ms | size = 16 |
|
1 | |
| Write | C:\Users\Default\Searches\Everywhere.search-ms | size = 128 |
|
1 | |
| Write | C:\Users\Default\Searches\Everywhere.search-ms | size = 768 |
|
1 | |
| Write | C:\Users\Default\Searches\Indexed Locations.search-ms | size = 256 |
|
1 | |
| Write | C:\Users\Default\Searches\Indexed Locations.search-ms | size = 32 |
|
1 | |
| Write | C:\Users\Default\Searches\Indexed Locations.search-ms | size = 16 |
|
1 | |
| Write | C:\Users\Default\Searches\Indexed Locations.search-ms | size = 128 |
|
1 | |
| Write | C:\Users\Default\Searches\Indexed Locations.search-ms | size = 768 |
|
1 | |
| Write | C:\Users\Default\Saved Games\desktop.ini | size = 288 |
|
1 | |
| Write | C:\Users\Default\Saved Games\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Saved Games\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Saved Games\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Saved Games\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Saved Games\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Pictures\desktop.ini | size = 512 |
|
1 | |
| Write | C:\Users\Default\Pictures\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Pictures\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Pictures\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Pictures\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Pictures\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Music\desktop.ini | size = 512 |
|
1 | |
| Write | C:\Users\Default\Music\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Music\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Music\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Music\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Music\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Links\desktop.ini | size = 592 |
|
1 | |
| Write | C:\Users\Default\Links\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Links\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Links\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Links\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Links\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Links\Desktop.lnk | size = 480 |
|
1 | |
| Write | C:\Users\Default\Links\Desktop.lnk | size = 32 |
|
1 | |
| Write | C:\Users\Default\Links\Desktop.lnk | size = 16 |
|
1 | |
| Write | C:\Users\Default\Links\Desktop.lnk | size = 128 |
|
1 | |
| Write | C:\Users\Default\Links\Desktop.lnk | size = 768 |
|
1 | |
| Write | C:\Users\Default\Links\Downloads.lnk | size = 896 |
|
1 | |
| Write | C:\Users\Default\Links\Downloads.lnk | size = 32 |
|
1 | |
| Write | C:\Users\Default\Links\Downloads.lnk | size = 16 |
|
1 | |
| Write | C:\Users\Default\Links\Downloads.lnk | size = 128 |
|
1 | |
| Write | C:\Users\Default\Links\Downloads.lnk | size = 768 |
|
1 | |
| Write | C:\Users\Default\Links\RecentPlaces.lnk | size = 368 |
|
1 | |
| Write | C:\Users\Default\Links\RecentPlaces.lnk | size = 32 |
|
1 | |
| Write | C:\Users\Default\Links\RecentPlaces.lnk | size = 16 |
|
1 | |
| Write | C:\Users\Default\Links\RecentPlaces.lnk | size = 128 |
|
1 | |
| Write | C:\Users\Default\Links\RecentPlaces.lnk | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\desktop.ini | size = 416 |
|
1 | |
| Write | C:\Users\Default\Favorites\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Get Windows Live.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Autos.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Money.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Money.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Money.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Money.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Money.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN Sports.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSN.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\MSN Websites\MSNBC News.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | size = 144 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\Web Slice Gallery.url | size = 240 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\Web Slice Gallery.url | size = 32 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\Web Slice Gallery.url | size = 16 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\Web Slice Gallery.url | size = 128 |
|
1 | |
| Write | C:\Users\Default\Favorites\Links\Web Slice Gallery.url | size = 768 |
|
1 | |
| Write | C:\Users\Default\Downloads\desktop.ini | size = 288 |
|
1 | |
| Write | C:\Users\Default\Downloads\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Downloads\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Downloads\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Downloads\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Downloads\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Documents\desktop.ini | size = 416 |
|
1 | |
| Write | C:\Users\Default\Documents\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Documents\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Documents\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Documents\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Documents\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Desktop\desktop.ini | size = 288 |
|
1 | |
| Write | C:\Users\Default\Desktop\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Desktop\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Desktop\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Desktop\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\Desktop\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Contacts\Administrator.contact | size = 8192 |
|
4 | |
| Write | C:\Users\Default\Contacts\Administrator.contact | size = 2848 |
|
1 | |
| Write | C:\Users\Default\Contacts\Administrator.contact | size = 32 |
|
1 | |
| Write | C:\Users\Default\Contacts\Administrator.contact | size = 16 |
|
1 | |
| Write | C:\Users\Default\Contacts\Administrator.contact | size = 128 |
|
1 | |
| Write | C:\Users\Default\Contacts\Administrator.contact | size = 768 |
|
1 | |
| Write | C:\Users\Default\Contacts\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\Contacts\desktop.ini | size = 416 |
|
1 | |
| Write | C:\Users\Default\Contacts\desktop.ini | size = 32 |
|
1 | |
| Write | C:\Users\Default\Contacts\desktop.ini | size = 16 |
|
1 | |
| Write | C:\Users\Default\Contacts\desktop.ini | size = 128 |
|
1 | |
| Write | C:\Users\Default\Contacts\desktop.ini | size = 768 |
|
1 | |
| Write | C:\Users\Default\AppData\Local\IconCache.db | size = 8192 |
|
47 | |
| Write | C:\Users\Default\AppData\Local\IconCache.db | size = 6128 |
|
1 | |
| Write | C:\Users\Default\AppData\Local\IconCache.db | size = 32 |
|
1 | |
| Write | C:\Users\Default\AppData\Local\IconCache.db | size = 16 |
|
1 | |
| Write | C:\Users\Default\AppData\Local\IconCache.db | size = 128 |
|
1 | |
| Write | C:\Users\Default\AppData\Local\IconCache.db | size = 768 |
|
1 | |
| Write | C:\Users\Default\AppData\Local\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\Default\AppData\Local\Temp\FXSAPIDebugLogFile.txt | size = 128 |
|
1 | |
| Write | C:\Users\Default\AppData\Local\Temp\FXSAPIDebugLogFile.txt | size = 768 |
|
1 | |
| Write | C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml | size = 128 |
|
2 | |
| Write | C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml | size = 32 |
|
1 | |
| Write | C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml | size = 16 |
|
1 | |
| Write | C:\Users\All Users\Sun\Java\Java Update\jaureglist.xml | size = 768 |
|
1 | |
| Write | C:\Users\All Users\Sun\Java\Java Update\decrypt_files.html | size = 5565 |
|
1 | |
| Write | C:\Users\All Users\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab | size = 8192 |
|
296 |
Registry (4)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | value_name = BrowserUpdateCheck, data = 69 |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce | value_name = BrowserUpdateCheck, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\sihvgt.exe, size = 112, type = REG_SZ |
|
1 |
Process (50)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Enumerate Processes | - | - |
|
49 | |
| Enumerate Processes | - | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sihvgt.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sihvgt.exe, size = 2048 |
|
1 |
System (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = -1 (infinite) |
|
1 |
Environment (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp |
|
1 | |
| Get Environment String | name = appdata, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming |
|
1 | |
| Get Environment String | name = public, result_out = C:\Users\Public |
|
1 |
