2d8cd285...f760 | Grouped Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

svchost.exe

Windows Exe (x86-32)

Created at 2019-05-15T13:44:00

...

Remarks (1/1)

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Grouped Sequential

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xac8 Analysis Target High (Elevated) svchost.exe "C:\Users\FD1HVy\Desktop\svchost.exe" -
#2 0x2e8 Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch -
#3 0x310 Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k RPCSS -
#4 0x3ec Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs -
#5 0x3f8 Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -
#6 0x154 Autostart System (Elevated) svchost.exe C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -
#7 0x17c Autostart System (Elevated) svchost.exe C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -
#8 0x368 Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k LocalService -
#9 0x4a0 Autostart System (Elevated) svchost.exe C:\WINDOWS\System32\svchost.exe -k NetworkService -
#10 0x4e4 Autostart System (Elevated) svchost.exe C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -
#11 0x544 Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -
#12 0x54c Autostart System (Elevated) svchost.exe C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -
#13 0x5ac Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k appmodel -
#14 0x5c4 Child Process System (Elevated) taskhostw.exe taskhostw.exe SYSTEM #4
#15 0x688 Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k wsappx -
#16 0x750 Child Process System (Elevated) audiodg.exe C:\WINDOWS\system32\AUDIODG.EXE 0x3ac #10
#18 0x8d0 Child Process System (Elevated) dllhost.exe C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} #2
#19 0x904 Child Process System (Elevated) rundll32.exe rundll32.exe acmigration.dll,ApplyMigrationShims #7
#20 0x914 Child Process Medium sihost.exe sihost.exe #4
#21 0x920 Autostart Medium svchost.exe C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -
#22 0x958 Child Process System (Elevated) mdmagent.exe C:\WINDOWS\system32\MDMAgent.exe #4
#23 0x96c Child Process High (Elevated) taskhostw.exe taskhostw.exe #4
#24 0x97c Child Process Medium taskhostw.exe taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E} #4
#25 0x990 Child Process Medium msoia.exe "C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload #4
#26 0x998 Child Process Medium taskhostw.exe taskhostw.exe USER #4
#28 0xb64 Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -
#29 0xb70 Child Process System (Elevated) cliprenew.exe C:\WINDOWS\system32\ClipRenew.exe -e #4
#30 0xb0c Autostart System (Elevated) svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs -
#31 0x760 Child Process Low shellexperiencehost.exe "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca #2
#32 0x7cc Child Process Low searchui.exe "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca #2
#33 0xc1c Child Process System (Elevated) wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding #2
#34 0xc4c Child Process Medium runtimebroker.exe C:\Windows\System32\RuntimeBroker.exe -Embedding #2
#35 0xd28 Child Process Medium dllhost.exe C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} #2
#36 0xde0 Child Process Medium mobsync.exe C:\WINDOWS\System32\mobsync.exe -Embedding #2

Behavior Information - Grouped by Category

Process #1: svchost.exe
16998 0
»
Information Value
ID #1
File Name c:\users\fd1hvy\desktop\svchost.exe
Command Line "C:\Users\FD1HVy\Desktop\svchost.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:57, Reason: Analysis Target
Unmonitor End Time: 00:01:36, Reason: Self Terminated
Monitor Duration 00:00:38
OS Process Information
»
Information Value
PID 0xac8
Parent PID 0x860 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 4AC
0x C38
0x 8E8
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
svchost.exe 0x00400000 0x0040EFFF Content Changed - 32-bit 0x004070A6, 0x00406C91, ... True False
...
svchost.exe 0x00400000 0x0040EFFF Relevant Image - 32-bit - True False
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Desktop\svchost.exe 53.50 KB MD5: 3a25ccf9b9be56957d5ebe8773b490b2
SHA1: 76019740e5b44b4b84e244c3c1c23a9ec99c4859
SHA256: 2d8cd28539fd3e5409dcc0519c43a45f6b0385b8cd0cdad72f536f43098bf760
SSDeep: 1536:suiv+k/t9cXalnawr1IwxVSHM0ZuikgD/Mf:viv+k/t2XalnagIN1R7 		False
...
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js 1.22 MB MD5: 30fd84d4fbf997c64783a348b45bf7e0
SHA1: 84d83ba4c491ff6f0963af00b88902e2bbe7f065
SHA256: f8a0519d2ac3a3082ccfedd95e4f84297ddbcb0dde41186eea360e0e07298ef6
SSDeep: 12288:YZU7m995y9TY5C9X+16CTGzxkA2C83ln4CEfWU2xEnsGIGP:ej5cTY5C9OEMGzxkA2r3tTFEnlP 		True
...
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js 2.91 MB MD5: b9a764360e7b2e6c326441971a2b841d
SHA1: b5c2cea822e8ad66a7affa4e1bb222aa1cfc9c1b
SHA256: d6e0a6dd51374fda228f1d9e804d88e6ae39d4c0a7f20c72aa17ea5add6d6856
SSDeep: 49152:ogJ7A5vLUMTmo2Sc5V0O/pBPSg11u4VdVAr+QJsDiuz61pMyzSk52Z:oT57TUTA6QJ7uzwQ 		True
...
C:\Windows10Upgrade\GetCurrentRollback.EXE 72.62 KB MD5: ca5d05d36f64b5282409fda0c6bd4a13
SHA1: 4b93079cadc5ad80564cfbbe84cc7005c10e9fce
SHA256: 14b270770f3a4e7b53d50a3b86a0ce33a0ac723d88f2b7efe3a5f89f0430f9eb
SSDeep: 1536:AmpmbENztl2AGQg1+PDN6mckcNOfue8zmYqMC2ga:VlNBl2AWKDGk2a8RC4 		False
...
C:\Windows10Upgrade\resources\ux\default.htm 62.00 KB MD5: 432ed4a30fe2d93b40f32ec70f8b984f
SHA1: d8ee7392e7d5b6f8feaab5ec466ef56c93f43485
SHA256: 7908c5010d40bbd72194e72b959aed53faf8d3a7189c502914ec63c1f20809d2
SSDeep: 1536:zWdsi454+Ydo0TbCqFkBm0TEnsRGPBU+YHn01DSnWnU96BySTAwt1+0o9xOsu4:cM54+Ydo0TbCqFkBm0TEsRGPBVYH0xSJ 		False
...
C:\Windows10Upgrade\resources\ux\default_eos.htm 55.48 KB MD5: 08c8dd029db2f798fd15ca8ec68b0968
SHA1: ef361db8435b619cd600f3f5f973ab87949f0bb7
SHA256: 521f20385fd63a40968364deff8e61e9f7342567f7a224951b2284f07836998f
SSDeep: 1536:+HjhYU009+8k0gnWyNGhszlnDWt1SunNE4BU8ZPrPUY:+DhYU009+8TgnWyNGGzlDWtsuNPBJZzv 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm 69.73 KB MD5: 8b51c94154aa2960c51caa45d296f97d
SHA1: cc0d2eb41b80a202f16ef7f6cc64bf3272af24e9
SHA256: 759e422d9e49f2bd85748dfb1a22a2fe39ff6b8b217116bec6b18da7a548941c
SSDeep: 1536:SyOJGrM4Mz8ds462b5nDfrBgOQPE/oatDe83KMR6MK59T4LpmF51DxJr9e0Q0gMT:SPlQocQBITDZsLEA 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm 58.10 KB MD5: e7efdc48324f7e62d025eca9a8136bcb
SHA1: 1f07e589fd28b2e694cc844d8580e38f2e630bd0
SHA256: 0d817d91cedaf8976af674596e7143c44888d54272eb92774161b396bea990ac
SSDeep: 1536:BOSoAa2g1JxtaSN/Bo/xftrYHpbAxltnEFbGMavtHV3hemUs/L8Jonk96vrqBBV0:ojyPIg3lHATs 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm 69.11 KB MD5: a0d95a40ec61eeb86765002f7e93aa8f
SHA1: 7f44f005163c252206102d00f79175f716e3ccc0
SHA256: d6303e9694c5b4b55f340c00429a32728cee04e7c46fb5357c511d826e03d43d
SSDeep: 1536:3XULYMPr+DtCUxV1NILDBgpCCzDWLQAqt+l30YYoEunZh7M0/LUUDymHVFUGWrLx:ElD9hh0+n5VOSUEjrkSM+g 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm 68.69 KB MD5: bf2fa4d458f3da455dcef6918661a655
SHA1: b2753033e524720f327c749153303baa368e9763
SHA256: dfd1a736a744239428254d036f1d58e022ac2a89352bc46b8a0f239cd6058809
SSDeep: 1536:cCPPMhW06i69uMl7Meo5zpi3ZTTVOtEL6tGHkb8wnWj8FnyXO/K0ED+AQg/DEjUN:rICicluBAvA1a 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm 64.27 KB MD5: d246fadbbc5d1b97a49e75579dc98013
SHA1: 2698904b62cfd7ba62d8ccf3a0a95d5d1cb8ef3d
SHA256: e3c0d48277aed2ebde4b91d69baf8c3e49d7bb6dd37a5ed8e7989ddb520d4255
SSDeep: 1536:fqgenE1uZlUgjuI4ZQco6L24kppix0LdmslDuIIclC7Gs6JxE8W8lT6gTF/4VUvd:igjTkfitGdJxEeOuqYF7V 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm 83.52 KB MD5: 3008a2ada375539e15b6dfe18b5dd43e
SHA1: 1a702ceb429d54937235235ad486dc752e483ee5
SHA256: 88e0f0051568a13b502561e7341c3b642735b6b216a0fd77d0e99719938d391d
SSDeep: 1536:f6Yg0tcC4LquTAAEuKddUUjZI6aqTndHeIe9+J4dxfwpr5V1rB1hyuKB2kHAy9DS:f6YHXp9K5xI7MRziwXra 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm 68.78 KB MD5: d6727baa30d99c7074a563dc0de3d0aa
SHA1: ba5643740ca76f0ada2500b670360f9b38fe2bf0
SHA256: f2fc346a336af4e95d0b6f3161a6fe2d00a4b9815f68ac2c809091168913bd30
SSDeep: 1536:IGO85LhLZNJwgSvRY+VxACUCokaXOxF/rFPUUFoBNFfmPvhbRpuFyr1S/G0pc+3O:IGD24koO76fF+Lp8yJyfGKFgChrq7 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm 66.58 KB MD5: 7372bd266a853df5ca724d1e8e50214f
SHA1: 2e2d96b83cce10106e0707728f88aba0e70c9690
SHA256: df6ae48957b9d967e47a86795d5f7e57ee60b8d85364d5f358f0104112e1edb4
SSDeep: 1536:7uMBshlRTOzJOZVnqR5ybLwPJ012hDgNvgh7pYqbqkmHEzQ3gkH+DLY4IXaPTUDX:Nm0Kc7LRehoaT 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm 67.62 KB MD5: d7533ee42c5486d3c833af5467d60d10
SHA1: 4f167dc53c52291f1d26cb24e8a72ba4401ecc6b
SHA256: ceb5b941e2af55bd0ef4f91a0e3f688309b6469516216034f2ab74fdd85b0c68
SSDeep: 1536:hpfW3iBT39aV9dNUl68w/R5/Vt7eWyoWHlJ2SdOfc6HyRX1ZnK5fG18fgZfYJm6r:OYoeRs 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm 278.12 KB MD5: 7449e10bea8d3a9e7a7b23f9d1285686
SHA1: a1c207f683ff6e080ba6348be9f952f96f39563f
SHA256: 976031e19b1a9214a8474b19ef1f902a5b50738eae39d69cf63a283479c08fca
SSDeep: 1536:46yYfc5+LpWJGfWGo3rzlv0/OQkpsTNQ7OVmajcq0lulYoaS6acPxv7ZeHDiAJjI:XpWg40mkGT1IeXjtacAhIH 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm 65.53 KB MD5: 2626e882d79c1448ff885d5868770bee
SHA1: 0ba1e7fe84ec81319ae829340bffeb0c879011d7
SHA256: 9c6da8872efb98faea93265ee9858d09155d24796c4ce95774822fc04181503c
SSDeep: 1536:XGSHkjB14qaGlT34yU25bRUg2g5Qfvq4AarPr5EuIQPWZ9F/dDnGsJdxQui4owxD:XGsYJ5QYbPQWFie+A 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm 74.70 KB MD5: 4b2950513e9a84c7ebeff2dfc2b817e6
SHA1: deabf4a6b6b74304490e6f6e7a735f90fb602dc0
SHA256: 0b9bb62a3dd6b4662bb6d19da5abb245a194c0b62d9449333f23857c1d667424
SSDeep: 1536:Pm13vG7LZbpV9L9r6whU8MAjiI7tthELrgnCNwz2R9QZEXuw/hBouHUlifbbVpSF:EIOA2RzvHD3vR8dFN 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm 69.67 KB MD5: 25b12698b142964938f0311f657a8678
SHA1: ad2651f8726a35c62b7c5f7cf356e09f8658a994
SHA256: 110f74b52b863998eb7c328e1a40aace1332799725f21d8bf4772e8284f3f3f3
SSDeep: 1536:KyQaYg+/QYrr8ZcbCZ7wN91HsNp8obkLOMdMXKiMW3wRmBF+SWu5ci9xeHuWchnm:KCSb2t9JA2bBPCdf 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm 144.61 KB MD5: 39ca53987f06f36d0ca9bbb27d93a980
SHA1: a68be5c20e46f25c56844ae3e325cf6dfbe3caf6
SHA256: 7cc0dc325664ec439e569c269d3da3912f9e68ce5f3c604606404019a30642a4
SSDeep: 1536:+NPArriyBi/IFH5nXCVabNpwpTG1iDQBlnD3vkSdlbeL2Rw91ZOBTr5k95RH6HRC:SPAw/IFJ17nDYBCLJg 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm 144.61 KB MD5: 2409df44fb6c3a711ab6ecf1aeca3125
SHA1: 5d73b879efcd8e366a305df92238aafc90aa65bc
SHA256: 97659e9e0dade3f7197e35dfefd59db57d4528d15a388dd9b44aaec6ca32d61a
SSDeep: 1536:ifriyBrFWQ6B5CVabNpwpTjzE0HDQBBdIhavkSdlbxrL2RYnJBTr51lvoAp3NH63:KiQziGkdlvoAXsQKIL9AL 		False
...
C:\Users\Public\Videos\desktop.ini 1.30 KB MD5: 23e2144ed72f35fab0c36a1d57d8574c
SHA1: 382b4c752e11ed685c3d846528a7268cb5a8dae2
SHA256: 4f20975b8e10aa5356146203a2a50be80ac6efc76f37324d458984a266f30810
SSDeep: 24:LQ3bFoaLsRlS6V4iUCau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8+F/pZ5:cZoaLsR6iKrv6AkqTvRsAAJoD/1+z/V 		False
...
C:\Users\Public\987D0A577E52701B2BC411B375E79D954AE4355674A1B58EA37913B0886E2882 1.00 KB MD5: ab73de5b5eca49effda3dc94a2bd6dbd
SHA1: d1a50f662ecafedcf34c746fd7bd6744a6406fa5
SHA256: 87165bf21e334bbfc0bed66bd0516c01855e99165bfa07dcfb2d6ff67d901d40
SSDeep: 24:gYagF15u/kNoau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8+:BQWrv6AkqTvRsAAJoD/1+x 		False
...
C:\BOOTNXT 960 bytes MD5: c244bc07490e2d3110adcd84cb8353b1
SHA1: 7c224c91b0e879de82163524ece9ad9e933f0459
SHA256: b6c0ca51b27fbf44cf90c5cf94add2b7e4417e4e3655591a4c0fa73df38afcd0
SSDeep: 24:oP5lPau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8DHn:O5erv6AkqTvRsAAJoD/1+g 		False
...
C:\BOOTSECT.BAK 8.92 KB MD5: f8e5978009fd795eab3b6714d31bac73
SHA1: 2e9f6c665d1880e3fff773b9ef97a4ffe0fea846
SHA256: 26a5ae3187aeb44f63bdf8aff5e42e6f02701a75006f57affd1689b8b278ccc4
SSDeep: 96:9JXV6LVk6XPbFagp5yu9+89Juzg+PksNC8BR0PPE7Ye6sQrfwudcNrv60vRsZJmg:97oZXZaru9+1bsnuOME5sQ7hCDvpseA5 		False
...
C:\Windows10Upgrade\appraiserxp.dll 450.12 KB MD5: 22a9b9279830ed69c66ad1f8b7975c7d
SHA1: d77d4b8bfd664d7b882c334e67ecd8a21d5374d9
SHA256: 759d967ffa021e17fd70ecbae770ed2fbc24edb1e88715f3a6c9dab36cdb9331
SSDeep: 12288:Nn5l5WLP3ROB8h1lV3GM4sfTUfRvfCsYl:hPca8/lV3Z4sfTU5vpc 		False
...
C:\Windows10Upgrade\bootsect.exe 116.62 KB MD5: a0b2f384ab53e888eba63f66680c4ecb
SHA1: 10efa2f6c864c3daf158bfb6455df7b17002e766
SHA256: b32cbceed82d68bb88288fcf636ce9d16c50bb597393d6a05cacb0556fd2a657
SSDeep: 1536:0FmQbzAoZ0NdPO5tZeBcrgdcX50/FVagR/YQeVXq9J3ebDCYFJJ:uvzAoZOst4Uco5aR/m69U3bFJJ 		False
...
C:\Windows10Upgrade\Configuration.ini 1.14 KB MD5: fed508db1b8fd21227d81e70d9c03731
SHA1: 5d81aa345002cc76d5f05f5f4c30a22fd59d98e8
SHA256: d628bfe27c7a0ab5af36afdecd5b81d15df78f6047b840dc719bcf75595481c9
SSDeep: 24:XQByunQq4njau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8AAy:XQBxon4rv6AkqTvRsAAJoD/1+ay 		False
...
C:\Windows10Upgrade\cosquery.dll 61.12 KB MD5: 885f596715b9d306e23ad3c4b3e0c331
SHA1: 20f3d257c630046dd5911c1c6d6d432b8a809739
SHA256: 68f12d62964ee957b7d9610206620918853cc8ea1412be8c08c76cf422770291
SSDeep: 1536:SGeT0uVeX9p/w/yNxMpP1vXVYcoDAZjGYRJW6:SZT0uVeX9p/S01DAdHRJb 		False
...
C:\Windows10Upgrade\DevInv.dll 323.12 KB MD5: 64479e105d42d1b1b22475e148619b21
SHA1: 4ff80d2d910b1c3e2e95d5416ff9fe30e235025e
SHA256: b78eb3a0b7eb68881542057545534cba17da06f429d4951275e261e2cfce3a79
SSDeep: 6144:GdrR9OCPpG7GakghmewAlsyRRy/hrx4jY9DQ/lqCR0GE6oYND87zOdJtOk1ov9rT:GdNLh41Rqw0CRzEuS7zLndVMa 		False
...
C:\Windows10Upgrade\downloader.dll 202.62 KB MD5: 4a3926072151a8e6a0d5c30bf668224c
SHA1: 30e5523d8413a00c44b633705d85dfefc930278e
SHA256: 6bed40ec86263173811ff0f49ee63d4c4b0aeb61a9bb83254e9ebefe6dc3a620
SSDeep: 6144:37nj+tUpd6y8H7bDBrk896FUsImWBpFaXAd5S7ma:DStNyC7/hz2UKWBpFa25ba 		False
...
C:\Windows10Upgrade\DW20.EXE 629.62 KB MD5: 7e9405519521263154f7ceb178998816
SHA1: 71ebade8bb031e2e0c11bb3d01fe54502b726382
SHA256: f01cd1d300f37dd6af888d21c1c2e320cc956375bc4cd2221fe0f9ffcba78cb3
SSDeep: 12288:7Z+Pi1dJZFK5/s9DDYzvzk9HNv3gXstQnuLHcrSJqtAMFtkSO1pWEve2udQ50:t+Pi1dJZS09409h3gXs1HqSC/KSagEp2 		False
...
C:\Windows10Upgrade\DWDCW20.DLL 49.62 KB MD5: f050293527c45ff1f8ff41e4944153d0
SHA1: 11029c357f0149641645f5ead513765e7431f622
SHA256: 44bbc0803713de6087d823b764660071bfc67ce321e09e09374d553996725183
SSDeep: 768:6dgPVElJxZkesI70jWkBBHqLs6de/koivzSQNLIkVR9xyRorDn6bEMd8:MgPVKJk40jWSJuLrvmQBBVRbHH6bVd8 		False
...
C:\Windows10Upgrade\DWTRIG20.EXE 45.62 KB MD5: f0ee240ed723f029c1f379ca775e5edb
SHA1: 2da48532334d94e0075a894e272155adb8bd7b9d
SHA256: 95773718f1a4fa689849fcde0c00b05a7d40f402e66017491dbd11db6c560f27
SSDeep: 768:ibStB4pX+34BAlFAFYaIylkOZMVvLkeAGRHq6gxmJPUzbqCurHcJDhMdV:iGT4pu3mAzyYclkOZONAGRH4mJ5HcBGX 		False
...
C:\Windows10Upgrade\EnableWiFiTracing.cmd 10.50 KB MD5: 6be239880a56b888fc1c16fce74e67b8
SHA1: b3500bdf7c007ab1c126a790429076993084da9d
SHA256: f450d415c289d6fedda40cc4c01b4f9e04d81da1efa8c2f9484f67254fed22cc
SSDeep: 192:D9dZF3mdU1pTvGIWuojAdghFu16pHt2P0RvcKFH1TR8kDvpseA44:D9d/WCEIWuoGoFu1Oo0REKVR8Sk44 		False
...
C:\Windows10Upgrade\ESDHelper.dll 68.12 KB MD5: f7ed29e6db9fb5f473c5b00e4ade70bb
SHA1: 354c747d04bd73c5cdff757a99f7ac15e4cea1eb
SHA256: 3b5d6f37e6775de915853b2d6bc953aefe5f95ce5d7e62d6b0f57328c75df357
SSDeep: 1536:gwLaZhraXug5lSaI3i1CqE32GzPMLMg15ZlGt3BDDScboqKC:XLGhrXaciRE3ZzknL6xDj0qKC 		False
...
C:\Windows10Upgrade\esdstub.dll 40.62 KB MD5: 44367bb4c994c91611cab4f1887ac561
SHA1: 811d01bc4015148bc88b31736783cdd1eaeee3cf
SHA256: f44a309b04a2a12b7a8df079ff8f329364b3c9217ed692fb64e33401efaa448a
SSDeep: 768:flyfEo7UsmBWLdVDlD1SFoEB1qNso949XihaPY8KsGTfbR5O6j:9IV7UsHTDEFoEB6sUSX/Y8KDTTRQ8 		False
...
C:\Windows10Upgrade\GatherOSState.EXE 552.62 KB MD5: 7db514eb3f5589bf613cdaf29d4a0bfa
SHA1: d2a7beb9e4c50691dec2dd808e0ff84a36110f34
SHA256: 609164facc28eca7ea642fac4f52c62846c04311bf4450312f7a6b7c0ac22cf5
SSDeep: 12288:lgH9STe+ZXVbeFfXWDTpoNpRwaeuWSZNy0yFN7jwF6qAvUg/V9JX48NVRtUo+xpH:lgdSTe+ZlbeFfXWvpWpJJNy7Fx1qAvf+ 		False
...
C:\Windows10Upgrade\GetCurrentDeploy.dll 528.12 KB MD5: 3fbfa08975bf88e0b9fca5bb70b6498b
SHA1: c115e4faaca2408ac403066ed1ed768684880737
SHA256: 8ac2cbaf2e6c4440d87c4f3e247fc2cf16d0e2b4e0c6c5316b7b89c9be974171
SSDeep: 6144:jtDLrQpJOFUZJv4jG+nCAbdQ/ePajmgri6Sqf54oSI+MWZIAM0z5H+UefndD7:Bnr1FOR4jGNAbdQdm1oSpzGA9z5cn 		False
...
C:\Windows10Upgrade\GetCurrentOOBE.dll 141.62 KB MD5: 38e3ecefd27bed767237ec28a9d195fc
SHA1: 990dfaef1e2193f6ef4017347d473d7621b8451e
SHA256: bd7b6301035de5e24a51ebc79782afadde272ac46a94b374fe7106546a5b4823
SSDeep: 3072:/O8uWjpPRbCCJOX1rPXcw7megjhu1x8sddqz2O3v8xRs7:/Ok5y1rPsw4Y1x8sa93UxC7 		False
...
C:\Windows10Upgrade\HttpHelper.exe 28.12 KB MD5: 06cee6ecb018e5f2eb922e61c844ea50
SHA1: ffeafd2137016a853be25cc7c3c35a6f69cb6590
SHA256: d47e0478d011b53bc20147bb4016b0b6b5331af71694416066422113e7dbbb66
SSDeep: 384:U9FFyLLI4/ov9BwOtqb3Kmqr80aq0GftpWJl7kCVA+7+dgWi34+Bk9:oeLLIH/fGakiqlVAvKY 		False
...
C:\Windows10Upgrade\PostOOBEScript.cmd 1.50 KB MD5: 3778cf5b740204b65abdd94153276b03
SHA1: 5d5569291158c84725a8f86afb604781516af177
SHA256: 99b0bfda6f1a73a094f5e476d31fbbcdf7546bb3795d2b3c307b8754a88514bd
SSDeep: 24:LoJmaxCgaJBc33ItrA2JswRoau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8s4:LoHUXS8M2JdR/rv6AkqTvRsAAJoD/1+O 		False
...
C:\Windows10Upgrade\upgrader_default.log 245.25 KB MD5: 3b335fef545209e636c0f9fed6a78f9f
SHA1: 1526905fd7e5254793b581bd21fb9686bc1db68b
SHA256: b571ddae358363a40c493829aea1ca021cad055061604e35cde7336e266d665f
SSDeep: 3072:af6UZdAlgzw2nbkm5Fw3kws31tm6kc9H4RyiUxowzkrccp:O39WyiUxZ8Hp 		False
...
C:\Windows10Upgrade\upgrader_win10.log 21.00 KB MD5: 5a6e911017f7a76b20bc1765e1729ca2
SHA1: 3180f26224951159a90d896ad84bd4f94df3530c
SHA256: 4fd3c5c63256292b91d2ddd6315f4db476fdc8b13bdf80191141d21c01025587
SSDeep: 192:cMPrzBAR5pkNbZ1IrZiKEbATNYk4YefKcTEwnskgGnjPeWtaflVZ5Aeg8DDvpseP:cMPRgpebZ8gKE0JYFKesYjPeXHYeg2kG 		False
...
C:\Windows10Upgrade\wimgapi.dll 545.12 KB MD5: 4166ff8aba3b252ef50f9ea835ce3be8
SHA1: 78c9ed378cdda4290c998c8c777d373dd9607680
SHA256: 4db92b9235f1e695ef24fb5cbb23d946256fe918d76ce7eb410a76ac52037aaa
SSDeep: 12288:O7LmE2XVK/Xfm59CpEXWBbbzfhW8sEzNTqM7n6uOh7thwfkh7e:AmVXVK/Xe59H6bbzfhWBEzNTqM7NO5iX 		False
...
C:\Windows10Upgrade\windlp.dll 895.12 KB MD5: 21c4f59278a666c18bbfb68906229402
SHA1: 005a68a4e945fc10e962f4643dd34b2bfff09176
SHA256: 9eb0b662ad490d8125e6c01708ee45a84c39d4403eab364ac8623d81a5ee423b
SSDeep: 24576:z+GF4gxLugbYFsClURKSoBpbe1LT1UFVlI:z+4uIU1e4DI 		False
...
C:\Windows10Upgrade\Windows10UpgraderApp.exe 1.35 MB MD5: f7b25e924b9128cffbd843baf61fe75f
SHA1: ebe1d59de815b3399debd3c0a237ad25608556c6
SHA256: e99ce4c260c50a0bdd24b6da08c1caecc1b0adc0967547eaff776c1583da04ab
SSDeep: 24576:R/l/TZ2mdMzNia5VuOatr66g00V/TsI/Nbyl/:R/1CJupr665I/Tsibyl/ 		False
...
C:\Windows10Upgrade\WinREBootApp32.exe 25.62 KB MD5: d483081a819518a6ae9d2b4ab34f6a93
SHA1: 36b831624bfabe3b5a44bfa9400202092be1f053
SHA256: 6488b9f51984042c83e6ae77971e5897742c82ab6fdd9d18c105aebc186029ef
SSDeep: 384:30MT6zUHU+R3RWzydXTMq0GftpBj8sA8yU1iSE28+Kkr:3006zUHUABdDui7xxi7I 		False
...
C:\Windows10Upgrade\WinREBootApp64.exe 26.12 KB MD5: acba83ce8ab618f96a8cd6b22da28f78
SHA1: 61b84897dc0c0319317bfb6f32f9e2be94337b35
SHA256: bb0507e0f04cd46a57c94458964798b551140d0b203c4a75aab9f4511acce05f
SSDeep: 384:65eUtV3pD7kYjCFTWOT9WG80aq0GftpBjEJqcDoIQ6g4gPQ29RZOpCUxkU:65eUtV3e9/miXcBQIgPQW7A 		False
...
C:\Windows10Upgrade\resources\hwcompatShared.txt 806.95 KB MD5: b7594c841a1dc08579696d33bf9b8e92
SHA1: 9a4eeb03e4db34493553eea406b56eb2ad00d6fc
SHA256: caf30a6dd73c1708e4dca55aa48ce843d25e6081ac82b65a05d2e540e5862048
SSDeep: 12288:xvlVMoghNIKNznXm1cIgV5tSZmkebC8WNLi:xvlVRgYmWk5M6C8B 		False
...
C:\Windows10Upgrade\resources\ux\block.png 1.83 KB MD5: 5212f68b7048684039f332b70a96e0d6
SHA1: d9148ff34c4feaafbb7c59330ee21c506050aff1
SHA256: 3c8e34b0784318e509812784b73555677ba42d2432caf6deb6502b38174a3b04
SSDeep: 48:7kMJDDmXf8Njg/PY+rv6AkqTvRsAAJoD/1+MT:3Dbjorv60vRsZJm/oMT 		False
...
C:\Windows10Upgrade\resources\ux\bluelogo.png 7.84 KB MD5: ef3ebaf6e9df58c87c057ad3a43cd38f
SHA1: 79fcd9f92736cd97b5689325992e57b722eaeab8
SHA256: ae11672c5a7a07c5db09e343a9a35d9762ff3c3cf336781bd2c1546f043c5782
SSDeep: 192:e7/sMY3i8vLFZ/v+fCVTF6eLEe7E0L9YjP+EE0B9XXaDvpseAj:4sFnvv6CPvYeX9Yrg09nYkj 		False
...
C:\Windows10Upgrade\resources\ux\bullet.png 1.14 KB MD5: 597ed943b0e8a575554831fd5bc2c2b9
SHA1: c3dd8be7351252571e448124b19a0f5bdb65df9a
SHA256: 04f81164c0ff166a07f3ea155dc4b5f64609107aee9d183b54f97345c30692cd
SSDeep: 24:yD1EWM1AYOZ7au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8kk:0EWM1Gwrv6AkqTvRsAAJoD/1+Tk 		False
...
C:\Windows10Upgrade\resources\ux\default.css 6.56 KB MD5: 2049a914f71e9b236b2e9324626c5557
SHA1: 8e4d49666be7ddbbab7f4298a93e1717a786bc6a
SHA256: 5aa4d9ab4cfad0965831d9b3724d18203e31c7be785f5732c65b8b63c7ad9070
SSDeep: 192:OEx17V9LakqEleB12qqdJKe9KKmaMYDvpseAS:sV45qqdseYKFkS 		False
...
C:\Windows10Upgrade\resources\ux\default_eos.css 7.47 KB MD5: c8855e3a4ce0eeaa645ec5c43c0f0431
SHA1: 05fd1c5c407ce5d0040bd4c4d58d11f6f83fce87
SHA256: 77388ed936219a42e217901ebfbfcf047717996a29d02d709a496cb6a4731fa4
SSDeep: 192:QycqutjfxALAGNp6oDQ0vjs4Ybid8Afjn7PGx+T9MzBDvpseAw:egR/ki5HDi1kw 		False
...
C:\Windows10Upgrade\resources\ux\default_oobe.css 6.03 KB MD5: 428af65eb8be71588e3de91d2a4604f1
SHA1: 370d5c2423287ad701db1e85a0532f5f7998e0fa
SHA256: e6b5ab9ff4fb0e86c31ba8ea7af2f73d4b168eac79c4f1412a468302fd81b1c0
SSDeep: 192:g3euirutzSVt6znfzvJnXkH0TVgsfHPfsOINOgiDvpseAQ:gbMkfhHvkQ 		False
...
C:\Windows10Upgrade\resources\ux\default_oobe.htm 65.09 KB MD5: 3662ab53375dd642ec24bc09cce6c7d4
SHA1: 57b2a1152127de28cb836e078e1effa20633bd54
SHA256: 0669da82d43de7a5385669e799c4420e53754d2f0815d4aaf93ef821cd287cff
SSDeep: 1536:EIXl84gmsDQU6S8fQxgyA491DjzOpntkSBn01e1evnUz4sPG9uI4agGVCs8kd:P16msDQU6S8fQxgyA491DjzOptkSB08Q 		False
...
C:\Windows10Upgrade\resources\ux\eula.css 1.02 KB MD5: dc2246565aa3502c2769b97b00253139
SHA1: e9586bb5af34c04d6186bc0b1bcc982d3cd8f29a
SHA256: 3a649bfb0ed29a6f268e403d00e55c319e1655fa9dee6a458f2e03940cb5d3a4
SSDeep: 24:YSuErSRgkx3ORau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR81k0:XumVCeyrv6AkqTvRsAAJoD/1+Wk0 		False
...
C:\Windows10Upgrade\resources\ux\GetStarted.png 4.66 KB MD5: 8d83223d7fbae23fc79e35bdd77cfd5c
SHA1: 29aaffa6cacabba62f764c8dbb3ebe871ba7de55
SHA256: 28efc25d00441ea9eac860dc7b4f8af5e3886a6c48d00127ea1b981345489193
SSDeep: 96:dO2R5jjrR0waQRxownUSxq94WPxXOkllPopWMhtZQ0Crv60vRsZJm/oI:r3HCpQRlnUSxqRPE2PuWbvDvpseAI 		False
...
C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png 4.91 KB MD5: 701b0c48872458b6ea0c9c54790f1743
SHA1: 2c5c994ab23b2e57bcba6e2f78d74ef463b8308e
SHA256: 0eb349d90a863c6eb072a170a7a4088d07c4b0120102a67204052861c570d81b
SSDeep: 96:XHudLVNwFgMfEUsXIpmFrlcOcvz44pPkMU+Zidrv60vRsZJm/o2:XHYeLsXIpmZLeSMU+ZmDvpseA2 		False
...
C:\Windows10Upgrade\resources\ux\loading.gif 17.92 KB MD5: b7f6e23a35b7e3bc57fdc7749c71e215
SHA1: 1c59873e9b49c10c5ca350a848a2c2e21449a77d
SHA256: 9ad6bead3639ffd6b08f387a30ed0186fcaad956359278e3a1e1cb0c2c790009
SSDeep: 384:CMVR+V9CcRLbIUY++7WXg75BWRtH/Wsw/sjgmlB/cQNkg:lVMjCQB+7WE23wrOT 		False
...
C:\Windows10Upgrade\resources\ux\lock.png 4.52 KB MD5: 91a3c63c7c4cc0ed7400589e28bf9541
SHA1: 01b8ac9e7f16615254d5d0561c12019cf9728388
SHA256: 761d2400b9f65e3726d8fad229c0f15d3b3085d562fa72c6239283dddd6f0bf5
SSDeep: 96:zEHSmOy4NRwu2WYgTGhaZQ757Plo+ZdUrOPi5S+ICuHNrv60vRsZJm/op:wHSmOy4NRwuViEQ7J1ZdXPmS+ICEDvpW 		False
...
C:\Windows10Upgrade\resources\ux\logo.png 3.48 KB MD5: ce9188b89ee509dd53f12d55f1af5a75
SHA1: 4f2307a6917ec34f0cc7c47c7a5e76c26eb1a339
SHA256: be11614db2f62e905582931e9dbc4ac0522a971165b08ac6641099fcf1768029
SSDeep: 96:iXoS/EIJVMoi3bv8x/otucqhLXqZYKtT5rv60vRsZJm/oG:ooKE6VMbbkgtAEYodDvpseAG 		False
...
C:\Windows10Upgrade\resources\ux\marketing.png 1.41 KB MD5: 565303f237470ce41c7a3992b05ef7c1
SHA1: e2ce74365b26f5127f347246d4b10c1f66895302
SHA256: 7117ea8335dcf4c11c807a02ca3d5fc1cca5d17250a30b23aba068daff4f3a81
SSDeep: 24:LfDSaRwTd38NLp8gLS+qCSGaPkWUau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR83wS:L3RwTdMNLygLHtHaPkWrrv6AkqTvRsAr 		False
...
C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht 608.43 KB MD5: f44313ad48a442ee29605e60a84486da
SHA1: 3a4f125ad2ab9acbacdcbce01ceb15eba46a238b
SHA256: f3175343b8c83951b370e628541660202fdfc7501a9935178cba4758209103a3
SSDeep: 12288:C0izrO+y7LTpFpW3kc2HuEU9Av65wFRLkJFUotkadalf:C0izrOrAJ2HtT65wQfdY 		False
...
C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png 3.05 KB MD5: 2d4c6e3694dc070c76ae76397bb5d099
SHA1: e87eef9febcf38a99dbdc7ee97ad87585467e542
SHA256: b1b05250eb6ee1b51466c7e255a5a3cdef2bf0361bcc0ec0768499a429b4e41c
SSDeep: 48:N/+simcFfR7g49SHXin0gRtuCd/h+Rupx8sjkfNVCrv6AkqTvRsAAJoD/1+w2:himiZSH/cQqpuSXQCrv60vRsZJm/ow2 		False
...
C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png 3.09 KB MD5: d9656278c20363ea8fce1cde8a0e9dbd
SHA1: 4aa74bba4de53c1f2c797575b3c6f29c0405a53e
SHA256: 4074a2765ead58f5b8468e2af0d84b626f038ed920aa6e17ddfed1e992ccfbc2
SSDeep: 96:DcpggroXbCQNhou3sL0XY51+zvrv60vRsZJm/oTq:iroOQNauqaY/6DvpseATq 		False
...
C:\Windows10Upgrade\resources\ux\pass.png 2.70 KB MD5: 821d6da4564e2cea7927176ea5047f21
SHA1: 7dbaf1b0e2cd4786b3132eaf5cf64a4b85b68460
SHA256: 36ac72627450876900f2b2507300cfc6575dcefc057f402a864bfeb82a39042a
SSDeep: 48:t+eIpycMQUCuSHWlOj4VcXrOtsTELtQKPT5rv6AkqTvRsAAJoD/1+6H:ceKMQFWlOUVc7wSEB95rv60vRsZJm/oG 		False
...
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css 40.92 KB MD5: 2ef04638cae61bbdadcf02a5d6a9838e
SHA1: bdfebaeada1ac7f84a630e17a7f5a6993c369ed0
SHA256: 1d659c7a71e112d4ced59ac2d566430a61779979db964a62402bbdd52f000440
SSDeep: 384:nnYTmTAVtGsDQdI4fUD6kdG7Imh+G/0Hj9D/j4IWzLEDFP3tgYSlprDAI9pVsY8S:nncqg0B0O+WSpD/MIWfscFKJE9JzGx+ 		False
...
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css 263.78 KB MD5: 47c7d9d86af4dbf27744d5609013a7b5
SHA1: 46ef124b481e5856e7ba2a26b3f1c795acd2607e
SHA256: c0f942822c45d16706035ca978401aaa433f27f2c572d4abebf171b282a472f0
SSDeep: 6144:m3x6QxXvDYyEGG9VDNle5k7xXFCid8NlwbBEO5:sYyLgj8sNl5 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm 108.78 KB MD5: 7e0304699bdd3fdb01b49a68f186fe41
SHA1: 548a58a0a74448f8e1e55036cac691b45a270b97
SHA256: 018abd5fe40f40f859ebad2e624ec84f7e24d605f879e11a46d57f4d0c9097d8
SSDeep: 1536:3AyQ1J84hZgNslEjcLgyzNwjn5tQZH1wJfOt0VGEzQVIpWlm74Td+YAR6e0ZT2QZ:Q31JjTwLOWGZlm74TxT2kxBW0 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm 248.44 KB MD5: fc64247dc71617e71da8a40e3a1e0a72
SHA1: e5f4244a1059b6ea4713fc985ded0193f3f8bdc2
SHA256: 6adb9a660ff952021b7bc7c4c9a55e669fb108a5e81f4943c2e8ba1ec86a69a3
SSDeep: 3072:GfTPpkpZ82C4D4NSSZ5GyQAznUgL3g8mEeDU+Bh:k2pvPoB/JQinUgLbmpDL 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm 82.30 KB MD5: 9e879d86d21801c98f6842c71541030c
SHA1: 9637c1ac612f3586b5047424417eece1d00c5d6d
SHA256: 8ebf70f903d62df7fd514795c1c8f236041debd9c5098f82706b2288a8dceca8
SSDeep: 1536:5XKe5WHQ6pAVgrkDyu9aE0mjxbxwIwWrPl660gJw6MuA0xxg7Idk5ChCBbiPcQS7:5KU1FBw9AwFdBzhxBsj6L 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm 64.57 KB MD5: 79c38346862ebaf36d977a29ed3bb4e8
SHA1: f2853947c27de635d744d2d73d1d1d76a89d45fc
SHA256: 6dc65f1564467662533285411880f47c9ff7c21cc38006df5e6afd92f5e8f13d
SSDeep: 1536:JYrmy9aEMwnZVpEb9fw2OUYMmeP5ghwPuZptjJ/CaGffqeETpXY2TXYaQWOaUW8n:iMQo6P4b 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm 234.76 KB MD5: 3b2bf94200c04b9d6d4017444b0ebe06
SHA1: 2972b34f436494a43fa8710d0c09e4a38f587c01
SHA256: 03ab7f2e4cc458508f95a2e4cf2e4fcdd5ccf1c1f9aa9b03b2643872af5b5a58
SSDeep: 1536:JkEr3qDs8B7cH6tocsxMTH6mqjR17y3IQePPWy6O3BWNZXOJDXulaBIhNR31iBTr:Rr34vc+oxUO3BhXQ3uLjgZLW 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm 58.10 KB MD5: d44a05fb2490c372a34bab354ac3149f
SHA1: d7833480d16f04a49190940e57aace47eb744956
SHA256: 284914e5979681e1288538f391794f6f534a840745b5f15df60c3decdcfd5364
SSDeep: 1536:m4uLPGGFug1JxtaSN/Bo/xftrYHpbAwOWcoLbGMavtHV3hemUsJgrCJlAgwD8BVA:XGdXCKr7Hzc7w 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm 69.11 KB MD5: 7ba37d670473ff102aa6e279aee3eb09
SHA1: 29cdc9345a2ffb01f9d9f9ffab76cc9d0eefaa21
SHA256: f5768b8a8e9ab72827ddb9c96d1d6f23a66ff8a22d7f7e784b3923b743b25556
SSDeep: 1536:qCsUnduTC4QaxV1NILDBgpCCzDWLQJjkADVMEToEunZh7M0/8ab5uB2Zl64GWrLa:vsUdXHHA5HCZltSUEcjGkSMjUn 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm 62.54 KB MD5: d4830309def40e6d834daacddd336c6f
SHA1: 5d9571efef0ecaad87191cf309cb7b9d976307ee
SHA256: 591b15c11f5b0843d73e3054295b31823037064ee0c2123231493c83065d3926
SSDeep: 1536:1svelRRYY/TRBm5cMyIYH8fP8qFStquCesK5KQc+IWFEK/7thZG0Zp15O3Ov2pc7:GmlRRpL83ISt8N 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm 70.02 KB MD5: 1459e59246f60fc3a2408cf07e631682
SHA1: 4e5f52f247ed0c3aa6816d91a6fa31ac1da1ba73
SHA256: 2fbba6332806326ba1be004ecd4322f059686d361c9554fefa8cad29618f1118
SSDeep: 1536:+ot1R12we4/B4GW77k0ZAUL4MzY3r5/Z5rbFTjF0dJlHVohq1bBI75WQ97UbTnEn:DMfunFkml8tv6h 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm 68.69 KB MD5: ba28a01b26e883ac157b67cab740069a
SHA1: cb58b1961fe3b6c0d2bc923875acfef65187b68e
SHA256: d7079c81efe0e979719158b21e4104fc4fae29a0c22993243ff8ca02fd337475
SSDeep: 1536:gjHSG006i69uMl7Meo5zpi3ZTTVOeHJLAOGo1d2Qj8FnyXO/K0ED+AQg/DpMuch7:gjYDGZcLB5uB7lv1Vh 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm 845.30 KB MD5: 93928c5295ff94e7640b6cdb88379759
SHA1: 1ec667048b7dd811d4091129fee5edfd0790a5ab
SHA256: dd040b94aac37c32a0264e57c4ef835b85503166f61cc4110c770205e6ac5587
SSDeep: 6144:B9JFhRnmST/NAUYYNK2CReYd2Vrj1dulAbs6c/W3V+76Gw:B/FhRnmklPYYNKRTmrj1dulAbE/oai 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm 206.25 KB MD5: affb6ef39f4dea469ed99d77de712dfb
SHA1: bcbc6a3058f75df8994b81b5a8673fa02ec9649f
SHA256: b2caf60d35142068ddb62276d39b064f1f4afea485983ca71fdba32c77f36bec
SSDeep: 1536:XegharB495u1Q7I3nKrwVpJVBdlhVMKmZ8/jsOq92BXXaeFM8jumG65+nYlbpxR7:Xeg7r+DkFZ8/Xapj618Bj3mQ8D1EO+8 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm 620.14 KB MD5: e6293a92940479fbb7cf45b4ee6226f8
SHA1: ac64f553787a603984517dea4573ff6669d7388b
SHA256: 405d0ec6ef3bbf8ecb1b2643ba1d9dab9dfaf1763cb91131e28a8682e3c44a22
SSDeep: 3072:Z2RDy9PFTCh7LhqITY8lPvlyMzce1cUhW2vJKDyDdToHCpt9EnAm+wHnslrzHqUt:4RDYF+h7V1vlGavKEd0iptYAtGOrzVt 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm 75.23 KB MD5: f8d18875785ee249816571724f5ef600
SHA1: ebbc71691980115674f9009bea43980dff78a9d2
SHA256: 3427f9b9336d6c9996ecbe9d162f82dbd9c558b51171a865c927cce11bece923
SSDeep: 1536:jChol1uEaQ3KN7jhrQUm56JpfW7tRtiFMrMQGm0wD5EdYlE9GSGec7wFtGdTEEns:lI9Mt7r29ESiw1 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm 82.88 KB MD5: a0b04c25fa8394fbfe6b83b746962914
SHA1: 6368666bc463f44f4b193fbb116adbb57d782640
SHA256: db8633a44627b2266a4516237805d9a611953007c7c5da6be3d8d9bcc977ad94
SSDeep: 1536:PDYZaRnraZuL/wog/dzrRUXwNwYKx0pxIMMQbbkBr8nlXoWqh8dgy0OHNr6MPsQN:PDMHfUwNcKk1guyfP8TeVkLt5Fwd 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm 66.55 KB MD5: 8912b572b701c099ed0aa83ca6d1e10b
SHA1: 2e2d0bb75b4f3d43b636523a986974895f865976
SHA256: 3d5233eed7ce829575f1f98336bd70c11e15b4bb65eff4ab833b8e386b0a7b7f
SSDeep: 1536:Q2QWLe1AleurzVZJi6kAoAPYpMf1DG+2bWdAywOZrkKlinwumPFx1ouSeps/Sfu2:PPHFzinmTBx4K 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm 80.82 KB MD5: cf4c6fcdca9761978545df60e4f61722
SHA1: bf6a63d397542291d8c4d914474fab43be7a01ff
SHA256: 4a79f854ad5f7bd1b214faf825cea3e1fc1565ee28a0c7951f536acd426217b1
SSDeep: 1536:kVmchyGuXYZ91wL+lOo4bCSpeenQ8xIeQQJsvoYj/FyNoqwCkPJcAe8lqLiU1+m+:kQcahK9LpquCgl9UQ2Hhe3XLb 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm 70.31 KB MD5: 70726f140bba86270e40f4a197e1d4ea
SHA1: 1bf977c8e90a96abd8712de9bfacf13594cce279
SHA256: 5b7a3cd6ce934a59fbb6d836a159c09789d4a05459354f1b710b53cf346d8f98
SSDeep: 1536:Z7CK5FEYDhr7UNyJcjNEqhCABOfr/c5E473zR8LeDFU2MHHQa2b4cveGbV9KErHL:9wnD6n1w5 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm 77.27 KB MD5: 1c7cea2ae407f8fe75ec76dc96706972
SHA1: 1a5ca117359af3aae990b445d4b9ea3712e8c931
SHA256: 956598d73e16ff9b2ba4bde245f66289c408120dd9f5fdf51b3489333ad1084a
SSDeep: 1536:huJxYdOqCLBq3IPirANA7i9OGzhktEgTeArGyVOCe+RBGnCZxvJefnO65QUnVvGj:EyqCLphUnB9ck/KMeN 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm 80.97 KB MD5: d6c5d032a27f218322a904af3145ce7c
SHA1: 1ef1130d2ed01c557342bdd1e410d38f4ac1ad88
SHA256: d5834c2955c1de88e729712b0cfefa1d6fe40c6b4f07b0fed30a7e378079cffe
SSDeep: 1536:YYCJKfcovLMS1M78hIVPHiy8nsSkKFB/WDWcrPCHEMoeY1axIUt1pG+z4J9y7a4J:YjmbsTABt5XzrSfc 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm 249.11 KB MD5: 2893e5ff2387f01ae311b704cca0e42c
SHA1: d540a6a388bc070fe28f27ad29a0f99719dd0d16
SHA256: 47e66ccd3b4796117290aedfac52753c71351e580bbce6eff8864cea6dec415d
SSDeep: 1536:mIZSJAoM1TOJ/0CJCJCPbC9w44F8CJCsCCCaCSCo83ReFQC5CVCnNVfOQ2JC3qCC:mInYH4ViNVGQBznmDQRtS9q+eQ 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm 74.30 KB MD5: 95102b70304e6a435592b259867f17b6
SHA1: 50a1b917f18d6b537a3e5c3f8530b0813a748bfd
SHA256: 981b2055bcf803c2cb36c7624a83850eb2835c711e4d822614cc61e83f0b156d
SSDeep: 1536:OIeVxP7z9dG7GHrOky8O1XhvBQQjV1Xu4xapF2rJpmT4MXKOh7AaCb9B0GeqqS//:E/587I0xQvlpeH11L 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm 261.41 KB MD5: cc1507ea813b000047681e650fd9cb83
SHA1: 5f5c515b44c3b33a59ace04bd145e16019bc38b6
SHA256: 3decc93fb1e1bfdbcb640aeaa25802841dea9e45a01e252c8168f583d4b4d812
SSDeep: 1536:zdcPLUKTkaIyUpRmmtXDxawguMElVpwirVF7aBi7edJgXPiH+Gr1a5Yd/7pOPvdm:RX1tXU7oGXfA5U8YnoHUfYx9PfWxUQ 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm 124.20 KB MD5: ab0cdaafe5461f6a06d6b87d04cab5e6
SHA1: eaffa52bedbfe1f3f17a542f29156f61604f0b53
SHA256: 7387ed8cd2f9ae7cbb67d6fae8318986bf3646a35f7c1517d41010aee6672be2
SSDeep: 1536:OaVh6nLwlEXxu4BuNRkgiSzyEtEvkTFXKorYlJ4tw1eY2rd6XrqP16fKY0UW5I3N:/h6I4eermaKEXXNukaC 		False
...
C:\Windows10Upgrade\resources\i386\BiosBlocks.xml 90.42 KB MD5: 788e5c1340f683731217e6f07f6b1cf8
SHA1: c9a3e9e65a6725f841ec0999564eceacc6903ec3
SHA256: 6685767547441f646b7566b19cf6f37b19f757b259cf146f9e2d238eb7e3fc2b
SSDeep: 768:TDSd7cVBK7kd7zxqVzFXNF+OcvbfJJUL6GsxoJptdkkdZvc2+K1h3iX:qd7cPK+7zx4z+tbfJJH0X0uZvV+Y3Y 		False
...
C:\Windows10Upgrade\resources\i386\hwcompat.txt 17.05 KB MD5: f96d17aca158f9539e3bfea18b382f2c
SHA1: 3b640c2584522bb9b231402f14d0ef646cfbe4e8
SHA256: c5df033428e43b8736407426ff458bec0a7d7f563f4a8f149ea9821ad0ad0d68
SSDeep: 384:asEvrbaoEIZK5HViluZGUdKURSbxW7S35tual5Xu4qoO2k7+EsRNQW+ClkU:ivzx5JtP1N7+Cr 		False
...
C:\Windows10Upgrade\resources\i386\hwexclude.txt 3.14 KB MD5: 1d95ba3ba46f517db9b8b89ea67adbaf
SHA1: 98fa1ee0faa97f3eca75bbbbad3f14560bef6f63
SHA256: 3645b8d94d9644b25edbbff76370662126055fb43cfde243779c6eca7b6e85bc
SSDeep: 96:95SGWvioHO/zm9aDy8OQ20SArv60vRsZJm/o8i:95SGWhIk4DvpseAz 		False
...
C:\Windows10Upgrade\resources\i386\nxquery.cat 10.55 KB MD5: 6dd1418335d2e2e1619083e1a58308ca
SHA1: a126fa0a88c4db7bc14c38690f6a3ab546adbce9
SHA256: 56e97592b9fc50c69f66d283e6c9a33775e1966240bc9d034f5ac167bd31189e
SSDeep: 192:OEQnqVOd+opMDs2/ZRQ1DKvb2aHHNTIYn+4LKOwpL7W+KdiUDvpseA93:OEQqAd+opMDBZRsD2BOYn+4LKOwpL7mM 		False
...
C:\Windows10Upgrade\resources\i386\nxquery.inf 2.39 KB MD5: 3c79c59a6eb59a07cddafc76afc12376
SHA1: c696ff41d87efeb843ba757295e610b8fd7860dc
SHA256: 1b79bb341b97e364448799f329ab145761d448f61a5284b3bbf52e125d5675eb
SSDeep: 48:gFCNZ8/fL862dvhbiAOzpjVtRjTDtZj6K6rv6AkqTvRsAAJoD/1+euX:gFCNZ8/468vhbiRZTDjjb6rv60vRsZJp 		False
...
C:\Windows10Upgrade\resources\i386\NXQuery.sys 20.59 KB MD5: dc2178a19179fb99792bb754f6433467
SHA1: bdf8f09c49812a6c99cb12a578be54b0eff49f9a
SHA256: a5bf8431a8bafce360ddc1841e68cb8480209a5be9fb414e0ee1240ba997a852
SSDeep: 384:elNkOjRf5TFq7GX1prpBjQ9aFwWEFf2hMe1cB0tiZw7kv:fYw7GXNa9BJEb1+zw6 		False
...
C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml 92.61 KB MD5: 71f77ac00f689a8396096504ee455c37
SHA1: dd84e035016dc0193d0c29b5e067869d9d233003
SHA256: e3279f22be717e1d9a4410e54ca061e91ee609d10c730dd75933e8bb1ea31caa
SSDeep: 768:Z5W7otEoNLiBDwn6VRlzYiBk/7BtaBimAZfgKwfPf:htEoNL76VRlkjiINZfgKkPf 		False
...
C:\Windows10Upgrade\resources\amd64\hwcompat.txt 72.34 KB MD5: 333f9f8a1a7d7cee08c15a778aa5597e
SHA1: 394414b77683f928ddb2b7091fe51862d143a29c
SHA256: 7ec1fb4e401e31e493f51ded8e366df65d813126b67774c47803f1999b33b9e8
SSDeep: 768:qLUBlase/8S8y6LYlM/jt0n8R8k/bRoLTf/GBMSe8v6uhgR02RikLmD8:Dh68ry6LHRH/bRoLTmWSe/u2RikLJ 		False
...
C:\Windows10Upgrade\resources\amd64\hwexclude.txt 3.19 KB MD5: d94c7e6339ca517ec593f34472b0378b
SHA1: dea5c6e9e1cb723a220840ea14715b28ac433755
SHA256: 08d7d744e3bec5a762c931b46d79ce12ef40878a884399fa56037475637fa288
SSDeep: 96:8N89f0f/soCXUUN/fmTvMCrv60vRsZJm/oN:8a6nsomUm2T0CDvpseAN 		False
...
C:\Windows10Upgrade\resources\amd64\nxquery.cat 10.60 KB MD5: b903d4216d1bb98e8d247df4b3e17328
SHA1: 6a1f903215e74581ed0fb9ef1a8bd42fe53e7dda
SHA256: 82cd236749990caf02c91c151fa7f5b45816429569549e38958ed27c24f048af
SSDeep: 192:pZ4QP+v8cAw0vT2lzsGcbQIuIUIfGGllmHRA179eddSDvpseAG:v4F8cAwIC6QjIUI4HRAvfkG 		False
...
C:\Windows10Upgrade\resources\amd64\nxquery.inf 2.39 KB MD5: cffb923325c6ba2ab8540781f6cbfdab
SHA1: 8af083f0a3550c436553fe65d73a2b85f2fe2167
SHA256: e72140c4b161e296c22fe994ef1f013dd53bd06c3f5a276905e317e085be537f
SSDeep: 48:ugUEcx+MTbqy4yTorN8qATXd2sR5hZ1M8DwUyfErv6AkqTvRsAAJoD/1+Fp:lUDxBTbAyTQYks5hFDwDErv60vRsZJm2 		False
...
C:\Windows10Upgrade\resources\amd64\NXQuery.sys 21.09 KB MD5: 45e6499190cf6581e62b617638cc11d0
SHA1: f530541bb587e492fdab98634ad2f69295488ba0
SHA256: 2012d82beb96272e6980ac855b9ed9e5064ef170713f746d6e0034c7262efe66
SSDeep: 384:QRs9XEndLoGopIUi5wWqGGftpBjczTMwWi4uh18PZzDnk20:QRQ0LoGoLi5tLi+hCuh18PE 		False
...
C:\Windows10Upgrade\dll2\webservices.dll 737.92 KB MD5: 03231c28c7a689d78412deb0e8c509cc
SHA1: dcfe1e7b270fd1086d373d71d37badda3b433d35
SHA256: 752e8cbf9097c116ff515ac4ac7c9c915295cd405c2fa4b9fc814dad3b858b0e
SSDeep: 12288:XRhXQpVamz+dy5qNEe7ZG4JNs9hRNroho+LFfZh2nx:3cGWe7LJNsvRNWo+LFfj2nx 		False
...
C:\Windows10Upgrade\dll1\cosqueryxp.dll 130.12 KB MD5: 4b74b21cc6bd754a5797799c756848d8
SHA1: 1514533d6a59e3fcdbf50e4f28cba59d072ee4fc
SHA256: e09d6b6c6bdeb6bd8313957c523445c71906a8906c982513f3f6ce9eca8f38ed
SSDeep: 3072:uxyqnGgkc8mKVgGqWUHCyLVef4xYogjiwjszP9chz55ajV:bpZFUi88f5ayax 		False
...
C:\Windows10Upgrade\dll1\wdscore.dll 237.12 KB MD5: 30a5a2d481e765e65f04dda0cf8513a5
SHA1: 47182e44390514ec71c0048eb297b3732729839f
SHA256: 82538c147a49e22b06b8359eb286fd6b214f39ca4472ac9d6a78601e0431e585
SSDeep: 6144:z/fqhkzIkArx651WlrUyVgP3lzetVBSzu+:GWzqYL0Alzdr 		False
...
C:\Windows10Upgrade\dll1\webservices.dll 936.62 KB MD5: 80d05309c8184e7be3d96ae3c5e17efe
SHA1: 11b0316f936eccb725437e80916598b35f03b3b2
SHA256: 59e23d86b68b21fafe6f417de8846e48c05458b27f88cc496148098bbf322be1
SSDeep: 24576:RxBNbjAInqxTv5/1bVC5GV9Gc3CFWrfa79:BNbjALxdPgcEl4a79 		False
...
C:\Windows10Upgrade\2052\DWINTL20.DLL 116.62 KB MD5: ec24c1d96016ef209148ec96c0c09790
SHA1: c734a7a117cc3a70fbbadbd7576f9dcf1d46f5d0
SHA256: 82a46b675146c4c336e02ef9f19e15e4189ddec9d2579cf34e162546b5512211
SSDeep: 1536:skZ1AZL0CeYQs1ODIpOYcb+yE0uXej0VCpbqwAI:3G90IpUvE0HPpmwAI 		False
...
C:\Users\desktop.ini 1.09 KB MD5: f11908b374d735b78e4178f9836e93c3
SHA1: fdd9bfed13f2f76e1a994e3c854731f27fa9609a
SHA256: a62ecbc84ab3605ce3c25807eedf3c9e25c9bde61c52421131767917dbf83f3c
SSDeep: 24:JAz3S1KzYnNxMau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8jtQ9:WD8KzYXrv6AkqTvRsAAJoD/1+wtk 		False
...
C:\Users\Public\desktop.ini 1.09 KB MD5: 348f15d6c07a73fe3fe57319083a7413
SHA1: 59a9c2970ddb796c2967fed4f9d5861b7f78b5d0
SHA256: 623fc7c900a33738e0d7cfe9170e666bc9f6dcb420f3242736039026dfd14a0d
SSDeep: 24:Q+zMVhLGMg0meau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8P4V:rzEl0vJrv6AkqTvRsAAJoD/1+Ie 		False
...
C:\Users\Public\Pictures\desktop.ini 1.30 KB MD5: 29b58bc88114f0658d2c91f2fbb88ac2
SHA1: 018057a1de1e664e629d9dc73d48add83ede7b11
SHA256: 4118ef6605f4edb3a8453dff8fcb95a827df76c1ebe5ea88214be23a6666bc54
SSDeep: 24:CLZvomYlM4KZ1ZUXWPGoau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8F4:4vomYqlU/rv6AkqTvRsAAJoD/1+N 		False
...
C:\Users\Public\Music\desktop.ini 1.30 KB MD5: a6824be7a227ecb254eae5e44fc58a21
SHA1: 3d9bf45df6986f5c62a037035fd73a6f3f098621
SHA256: 61ae6915af1e28e24d1874bbc5616ea31c5fa456025d33cc6a13dad4a391e225
SSDeep: 24:eW7om8lyhXsybBtirX+4hzfau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8bdKx9:97oFsTE9Yrv6AkqTvRsAAJoD/1+idKx9 		False
...
C:\Users\Public\Libraries\desktop.ini 1.09 KB MD5: d623e36a12f25c82ab1b400d8c58cb71
SHA1: 2441fa67fd70f8765c1193567902e7db1ec2bfb4
SHA256: cce3cde2075941affa0caae8e7b87f5eebcb1d3b3f615354f7ddc6336d05bb90
SSDeep: 24:z7GvH7dudALEXUau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8zt:/AQALEXrrv6AkqTvRsAAJoD/1+S 		False
...
C:\Users\Public\Libraries\RecordedTV.library-ms 1.86 KB MD5: f8002ed8e5786bbca51d02e330822a6f
SHA1: 264aef3556e52b505348ce834be276eb1ed68c2a
SHA256: 78559c75e81b97345ff40bc22f6b9abfa1f9fccc599e5b7f411dbcfe8b7a9003
SSDeep: 48:d9u0vpohXbjpfdWOH9hCUSjOFn7VpQkzlrv6AkqTvRsAAJoD/1+jI:y0Ras2h73QIrv60vRsZJm/ojI 		False
...
C:\Users\Public\Downloads\desktop.ini 1.09 KB MD5: d03c709f827c02410dc59b687d067bda
SHA1: 54295516e3ac29af4679a6619b7dabdf6e609152
SHA256: 55d341ec6ebd5119b9c46c5b5acc89d2d01b74fa05fd95ac6bd1007545b34a6d
SSDeep: 24:O6a6yRmjyrCb7wYau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8W:O6JNjy+b7wvrv6AkqTvRsAAJoD/1+t 		False
...
C:\Users\Public\Documents\desktop.ini 1.20 KB MD5: 4a61865e0ce98c76231ae50b8fb571e9
SHA1: 06cd8413ab7cd74ca732e4ad4d429ff5cebbdf6c
SHA256: 185c8c2d39b8209db5cad7147e7748041d98675e5a93e1d41f5667699ec6642b
SSDeep: 24:a7VNclLwJmqybau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8GhRZoj:a7Y+jrv6AkqTvRsAAJoD/1+XRs 		False
...
C:\Users\Public\Desktop\Acrobat Reader DC.lnk 3.02 KB MD5: 88a094f51467dbfeaa914a8fa3eca527
SHA1: caa2b9bf416d052f83b1b5a70dc85b57ba1e3111
SHA256: 2976b2499ff411842db658c226230ff7adbc6dc8f0c1edc85a5d8be5e90db903
SSDeep: 48:8iUwDr5lN5Vm9Wr+ti43FC9HnBYffHupF/cbkOirv6AkqTvRsAAJoD/1+rJ:8i/lyESf3FWHnNCirv60vRsZJm/ol 		False
...
C:\Users\Public\Desktop\desktop.ini 1.09 KB MD5: 9965947b16988b5db30f59ea0616f2d0
SHA1: db321311022b463e7c060bfda7b3028794071247
SHA256: 6897dfbe1e7131bb2d8667ccf4b5acd6e09242c99ed39995ce53129065767527
SSDeep: 24:qLfGomMzsbXau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR81:qbrmyacrv6AkqTvRsAAJoD/1+m 		False
...
C:\Users\Public\Desktop\Google Chrome.lnk 3.20 KB MD5: 57e73f3486b4678ae5a199b6133cf2fb
SHA1: 24ee54b335b7597efce9c05e9c057703ec84642f
SHA256: 927f80723e45b0da5976e5b1a0e983324a570b53a997fd434d652c82cef9be1c
SSDeep: 96:rkC8iqkEqXI1RYiFjpcsWFQTkQ3zrv60vRsZJm/ory:AL1E6kwzDvpseAe 		False
...
C:\Users\Public\Desktop\Mozilla Firefox.lnk 1.91 KB MD5: 13a2fc858261634bca1d5b873bc82b40
SHA1: bd4b889dac2e7a5ff04baddc97c699b010da3358
SHA256: adf48030162e86412a32cb733031c1b3212f9964a2870adea96023d65edd1e0f
SSDeep: 48:FW/YiYARO7T+fENV0karqePYXNoMfCCrv6AkqTvRsAAJoD/1+fL:4/YZ79VCrzY9TfCCrv60vRsZJm/ofL 		False
...
C:\Users\Public\AccountPictures\desktop.ini 1.12 KB MD5: 312c7c445b787f40762265e5fed3b818
SHA1: dc02e39055cf6e279819c2d624bc845a1dafe5fe
SHA256: 87f22740257d2c6c1b6a5420b24572a2e44293dc1d2a1f28c2800ef8c547013b
SSDeep: 24:ysMYWJl/Mq9aAtau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8m6n:yCQ9azrv6AkqTvRsAAJoD/1+h6n 		False
...
C:\Users\FD1HVy\ntuser.ini 976 bytes MD5: 702c189852a045ab6e4ec75c53f8d096
SHA1: a2499d9728433875eb17f559af5c21d8dfbf5e70
SHA256: 1705929b5abfaa42da4180c8fbc1258ef3deb101fd9f26eb67fd71882927fddb
SSDeep: 24:cf1loNT4au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR87Tdr:cf6TPrv6AkqTvRsAAJoD/1+mTdr 		False
...
C:\Users\FD1HVy\Videos\2G4jHr_jKsfJA-R.mp4 8.44 KB MD5: d2e90a0514e84c276f6fe06fa0aa3ea7
SHA1: 6b83e32f284be546eddb5304d9287fb24f339292
SHA256: 1d1cdfdada491334e5c0e8108744899a4f1b193c795fad6c0c379176c08f4f07
SSDeep: 192:JExHSdT1eDfox+Nsx3ZWz8OMXySCoFNnWQNJngWkEfvtDhDvpseAV:gSEzN+ppZXBhFH3gMf7kV 		False
...
C:\Users\FD1HVy\Videos\7ZAQ_8-z.avi 69.19 KB MD5: d83d8ef7ffb93b42152950e7c084c91f
SHA1: 03a9cd5779fd898f28883569d9eb64c7394fc24e
SHA256: c5d4ab4625bb289e7174c890f04bc46d177ce932953806269cc332aa96fba58e
SSDeep: 1536:92lnhqviQs+sdwXmOycUqLKyhHK7lC7Z1fv78E/AIn8:ohqviQsJfOyj2787c8 		False
...
C:\Users\FD1HVy\Videos\desktop.ini 1.42 KB MD5: 8b935b4bdd12cdbe8cb857cd0cd0cdbe
SHA1: b8f69e514b474040bf09bd67e18761bbf553e9ab
SHA256: 68a36a2e5d1771b9ab57aa91a751aa84fa05d1c711a18f6e19e9797dd4bf3549
SSDeep: 24:0eVl2KcoSdlvomcvYhJxXjB46l1jau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8K:tgKcoSdxhw04rv6AkqTvRsAAJoD/1+5 		False
...
C:\Users\FD1HVy\Videos\n3vlmZ6-.avi 93.43 KB MD5: 61db68751fdf636c5061144928a3ffd6
SHA1: 63e7058a1c0da31cd4bd4373a0b9c29b39bb1e14
SHA256: 6affc237614c2bdf267a456e6edfaa5b3ab90526ead2a8cb87be8ebdfc3f41e6
SSDeep: 1536:JkcRKyfrSkPIlUxsDALEZ8iMRHap5uvhxBwDNCOAy61/aG9elwzNVve6WCj2kOTA:JlR9u/+KhTK6C/CDYu8z55e67n 		False
...
C:\Users\FD1HVy\Videos\tO9pAo.avi 8.81 KB MD5: 6a8e1b4f01c2eb1bcc25ae169be50edf
SHA1: cfbcf3d5a20024dec14fd8f1b4c13839f470493b
SHA256: a645322de097940421c503dfa4df74d617520ae7d76b410049d320c074139c26
SSDeep: 192:FfGpOSsH0dphYIGfH8uSktquTQqst7KyfnJNWVBlJ/CzVGkzEDvpseAH:FfGhZ5oHttjTiKeH8BPCzV7OkH 		False
...
C:\Users\FD1HVy\Videos\xmT13G_wqq.flv 34.69 KB MD5: 762b0d7e59cf10798c7a9812162c9eb7
SHA1: 3ece97c8dd3568bc6749d8ea34651987309d728c
SHA256: 1c1aa453cb1dbc152fd561b3e9ebc0406798e434bcdaa686a3119bfcfc10aef3
SSDeep: 768:ng/sZfo0gjXtxwIbGNz24v5X8WBdyT0OFAGv7qeb68rXTjtJ0U3p:ngUdo9ZxPGRnBaFheebdrXTjtPp 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Jl0C.swf 31.99 KB MD5: 6a9069e866c37b00669208428756468d
SHA1: 380c61ee3a9b3c586fe1709c977ae48d262952f2
SHA256: 3f12c5d268d70165a4e902307fe9f67a96a0f85b355fcdb17f5d5763192ec9a1
SSDeep: 768:rORDAXceyv/sw7Kqw+cMTNHoEKhKIcQLNFW2MF:rMDYceyv/s+KqwvMRIEKS8MF 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\UHxSn8V6bAV.mp4 96.23 KB MD5: efa1615562ccb31a1de662426c257804
SHA1: 2fe1ecff4e0160f1d2707e6f3c16b7d8ab1b16f3
SHA256: d52a66e3e028193362cf02905f1e919da64261158f42aa5936e9660fb828b982
SSDeep: 3072:T8l/RXt7f8oqpIvoBLpg7zZPzGa9twqjbzCSMZ:TKpkoqpIvozgHNGUt9GP 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\46Y sA4xqn1mkiWfe4.mp4 67.91 KB MD5: e4989e2c9daaafc1f7076c4e7d6cb956
SHA1: ca399a4574256af14d7adbe6485fe590c58b3200
SHA256: 5408241500ee482d84d44b53807ce6899189ee450792b83c483b90cc7f67fccb
SSDeep: 1536:FyTbpxQ1gR2TquCl6yc3zfrgamlMrgu0TtfnRr+cHr198i3RS05i:kXpi19TZxjc6r0dnZ3JAYi 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\EAExctTFQPMl8WtaYS.mkv 14.21 KB MD5: 19f11583b909cab26acedb0fe3a7e1cb
SHA1: e6d9523a3f00bba31a51bd9a08fc273e70c693b7
SHA256: a8dd2c0c3d38fe1c3a401c5fc59f6cf2a20755de3d07c680b0c55227bbcf04f8
SSDeep: 384:e2wjDWAhgh3R61UrxlTCDl/fWtEsSG/mPwVkH2:b2Kr91dWUE2mPwS2 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\Pb9eQoao SP.flv 29.40 KB MD5: 2a8ea4ae9f5be7d0869435c4058f5378
SHA1: e1edec71be53faf1e9be6ce1b91fecb804eb1027
SHA256: 57bb8db4d335d9148000d87bb013323045b31b49b8f9e33f7938a026733035ad
SSDeep: 768:/yQ1GsDBEKD4IQqFqoRswbR658KM5jBtsQx:6QYyrFFjmwl6CKM59ts8 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\bh AN-eEd3pAd.mkv 79.47 KB MD5: 4d08caf63abf28c1473f104d27f74726
SHA1: 681d0391ba556c8b3b022b750c067ebd17419e3f
SHA256: 386c109d9688f48426be471555702bd2574b012369ccea7a150e9b33a9cfb51d
SSDeep: 1536:2v0ABNd90s4g9yh+X3tLoCF+NDnzYNoDOrIWayyCqojS9plm+aWX8:2vFNoKDX3tRFAiM6IbCqI0p0 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\sfAW.mp4 34.47 KB MD5: 11efd5702f9438f0a0411cd3a03e66c0
SHA1: f408aac01de85cd6685d79da2379792a2e70ec55
SHA256: 899b3f89b9efafea38270cebf6da8711684ebee019c39169a0cb01fb2d516429
SSDeep: 768:SZ9+ksjurWd9fN9xFVDzkZ5MJl35GYdj2MDK7GqmoDXQguiFuA/1:gYz5P3xFVnkZeJtokBYNRuiFuAt 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\1ny84OLSFqFQ9.avi 80.32 KB MD5: 5ba69d6f798789f2b38e64f24bf6d890
SHA1: 8a50a9c71109d08f383666ffd99741917bcf162d
SHA256: d1384777f5f215122fbd3b0e4626856d87cffaaf91dc6ca2e68b1dbe00e15fc1
SSDeep: 1536:KV6vciCehXSAWPE4wpl/oY/f53kWa2wXiPGSbcXesds8qfnvu5BSg3:KAsehpB4ouY/1kMwSPpIu4Hqvu9 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\2RV7ZqtkIQAy.swf 32.00 KB MD5: d08c44785f1823c781075428a7e07a3f
SHA1: 48cb1d4a35ab91012d8c9e5383a550ea899ad2d2
SHA256: 1da5d4e878e01871d9c15cc3678fc91a9a1c8a7161be880e2429b766ae7ff6e7
SSDeep: 768:X0Pu2KIXup/aWDrSs77s5c7zFm5TXAQ10fvaGU3u4fXRN0JDOTEkP:kPbKhpjSs3sWE5TXARK3u4yIH 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\RbHKQb.mp4 95.68 KB MD5: 08a3535a2924597d997531e3e1f24be9
SHA1: da00704f8866a490af394c77e9fcc2345efb0793
SHA256: d9eb7cedf1d9658201222086a6ef517864d1c6fdb7090eef86bf495d86c13ed4
SSDeep: 1536:yBS19aMBLH3DPBW3OtSI2c8O4nOQehlM0odsid6+G98FUo/1pRFhaX:Zh3jBWtI2c8O4nO5KFNMo/1pRM 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\Z5Ha.mkv 15.75 KB MD5: e0d2f796e5a712e05e54355348d63f36
SHA1: 6855d6a5d49a6f2de120343ec3757c8ae1cac436
SHA256: 94693be69f80a68c62d3525e6bb704ff85c9dbe22682d3bb51b0c93992969b60
SSDeep: 384:gpcUfaawqB01itKoXaBuahiGRzi1gwkab:6vnB0EtKZhX1ub 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\b4iPziHdJp0rZ.mkv 84.53 KB MD5: 84a3171c4a7d4f2acca8b58c9c45ab3b
SHA1: 95587cb3b74e7633bac0df1a74ab1162543597ce
SHA256: 1ec415711c48d57d472b611999c8fc2659cd2d3d5525f5860ec407062525eccd
SSDeep: 1536:VyTKtmMgUmuKUHSpFU4HD9iZ/b+vw1OcGFV2GGVNKkuV:VyTKtmwKUHSpGSuvcc0V517 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\HrWnwNEc.mp4 57.31 KB MD5: 729075232da4d2490cfa3600f07c3026
SHA1: 186da993bdbb552142e57db7d1d4746860d737e7
SHA256: f0a439496037efe3d7d007951ccc04f656dcfd08bc477a1e0f48b204d0254052
SSDeep: 768:kMvop2DEJR711jmAwbsXSU5GMBQ+O55uZt5ANqu2TCAyufmOKbQyljZ2eQagTcM4:tose1j8oTkMB/ZrAWf3KM8wagZSmxm/h 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\jEPjuBAsOvP1O7SS4rI1.avi 20.75 KB MD5: b90ddf899268359fa6c03ceef00d28dc
SHA1: 3db43422e6d1aa834dfb7954046bf00a2353ac33
SHA256: 30ec54fc9b5f2744cfaed87f99665ff5a50c73d3c7367ae09bbe7a1f31fe0288
SSDeep: 384:qRQnTDotbna0OoFzN7cHtkib1M+YSUfVFNxKeGy9ik+:qRUD2Da0OM6y6WSUJgdn 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\N6mOHgddbvke6KjX.avi 84.89 KB MD5: 1884f89d82bb04957fa4d0bd2e4f95c6
SHA1: 158176e4053586644f8ec60dab221d995ff8c8ed
SHA256: 64a2711f8c4fdfe90ba63ac5b3c771667722125d169eb2f15a84bd6d2188c9a2
SSDeep: 1536:z/YLh48/gpZa6uLIMhPfT3i5fitjAqGAj+vaWmvDWWxzOMXcfNMGgRdaBdzV8ozU:zKiYgm9FjFtjPKvaWmvqQzOgGAdayoPA 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\tnr9kITOz2NeRQ_.swf 39.44 KB MD5: e42b7a3845ed7a0fdf59e66185e51b65
SHA1: cbd62908df6ae23ec47f0e222174515374fc3579
SHA256: 6005dbb03d05d5f8664393469f134aeaed030cf4a02541feaa695c76eb8fe233
SSDeep: 768:GbLYIbYtZCO9TQfpvEyTJ3xfy2v9718z0ggCb7qzeSkuQgLoo2yQysVz:GbLs/21lIi958oa7qzeSkW03yQyIz 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\wvm_YPLQQnYUMnD1hGKw.flv 51.84 KB MD5: c1516c1f60bd400eecacc8bff11dca76
SHA1: 9400e94329e9cd34e2a5c88fcbf670b5d6f7dc3c
SHA256: 5959aa4920a6d1855d541b66b7bd698705514f53ea185fc3e7f1a9ac1084e6bf
SSDeep: 1536:ky5ECxXjhzWGZESB1fXhnEcMjr2ARbBtmroSd:l5ECxXjhy2fBtXFSSAjtm0Sd 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\g4fjfKB2.swf 43.16 KB MD5: d9348bb98d70b74434eaacc6324ffd95
SHA1: bc1f3e01209c87714eceba4985e8a3276bc936d6
SHA256: 2c47c207edb2270316ab2aece31d6e25537dba842fd3a48ea9376c6f8f0fc4e8
SSDeep: 768:zEMrAysf00/A2ScXuyq1HsQhFBKI+/tvvi1eRKSmFxQMNs3SvvWCz:jcyg/tSny6rhfL+5XKSmFxRy3SvvBz 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\LB 3vCSyt.flv 7.27 KB MD5: 02f72eee16dbe9be6161c610fb649051
SHA1: 16e8737589bdf39c0f1f47bba3f423b3971afa12
SHA256: 2039ea7f88247748686bd73d996bb50b6685f022fea9ee15ba5af74afcc4c117
SSDeep: 192:yJZ6twQ/rAdUaMwv5ewOvmSMWyg/YxO95mDvpseAh:uZ0zCL5ewOOVWy2YxO95ckh 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\Pam-rO9WSYDB5Aau0.flv 63.10 KB MD5: e8fcfe60d59d825133c4bedee52cd661
SHA1: 6696d78eeb1d0e9ca1a2173189a7614ad925f13a
SHA256: 1d54d553e59141c8c39e4bb392f0f59409bd611d5d10da0536a57dd64f7c5678
SSDeep: 1536:G2gA8kqtGeaF+tZovsX5If2chzDTAeLu7:G2MkiGea+ZovMIf2gTAeLu7 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\pH7Yo0Q.swf 25.03 KB MD5: e9241a37af65f79734265d51d078a5d7
SHA1: 719b005aebeb2bbb8028fbe5653331b3d8a9a112
SHA256: ea26ac4d7342afb56d54b0ec1e143793b2dd845d86fb37bd8ab718054cc91244
SSDeep: 384:zq8Ff7o9R5bbV9VLrsnod/DkDFZMq3BhFFk7QrDrtQeMp+S2A4pbRRTpikX:PzE7FqoqMkBhFkQ5QLcnbRFp5 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\UTKSb4.swf 59.99 KB MD5: fdec0853ee819c1089cabf9cc8d32841
SHA1: 6acc8dc96ae1262625ebda01a932e92fa05af776
SHA256: c092ba696e6fd8093a4cb5237e7fe7f00843703d80816cb83d8fc9e2152fc982
SSDeep: 1536:k8g+aVO9NPXvK9bmja4pgsg/tTxcMrY1b4MAGKnaRd8/gx:FUOfvj3ng/tTxHY+LGKmd8/k 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\YI0OJ.avi 68.28 KB MD5: 0e2d28b7d29294c6de3db7218a814bf0
SHA1: 479149f09d0807149219365fba015dd38a2ec961
SHA256: 5628aa1f6105b4ceecf49cbc481cc7516733dfcc698e41749ee314747f6a3fc3
SSDeep: 1536:T7xZH9+wbHvx9XYi748dy5W2SMMheMbK9byLhD5Nr6ItEm7i4TdFmQBYp:T7b9+wbjfdyKMMgaD5NrNJ7i4TdFdBi 		False
...
C:\Users\FD1HVy\Searches\desktop.ini 1.44 KB MD5: 4e98859421004b29207506fe8a78615a
SHA1: 10bfd5b6d5ca89cec4a6deae9c991414dc8f82b7
SHA256: 4bf593e04be86125ecda4b83e212ccc7887a7236c9ce795f19ac55645783f29e
SSDeep: 24:Oi6/8GlLwyQrdX0t3Vrmj3YgEYzQy3au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8Y:PGtmdXElCjIgEYzQDrv6AkqTvRsAAJou 		False
...
C:\Users\FD1HVy\Searches\Everywhere.search-ms 1.17 KB MD5: da868bab1954cf062c879f15cd5354ff
SHA1: 1d35c2536461f1ffe17388554c695feb54b2889d
SHA256: e0e6377bde126660efc360de4fcec5c6061918ffbe4683a04398b6655c00e554
SSDeep: 24:FQRyRTYCdBEPcUSgUYwau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8ixMZ:BDTYnrv6AkqTvRsAAJoD/1+BxU 		False
...
C:\Users\FD1HVy\Searches\Indexed Locations.search-ms 1.17 KB MD5: 1e5009b74e2e78162f17bfcf51eb9252
SHA1: e39c6162917da62e36258af8757fc916f6547e6e
SHA256: bb0852f6b6fbd9fd42d13766cdd42df22672829d5bd6583b4a8fde529ef7d9c1
SSDeep: 24:n5Ru/A00iWHRb9kZQEQau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8A5:n5I/N0UXHrv6AkqTvRsAAJoD/1+F5 		False
...
C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms 1.77 KB MD5: c502456b69526c1177e3e4118eb68eff
SHA1: c945afb7f05f6efbb4f9b58f06c4277afb23713c
SHA256: 87ff5089eacb50557b3fe653229d847d2c9ef200e523d33a93c0f0e2009d1d6b
SSDeep: 48:FefvqzItlNtVl0xtr4irv6AkqTvRsAAJoD/1+Bfv:CqktlXcb1rv60vRsZJm/olv 		False
...
C:\Users\FD1HVy\Saved Games\desktop.ini 1.20 KB MD5: c9e5bd9b4506c44e429651b8a74a990b
SHA1: 7221a929ead30d59899aefa4d8dff6828fc06a03
SHA256: 2118bcd8399ed6de9a5b50f3086f0a25ee7d4f641cdb607f1f5296644bb78ab3
SSDeep: 24:nFpAlDTlLwTU6Ch4au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8nmg1:PAlvfxPrv6AkqTvRsAAJoD/1+Omg1 		False
...
C:\Users\FD1HVy\Pictures\-2zw.jpg 71.86 KB MD5: b01c565e9863f630abfb8860d62504e2
SHA1: 667e3430c1c26b033094a71b371bebb54ef5d5dc
SHA256: 4b81223c7987b031dacc225d08ebd32f7afc3918b5a6a80eec5697063234a297
SSDeep: 1536:pgNqHmgIGMuNjDwpHkn3rN8hHZ9XXESjEUrVvB5:piuYGNgk3rN8h59kSj5Vvr 		False
...
C:\Users\FD1HVy\Pictures\-b02kVqWvf.png 15.91 KB MD5: b826f5cfa4db044ed8ea29a93d5824df
SHA1: 6c1b73b117a90cc031412df4d5e3ff56501eddb2
SHA256: 6deb1ba68cfb4fa3a54b1340734be802376a56512464224358e342d1f173c013
SSDeep: 384:WCG7BPs77wrCisJpT8nCkaHkoPGrCIprTZt8klKkka:WCG7Fm721epTICcvlTZTF 		False
...
C:\Users\FD1HVy\Pictures\1gNasKYorpdQ71V5s.jpg 11.44 KB MD5: c2ed475922ab3e1616f509d72c1b3ef2
SHA1: 0285f07bbd09ced54fb8097e1f0c955d18db9ad7
SHA256: 6cd30fa6b40a079a1538da8d13f087908400685a167f12b703d82eb2accb5907
SSDeep: 192:E+3k2JG9tNNQHhisKVV5sNRZsAiwyDW2meXDUx8OoQSyMeklMBL3O5fRhM9ADvpm:vnfBisUVWXfECW08OoDy6lM5KbI2k/Z 		False
...
C:\Users\FD1HVy\Pictures\2WNpPaYQ7bCH6uHV-Wi.bmp 35.59 KB MD5: b6ca71a1bcfe53a0014610e2f031bd59
SHA1: 8931767fed05371397976a9cd612de21666c53bb
SHA256: c32a07782385219e243960b098e281d0bb89ae80a0d33f77e6b6b7090489c49c
SSDeep: 768:LayTZHR5qduqdtQP+B9poy6AIVge0QQSxBr7o:Lay9xYduqdt46iypIh0QxxBHo 		False
...
C:\Users\FD1HVy\Pictures\5Mc5tu.jpg 34.12 KB MD5: 2e00be4548599c30d3f033b2e4306c87
SHA1: 6d45009303b566835809a9cab347eda7eb268b39
SHA256: f391741c2464920145705a2ecd16b669fc87cfcdda2156949832cbeab36dea43
SSDeep: 768:+vFWLtuKkuSJbwe/WUH0Ug9epQaCvWxc07SHQ7R1ODb6:+IZ9SJbwe/WUUUg+CvWK07SuIn6 		False
...
C:\Users\FD1HVy\Pictures\a-l cZ2WhL3Gi9EP91pv.bmp 100.52 KB MD5: e00803ecf4d9c4e785b366f5dd42f845
SHA1: eea17e2e395d1532d301e2f7e4e79d059bc80b53
SHA256: 2092b3789f7e4a64a8b877e6a54f1de867dd3db3e640d981ee638f66f12c5d36
SSDeep: 1536:nc706QSduUs7H+aegxmqhUZwlXnchVfbuDBxLaOa6Atj2HKQYdsjPdo0g:nYdLS+aPxmIUZwlshJbudBSB/niPG0g 		False
...
C:\Users\FD1HVy\Pictures\AAfDEiE2PNHO9chgg.png 4.48 KB MD5: 7502c6c074421bbb66338cb4d46aeeec
SHA1: f82e7c4353fed19b5f4597c432b0b6dd1ced90af
SHA256: 195d3ea1e5c124eafe10683662f85a89018a06d215efca0cd83c5b913af6575a
SSDeep: 96:FuI6z0pDdpIKPI/eMKZ9FCRqWxN5RNGFYqCkwrwG75H1OXOzrv60vRsZJm/oXL5:0I6kD7lPBj9IDBwG75HU+zDvpseAd 		False
...
C:\Users\FD1HVy\Pictures\AEeie.png 55.66 KB MD5: 62af64c920ad150b6c043d782b68661e
SHA1: feb8bab0110771ee283af76b80bd626d43ad26c5
SHA256: 30e9aafcca348521f9516f95e10ed32c4f3e59ffb50dccad3a0f1d5943b6eece
SSDeep: 1536:LKimHAX6xNi+p+ffg7glik9TsEk/s8sowIxTdKMK:LKiH6Pi+p+Q7I9b8fxTJK 		False
...
C:\Users\FD1HVy\Pictures\atmBsJmJ.png 28.25 KB MD5: c6aac72832e7c778c536414d4b425af1
SHA1: 3688962bd78e0ba9a03278c28b780d592167edca
SHA256: 7cc4db77d1fb3a4497d68e0ae9b76dc2096636b8a5477161266dc9801b60ce59
SSDeep: 768:b4FK8MFqj5AooaSpOu4uv9f0JAJdgg3pggtH:b40/0j5CJ9dgspggd 		False
...
C:\Users\FD1HVy\Pictures\a_cHEoVLcdMdko0UNSN.jpg 59.95 KB MD5: b8794a87bdc51dd7aa1cb3d961480adc
SHA1: 6a990ad6bec7524e922dfb2d9e9444d1435fee45
SHA256: 22818a2cbc1978624fad97bd2bd35142873ea05d5fab0635e6ba23158b9e9c76
SSDeep: 1536:jYWObilehylvGomc3wjTM/PmW3FoEbHfsEQEGU14FCK:jNedorwjT+qw/sEQEd9K 		False
...
C:\Users\FD1HVy\Pictures\desktop.ini 1.42 KB MD5: 63033b96617dc0dbcb8f5b811f15a248
SHA1: 25e11320d4edb2c93fca2588285791232e969a0d
SHA256: d264f9003e6c06b740bd05b453d4fcac33948f17a961112771494e5018cb03a0
SSDeep: 24:75pGo6UTlv+nZvveau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8Ls:2o6UTdmvJrv6AkqTvRsAAJoD/1+f 		False
...
C:\Users\FD1HVy\Pictures\DHNDov5.bmp 61.86 KB MD5: 4b8d13282eba1f94d86c89dbacdd563d
SHA1: c310f68af6202e8ca5b82449b21e5fc8d4d1140f
SHA256: 45f0f623d2f332e1480699e1aea40584ca1d22b315c0b104878cbf9712b52759
SSDeep: 768:Hx+Xw4Q+mBGr58Pn/fqH2+pOoL901WgMo+8oNpDYGVnWVlM4xQQpxoRFhJCJAux:HWGBGrqv/3+v+f9ozDYGFl2BoRFHkAux 		False
...
C:\Users\FD1HVy\Pictures\dW 4vWF3KS.jpg 92.67 KB MD5: 7abc0fd6cb1d91f47fa148badbc999a2
SHA1: 6183cdbca195b8e9c5e6428df62e9b41d74310e9
SHA256: 6481e9cd91e4e03c2ad06ff3f01e3b0579a4813a10478926182efdabc3979296
SSDeep: 1536:u0PWy0o3LkdAYHdd1MXFrAVD3y0rom92BU+Hom3yZWYqzOcNLLrcf3jFe5W1GxpX:u0PWQ3Luv9d1MSh1rz92BUaom3ysjRNZ 		False
...
C:\Users\FD1HVy\Pictures\EwKDZvQL.png 78.65 KB MD5: 9380bb422e00f9f6e554714f306d4037
SHA1: fd4c0d0656e9bdfe99a2a700885b4fe2592c0576
SHA256: 6b44f35925c7c0ef2bfe7a07e376da64f65e83932ef60092bf28ab865cef7db3
SSDeep: 1536:+EvCbPZFh9Q+DpRjDphDr21OHEFP3AJa9/kF9AuktVCWoM:+FbhFh9Q+DXrr8FPmFiuu5T 		False
...
C:\Users\FD1HVy\Pictures\FFZTJM.gif 8.80 KB MD5: ee0f5a8652a52d002ad0119de8824da9
SHA1: 982921933172bbe131808e99c1319acda9666b43
SHA256: b433db61d38b99bc3f0cb69f866d96aeba766570631cadecfc6db6115ee04787
SSDeep: 192:ujzu33cDCofcamXosT5ijq1MA/TTAe5Rgbk+1rcFFDvpseAb:M5UhYsT53GA/Tce5j+aFhkb 		False
...
C:\Users\FD1HVy\Pictures\iPiG9DnbWOn5Lccr.png 9.98 KB MD5: 792f83047c2199ce08416060f55712ca
SHA1: d6d4c60939e63cb5c488f1047df03005ff4027fc
SHA256: fe2c7e2de022f3baf11a9c4ef3c13347185fb2c7832b80eaa813284d0361e715
SSDeep: 192:FXvf6X2zfDUtwWLsOjAj/4W4inIpz9DrcwJWUJDvpseAS:9H6X2z8LQ4W4/zHcwJWqkS 		False
...
C:\Users\FD1HVy\Pictures\ISwBI.gif 58.56 KB MD5: 5a9f6968be0c281efb83aa4de90131ef
SHA1: 00f38145c174ab0e63ca947db1cf22d0b2d9288f
SHA256: 910ea9ecba6fb2ff6802a95304d36cfaf260debedeae75a91ad39ad851187580
SSDeep: 1536:T1OLeLsrdAqsWIvlzSbQ9Kl09+NbHpdtrhYF5FKjZ3gyN44mT:TcyLsFIviQ9y0UbJdJhYvSZLNDg 		False
...
C:\Users\FD1HVy\Pictures\KHN blqiETx3MDUQXCIP.bmp 82.00 KB MD5: 82207931f757ba8b24e81ab36e759e80
SHA1: 5e3a6553f7ddf5f1a49ffb39d73018fc10e768bd
SHA256: d87542a4a0db29d2d155aace103effce0f9d0823595bca306ba39efd21a5c9b4
SSDeep: 1536:d0eulvfGuBGZhlBiDFTKTtZ1ku2jzlgeO/yDs1mctPMN9uuNW6E39ohE:d0nfGusDywTtAu6zWSCmcybc6r6 		False
...
C:\Users\FD1HVy\Pictures\l-w8ML42eH7z3tMNH.png 38.88 KB MD5: a5cc1eea39c82799afb44372e87e3ace
SHA1: cc7525b39817896488e28dfa0a47fca827305d3b
SHA256: ad4f85e1d03fc415a3c3a9231fc9ddf2936c4971090d94eee2390e4127d9f05d
SSDeep: 768:NwxLBITYD+8kooIZwl3va8+1NpjqbnJL2gSLiuTLzw5n9f4tBuN:UmkCvoxW/a8+JqVygSLiuTL8t9fWBuN 		False
...
C:\Users\FD1HVy\Pictures\lzcdU5diYS_BASUK.png 93.27 KB MD5: 88fdcf40f2304c1130037efae7c6dd19
SHA1: 9be852953514c5ce17ea3aeb694f7d941cff90ec
SHA256: 824d07936ceca6460f6e78daf2c0ff9bde190e2c6878eb5365632292d7fb6ccb
SSDeep: 1536:50N4HRTDl/2DTRgR6STLvv/f2J31Y/8RBep1o2BkFrI+3e+:5JHj/2DTR0pvv32JFSXS2BMrIR+ 		False
...
C:\Users\FD1HVy\Pictures\M1wZLHN6Fkt-r.gif 3.08 KB MD5: 851e9a160348bfb62ea535cce5740bdc
SHA1: 09a6e4d8c247551e8a4f91b1ee56e2e388c0858b
SHA256: 6a21c76b5b4021fe66942ba0694966bdde7124b8e4965dd534b5837ebe190569
SSDeep: 96:T1lba7jZ27/rV4X/zJfkiJeoDjOrv60vRsZJm/oh0b:bavo7h4XNFeoD6DvpseAhw 		False
...
C:\Users\FD1HVy\Pictures\NdP2S1 XoxsMawE7P9M4.bmp 17.81 KB MD5: fc617af47c5ee7717cda51c1efd32a29
SHA1: 3d2ae0dc92755f50a5eee420272d998b5cb9f9bd
SHA256: 3b2b1193805cc4bc1c9163e5e4d44c97e7858fa40c43e7f073411b663c70ec06
SSDeep: 384:T7zvHVJAJftDueRpAJhBFq/9MXuM5ubdxJBdeUF0xJ38l44IinIbskY:fz/YJfEeRpb9MeM5uPAUF0xJj4xq4 		False
...
C:\Users\FD1HVy\Pictures\NwiXzxAjISOq6RX.jpg 66.23 KB MD5: 91865ed35c46b126207eff986553980b
SHA1: 83e21ec591635130abc7b8ef672f04a2f1b5f10b
SHA256: 1ea50bde31bd8c22e76a2b0e430bf7774ee9f722898f9b986e5c5491930f308f
SSDeep: 1536:BtCFRlF+Cx0LgbHOVXFhgwEXCCeG3bVLbUbZOfvovkUzrD:B0dF+CGkDONF2wESaLVbUbZL5D 		False
...
C:\Users\FD1HVy\Pictures\nXyIT0GyxsFB.bmp 24.12 KB MD5: f6db18e8f63fabb99ba351ff7109a0fe
SHA1: e47f97faf39dcd023c1702ae7a73836320937956
SHA256: c4aa1d65fa018ec84a54030ca2dd36f6511d769abf1effadf44e7e81be3914db
SSDeep: 768:IFffj+6JTkpZBEFwF8cM69ojN6jgXpw4f21CWP+GV:IFj+OEGhcFoAjgXVf218E 		False
...
C:\Users\FD1HVy\Pictures\NyCuwZpUZ.png 23.50 KB MD5: e1f2087de0205fbe32b016daa84b6751
SHA1: 2837123019e0c4a6825cda31c30fb2ac93b7856d
SHA256: 77b35ac8759166f78cf92f67da88d4e325b94caaa08c96d065afc0db0109a368
SSDeep: 384:FhXVBhbza+DcItJRaIpWfaIAcWhJ98eTad7j5aGFfXGbgFjuuf9i+aKQJ0wakGO:PlBFaTItJc+Wygana95aaHaKC5 		False
...
C:\Users\FD1HVy\Pictures\NYUV.png 28.52 KB MD5: 400bea0123d85fe5265dadf2b8b153a8
SHA1: 8981c53323708a3ed3b6e30d5b4b0be472462cec
SHA256: c348117e6f1c6d9167b352742f45d2131f6c6497cbb68c5c7ffe86c2d2880172
SSDeep: 384:hLPvxUp8nFiDOR6JpB+nYkYMQUsN+OjTp7CQqJ2V82XA74IJeEbe0lL01kYCUCjq:spyFjRs3sZsZjTNPqQhATJeAe40xWcN 		False
...
C:\Users\FD1HVy\Pictures\o0Nhv6wBAauXXRjT2tXD.png 47.27 KB MD5: 85b3dabdbe79e3ed98641ac0321b54ff
SHA1: 6884795b6844cd3503357275bc56b8be917b5c5c
SHA256: e5e064868ff5ab2d94ff742e5e6e0545a4393a13c73c5480d63908cace077110
SSDeep: 768:ptowRO6CU4BDW3DRPwBvRtH664O3gOpH0DHoZUHHDlX78BuHuzRENi6hsJXSZshE:9CF6TtwdxJ3j0jEUnDpwQOzipsZbdTsF 		False
...
C:\Users\FD1HVy\Pictures\ofGEte5FSqkNeh.png 53.42 KB MD5: 198654c312f7cb0522ab7d27108764d5
SHA1: f030606e10632bb7746a022fbff2a08c2c69e73f
SHA256: 7aa57032342a711b0e723b57820fbe33a72eeb00c8e3fd948d234f964321cfb7
SSDeep: 1536:LhQZ1ybqlbfCmAG+9NH8QBigMvaTQ3WRQGPWWQ0Uw:F4ybwA99ZNLMvaXKAWdM 		False
...
C:\Users\FD1HVy\Pictures\PxAGmyezRVyRmSZAc0.jpg 98.97 KB MD5: 72dccc730ea8f67ea4990923dd12dc25
SHA1: ff414358bb76be2213d079537828409c0cbdaf74
SHA256: 9c6094d6a6ca3f440ceef9598374530c814d04d2996788043dc46b609c98ba75
SSDeep: 1536:Di62u1Gl+vD5vSlSHRGXQnFdPMMSoi9UWGaV74MRRqdkBZANAaiJkUFDAnSKlcGS:lnG+vFvSlSVbkNrNIcJ8nS9LPJv 		False
...
C:\Users\FD1HVy\Pictures\siYWMQkbaR.jpg 10.33 KB MD5: af218046a6cef1cccf69b751adfae1e0
SHA1: 81e5784bba05ed52418eb058935cf3d07751e0a6
SHA256: 9f460ee99759d147e656de86412fefe42c1d5e1fda5e7e1115a2d4134cc32e5f
SSDeep: 192:2/5i43bXxYMEda6R3qQa0dZFNLs3F9PDD8wjIBU14EXSm+3k2fhDvpseAG:khNYME9vaM+RDtsOSmilVkG 		False
...
C:\Users\FD1HVy\Pictures\T333.gif 42.72 KB MD5: 827e3508413fa76e4841989ebe7eea98
SHA1: 4df101cfd41a8cf812c97b3bc712353d855f2282
SHA256: 705bbb8485eb4960a47c351b1b6dbe3b84d7e596d71a5ef95f5fb7453b3acc45
SSDeep: 768:lUzc5PGLBgeiO7n1MkJm4GQB5if3fHMdKkYBm1igXURDZYTBrUOfPnvq4Bg:lUz0wBCMlo4ZB563PvBg3XoSrHnvq4Bg 		False
...
C:\Users\FD1HVy\Pictures\Tcd9M dgrM7.jpg 17.16 KB MD5: c3db873d3de60a4b1d42c4abbefbbb19
SHA1: ea49326c127dd59460b36f2b41e94b4aa9ef9ca4
SHA256: cf2ff4a653dc07e43f04d7e1553f58fa587269b7ec0b34f6a474c528d621d9a5
SSDeep: 384:8XJUIRtqs8b0XOyorEY+g/kqxeq1cdz2pWqk34in0BANF2meNvupjePaVk1t7Ea+:8XOIRtqs8gtQR/0ldz2s/IRANFB4ojge 		False
...
C:\Users\FD1HVy\Pictures\xnkbNTgPvTY.bmp 87.92 KB MD5: 76c8426ec7d9ba4d09858ba9fae7cae2
SHA1: 953cfd352f162908acefb3f4ed8aa9eda0a0114b
SHA256: c68375edada46dbb477bb613d4bd9fe4b8813b3d9166e2fdbf607e300343f1ef
SSDeep: 1536:6QYvAW2dojWVep+tRzhZ83hRz0TvAoWQJo/hnu0uynCDZGWYe99b2apGeT6:Wkoy9RNZWRgTtWQgZuwCFGWFON 		False
...
C:\Users\FD1HVy\Pictures\XT8TZGP8nb_M.gif 91.97 KB MD5: 0e0a9ec158dd80c8197fba20f0e49194
SHA1: f55d94f738b304f1edad7703c2eb70e332611264
SHA256: 9bb97cdac517e3a4b187e77f369a92cef337ed69b496948baf34de6ddc963f27
SSDeep: 1536:zmUta2VdvKel5N9zrkD1abKPwjkf2ZVIa9kram2hF/y5NhTRNTY3HT:zxf7hrmWlkaVi0y5LyHT 		False
...
C:\Users\FD1HVy\Pictures\YBTX2K.png 94.82 KB MD5: d5b6e3ab196af48bdd14a9b40b96a7e6
SHA1: 258e25681dda083889a9637f0f674398c51bf3d3
SHA256: 8e7977d4fa926f11d1c66257edd4795adb1b1e6364494652ea0bd55b0ce7fd6d
SSDeep: 1536:UMmoiuQWKOMHgVhl8IgIJupm2gbaPXRmPsTKMdcIBIQgsG7UsR1+Segi2k:UPVLYMAzl8IgIJuRgbiXdOMdf6IsP4T 		False
...
C:\Users\FD1HVy\Pictures\YU pTz2YsRXNYdiKDM.gif 47.69 KB MD5: 476983d564352b410bf6fa709f064f61
SHA1: 8db8fab1b33a72edb6472ed10968940d4c65d3ad
SHA256: b57660d705e94928cd2ad1157f6cce19172af404eefbf8f26247db412dddd71c
SSDeep: 768:yt7LiuAUU+BpPlOp1MZG8pUnI2ZD9iWO5MqEUAeMlD+UyPGcAfVOAge+Wf3PDApL:ytnQpCGZII9O5MqEUAeCJvzfV/genf3e 		False
...
C:\Users\FD1HVy\Pictures\yWGb9EM5K6eaJ.png 27.48 KB MD5: c5189e282cc076fb4c298e753e6834d0
SHA1: 796ab1911101aff5b19019ca4ff0b9c4dedf9f4c
SHA256: 2102f83e93cdc0ee37ece7cbeb2bdf6957896e77fcc153028168f48972b1541f
SSDeep: 768:JmGDruUJ6kEK89+cWE1TCqwkbZI70UF/e:JXkWE1Tp5beI+G 		False
...
C:\Users\FD1HVy\Pictures\zj2VFMQGp.gif 85.16 KB MD5: 258ab2f9f918e42ca4211b7f9e8073ec
SHA1: df8a872709810faad164fe07f69bbc29b374d250
SHA256: 9c3e4d20822af6c28ce9c54aa702fafd4e0d070a66e1e5ee1fff1d892228d13b
SSDeep: 1536:iox5DjN6tehfUmpLdFAXdihRE2c2YgyL+UMQysvmpY0oOQNfUTglp:Rx5fN6tehfUSLLad2cgYIM6YlZNsQ 		False
...
C:\Users\FD1HVy\Pictures\ZXNoV6pTeigFzJ_.jpg 67.80 KB MD5: e525880569538973311bfd12f5058614
SHA1: 36b4078830f01fce8b88002fe831cd2eb59151fd
SHA256: db77b57fed52e8d04606c92f7875c7d50f3b3e62d9a2d187868ac9002a23bf25
SSDeep: 1536:rM4TlGqoKwu68SoHpQNyqVnJLVYQct0JiUUkIXPtSs:rMclSB/Md+VYvBfZ1j 		False
...
C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini 1.11 KB MD5: 754ff018c09eccfed7ebb63a4face566
SHA1: 51a243a95103fd06bd4f46f3f8dc6c613dcac9ba
SHA256: dc880f5556f66d64bf644ffce5d50c995928fac46bdfb8d791816d5aa24d31c7
SSDeep: 24:UdaeSnCbKau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR89V:UinCb1rv6AkqTvRsAAJoD/1+6V 		False
...
C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini 1.11 KB MD5: 189405b73b8252d43a0044de2893ea9f
SHA1: fbb55a125934e3a84781c2a3382b60c9a7ddfa4b
SHA256: 46296e74456098066cd89f8ef2b4fe63e9d31a3a02ee587be002a3189b6f05d1
SSDeep: 24:lVjv8925I35B5Cau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8pP:lVjvG3j5Nrv6AkqTvRsAAJoD/1+IP 		False
...
C:\Users\FD1HVy\OneDrive\desktop.ini 1.03 KB MD5: 581ac16f227a4b12a8c1f79e44df464b
SHA1: 54d49dab5e8703d51a3825997a1b4986a5571ba5
SHA256: 3f952dc7b58ce3e1e44657c1eb7a045cead9c2e35f8fa80fade6fc8b6953ed02
SSDeep: 24:bhtgY2t+dbu3au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8FAH0:bh27srv6AkqTvRsAAJoD/1+ZU 		False
...
C:\Users\FD1HVy\Music\1_zlm.mp3 88.81 KB MD5: 5f9c821de6fcb35dc0e9d4d59cc85e19
SHA1: 809e5593756050840ffd8171f1d801037eadf198
SHA256: b5741d5b2b8c230ee0a070daff66f6ee0162918d3725e0966a56b3b868f39ef5
SSDeep: 1536:6lWVOEDUm87fnDSQzly7h3ICSYDUZHMZN3IsSLtDE/rvsBPcJSELo4d2TBU09wEK:yWVPD87fJlimYDU1KzSRE48Ro4d2DqEK 		False
...
C:\Users\FD1HVy\Music\desktop.ini 1.42 KB MD5: 1f995b6dd27dbdf6bb2fba38863a011a
SHA1: aa0cfd6429baa8b83895e2d4d44e38b12c7bec5f
SHA256: 3474d70dc659309b00791243b5cd27dbaac23e123beaf8994965d6dfdbc00540
SSDeep: 24:T7pWOFXvEGqZPNtoZ4cl5ivEXQAvzVjFZwdX8lQgAXG9au0Ftv6AzIqSgwYRsbl8:QOF/5qZ7oZ4cPnBjXN2WOrv6AkqTvRs6 		False
...
C:\Users\FD1HVy\Music\Faq2bp18.mp3 58.08 KB MD5: 3bbc8f23c967e49481371437f7468f2f
SHA1: 376e84b2ad3a5504e46ba94f3a1c4b999c2cf9b4
SHA256: dbee6631b0f40366421fac5a177a7d3236d0bf173c26143a575674108da91d7e
SSDeep: 1536:4vI1NAv0DuslKhnJk8xK2gm15Nn9ObqJMzP//qYES0m5r:vE0SJk8x7/fN9XA/fESr5r 		False
...
C:\Users\FD1HVy\Music\PvZb.mp3 33.92 KB MD5: 3ac5ab3b65ce97bdacefa49656296ebe
SHA1: a52061ae11c7c4b2d1228973d648fed82c8e9835
SHA256: b7a3776b2b6c5cd89e392c8d0449bd747f4dd6813c2ce2902ae2ffb4923ff7e0
SSDeep: 768:2qNLecyCM0dOEEAh+wXNNQ9xWrOefn110BBtRGBMBN:3qP7oOxiVTpqeP112tRyM/ 		False
...
C:\Users\FD1HVy\Music\Q4s2ptq2.m4a 44.69 KB MD5: 3dcb46fdd5ddf0081f874bf1f84b6016
SHA1: 1d886f01785dfa0e7a6f10babac51dc4892e6081
SHA256: 807135b11ab8256e8fd528d50f48f021b41af31c1525646ace5ffe853f9975c8
SSDeep: 768:ruGyPvg17+rmBjmkRUqBlsd83HpyXNMipSMSD9c0tJuOFJpUnnwhrPw1Zndb:ruHvg1yrwmETad83Hp50S+uWwhbwJ 		False
...
C:\Users\FD1HVy\Music\WnzFd.mp3 85.45 KB MD5: b758bce383ea9f6192cfb7ec8592dda4
SHA1: a885b1cc57228034a9629e56b040010661a73fb9
SHA256: 4b028037b749eaf1dcbe5a607ddbbf0e09d708b8d647e8776eeca2c13c5d2c0a
SSDeep: 1536:Y+TQm1XHdWNgj3HGO0fLbyJmYx+LWAMm8XXtzhnzkL4c141qfMIxabW:lcm9c2j2Oeifx+yrmSXhhIL4c5fhabW 		False
...
C:\Users\FD1HVy\Music\f9Y8dx-\IXGTQQAcvQ.wav 7.09 KB MD5: ce105bd89c4fd7986acd3d0a2d267792
SHA1: d250fb8616968cbfb0b04827a6989aa6f759ffc7
SHA256: e13d97913c3fb3034e9bbced94c8f5bcc8ffb7c253e71490b2d087f33cae7091
SSDeep: 192:xEt85p3CLzHSkoXv8jQWPwzVRTuLKGMvUK8JUDvpseA0:xEtQ3ygXv85y7iBMMKUCk0 		False
...
C:\Users\FD1HVy\Music\f9Y8dx-\kupntcSqN.mp3 32.33 KB MD5: fb44aaaef0137eed0b4c2ced216c874a
SHA1: 4b406c6ff5b182948864009350e84815f352793c
SHA256: eaa07e17ce132e3e5a872fb96aebf3e312f31d7d34aee6a04e3124054f243d82
SSDeep: 768:k5US6QAXu/jk0lupDjOGR2vzOEQSYp2R2f/dp8m+A:kAQA+jk0UfKz/Af/dp8m1 		False
...
C:\Users\FD1HVy\Music\f9Y8dx-\uulyokO0sZL4s.m4a 27.28 KB MD5: 97ac649dbb0f1c13ae306b198ddb2b32
SHA1: a7a9feb27f4d3f42696ce0f630b9bc47603fb2a3
SHA256: f661b03b244ae579049ab14565648377ec78f9f4e90765694aead9882cc4ca1d
SSDeep: 768:5t84tReLFlL+CWdqIEnciRz8tqEg0v7nXP3hwC:5t847eJlyCWdinhzjt07XPyC 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\jqyCF3Kx006 jNKpA.wav 70.02 KB MD5: 6e730dbab4e051dd56429eefd00a098a
SHA1: cd654c97866ba24b9d77120b2c3ceadb99433d89
SHA256: 42b38b17a7851bda3c8af13a82efc9d900490a5e3117bdd522eb173237756a0f
SSDeep: 1536:A3l7tBfVFhZ+ZM1EIBdRYzAE+1nlRp/lS/AivEZ2OCfbrmeIOW8y4KBxc8H:kttBfb+ZMSmdCzAE+1nPptu8zQ/mes80 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\LY325VqD.wav 23.00 KB MD5: 7edb89a946ab0616e0f1253563e7ecbf
SHA1: 3baf1f24a5d421a1543cfa93407888b07ca2638a
SHA256: 046bc9f90f87399837556fd6b44786035e4d93240ed3364f309f3343f2a93688
SSDeep: 384:35K+o0yB80LkYqW6/6vrb/wpBVFYCTSWw8vSykqLWIbjKrY4f7VyQyQQiOwL2P8J:35Ly5rqWvDLwrYCTzvWqLpbjcVsSyP8J 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\qckyy-4-m.wav 16.17 KB MD5: d067ba1214b013a44726dd7b6b75976e
SHA1: 4f4760cfead6ff609df22c9342fb1ea6d6a4d2e5
SHA256: 3a771a33475e6b0781e460d4064383faff6bf9c5d2a3ea6f826267fd00895872
SSDeep: 384:P4dzqVB3OWvY40XaoeqqCq1cf8CVngYfyE613z3qFRcDQ3QACqmoZaUkh:P0zONbQ1baWfBVn/6I3zCwZa5 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\-eMcFt1lTpcIk.m4a 3.39 KB MD5: cb9dd68f45b8129ed1d03d61ed53d25d
SHA1: 487bbe450d1effe8e199d4c8a547751f6b81a579
SHA256: 02361ed84cac619a649428d8eef3cf41a63e3535a0e16c8532c92005134e9d9d
SSDeep: 96:qK79GlKQcQB6nmQgq5Ztm2Baa14+PjZrrv60vRsZJm/ox:qK5gXIoq5HBBaae+rhDvpseAx 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\HHZsqNo.wav 2.19 KB MD5: da9fdf39c8710a02fbf69bfa80c885df
SHA1: 918b086ed803122810298052033934a9c009fe94
SHA256: 1aa46f9c303deb1eb98deefdee3b2b4d263696f603fa29d8957ccf23bf15dbc3
SSDeep: 48:xntcCtlK5eq5R28pBa7qQXZ5bSLrv6AkqTvRsAAJoD/1+DJO:FtVKFr28pBa7qaZErv60vRsZJm/oA 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\s1sEELv-P.wav 86.83 KB MD5: f0eb96f072a1354aa13c704667020db1
SHA1: 2936c51a5aa79e478f563e8f0bdbfa3e693a0d77
SHA256: 0a38032a31e91813ab03430bc3e8477fd7cc9fda966518340eb2373932449fc2
SSDeep: 1536:lFH7vfa3bXacORu7YP0X1jdG05doA3qwxeDNA44sU/TIkW7nDQG61TElFC:l93arach8M5dp5dh3F4DNAnsU/TwDQhB 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\KAwef_CpO2I6YOJ7bT.m4a 26.73 KB MD5: 4d544ed00e386853c77de7f0b0e342b9
SHA1: 2aeb3ca6ec2ea6440b1660774abe18d4c64748b5
SHA256: 058b7c6ec55cd7156fe2bf720736bdf6dbea7f251c131085c9f7073152027d69
SSDeep: 384:/olisV7dto4laCdrBgELym61QE7zRi581qtm5N97QhWSHM9/ukr2tKwa7PELKGy/:1sZo4laUum6SEJibEdMMLrqKwW8K/Sy 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\oUwDwHpc7yvxphvDrY.mp3 36.83 KB MD5: aae646f850a2e991171d4606b80e5258
SHA1: 0ea30a4199479122fa6f0bec02ef1060d3eca97e
SHA256: 33e40a650051569ea34576e36da5160e37b2ef41cc7aa781425f86768ae11027
SSDeep: 768:K7iuW3eyHy5Kj3XqGfW4tvuuvbXnrsjo8qB8loos8ckT:q5yRoKj3XXW4t2mDng88J5sr4 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\PXt_aUReRHQ_ubQ3.mp3 71.73 KB MD5: d984f4f3ba7028735ee9ee659c145655
SHA1: 3eafae5326c5faf70ca99ae99086115024df87c4
SHA256: a1e7896f25e823f5d0d7ceafbecf883701e2a2f7cb038537d6a2ff2368db5345
SSDeep: 1536:vNDjECSHQqs9HVPelwJlTeO1gi+qEJUZEzilmtvErSFGPkLxF:FfWHnshWkTeOgPUZEHFGCxF 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\GWdFXKk5.wav 68.97 KB MD5: cd16d912388d6338d35dffe8717d242b
SHA1: 26ff149e4a8f99c7c0575ed977ca4b94d0bac5b3
SHA256: a25ada5ef0e74cc36ab598e14532ffc306b0f8ec77e74bca7beb4a78f6e43162
SSDeep: 1536:dfnqWok7rzQbvoKK3+OvtCa4xJ2E+Z9yM83quh/3UCrLesqDe:dok7v8ojOcm0RwMm3UCHX 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\iPKgYx-e.wav 39.42 KB MD5: 0fb78aef9472bc86b8110d4c7455141e
SHA1: e647860c87b831ef39d40911736e0846ec6840e2
SHA256: c1843a661827b3cadf3806b8313184c1334f8c617ba2acf310493ddc0c9ca280
SSDeep: 768:Zok4SHxVQ6kcqtW28ILIwpMfJjNZ7T9u6bWql4bxblXgMaN:OklRr28KFCpv7QElW1fU 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\ZipKeGLiNvFiFN_Dai.wav 44.44 KB MD5: eb7c1de23d177f808db66a4cb9f1b243
SHA1: 1527e687f14c1762d9d2cfb4455601a8879c48e1
SHA256: ec9f4a6ba6fb09ecee234b197449f2ea4e34df285e85dfeaec596bab39e452f7
SSDeep: 768:U6k0BDf4cZfuAL6heCSWeKLHyeyx4vZX1CUfKQXpEe6XmwvlzUX+YU8Ujs:UB0BDf4Ra6QXWryIZNfKqptQlzxI 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\LM4F-Q9mEj1iog.m4a 19.64 KB MD5: 037f1a7c2d9bfacee4874eb685dd4270
SHA1: f7a3848f7c113efb65547ba73fbcc8443c3c1330
SHA256: c81d9b985feb8257a676c8fae05289a40267ef0094101c0b32b3928a470bc33e
SSDeep: 384:cA2N1sJ7azbZ1qdXv4n4rBJ+tQqV2UEu+uHk2:cZNIazbbn4rBJYnFEubr 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\qTZ_rt3NhfeWG-dwmp.mp3 15.57 KB MD5: 9c765851549f06e197e2775ca4c5c343
SHA1: 3f31bae6e303dda64d596fac78735c61dacf5897
SHA256: ec349e8c3648da798610d8fc8728035bebb0942e7cfda234dde63d30470e7428
SSDeep: 384:WhHHje9om8nOOKs+ESfMlanIM3cRPxyikm:WhHHq9omfsD3lEIM2x 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\XQ-rsbyj0qzm.mp3 77.01 KB MD5: f990591e9d1a52822ba4520dced7a408
SHA1: ab8147f2eeedaae5252884ace9aa051e9b93ac85
SHA256: a365d995e76b376f9fd7af8eae55d3cf125b1a6effd86a4f4c79976e9b41b80f
SSDeep: 1536:ip4In1O2eYwywM62Ax6AywbgxCxWRVXtj9aPtF116xC/l7q9:84Inbwdhy0gxjV9ZEWxr9 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\60UrEB nNZ.mp3 58.22 KB MD5: d9ac5d8bf63ddd291ecbf3972c370648
SHA1: d31aa07cfda791732179ac0ae601f0502daa1159
SHA256: e14b28d9243e3d4cf46345ac94ee7d404edbf31a78d1863556c3f61db56f33ff
SSDeep: 1536:beDPOgokZivJfyxl0f7/snhV50L41uxVZ2lNmlAswT:boW3eUyxlMDyR0L+uxqjHP 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\8xod8JR wYWOtLbR.wav 61.80 KB MD5: 70b8542f0ff777e0d648ce888620ac09
SHA1: 7ab4e26ca4a29924950e0961250d8a9d3eef0446
SHA256: 66f3d94fbc6069011b2e7af6a9a117bc9a5fdc6e4f0d506258930e9a310e00c2
SSDeep: 1536:swvoXDM9rShThDnXGZT40J2WCZcXWMgZSvj2:swwT+4T9GZTlwcnYSC 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\pHNh8pr9MG.wav 98.00 KB MD5: 7eca1d448cfb7716eecc173d89a55da9
SHA1: 40bf72450a24cce93f9354822706d6b25cb640b7
SHA256: cf11263d0f356c8fe388afbaf408db4617c42e0550ed46b460b60f63f597fe50
SSDeep: 3072:YyEM5MUREjr4hqP7tqJ6CsDL4rsdXs4RjIMrDgvjtNpX85ME:DEzPjraM+CLNC4PWFu3 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\fi4GXHvoE.m4a 70.09 KB MD5: ff846eafce1ba152e294e99a931c0d46
SHA1: 25ca00d4ec7188b7f572c1308b7ce00bfc93e042
SHA256: 1fca27202a97d225371b55f20c7909ab9b68c683581eb8032f46951ee14fa421
SSDeep: 1536:s8UDShhmsby6Yq2w9FKf8i2zqrWgoMHyzmJibkcDSuZ6w:s8/C6Yq8fl2EWgoMsMcHZb 		False
...
C:\how_to_back_files.html 4.91 KB MD5: 500ae8173896cf3361574ee21b448cc3
SHA1: 5877184f15f4feeee827ce2a718672c36c4f39e0
SHA256: 9d6f1562c86d685c3d078be1fc126ed3dcd675de42afbd2230c3eccef9fee35d
SSDeep: 96:zjKuk/e/YJn+no0jKOY/p6rv60vRsZJm/oWL5Pd1a1gS:zjKuk/e/En+no0jKOYYDvpseAI4b 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\lwbM.m4a 15.49 KB MD5: 2a83521ba0c738e6e81578428666dbcc
SHA1: c8921bb540f86a3bc830a42340496aa950f5c7a1
SHA256: f2b7040d91d348a6a95137c8eff49b91e05e952627f9e3c63c1e184aba4aaf1f
SSDeep: 384:/QKgTEZ1T+OC4dGA4YRKFm8krQIgh0HLDqkm0:/QxT86O/dt4YRKxN8h 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\npfoUNG.mp3 59.36 KB MD5: f306956c8597a0e386195fcbf44453a9
SHA1: deda1ff2d5536c15ce509e216f2f80bb16f02a6f
SHA256: c6328494252e49a53696d3432e308759c62dce2a64ff7dd63938ba436c825436
SSDeep: 1536:763rOPkMrMdvnk/YKC0esDl4UDUYV6uEVwf9w:7fAKwKCCDlYuE2fG 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\oESa-56Lwow.wav 97.97 KB MD5: 37624a9e52bdfe63bcdda4cb43dd9277
SHA1: a2906a405ec9c001ab747668590091ce8605e882
SHA256: 5e96f773a3a0246ef677498f450add493a753ac16675cd7da8276aeb19a4a395
SSDeep: 1536:eWjoC6o0n1KQBhPq/gTAtry9iTQU3NxLLw3fO/xz35hkWWrFxZcMKpO3+yMN:eWjoo0kAh9009U333wm/xTwBrGJN 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\sRDmYrpUcB.wav 33.59 KB MD5: 4723c284aab64f380559c85efa370dc7
SHA1: 69d649dd7e5c14ef549de79f515d35df2843ee30
SHA256: e81c7b0821ef88afc68965b1f2f5088d56aceb8d569b865161875b60374cbfd8
SSDeep: 768:5Fhnx0FAKd+pe6ckjKX8i4Kiw2NRGbBDsWrpRKyiWnEY:5Fr0FA7yKKsT4Z1Kyia 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\uwpIml4ss_wW9q.mp3 6.67 KB MD5: 52fe27e45c39ced84113d126c8d4356d
SHA1: 59bc5ae50aa9b22338ea70dedc1e745b2b6db9e3
SHA256: 28a44b50c6612a686040fe7c28c37c9c5cbdd63b7ba9380b2bdb0a420b3cc067
SSDeep: 192:yt24c2dZ5enBpOJmriLD7zvjUGiDvpseAF:ytlc2MK4gTgPkF 		False
...
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js 1.22 MB MD5: 30fd84d4fbf997c64783a348b45bf7e0
SHA1: 84d83ba4c491ff6f0963af00b88902e2bbe7f065
SHA256: f8a0519d2ac3a3082ccfedd95e4f84297ddbcb0dde41186eea360e0e07298ef6
SSDeep: 12288:YZU7m995y9TY5C9X+16CTGzxkA2C83ln4CEfWU2xEnsGIGP:ej5cTY5C9OEMGzxkA2r3tTFEnlP 		True
...
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js 2.91 MB MD5: b9a764360e7b2e6c326441971a2b841d
SHA1: b5c2cea822e8ad66a7affa4e1bb222aa1cfc9c1b
SHA256: d6e0a6dd51374fda228f1d9e804d88e6ae39d4c0a7f20c72aa17ea5add6d6856
SSDeep: 49152:ogJ7A5vLUMTmo2Sc5V0O/pBPSg11u4VdVAr+QJsDiuz61pMyzSk52Z:oT57TUTA6QJ7uzwQ 		True
...
C:\Windows10Upgrade\GetCurrentRollback.EXE 72.62 KB MD5: ca5d05d36f64b5282409fda0c6bd4a13
SHA1: 4b93079cadc5ad80564cfbbe84cc7005c10e9fce
SHA256: 14b270770f3a4e7b53d50a3b86a0ce33a0ac723d88f2b7efe3a5f89f0430f9eb
SSDeep: 1536:AmpmbENztl2AGQg1+PDN6mckcNOfue8zmYqMC2ga:VlNBl2AWKDGk2a8RC4 		False
...
C:\Windows10Upgrade\resources\ux\default.htm 62.00 KB MD5: 432ed4a30fe2d93b40f32ec70f8b984f
SHA1: d8ee7392e7d5b6f8feaab5ec466ef56c93f43485
SHA256: 7908c5010d40bbd72194e72b959aed53faf8d3a7189c502914ec63c1f20809d2
SSDeep: 1536:zWdsi454+Ydo0TbCqFkBm0TEnsRGPBU+YHn01DSnWnU96BySTAwt1+0o9xOsu4:cM54+Ydo0TbCqFkBm0TEsRGPBVYH0xSJ 		False
...
C:\Windows10Upgrade\resources\ux\default_eos.htm 55.48 KB MD5: 08c8dd029db2f798fd15ca8ec68b0968
SHA1: ef361db8435b619cd600f3f5f973ab87949f0bb7
SHA256: 521f20385fd63a40968364deff8e61e9f7342567f7a224951b2284f07836998f
SSDeep: 1536:+HjhYU009+8k0gnWyNGhszlnDWt1SunNE4BU8ZPrPUY:+DhYU009+8TgnWyNGGzlDWtsuNPBJZzv 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm 69.73 KB MD5: 8b51c94154aa2960c51caa45d296f97d
SHA1: cc0d2eb41b80a202f16ef7f6cc64bf3272af24e9
SHA256: 759e422d9e49f2bd85748dfb1a22a2fe39ff6b8b217116bec6b18da7a548941c
SSDeep: 1536:SyOJGrM4Mz8ds462b5nDfrBgOQPE/oatDe83KMR6MK59T4LpmF51DxJr9e0Q0gMT:SPlQocQBITDZsLEA 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm 58.10 KB MD5: e7efdc48324f7e62d025eca9a8136bcb
SHA1: 1f07e589fd28b2e694cc844d8580e38f2e630bd0
SHA256: 0d817d91cedaf8976af674596e7143c44888d54272eb92774161b396bea990ac
SSDeep: 1536:BOSoAa2g1JxtaSN/Bo/xftrYHpbAxltnEFbGMavtHV3hemUs/L8Jonk96vrqBBV0:ojyPIg3lHATs 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm 69.11 KB MD5: a0d95a40ec61eeb86765002f7e93aa8f
SHA1: 7f44f005163c252206102d00f79175f716e3ccc0
SHA256: d6303e9694c5b4b55f340c00429a32728cee04e7c46fb5357c511d826e03d43d
SSDeep: 1536:3XULYMPr+DtCUxV1NILDBgpCCzDWLQAqt+l30YYoEunZh7M0/LUUDymHVFUGWrLx:ElD9hh0+n5VOSUEjrkSM+g 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm 68.69 KB MD5: bf2fa4d458f3da455dcef6918661a655
SHA1: b2753033e524720f327c749153303baa368e9763
SHA256: dfd1a736a744239428254d036f1d58e022ac2a89352bc46b8a0f239cd6058809
SSDeep: 1536:cCPPMhW06i69uMl7Meo5zpi3ZTTVOtEL6tGHkb8wnWj8FnyXO/K0ED+AQg/DEjUN:rICicluBAvA1a 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm 64.27 KB MD5: d246fadbbc5d1b97a49e75579dc98013
SHA1: 2698904b62cfd7ba62d8ccf3a0a95d5d1cb8ef3d
SHA256: e3c0d48277aed2ebde4b91d69baf8c3e49d7bb6dd37a5ed8e7989ddb520d4255
SSDeep: 1536:fqgenE1uZlUgjuI4ZQco6L24kppix0LdmslDuIIclC7Gs6JxE8W8lT6gTF/4VUvd:igjTkfitGdJxEeOuqYF7V 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm 83.52 KB MD5: 3008a2ada375539e15b6dfe18b5dd43e
SHA1: 1a702ceb429d54937235235ad486dc752e483ee5
SHA256: 88e0f0051568a13b502561e7341c3b642735b6b216a0fd77d0e99719938d391d
SSDeep: 1536:f6Yg0tcC4LquTAAEuKddUUjZI6aqTndHeIe9+J4dxfwpr5V1rB1hyuKB2kHAy9DS:f6YHXp9K5xI7MRziwXra 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm 68.78 KB MD5: d6727baa30d99c7074a563dc0de3d0aa
SHA1: ba5643740ca76f0ada2500b670360f9b38fe2bf0
SHA256: f2fc346a336af4e95d0b6f3161a6fe2d00a4b9815f68ac2c809091168913bd30
SSDeep: 1536:IGO85LhLZNJwgSvRY+VxACUCokaXOxF/rFPUUFoBNFfmPvhbRpuFyr1S/G0pc+3O:IGD24koO76fF+Lp8yJyfGKFgChrq7 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm 66.58 KB MD5: 7372bd266a853df5ca724d1e8e50214f
SHA1: 2e2d96b83cce10106e0707728f88aba0e70c9690
SHA256: df6ae48957b9d967e47a86795d5f7e57ee60b8d85364d5f358f0104112e1edb4
SSDeep: 1536:7uMBshlRTOzJOZVnqR5ybLwPJ012hDgNvgh7pYqbqkmHEzQ3gkH+DLY4IXaPTUDX:Nm0Kc7LRehoaT 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm 67.62 KB MD5: d7533ee42c5486d3c833af5467d60d10
SHA1: 4f167dc53c52291f1d26cb24e8a72ba4401ecc6b
SHA256: ceb5b941e2af55bd0ef4f91a0e3f688309b6469516216034f2ab74fdd85b0c68
SSDeep: 1536:hpfW3iBT39aV9dNUl68w/R5/Vt7eWyoWHlJ2SdOfc6HyRX1ZnK5fG18fgZfYJm6r:OYoeRs 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm 278.12 KB MD5: 7449e10bea8d3a9e7a7b23f9d1285686
SHA1: a1c207f683ff6e080ba6348be9f952f96f39563f
SHA256: 976031e19b1a9214a8474b19ef1f902a5b50738eae39d69cf63a283479c08fca
SSDeep: 1536:46yYfc5+LpWJGfWGo3rzlv0/OQkpsTNQ7OVmajcq0lulYoaS6acPxv7ZeHDiAJjI:XpWg40mkGT1IeXjtacAhIH 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm 65.53 KB MD5: 2626e882d79c1448ff885d5868770bee
SHA1: 0ba1e7fe84ec81319ae829340bffeb0c879011d7
SHA256: 9c6da8872efb98faea93265ee9858d09155d24796c4ce95774822fc04181503c
SSDeep: 1536:XGSHkjB14qaGlT34yU25bRUg2g5Qfvq4AarPr5EuIQPWZ9F/dDnGsJdxQui4owxD:XGsYJ5QYbPQWFie+A 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm 74.70 KB MD5: 4b2950513e9a84c7ebeff2dfc2b817e6
SHA1: deabf4a6b6b74304490e6f6e7a735f90fb602dc0
SHA256: 0b9bb62a3dd6b4662bb6d19da5abb245a194c0b62d9449333f23857c1d667424
SSDeep: 1536:Pm13vG7LZbpV9L9r6whU8MAjiI7tthELrgnCNwz2R9QZEXuw/hBouHUlifbbVpSF:EIOA2RzvHD3vR8dFN 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm 69.67 KB MD5: 25b12698b142964938f0311f657a8678
SHA1: ad2651f8726a35c62b7c5f7cf356e09f8658a994
SHA256: 110f74b52b863998eb7c328e1a40aace1332799725f21d8bf4772e8284f3f3f3
SSDeep: 1536:KyQaYg+/QYrr8ZcbCZ7wN91HsNp8obkLOMdMXKiMW3wRmBF+SWu5ci9xeHuWchnm:KCSb2t9JA2bBPCdf 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm 144.61 KB MD5: 39ca53987f06f36d0ca9bbb27d93a980
SHA1: a68be5c20e46f25c56844ae3e325cf6dfbe3caf6
SHA256: 7cc0dc325664ec439e569c269d3da3912f9e68ce5f3c604606404019a30642a4
SSDeep: 1536:+NPArriyBi/IFH5nXCVabNpwpTG1iDQBlnD3vkSdlbeL2Rw91ZOBTr5k95RH6HRC:SPAw/IFJ17nDYBCLJg 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm 144.61 KB MD5: 2409df44fb6c3a711ab6ecf1aeca3125
SHA1: 5d73b879efcd8e366a305df92238aafc90aa65bc
SHA256: 97659e9e0dade3f7197e35dfefd59db57d4528d15a388dd9b44aaec6ca32d61a
SSDeep: 1536:ifriyBrFWQ6B5CVabNpwpTjzE0HDQBBdIhavkSdlbxrL2RYnJBTr51lvoAp3NH63:KiQziGkdlvoAXsQKIL9AL 		False
...
C:\Users\Public\Videos\desktop.ini 1.30 KB MD5: 23e2144ed72f35fab0c36a1d57d8574c
SHA1: 382b4c752e11ed685c3d846528a7268cb5a8dae2
SHA256: 4f20975b8e10aa5356146203a2a50be80ac6efc76f37324d458984a266f30810
SSDeep: 24:LQ3bFoaLsRlS6V4iUCau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8+F/pZ5:cZoaLsR6iKrv6AkqTvRsAAJoD/1+z/V 		False
...
C:\BOOTNXT 960 bytes MD5: c244bc07490e2d3110adcd84cb8353b1
SHA1: 7c224c91b0e879de82163524ece9ad9e933f0459
SHA256: b6c0ca51b27fbf44cf90c5cf94add2b7e4417e4e3655591a4c0fa73df38afcd0
SSDeep: 24:oP5lPau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8DHn:O5erv6AkqTvRsAAJoD/1+g 		False
...
C:\BOOTSECT.BAK 8.92 KB MD5: f8e5978009fd795eab3b6714d31bac73
SHA1: 2e9f6c665d1880e3fff773b9ef97a4ffe0fea846
SHA256: 26a5ae3187aeb44f63bdf8aff5e42e6f02701a75006f57affd1689b8b278ccc4
SSDeep: 96:9JXV6LVk6XPbFagp5yu9+89Juzg+PksNC8BR0PPE7Ye6sQrfwudcNrv60vRsZJmg:97oZXZaru9+1bsnuOME5sQ7hCDvpseA5 		False
...
C:\Windows10Upgrade\appraiserxp.dll 450.12 KB MD5: 22a9b9279830ed69c66ad1f8b7975c7d
SHA1: d77d4b8bfd664d7b882c334e67ecd8a21d5374d9
SHA256: 759d967ffa021e17fd70ecbae770ed2fbc24edb1e88715f3a6c9dab36cdb9331
SSDeep: 12288:Nn5l5WLP3ROB8h1lV3GM4sfTUfRvfCsYl:hPca8/lV3Z4sfTU5vpc 		False
...
C:\Windows10Upgrade\bootsect.exe 116.62 KB MD5: a0b2f384ab53e888eba63f66680c4ecb
SHA1: 10efa2f6c864c3daf158bfb6455df7b17002e766
SHA256: b32cbceed82d68bb88288fcf636ce9d16c50bb597393d6a05cacb0556fd2a657
SSDeep: 1536:0FmQbzAoZ0NdPO5tZeBcrgdcX50/FVagR/YQeVXq9J3ebDCYFJJ:uvzAoZOst4Uco5aR/m69U3bFJJ 		False
...
C:\Windows10Upgrade\Configuration.ini 1.14 KB MD5: fed508db1b8fd21227d81e70d9c03731
SHA1: 5d81aa345002cc76d5f05f5f4c30a22fd59d98e8
SHA256: d628bfe27c7a0ab5af36afdecd5b81d15df78f6047b840dc719bcf75595481c9
SSDeep: 24:XQByunQq4njau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8AAy:XQBxon4rv6AkqTvRsAAJoD/1+ay 		False
...
C:\Windows10Upgrade\cosquery.dll 61.12 KB MD5: 885f596715b9d306e23ad3c4b3e0c331
SHA1: 20f3d257c630046dd5911c1c6d6d432b8a809739
SHA256: 68f12d62964ee957b7d9610206620918853cc8ea1412be8c08c76cf422770291
SSDeep: 1536:SGeT0uVeX9p/w/yNxMpP1vXVYcoDAZjGYRJW6:SZT0uVeX9p/S01DAdHRJb 		False
...
C:\Windows10Upgrade\DevInv.dll 323.12 KB MD5: 64479e105d42d1b1b22475e148619b21
SHA1: 4ff80d2d910b1c3e2e95d5416ff9fe30e235025e
SHA256: b78eb3a0b7eb68881542057545534cba17da06f429d4951275e261e2cfce3a79
SSDeep: 6144:GdrR9OCPpG7GakghmewAlsyRRy/hrx4jY9DQ/lqCR0GE6oYND87zOdJtOk1ov9rT:GdNLh41Rqw0CRzEuS7zLndVMa 		False
...
C:\Windows10Upgrade\downloader.dll 202.62 KB MD5: 4a3926072151a8e6a0d5c30bf668224c
SHA1: 30e5523d8413a00c44b633705d85dfefc930278e
SHA256: 6bed40ec86263173811ff0f49ee63d4c4b0aeb61a9bb83254e9ebefe6dc3a620
SSDeep: 6144:37nj+tUpd6y8H7bDBrk896FUsImWBpFaXAd5S7ma:DStNyC7/hz2UKWBpFa25ba 		False
...
C:\Windows10Upgrade\DW20.EXE 629.62 KB MD5: 7e9405519521263154f7ceb178998816
SHA1: 71ebade8bb031e2e0c11bb3d01fe54502b726382
SHA256: f01cd1d300f37dd6af888d21c1c2e320cc956375bc4cd2221fe0f9ffcba78cb3
SSDeep: 12288:7Z+Pi1dJZFK5/s9DDYzvzk9HNv3gXstQnuLHcrSJqtAMFtkSO1pWEve2udQ50:t+Pi1dJZS09409h3gXs1HqSC/KSagEp2 		False
...
C:\Windows10Upgrade\DWDCW20.DLL 49.62 KB MD5: f050293527c45ff1f8ff41e4944153d0
SHA1: 11029c357f0149641645f5ead513765e7431f622
SHA256: 44bbc0803713de6087d823b764660071bfc67ce321e09e09374d553996725183
SSDeep: 768:6dgPVElJxZkesI70jWkBBHqLs6de/koivzSQNLIkVR9xyRorDn6bEMd8:MgPVKJk40jWSJuLrvmQBBVRbHH6bVd8 		False
...
C:\Windows10Upgrade\DWTRIG20.EXE 45.62 KB MD5: f0ee240ed723f029c1f379ca775e5edb
SHA1: 2da48532334d94e0075a894e272155adb8bd7b9d
SHA256: 95773718f1a4fa689849fcde0c00b05a7d40f402e66017491dbd11db6c560f27
SSDeep: 768:ibStB4pX+34BAlFAFYaIylkOZMVvLkeAGRHq6gxmJPUzbqCurHcJDhMdV:iGT4pu3mAzyYclkOZONAGRH4mJ5HcBGX 		False
...
C:\Windows10Upgrade\EnableWiFiTracing.cmd 10.50 KB MD5: 6be239880a56b888fc1c16fce74e67b8
SHA1: b3500bdf7c007ab1c126a790429076993084da9d
SHA256: f450d415c289d6fedda40cc4c01b4f9e04d81da1efa8c2f9484f67254fed22cc
SSDeep: 192:D9dZF3mdU1pTvGIWuojAdghFu16pHt2P0RvcKFH1TR8kDvpseA44:D9d/WCEIWuoGoFu1Oo0REKVR8Sk44 		False
...
C:\Windows10Upgrade\ESDHelper.dll 68.12 KB MD5: f7ed29e6db9fb5f473c5b00e4ade70bb
SHA1: 354c747d04bd73c5cdff757a99f7ac15e4cea1eb
SHA256: 3b5d6f37e6775de915853b2d6bc953aefe5f95ce5d7e62d6b0f57328c75df357
SSDeep: 1536:gwLaZhraXug5lSaI3i1CqE32GzPMLMg15ZlGt3BDDScboqKC:XLGhrXaciRE3ZzknL6xDj0qKC 		False
...
C:\Windows10Upgrade\esdstub.dll 40.62 KB MD5: 44367bb4c994c91611cab4f1887ac561
SHA1: 811d01bc4015148bc88b31736783cdd1eaeee3cf
SHA256: f44a309b04a2a12b7a8df079ff8f329364b3c9217ed692fb64e33401efaa448a
SSDeep: 768:flyfEo7UsmBWLdVDlD1SFoEB1qNso949XihaPY8KsGTfbR5O6j:9IV7UsHTDEFoEB6sUSX/Y8KDTTRQ8 		False
...
C:\Windows10Upgrade\GatherOSState.EXE 552.62 KB MD5: 7db514eb3f5589bf613cdaf29d4a0bfa
SHA1: d2a7beb9e4c50691dec2dd808e0ff84a36110f34
SHA256: 609164facc28eca7ea642fac4f52c62846c04311bf4450312f7a6b7c0ac22cf5
SSDeep: 12288:lgH9STe+ZXVbeFfXWDTpoNpRwaeuWSZNy0yFN7jwF6qAvUg/V9JX48NVRtUo+xpH:lgdSTe+ZlbeFfXWvpWpJJNy7Fx1qAvf+ 		False
...
C:\Windows10Upgrade\GetCurrentDeploy.dll 528.12 KB MD5: 3fbfa08975bf88e0b9fca5bb70b6498b
SHA1: c115e4faaca2408ac403066ed1ed768684880737
SHA256: 8ac2cbaf2e6c4440d87c4f3e247fc2cf16d0e2b4e0c6c5316b7b89c9be974171
SSDeep: 6144:jtDLrQpJOFUZJv4jG+nCAbdQ/ePajmgri6Sqf54oSI+MWZIAM0z5H+UefndD7:Bnr1FOR4jGNAbdQdm1oSpzGA9z5cn 		False
...
C:\Windows10Upgrade\GetCurrentOOBE.dll 141.62 KB MD5: 38e3ecefd27bed767237ec28a9d195fc
SHA1: 990dfaef1e2193f6ef4017347d473d7621b8451e
SHA256: bd7b6301035de5e24a51ebc79782afadde272ac46a94b374fe7106546a5b4823
SSDeep: 3072:/O8uWjpPRbCCJOX1rPXcw7megjhu1x8sddqz2O3v8xRs7:/Ok5y1rPsw4Y1x8sa93UxC7 		False
...
C:\Windows10Upgrade\HttpHelper.exe 28.12 KB MD5: 06cee6ecb018e5f2eb922e61c844ea50
SHA1: ffeafd2137016a853be25cc7c3c35a6f69cb6590
SHA256: d47e0478d011b53bc20147bb4016b0b6b5331af71694416066422113e7dbbb66
SSDeep: 384:U9FFyLLI4/ov9BwOtqb3Kmqr80aq0GftpWJl7kCVA+7+dgWi34+Bk9:oeLLIH/fGakiqlVAvKY 		False
...
C:\Windows10Upgrade\PostOOBEScript.cmd 1.50 KB MD5: 3778cf5b740204b65abdd94153276b03
SHA1: 5d5569291158c84725a8f86afb604781516af177
SHA256: 99b0bfda6f1a73a094f5e476d31fbbcdf7546bb3795d2b3c307b8754a88514bd
SSDeep: 24:LoJmaxCgaJBc33ItrA2JswRoau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8s4:LoHUXS8M2JdR/rv6AkqTvRsAAJoD/1+O 		False
...
C:\Windows10Upgrade\upgrader_default.log 245.25 KB MD5: 3b335fef545209e636c0f9fed6a78f9f
SHA1: 1526905fd7e5254793b581bd21fb9686bc1db68b
SHA256: b571ddae358363a40c493829aea1ca021cad055061604e35cde7336e266d665f
SSDeep: 3072:af6UZdAlgzw2nbkm5Fw3kws31tm6kc9H4RyiUxowzkrccp:O39WyiUxZ8Hp 		False
...
C:\Windows10Upgrade\upgrader_win10.log 21.00 KB MD5: 5a6e911017f7a76b20bc1765e1729ca2
SHA1: 3180f26224951159a90d896ad84bd4f94df3530c
SHA256: 4fd3c5c63256292b91d2ddd6315f4db476fdc8b13bdf80191141d21c01025587
SSDeep: 192:cMPrzBAR5pkNbZ1IrZiKEbATNYk4YefKcTEwnskgGnjPeWtaflVZ5Aeg8DDvpseP:cMPRgpebZ8gKE0JYFKesYjPeXHYeg2kG 		False
...
C:\Windows10Upgrade\wimgapi.dll 545.12 KB MD5: 4166ff8aba3b252ef50f9ea835ce3be8
SHA1: 78c9ed378cdda4290c998c8c777d373dd9607680
SHA256: 4db92b9235f1e695ef24fb5cbb23d946256fe918d76ce7eb410a76ac52037aaa
SSDeep: 12288:O7LmE2XVK/Xfm59CpEXWBbbzfhW8sEzNTqM7n6uOh7thwfkh7e:AmVXVK/Xe59H6bbzfhWBEzNTqM7NO5iX 		False
...
C:\Windows10Upgrade\windlp.dll 895.12 KB MD5: 21c4f59278a666c18bbfb68906229402
SHA1: 005a68a4e945fc10e962f4643dd34b2bfff09176
SHA256: 9eb0b662ad490d8125e6c01708ee45a84c39d4403eab364ac8623d81a5ee423b
SSDeep: 24576:z+GF4gxLugbYFsClURKSoBpbe1LT1UFVlI:z+4uIU1e4DI 		False
...
C:\Windows10Upgrade\Windows10UpgraderApp.exe 1.35 MB MD5: f7b25e924b9128cffbd843baf61fe75f
SHA1: ebe1d59de815b3399debd3c0a237ad25608556c6
SHA256: e99ce4c260c50a0bdd24b6da08c1caecc1b0adc0967547eaff776c1583da04ab
SSDeep: 24576:R/l/TZ2mdMzNia5VuOatr66g00V/TsI/Nbyl/:R/1CJupr665I/Tsibyl/ 		False
...
C:\Windows10Upgrade\WinREBootApp32.exe 25.62 KB MD5: d483081a819518a6ae9d2b4ab34f6a93
SHA1: 36b831624bfabe3b5a44bfa9400202092be1f053
SHA256: 6488b9f51984042c83e6ae77971e5897742c82ab6fdd9d18c105aebc186029ef
SSDeep: 384:30MT6zUHU+R3RWzydXTMq0GftpBj8sA8yU1iSE28+Kkr:3006zUHUABdDui7xxi7I 		False
...
C:\Windows10Upgrade\WinREBootApp64.exe 26.12 KB MD5: acba83ce8ab618f96a8cd6b22da28f78
SHA1: 61b84897dc0c0319317bfb6f32f9e2be94337b35
SHA256: bb0507e0f04cd46a57c94458964798b551140d0b203c4a75aab9f4511acce05f
SSDeep: 384:65eUtV3pD7kYjCFTWOT9WG80aq0GftpBjEJqcDoIQ6g4gPQ29RZOpCUxkU:65eUtV3e9/miXcBQIgPQW7A 		False
...
C:\Windows10Upgrade\resources\hwcompatShared.txt 806.95 KB MD5: b7594c841a1dc08579696d33bf9b8e92
SHA1: 9a4eeb03e4db34493553eea406b56eb2ad00d6fc
SHA256: caf30a6dd73c1708e4dca55aa48ce843d25e6081ac82b65a05d2e540e5862048
SSDeep: 12288:xvlVMoghNIKNznXm1cIgV5tSZmkebC8WNLi:xvlVRgYmWk5M6C8B 		False
...
C:\Windows10Upgrade\resources\ux\block.png 1.83 KB MD5: 5212f68b7048684039f332b70a96e0d6
SHA1: d9148ff34c4feaafbb7c59330ee21c506050aff1
SHA256: 3c8e34b0784318e509812784b73555677ba42d2432caf6deb6502b38174a3b04
SSDeep: 48:7kMJDDmXf8Njg/PY+rv6AkqTvRsAAJoD/1+MT:3Dbjorv60vRsZJm/oMT 		False
...
C:\Windows10Upgrade\resources\ux\bluelogo.png 7.84 KB MD5: ef3ebaf6e9df58c87c057ad3a43cd38f
SHA1: 79fcd9f92736cd97b5689325992e57b722eaeab8
SHA256: ae11672c5a7a07c5db09e343a9a35d9762ff3c3cf336781bd2c1546f043c5782
SSDeep: 192:e7/sMY3i8vLFZ/v+fCVTF6eLEe7E0L9YjP+EE0B9XXaDvpseAj:4sFnvv6CPvYeX9Yrg09nYkj 		False
...
C:\Windows10Upgrade\resources\ux\bullet.png 1.14 KB MD5: 597ed943b0e8a575554831fd5bc2c2b9
SHA1: c3dd8be7351252571e448124b19a0f5bdb65df9a
SHA256: 04f81164c0ff166a07f3ea155dc4b5f64609107aee9d183b54f97345c30692cd
SSDeep: 24:yD1EWM1AYOZ7au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8kk:0EWM1Gwrv6AkqTvRsAAJoD/1+Tk 		False
...
C:\Windows10Upgrade\resources\ux\default.css 6.56 KB MD5: 2049a914f71e9b236b2e9324626c5557
SHA1: 8e4d49666be7ddbbab7f4298a93e1717a786bc6a
SHA256: 5aa4d9ab4cfad0965831d9b3724d18203e31c7be785f5732c65b8b63c7ad9070
SSDeep: 192:OEx17V9LakqEleB12qqdJKe9KKmaMYDvpseAS:sV45qqdseYKFkS 		False
...
C:\Windows10Upgrade\resources\ux\default_eos.css 7.47 KB MD5: c8855e3a4ce0eeaa645ec5c43c0f0431
SHA1: 05fd1c5c407ce5d0040bd4c4d58d11f6f83fce87
SHA256: 77388ed936219a42e217901ebfbfcf047717996a29d02d709a496cb6a4731fa4
SSDeep: 192:QycqutjfxALAGNp6oDQ0vjs4Ybid8Afjn7PGx+T9MzBDvpseAw:egR/ki5HDi1kw 		False
...
C:\Windows10Upgrade\resources\ux\default_oobe.css 6.03 KB MD5: 428af65eb8be71588e3de91d2a4604f1
SHA1: 370d5c2423287ad701db1e85a0532f5f7998e0fa
SHA256: e6b5ab9ff4fb0e86c31ba8ea7af2f73d4b168eac79c4f1412a468302fd81b1c0
SSDeep: 192:g3euirutzSVt6znfzvJnXkH0TVgsfHPfsOINOgiDvpseAQ:gbMkfhHvkQ 		False
...
C:\Windows10Upgrade\resources\ux\default_oobe.htm 65.09 KB MD5: 3662ab53375dd642ec24bc09cce6c7d4
SHA1: 57b2a1152127de28cb836e078e1effa20633bd54
SHA256: 0669da82d43de7a5385669e799c4420e53754d2f0815d4aaf93ef821cd287cff
SSDeep: 1536:EIXl84gmsDQU6S8fQxgyA491DjzOpntkSBn01e1evnUz4sPG9uI4agGVCs8kd:P16msDQU6S8fQxgyA491DjzOptkSB08Q 		False
...
C:\Windows10Upgrade\resources\ux\eula.css 1.02 KB MD5: dc2246565aa3502c2769b97b00253139
SHA1: e9586bb5af34c04d6186bc0b1bcc982d3cd8f29a
SHA256: 3a649bfb0ed29a6f268e403d00e55c319e1655fa9dee6a458f2e03940cb5d3a4
SSDeep: 24:YSuErSRgkx3ORau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR81k0:XumVCeyrv6AkqTvRsAAJoD/1+Wk0 		False
...
C:\Windows10Upgrade\resources\ux\GetStarted.png 4.66 KB MD5: 8d83223d7fbae23fc79e35bdd77cfd5c
SHA1: 29aaffa6cacabba62f764c8dbb3ebe871ba7de55
SHA256: 28efc25d00441ea9eac860dc7b4f8af5e3886a6c48d00127ea1b981345489193
SSDeep: 96:dO2R5jjrR0waQRxownUSxq94WPxXOkllPopWMhtZQ0Crv60vRsZJm/oI:r3HCpQRlnUSxqRPE2PuWbvDvpseAI 		False
...
C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png 4.91 KB MD5: 701b0c48872458b6ea0c9c54790f1743
SHA1: 2c5c994ab23b2e57bcba6e2f78d74ef463b8308e
SHA256: 0eb349d90a863c6eb072a170a7a4088d07c4b0120102a67204052861c570d81b
SSDeep: 96:XHudLVNwFgMfEUsXIpmFrlcOcvz44pPkMU+Zidrv60vRsZJm/o2:XHYeLsXIpmZLeSMU+ZmDvpseA2 		False
...
C:\Windows10Upgrade\resources\ux\loading.gif 17.92 KB MD5: b7f6e23a35b7e3bc57fdc7749c71e215
SHA1: 1c59873e9b49c10c5ca350a848a2c2e21449a77d
SHA256: 9ad6bead3639ffd6b08f387a30ed0186fcaad956359278e3a1e1cb0c2c790009
SSDeep: 384:CMVR+V9CcRLbIUY++7WXg75BWRtH/Wsw/sjgmlB/cQNkg:lVMjCQB+7WE23wrOT 		False
...
C:\Windows10Upgrade\resources\ux\lock.png 4.52 KB MD5: 91a3c63c7c4cc0ed7400589e28bf9541
SHA1: 01b8ac9e7f16615254d5d0561c12019cf9728388
SHA256: 761d2400b9f65e3726d8fad229c0f15d3b3085d562fa72c6239283dddd6f0bf5
SSDeep: 96:zEHSmOy4NRwu2WYgTGhaZQ757Plo+ZdUrOPi5S+ICuHNrv60vRsZJm/op:wHSmOy4NRwuViEQ7J1ZdXPmS+ICEDvpW 		False
...
C:\Windows10Upgrade\resources\ux\logo.png 3.48 KB MD5: ce9188b89ee509dd53f12d55f1af5a75
SHA1: 4f2307a6917ec34f0cc7c47c7a5e76c26eb1a339
SHA256: be11614db2f62e905582931e9dbc4ac0522a971165b08ac6641099fcf1768029
SSDeep: 96:iXoS/EIJVMoi3bv8x/otucqhLXqZYKtT5rv60vRsZJm/oG:ooKE6VMbbkgtAEYodDvpseAG 		False
...
C:\Windows10Upgrade\resources\ux\marketing.png 1.41 KB MD5: 565303f237470ce41c7a3992b05ef7c1
SHA1: e2ce74365b26f5127f347246d4b10c1f66895302
SHA256: 7117ea8335dcf4c11c807a02ca3d5fc1cca5d17250a30b23aba068daff4f3a81
SSDeep: 24:LfDSaRwTd38NLp8gLS+qCSGaPkWUau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR83wS:L3RwTdMNLygLHtHaPkWrrv6AkqTvRsAr 		False
...
C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht 608.43 KB MD5: f44313ad48a442ee29605e60a84486da
SHA1: 3a4f125ad2ab9acbacdcbce01ceb15eba46a238b
SHA256: f3175343b8c83951b370e628541660202fdfc7501a9935178cba4758209103a3
SSDeep: 12288:C0izrO+y7LTpFpW3kc2HuEU9Av65wFRLkJFUotkadalf:C0izrOrAJ2HtT65wQfdY 		False
...
C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png 3.05 KB MD5: 2d4c6e3694dc070c76ae76397bb5d099
SHA1: e87eef9febcf38a99dbdc7ee97ad87585467e542
SHA256: b1b05250eb6ee1b51466c7e255a5a3cdef2bf0361bcc0ec0768499a429b4e41c
SSDeep: 48:N/+simcFfR7g49SHXin0gRtuCd/h+Rupx8sjkfNVCrv6AkqTvRsAAJoD/1+w2:himiZSH/cQqpuSXQCrv60vRsZJm/ow2 		False
...
C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png 3.09 KB MD5: d9656278c20363ea8fce1cde8a0e9dbd
SHA1: 4aa74bba4de53c1f2c797575b3c6f29c0405a53e
SHA256: 4074a2765ead58f5b8468e2af0d84b626f038ed920aa6e17ddfed1e992ccfbc2
SSDeep: 96:DcpggroXbCQNhou3sL0XY51+zvrv60vRsZJm/oTq:iroOQNauqaY/6DvpseATq 		False
...
C:\Windows10Upgrade\resources\ux\pass.png 2.70 KB MD5: 821d6da4564e2cea7927176ea5047f21
SHA1: 7dbaf1b0e2cd4786b3132eaf5cf64a4b85b68460
SHA256: 36ac72627450876900f2b2507300cfc6575dcefc057f402a864bfeb82a39042a
SSDeep: 48:t+eIpycMQUCuSHWlOj4VcXrOtsTELtQKPT5rv6AkqTvRsAAJoD/1+6H:ceKMQFWlOUVc7wSEB95rv60vRsZJm/oG 		False
...
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css 40.92 KB MD5: 2ef04638cae61bbdadcf02a5d6a9838e
SHA1: bdfebaeada1ac7f84a630e17a7f5a6993c369ed0
SHA256: 1d659c7a71e112d4ced59ac2d566430a61779979db964a62402bbdd52f000440
SSDeep: 384:nnYTmTAVtGsDQdI4fUD6kdG7Imh+G/0Hj9D/j4IWzLEDFP3tgYSlprDAI9pVsY8S:nncqg0B0O+WSpD/MIWfscFKJE9JzGx+ 		False
...
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css 263.78 KB MD5: 47c7d9d86af4dbf27744d5609013a7b5
SHA1: 46ef124b481e5856e7ba2a26b3f1c795acd2607e
SHA256: c0f942822c45d16706035ca978401aaa433f27f2c572d4abebf171b282a472f0
SSDeep: 6144:m3x6QxXvDYyEGG9VDNle5k7xXFCid8NlwbBEO5:sYyLgj8sNl5 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm 108.78 KB MD5: 7e0304699bdd3fdb01b49a68f186fe41
SHA1: 548a58a0a74448f8e1e55036cac691b45a270b97
SHA256: 018abd5fe40f40f859ebad2e624ec84f7e24d605f879e11a46d57f4d0c9097d8
SSDeep: 1536:3AyQ1J84hZgNslEjcLgyzNwjn5tQZH1wJfOt0VGEzQVIpWlm74Td+YAR6e0ZT2QZ:Q31JjTwLOWGZlm74TxT2kxBW0 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm 248.44 KB MD5: fc64247dc71617e71da8a40e3a1e0a72
SHA1: e5f4244a1059b6ea4713fc985ded0193f3f8bdc2
SHA256: 6adb9a660ff952021b7bc7c4c9a55e669fb108a5e81f4943c2e8ba1ec86a69a3
SSDeep: 3072:GfTPpkpZ82C4D4NSSZ5GyQAznUgL3g8mEeDU+Bh:k2pvPoB/JQinUgLbmpDL 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm 82.30 KB MD5: 9e879d86d21801c98f6842c71541030c
SHA1: 9637c1ac612f3586b5047424417eece1d00c5d6d
SHA256: 8ebf70f903d62df7fd514795c1c8f236041debd9c5098f82706b2288a8dceca8
SSDeep: 1536:5XKe5WHQ6pAVgrkDyu9aE0mjxbxwIwWrPl660gJw6MuA0xxg7Idk5ChCBbiPcQS7:5KU1FBw9AwFdBzhxBsj6L 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm 64.57 KB MD5: 79c38346862ebaf36d977a29ed3bb4e8
SHA1: f2853947c27de635d744d2d73d1d1d76a89d45fc
SHA256: 6dc65f1564467662533285411880f47c9ff7c21cc38006df5e6afd92f5e8f13d
SSDeep: 1536:JYrmy9aEMwnZVpEb9fw2OUYMmeP5ghwPuZptjJ/CaGffqeETpXY2TXYaQWOaUW8n:iMQo6P4b 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm 234.76 KB MD5: 3b2bf94200c04b9d6d4017444b0ebe06
SHA1: 2972b34f436494a43fa8710d0c09e4a38f587c01
SHA256: 03ab7f2e4cc458508f95a2e4cf2e4fcdd5ccf1c1f9aa9b03b2643872af5b5a58
SSDeep: 1536:JkEr3qDs8B7cH6tocsxMTH6mqjR17y3IQePPWy6O3BWNZXOJDXulaBIhNR31iBTr:Rr34vc+oxUO3BhXQ3uLjgZLW 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm 58.10 KB MD5: d44a05fb2490c372a34bab354ac3149f
SHA1: d7833480d16f04a49190940e57aace47eb744956
SHA256: 284914e5979681e1288538f391794f6f534a840745b5f15df60c3decdcfd5364
SSDeep: 1536:m4uLPGGFug1JxtaSN/Bo/xftrYHpbAwOWcoLbGMavtHV3hemUsJgrCJlAgwD8BVA:XGdXCKr7Hzc7w 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm 69.11 KB MD5: 7ba37d670473ff102aa6e279aee3eb09
SHA1: 29cdc9345a2ffb01f9d9f9ffab76cc9d0eefaa21
SHA256: f5768b8a8e9ab72827ddb9c96d1d6f23a66ff8a22d7f7e784b3923b743b25556
SSDeep: 1536:qCsUnduTC4QaxV1NILDBgpCCzDWLQJjkADVMEToEunZh7M0/8ab5uB2Zl64GWrLa:vsUdXHHA5HCZltSUEcjGkSMjUn 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm 62.54 KB MD5: d4830309def40e6d834daacddd336c6f
SHA1: 5d9571efef0ecaad87191cf309cb7b9d976307ee
SHA256: 591b15c11f5b0843d73e3054295b31823037064ee0c2123231493c83065d3926
SSDeep: 1536:1svelRRYY/TRBm5cMyIYH8fP8qFStquCesK5KQc+IWFEK/7thZG0Zp15O3Ov2pc7:GmlRRpL83ISt8N 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm 70.02 KB MD5: 1459e59246f60fc3a2408cf07e631682
SHA1: 4e5f52f247ed0c3aa6816d91a6fa31ac1da1ba73
SHA256: 2fbba6332806326ba1be004ecd4322f059686d361c9554fefa8cad29618f1118
SSDeep: 1536:+ot1R12we4/B4GW77k0ZAUL4MzY3r5/Z5rbFTjF0dJlHVohq1bBI75WQ97UbTnEn:DMfunFkml8tv6h 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm 68.69 KB MD5: ba28a01b26e883ac157b67cab740069a
SHA1: cb58b1961fe3b6c0d2bc923875acfef65187b68e
SHA256: d7079c81efe0e979719158b21e4104fc4fae29a0c22993243ff8ca02fd337475
SSDeep: 1536:gjHSG006i69uMl7Meo5zpi3ZTTVOeHJLAOGo1d2Qj8FnyXO/K0ED+AQg/DpMuch7:gjYDGZcLB5uB7lv1Vh 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm 845.30 KB MD5: 93928c5295ff94e7640b6cdb88379759
SHA1: 1ec667048b7dd811d4091129fee5edfd0790a5ab
SHA256: dd040b94aac37c32a0264e57c4ef835b85503166f61cc4110c770205e6ac5587
SSDeep: 6144:B9JFhRnmST/NAUYYNK2CReYd2Vrj1dulAbs6c/W3V+76Gw:B/FhRnmklPYYNKRTmrj1dulAbE/oai 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm 206.25 KB MD5: affb6ef39f4dea469ed99d77de712dfb
SHA1: bcbc6a3058f75df8994b81b5a8673fa02ec9649f
SHA256: b2caf60d35142068ddb62276d39b064f1f4afea485983ca71fdba32c77f36bec
SSDeep: 1536:XegharB495u1Q7I3nKrwVpJVBdlhVMKmZ8/jsOq92BXXaeFM8jumG65+nYlbpxR7:Xeg7r+DkFZ8/Xapj618Bj3mQ8D1EO+8 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm 620.14 KB MD5: e6293a92940479fbb7cf45b4ee6226f8
SHA1: ac64f553787a603984517dea4573ff6669d7388b
SHA256: 405d0ec6ef3bbf8ecb1b2643ba1d9dab9dfaf1763cb91131e28a8682e3c44a22
SSDeep: 3072:Z2RDy9PFTCh7LhqITY8lPvlyMzce1cUhW2vJKDyDdToHCpt9EnAm+wHnslrzHqUt:4RDYF+h7V1vlGavKEd0iptYAtGOrzVt 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm 75.23 KB MD5: f8d18875785ee249816571724f5ef600
SHA1: ebbc71691980115674f9009bea43980dff78a9d2
SHA256: 3427f9b9336d6c9996ecbe9d162f82dbd9c558b51171a865c927cce11bece923
SSDeep: 1536:jChol1uEaQ3KN7jhrQUm56JpfW7tRtiFMrMQGm0wD5EdYlE9GSGec7wFtGdTEEns:lI9Mt7r29ESiw1 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm 82.88 KB MD5: a0b04c25fa8394fbfe6b83b746962914
SHA1: 6368666bc463f44f4b193fbb116adbb57d782640
SHA256: db8633a44627b2266a4516237805d9a611953007c7c5da6be3d8d9bcc977ad94
SSDeep: 1536:PDYZaRnraZuL/wog/dzrRUXwNwYKx0pxIMMQbbkBr8nlXoWqh8dgy0OHNr6MPsQN:PDMHfUwNcKk1guyfP8TeVkLt5Fwd 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm 66.55 KB MD5: 8912b572b701c099ed0aa83ca6d1e10b
SHA1: 2e2d0bb75b4f3d43b636523a986974895f865976
SHA256: 3d5233eed7ce829575f1f98336bd70c11e15b4bb65eff4ab833b8e386b0a7b7f
SSDeep: 1536:Q2QWLe1AleurzVZJi6kAoAPYpMf1DG+2bWdAywOZrkKlinwumPFx1ouSeps/Sfu2:PPHFzinmTBx4K 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm 80.82 KB MD5: cf4c6fcdca9761978545df60e4f61722
SHA1: bf6a63d397542291d8c4d914474fab43be7a01ff
SHA256: 4a79f854ad5f7bd1b214faf825cea3e1fc1565ee28a0c7951f536acd426217b1
SSDeep: 1536:kVmchyGuXYZ91wL+lOo4bCSpeenQ8xIeQQJsvoYj/FyNoqwCkPJcAe8lqLiU1+m+:kQcahK9LpquCgl9UQ2Hhe3XLb 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm 70.31 KB MD5: 70726f140bba86270e40f4a197e1d4ea
SHA1: 1bf977c8e90a96abd8712de9bfacf13594cce279
SHA256: 5b7a3cd6ce934a59fbb6d836a159c09789d4a05459354f1b710b53cf346d8f98
SSDeep: 1536:Z7CK5FEYDhr7UNyJcjNEqhCABOfr/c5E473zR8LeDFU2MHHQa2b4cveGbV9KErHL:9wnD6n1w5 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm 77.27 KB MD5: 1c7cea2ae407f8fe75ec76dc96706972
SHA1: 1a5ca117359af3aae990b445d4b9ea3712e8c931
SHA256: 956598d73e16ff9b2ba4bde245f66289c408120dd9f5fdf51b3489333ad1084a
SSDeep: 1536:huJxYdOqCLBq3IPirANA7i9OGzhktEgTeArGyVOCe+RBGnCZxvJefnO65QUnVvGj:EyqCLphUnB9ck/KMeN 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm 80.97 KB MD5: d6c5d032a27f218322a904af3145ce7c
SHA1: 1ef1130d2ed01c557342bdd1e410d38f4ac1ad88
SHA256: d5834c2955c1de88e729712b0cfefa1d6fe40c6b4f07b0fed30a7e378079cffe
SSDeep: 1536:YYCJKfcovLMS1M78hIVPHiy8nsSkKFB/WDWcrPCHEMoeY1axIUt1pG+z4J9y7a4J:YjmbsTABt5XzrSfc 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm 249.11 KB MD5: 2893e5ff2387f01ae311b704cca0e42c
SHA1: d540a6a388bc070fe28f27ad29a0f99719dd0d16
SHA256: 47e66ccd3b4796117290aedfac52753c71351e580bbce6eff8864cea6dec415d
SSDeep: 1536:mIZSJAoM1TOJ/0CJCJCPbC9w44F8CJCsCCCaCSCo83ReFQC5CVCnNVfOQ2JC3qCC:mInYH4ViNVGQBznmDQRtS9q+eQ 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm 74.30 KB MD5: 95102b70304e6a435592b259867f17b6
SHA1: 50a1b917f18d6b537a3e5c3f8530b0813a748bfd
SHA256: 981b2055bcf803c2cb36c7624a83850eb2835c711e4d822614cc61e83f0b156d
SSDeep: 1536:OIeVxP7z9dG7GHrOky8O1XhvBQQjV1Xu4xapF2rJpmT4MXKOh7AaCb9B0GeqqS//:E/587I0xQvlpeH11L 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm 261.41 KB MD5: cc1507ea813b000047681e650fd9cb83
SHA1: 5f5c515b44c3b33a59ace04bd145e16019bc38b6
SHA256: 3decc93fb1e1bfdbcb640aeaa25802841dea9e45a01e252c8168f583d4b4d812
SSDeep: 1536:zdcPLUKTkaIyUpRmmtXDxawguMElVpwirVF7aBi7edJgXPiH+Gr1a5Yd/7pOPvdm:RX1tXU7oGXfA5U8YnoHUfYx9PfWxUQ 		False
...
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm 124.20 KB MD5: ab0cdaafe5461f6a06d6b87d04cab5e6
SHA1: eaffa52bedbfe1f3f17a542f29156f61604f0b53
SHA256: 7387ed8cd2f9ae7cbb67d6fae8318986bf3646a35f7c1517d41010aee6672be2
SSDeep: 1536:OaVh6nLwlEXxu4BuNRkgiSzyEtEvkTFXKorYlJ4tw1eY2rd6XrqP16fKY0UW5I3N:/h6I4eermaKEXXNukaC 		False
...
C:\Windows10Upgrade\resources\i386\BiosBlocks.xml 90.42 KB MD5: 788e5c1340f683731217e6f07f6b1cf8
SHA1: c9a3e9e65a6725f841ec0999564eceacc6903ec3
SHA256: 6685767547441f646b7566b19cf6f37b19f757b259cf146f9e2d238eb7e3fc2b
SSDeep: 768:TDSd7cVBK7kd7zxqVzFXNF+OcvbfJJUL6GsxoJptdkkdZvc2+K1h3iX:qd7cPK+7zx4z+tbfJJH0X0uZvV+Y3Y 		False
...
C:\Windows10Upgrade\resources\i386\hwcompat.txt 17.05 KB MD5: f96d17aca158f9539e3bfea18b382f2c
SHA1: 3b640c2584522bb9b231402f14d0ef646cfbe4e8
SHA256: c5df033428e43b8736407426ff458bec0a7d7f563f4a8f149ea9821ad0ad0d68
SSDeep: 384:asEvrbaoEIZK5HViluZGUdKURSbxW7S35tual5Xu4qoO2k7+EsRNQW+ClkU:ivzx5JtP1N7+Cr 		False
...
C:\Windows10Upgrade\resources\i386\hwexclude.txt 3.14 KB MD5: 1d95ba3ba46f517db9b8b89ea67adbaf
SHA1: 98fa1ee0faa97f3eca75bbbbad3f14560bef6f63
SHA256: 3645b8d94d9644b25edbbff76370662126055fb43cfde243779c6eca7b6e85bc
SSDeep: 96:95SGWvioHO/zm9aDy8OQ20SArv60vRsZJm/o8i:95SGWhIk4DvpseAz 		False
...
C:\Windows10Upgrade\resources\i386\nxquery.cat 10.55 KB MD5: 6dd1418335d2e2e1619083e1a58308ca
SHA1: a126fa0a88c4db7bc14c38690f6a3ab546adbce9
SHA256: 56e97592b9fc50c69f66d283e6c9a33775e1966240bc9d034f5ac167bd31189e
SSDeep: 192:OEQnqVOd+opMDs2/ZRQ1DKvb2aHHNTIYn+4LKOwpL7W+KdiUDvpseA93:OEQqAd+opMDBZRsD2BOYn+4LKOwpL7mM 		False
...
C:\Windows10Upgrade\resources\i386\nxquery.inf 2.39 KB MD5: 3c79c59a6eb59a07cddafc76afc12376
SHA1: c696ff41d87efeb843ba757295e610b8fd7860dc
SHA256: 1b79bb341b97e364448799f329ab145761d448f61a5284b3bbf52e125d5675eb
SSDeep: 48:gFCNZ8/fL862dvhbiAOzpjVtRjTDtZj6K6rv6AkqTvRsAAJoD/1+euX:gFCNZ8/468vhbiRZTDjjb6rv60vRsZJp 		False
...
C:\Windows10Upgrade\resources\i386\NXQuery.sys 20.59 KB MD5: dc2178a19179fb99792bb754f6433467
SHA1: bdf8f09c49812a6c99cb12a578be54b0eff49f9a
SHA256: a5bf8431a8bafce360ddc1841e68cb8480209a5be9fb414e0ee1240ba997a852
SSDeep: 384:elNkOjRf5TFq7GX1prpBjQ9aFwWEFf2hMe1cB0tiZw7kv:fYw7GXNa9BJEb1+zw6 		False
...
C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml 92.61 KB MD5: 71f77ac00f689a8396096504ee455c37
SHA1: dd84e035016dc0193d0c29b5e067869d9d233003
SHA256: e3279f22be717e1d9a4410e54ca061e91ee609d10c730dd75933e8bb1ea31caa
SSDeep: 768:Z5W7otEoNLiBDwn6VRlzYiBk/7BtaBimAZfgKwfPf:htEoNL76VRlkjiINZfgKkPf 		False
...
C:\Windows10Upgrade\resources\amd64\hwcompat.txt 72.34 KB MD5: 333f9f8a1a7d7cee08c15a778aa5597e
SHA1: 394414b77683f928ddb2b7091fe51862d143a29c
SHA256: 7ec1fb4e401e31e493f51ded8e366df65d813126b67774c47803f1999b33b9e8
SSDeep: 768:qLUBlase/8S8y6LYlM/jt0n8R8k/bRoLTf/GBMSe8v6uhgR02RikLmD8:Dh68ry6LHRH/bRoLTmWSe/u2RikLJ 		False
...
C:\Windows10Upgrade\resources\amd64\hwexclude.txt 3.19 KB MD5: d94c7e6339ca517ec593f34472b0378b
SHA1: dea5c6e9e1cb723a220840ea14715b28ac433755
SHA256: 08d7d744e3bec5a762c931b46d79ce12ef40878a884399fa56037475637fa288
SSDeep: 96:8N89f0f/soCXUUN/fmTvMCrv60vRsZJm/oN:8a6nsomUm2T0CDvpseAN 		False
...
C:\Windows10Upgrade\resources\amd64\nxquery.cat 10.60 KB MD5: b903d4216d1bb98e8d247df4b3e17328
SHA1: 6a1f903215e74581ed0fb9ef1a8bd42fe53e7dda
SHA256: 82cd236749990caf02c91c151fa7f5b45816429569549e38958ed27c24f048af
SSDeep: 192:pZ4QP+v8cAw0vT2lzsGcbQIuIUIfGGllmHRA179eddSDvpseAG:v4F8cAwIC6QjIUI4HRAvfkG 		False
...
C:\Windows10Upgrade\resources\amd64\nxquery.inf 2.39 KB MD5: cffb923325c6ba2ab8540781f6cbfdab
SHA1: 8af083f0a3550c436553fe65d73a2b85f2fe2167
SHA256: e72140c4b161e296c22fe994ef1f013dd53bd06c3f5a276905e317e085be537f
SSDeep: 48:ugUEcx+MTbqy4yTorN8qATXd2sR5hZ1M8DwUyfErv6AkqTvRsAAJoD/1+Fp:lUDxBTbAyTQYks5hFDwDErv60vRsZJm2 		False
...
C:\Windows10Upgrade\resources\amd64\NXQuery.sys 21.09 KB MD5: 45e6499190cf6581e62b617638cc11d0
SHA1: f530541bb587e492fdab98634ad2f69295488ba0
SHA256: 2012d82beb96272e6980ac855b9ed9e5064ef170713f746d6e0034c7262efe66
SSDeep: 384:QRs9XEndLoGopIUi5wWqGGftpBjczTMwWi4uh18PZzDnk20:QRQ0LoGoLi5tLi+hCuh18PE 		False
...
C:\Windows10Upgrade\dll2\webservices.dll 737.92 KB MD5: 03231c28c7a689d78412deb0e8c509cc
SHA1: dcfe1e7b270fd1086d373d71d37badda3b433d35
SHA256: 752e8cbf9097c116ff515ac4ac7c9c915295cd405c2fa4b9fc814dad3b858b0e
SSDeep: 12288:XRhXQpVamz+dy5qNEe7ZG4JNs9hRNroho+LFfZh2nx:3cGWe7LJNsvRNWo+LFfj2nx 		False
...
C:\Windows10Upgrade\dll1\cosqueryxp.dll 130.12 KB MD5: 4b74b21cc6bd754a5797799c756848d8
SHA1: 1514533d6a59e3fcdbf50e4f28cba59d072ee4fc
SHA256: e09d6b6c6bdeb6bd8313957c523445c71906a8906c982513f3f6ce9eca8f38ed
SSDeep: 3072:uxyqnGgkc8mKVgGqWUHCyLVef4xYogjiwjszP9chz55ajV:bpZFUi88f5ayax 		False
...
C:\Windows10Upgrade\dll1\wdscore.dll 237.12 KB MD5: 30a5a2d481e765e65f04dda0cf8513a5
SHA1: 47182e44390514ec71c0048eb297b3732729839f
SHA256: 82538c147a49e22b06b8359eb286fd6b214f39ca4472ac9d6a78601e0431e585
SSDeep: 6144:z/fqhkzIkArx651WlrUyVgP3lzetVBSzu+:GWzqYL0Alzdr 		False
...
C:\Windows10Upgrade\dll1\webservices.dll 936.62 KB MD5: 80d05309c8184e7be3d96ae3c5e17efe
SHA1: 11b0316f936eccb725437e80916598b35f03b3b2
SHA256: 59e23d86b68b21fafe6f417de8846e48c05458b27f88cc496148098bbf322be1
SSDeep: 24576:RxBNbjAInqxTv5/1bVC5GV9Gc3CFWrfa79:BNbjALxdPgcEl4a79 		False
...
C:\Windows10Upgrade\2052\DWINTL20.DLL 116.62 KB MD5: ec24c1d96016ef209148ec96c0c09790
SHA1: c734a7a117cc3a70fbbadbd7576f9dcf1d46f5d0
SHA256: 82a46b675146c4c336e02ef9f19e15e4189ddec9d2579cf34e162546b5512211
SSDeep: 1536:skZ1AZL0CeYQs1ODIpOYcb+yE0uXej0VCpbqwAI:3G90IpUvE0HPpmwAI 		False
...
C:\Users\desktop.ini 1.09 KB MD5: f11908b374d735b78e4178f9836e93c3
SHA1: fdd9bfed13f2f76e1a994e3c854731f27fa9609a
SHA256: a62ecbc84ab3605ce3c25807eedf3c9e25c9bde61c52421131767917dbf83f3c
SSDeep: 24:JAz3S1KzYnNxMau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8jtQ9:WD8KzYXrv6AkqTvRsAAJoD/1+wtk 		False
...
C:\Users\Public\desktop.ini 1.09 KB MD5: 348f15d6c07a73fe3fe57319083a7413
SHA1: 59a9c2970ddb796c2967fed4f9d5861b7f78b5d0
SHA256: 623fc7c900a33738e0d7cfe9170e666bc9f6dcb420f3242736039026dfd14a0d
SSDeep: 24:Q+zMVhLGMg0meau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8P4V:rzEl0vJrv6AkqTvRsAAJoD/1+Ie 		False
...
C:\Users\Public\Pictures\desktop.ini 1.30 KB MD5: 29b58bc88114f0658d2c91f2fbb88ac2
SHA1: 018057a1de1e664e629d9dc73d48add83ede7b11
SHA256: 4118ef6605f4edb3a8453dff8fcb95a827df76c1ebe5ea88214be23a6666bc54
SSDeep: 24:CLZvomYlM4KZ1ZUXWPGoau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8F4:4vomYqlU/rv6AkqTvRsAAJoD/1+N 		False
...
C:\Users\Public\Music\desktop.ini 1.30 KB MD5: a6824be7a227ecb254eae5e44fc58a21
SHA1: 3d9bf45df6986f5c62a037035fd73a6f3f098621
SHA256: 61ae6915af1e28e24d1874bbc5616ea31c5fa456025d33cc6a13dad4a391e225
SSDeep: 24:eW7om8lyhXsybBtirX+4hzfau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8bdKx9:97oFsTE9Yrv6AkqTvRsAAJoD/1+idKx9 		False
...
C:\Users\Public\Libraries\desktop.ini 1.09 KB MD5: d623e36a12f25c82ab1b400d8c58cb71
SHA1: 2441fa67fd70f8765c1193567902e7db1ec2bfb4
SHA256: cce3cde2075941affa0caae8e7b87f5eebcb1d3b3f615354f7ddc6336d05bb90
SSDeep: 24:z7GvH7dudALEXUau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8zt:/AQALEXrrv6AkqTvRsAAJoD/1+S 		False
...
C:\Users\Public\Libraries\RecordedTV.library-ms 1.86 KB MD5: f8002ed8e5786bbca51d02e330822a6f
SHA1: 264aef3556e52b505348ce834be276eb1ed68c2a
SHA256: 78559c75e81b97345ff40bc22f6b9abfa1f9fccc599e5b7f411dbcfe8b7a9003
SSDeep: 48:d9u0vpohXbjpfdWOH9hCUSjOFn7VpQkzlrv6AkqTvRsAAJoD/1+jI:y0Ras2h73QIrv60vRsZJm/ojI 		False
...
C:\Users\Public\Downloads\desktop.ini 1.09 KB MD5: d03c709f827c02410dc59b687d067bda
SHA1: 54295516e3ac29af4679a6619b7dabdf6e609152
SHA256: 55d341ec6ebd5119b9c46c5b5acc89d2d01b74fa05fd95ac6bd1007545b34a6d
SSDeep: 24:O6a6yRmjyrCb7wYau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8W:O6JNjy+b7wvrv6AkqTvRsAAJoD/1+t 		False
...
C:\Users\Public\Documents\desktop.ini 1.20 KB MD5: 4a61865e0ce98c76231ae50b8fb571e9
SHA1: 06cd8413ab7cd74ca732e4ad4d429ff5cebbdf6c
SHA256: 185c8c2d39b8209db5cad7147e7748041d98675e5a93e1d41f5667699ec6642b
SSDeep: 24:a7VNclLwJmqybau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8GhRZoj:a7Y+jrv6AkqTvRsAAJoD/1+XRs 		False
...
C:\Users\Public\Desktop\Acrobat Reader DC.lnk 3.02 KB MD5: 88a094f51467dbfeaa914a8fa3eca527
SHA1: caa2b9bf416d052f83b1b5a70dc85b57ba1e3111
SHA256: 2976b2499ff411842db658c226230ff7adbc6dc8f0c1edc85a5d8be5e90db903
SSDeep: 48:8iUwDr5lN5Vm9Wr+ti43FC9HnBYffHupF/cbkOirv6AkqTvRsAAJoD/1+rJ:8i/lyESf3FWHnNCirv60vRsZJm/ol 		False
...
C:\Users\Public\Desktop\desktop.ini 1.09 KB MD5: 9965947b16988b5db30f59ea0616f2d0
SHA1: db321311022b463e7c060bfda7b3028794071247
SHA256: 6897dfbe1e7131bb2d8667ccf4b5acd6e09242c99ed39995ce53129065767527
SSDeep: 24:qLfGomMzsbXau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR81:qbrmyacrv6AkqTvRsAAJoD/1+m 		False
...
C:\Users\Public\Desktop\Google Chrome.lnk 3.20 KB MD5: 57e73f3486b4678ae5a199b6133cf2fb
SHA1: 24ee54b335b7597efce9c05e9c057703ec84642f
SHA256: 927f80723e45b0da5976e5b1a0e983324a570b53a997fd434d652c82cef9be1c
SSDeep: 96:rkC8iqkEqXI1RYiFjpcsWFQTkQ3zrv60vRsZJm/ory:AL1E6kwzDvpseAe 		False
...
C:\Users\Public\Desktop\Mozilla Firefox.lnk 1.91 KB MD5: 13a2fc858261634bca1d5b873bc82b40
SHA1: bd4b889dac2e7a5ff04baddc97c699b010da3358
SHA256: adf48030162e86412a32cb733031c1b3212f9964a2870adea96023d65edd1e0f
SSDeep: 48:FW/YiYARO7T+fENV0karqePYXNoMfCCrv6AkqTvRsAAJoD/1+fL:4/YZ79VCrzY9TfCCrv60vRsZJm/ofL 		False
...
C:\Users\Public\AccountPictures\desktop.ini 1.12 KB MD5: 312c7c445b787f40762265e5fed3b818
SHA1: dc02e39055cf6e279819c2d624bc845a1dafe5fe
SHA256: 87f22740257d2c6c1b6a5420b24572a2e44293dc1d2a1f28c2800ef8c547013b
SSDeep: 24:ysMYWJl/Mq9aAtau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8m6n:yCQ9azrv6AkqTvRsAAJoD/1+h6n 		False
...
C:\Users\FD1HVy\ntuser.ini 976 bytes MD5: 702c189852a045ab6e4ec75c53f8d096
SHA1: a2499d9728433875eb17f559af5c21d8dfbf5e70
SHA256: 1705929b5abfaa42da4180c8fbc1258ef3deb101fd9f26eb67fd71882927fddb
SSDeep: 24:cf1loNT4au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR87Tdr:cf6TPrv6AkqTvRsAAJoD/1+mTdr 		False
...
C:\Users\FD1HVy\Videos\2G4jHr_jKsfJA-R.mp4 8.44 KB MD5: d2e90a0514e84c276f6fe06fa0aa3ea7
SHA1: 6b83e32f284be546eddb5304d9287fb24f339292
SHA256: 1d1cdfdada491334e5c0e8108744899a4f1b193c795fad6c0c379176c08f4f07
SSDeep: 192:JExHSdT1eDfox+Nsx3ZWz8OMXySCoFNnWQNJngWkEfvtDhDvpseAV:gSEzN+ppZXBhFH3gMf7kV 		False
...
C:\Users\FD1HVy\Videos\7ZAQ_8-z.avi 69.19 KB MD5: d83d8ef7ffb93b42152950e7c084c91f
SHA1: 03a9cd5779fd898f28883569d9eb64c7394fc24e
SHA256: c5d4ab4625bb289e7174c890f04bc46d177ce932953806269cc332aa96fba58e
SSDeep: 1536:92lnhqviQs+sdwXmOycUqLKyhHK7lC7Z1fv78E/AIn8:ohqviQsJfOyj2787c8 		False
...
C:\Users\FD1HVy\Videos\desktop.ini 1.42 KB MD5: 8b935b4bdd12cdbe8cb857cd0cd0cdbe
SHA1: b8f69e514b474040bf09bd67e18761bbf553e9ab
SHA256: 68a36a2e5d1771b9ab57aa91a751aa84fa05d1c711a18f6e19e9797dd4bf3549
SSDeep: 24:0eVl2KcoSdlvomcvYhJxXjB46l1jau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8K:tgKcoSdxhw04rv6AkqTvRsAAJoD/1+5 		False
...
C:\Users\FD1HVy\Videos\n3vlmZ6-.avi 93.43 KB MD5: 61db68751fdf636c5061144928a3ffd6
SHA1: 63e7058a1c0da31cd4bd4373a0b9c29b39bb1e14
SHA256: 6affc237614c2bdf267a456e6edfaa5b3ab90526ead2a8cb87be8ebdfc3f41e6
SSDeep: 1536:JkcRKyfrSkPIlUxsDALEZ8iMRHap5uvhxBwDNCOAy61/aG9elwzNVve6WCj2kOTA:JlR9u/+KhTK6C/CDYu8z55e67n 		False
...
C:\Users\FD1HVy\Videos\tO9pAo.avi 8.81 KB MD5: 6a8e1b4f01c2eb1bcc25ae169be50edf
SHA1: cfbcf3d5a20024dec14fd8f1b4c13839f470493b
SHA256: a645322de097940421c503dfa4df74d617520ae7d76b410049d320c074139c26
SSDeep: 192:FfGpOSsH0dphYIGfH8uSktquTQqst7KyfnJNWVBlJ/CzVGkzEDvpseAH:FfGhZ5oHttjTiKeH8BPCzV7OkH 		False
...
C:\Users\FD1HVy\Videos\xmT13G_wqq.flv 34.69 KB MD5: 762b0d7e59cf10798c7a9812162c9eb7
SHA1: 3ece97c8dd3568bc6749d8ea34651987309d728c
SHA256: 1c1aa453cb1dbc152fd561b3e9ebc0406798e434bcdaa686a3119bfcfc10aef3
SSDeep: 768:ng/sZfo0gjXtxwIbGNz24v5X8WBdyT0OFAGv7qeb68rXTjtJ0U3p:ngUdo9ZxPGRnBaFheebdrXTjtPp 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Jl0C.swf 31.99 KB MD5: 6a9069e866c37b00669208428756468d
SHA1: 380c61ee3a9b3c586fe1709c977ae48d262952f2
SHA256: 3f12c5d268d70165a4e902307fe9f67a96a0f85b355fcdb17f5d5763192ec9a1
SSDeep: 768:rORDAXceyv/sw7Kqw+cMTNHoEKhKIcQLNFW2MF:rMDYceyv/s+KqwvMRIEKS8MF 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\UHxSn8V6bAV.mp4 96.23 KB MD5: efa1615562ccb31a1de662426c257804
SHA1: 2fe1ecff4e0160f1d2707e6f3c16b7d8ab1b16f3
SHA256: d52a66e3e028193362cf02905f1e919da64261158f42aa5936e9660fb828b982
SSDeep: 3072:T8l/RXt7f8oqpIvoBLpg7zZPzGa9twqjbzCSMZ:TKpkoqpIvozgHNGUt9GP 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\46Y sA4xqn1mkiWfe4.mp4 67.91 KB MD5: e4989e2c9daaafc1f7076c4e7d6cb956
SHA1: ca399a4574256af14d7adbe6485fe590c58b3200
SHA256: 5408241500ee482d84d44b53807ce6899189ee450792b83c483b90cc7f67fccb
SSDeep: 1536:FyTbpxQ1gR2TquCl6yc3zfrgamlMrgu0TtfnRr+cHr198i3RS05i:kXpi19TZxjc6r0dnZ3JAYi 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\EAExctTFQPMl8WtaYS.mkv 14.21 KB MD5: 19f11583b909cab26acedb0fe3a7e1cb
SHA1: e6d9523a3f00bba31a51bd9a08fc273e70c693b7
SHA256: a8dd2c0c3d38fe1c3a401c5fc59f6cf2a20755de3d07c680b0c55227bbcf04f8
SSDeep: 384:e2wjDWAhgh3R61UrxlTCDl/fWtEsSG/mPwVkH2:b2Kr91dWUE2mPwS2 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\Pb9eQoao SP.flv 29.40 KB MD5: 2a8ea4ae9f5be7d0869435c4058f5378
SHA1: e1edec71be53faf1e9be6ce1b91fecb804eb1027
SHA256: 57bb8db4d335d9148000d87bb013323045b31b49b8f9e33f7938a026733035ad
SSDeep: 768:/yQ1GsDBEKD4IQqFqoRswbR658KM5jBtsQx:6QYyrFFjmwl6CKM59ts8 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\bh AN-eEd3pAd.mkv 79.47 KB MD5: 4d08caf63abf28c1473f104d27f74726
SHA1: 681d0391ba556c8b3b022b750c067ebd17419e3f
SHA256: 386c109d9688f48426be471555702bd2574b012369ccea7a150e9b33a9cfb51d
SSDeep: 1536:2v0ABNd90s4g9yh+X3tLoCF+NDnzYNoDOrIWayyCqojS9plm+aWX8:2vFNoKDX3tRFAiM6IbCqI0p0 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\sfAW.mp4 34.47 KB MD5: 11efd5702f9438f0a0411cd3a03e66c0
SHA1: f408aac01de85cd6685d79da2379792a2e70ec55
SHA256: 899b3f89b9efafea38270cebf6da8711684ebee019c39169a0cb01fb2d516429
SSDeep: 768:SZ9+ksjurWd9fN9xFVDzkZ5MJl35GYdj2MDK7GqmoDXQguiFuA/1:gYz5P3xFVnkZeJtokBYNRuiFuAt 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\1ny84OLSFqFQ9.avi 80.32 KB MD5: 5ba69d6f798789f2b38e64f24bf6d890
SHA1: 8a50a9c71109d08f383666ffd99741917bcf162d
SHA256: d1384777f5f215122fbd3b0e4626856d87cffaaf91dc6ca2e68b1dbe00e15fc1
SSDeep: 1536:KV6vciCehXSAWPE4wpl/oY/f53kWa2wXiPGSbcXesds8qfnvu5BSg3:KAsehpB4ouY/1kMwSPpIu4Hqvu9 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\2RV7ZqtkIQAy.swf 32.00 KB MD5: d08c44785f1823c781075428a7e07a3f
SHA1: 48cb1d4a35ab91012d8c9e5383a550ea899ad2d2
SHA256: 1da5d4e878e01871d9c15cc3678fc91a9a1c8a7161be880e2429b766ae7ff6e7
SSDeep: 768:X0Pu2KIXup/aWDrSs77s5c7zFm5TXAQ10fvaGU3u4fXRN0JDOTEkP:kPbKhpjSs3sWE5TXARK3u4yIH 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\RbHKQb.mp4 95.68 KB MD5: 08a3535a2924597d997531e3e1f24be9
SHA1: da00704f8866a490af394c77e9fcc2345efb0793
SHA256: d9eb7cedf1d9658201222086a6ef517864d1c6fdb7090eef86bf495d86c13ed4
SSDeep: 1536:yBS19aMBLH3DPBW3OtSI2c8O4nOQehlM0odsid6+G98FUo/1pRFhaX:Zh3jBWtI2c8O4nO5KFNMo/1pRM 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\Z5Ha.mkv 15.75 KB MD5: e0d2f796e5a712e05e54355348d63f36
SHA1: 6855d6a5d49a6f2de120343ec3757c8ae1cac436
SHA256: 94693be69f80a68c62d3525e6bb704ff85c9dbe22682d3bb51b0c93992969b60
SSDeep: 384:gpcUfaawqB01itKoXaBuahiGRzi1gwkab:6vnB0EtKZhX1ub 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\b4iPziHdJp0rZ.mkv 84.53 KB MD5: 84a3171c4a7d4f2acca8b58c9c45ab3b
SHA1: 95587cb3b74e7633bac0df1a74ab1162543597ce
SHA256: 1ec415711c48d57d472b611999c8fc2659cd2d3d5525f5860ec407062525eccd
SSDeep: 1536:VyTKtmMgUmuKUHSpFU4HD9iZ/b+vw1OcGFV2GGVNKkuV:VyTKtmwKUHSpGSuvcc0V517 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\HrWnwNEc.mp4 57.31 KB MD5: 729075232da4d2490cfa3600f07c3026
SHA1: 186da993bdbb552142e57db7d1d4746860d737e7
SHA256: f0a439496037efe3d7d007951ccc04f656dcfd08bc477a1e0f48b204d0254052
SSDeep: 768:kMvop2DEJR711jmAwbsXSU5GMBQ+O55uZt5ANqu2TCAyufmOKbQyljZ2eQagTcM4:tose1j8oTkMB/ZrAWf3KM8wagZSmxm/h 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\jEPjuBAsOvP1O7SS4rI1.avi 20.75 KB MD5: b90ddf899268359fa6c03ceef00d28dc
SHA1: 3db43422e6d1aa834dfb7954046bf00a2353ac33
SHA256: 30ec54fc9b5f2744cfaed87f99665ff5a50c73d3c7367ae09bbe7a1f31fe0288
SSDeep: 384:qRQnTDotbna0OoFzN7cHtkib1M+YSUfVFNxKeGy9ik+:qRUD2Da0OM6y6WSUJgdn 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\N6mOHgddbvke6KjX.avi 84.89 KB MD5: 1884f89d82bb04957fa4d0bd2e4f95c6
SHA1: 158176e4053586644f8ec60dab221d995ff8c8ed
SHA256: 64a2711f8c4fdfe90ba63ac5b3c771667722125d169eb2f15a84bd6d2188c9a2
SSDeep: 1536:z/YLh48/gpZa6uLIMhPfT3i5fitjAqGAj+vaWmvDWWxzOMXcfNMGgRdaBdzV8ozU:zKiYgm9FjFtjPKvaWmvqQzOgGAdayoPA 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\tnr9kITOz2NeRQ_.swf 39.44 KB MD5: e42b7a3845ed7a0fdf59e66185e51b65
SHA1: cbd62908df6ae23ec47f0e222174515374fc3579
SHA256: 6005dbb03d05d5f8664393469f134aeaed030cf4a02541feaa695c76eb8fe233
SSDeep: 768:GbLYIbYtZCO9TQfpvEyTJ3xfy2v9718z0ggCb7qzeSkuQgLoo2yQysVz:GbLs/21lIi958oa7qzeSkW03yQyIz 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\wvm_YPLQQnYUMnD1hGKw.flv 51.84 KB MD5: c1516c1f60bd400eecacc8bff11dca76
SHA1: 9400e94329e9cd34e2a5c88fcbf670b5d6f7dc3c
SHA256: 5959aa4920a6d1855d541b66b7bd698705514f53ea185fc3e7f1a9ac1084e6bf
SSDeep: 1536:ky5ECxXjhzWGZESB1fXhnEcMjr2ARbBtmroSd:l5ECxXjhy2fBtXFSSAjtm0Sd 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\g4fjfKB2.swf 43.16 KB MD5: d9348bb98d70b74434eaacc6324ffd95
SHA1: bc1f3e01209c87714eceba4985e8a3276bc936d6
SHA256: 2c47c207edb2270316ab2aece31d6e25537dba842fd3a48ea9376c6f8f0fc4e8
SSDeep: 768:zEMrAysf00/A2ScXuyq1HsQhFBKI+/tvvi1eRKSmFxQMNs3SvvWCz:jcyg/tSny6rhfL+5XKSmFxRy3SvvBz 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\LB 3vCSyt.flv 7.27 KB MD5: 02f72eee16dbe9be6161c610fb649051
SHA1: 16e8737589bdf39c0f1f47bba3f423b3971afa12
SHA256: 2039ea7f88247748686bd73d996bb50b6685f022fea9ee15ba5af74afcc4c117
SSDeep: 192:yJZ6twQ/rAdUaMwv5ewOvmSMWyg/YxO95mDvpseAh:uZ0zCL5ewOOVWy2YxO95ckh 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\Pam-rO9WSYDB5Aau0.flv 63.10 KB MD5: e8fcfe60d59d825133c4bedee52cd661
SHA1: 6696d78eeb1d0e9ca1a2173189a7614ad925f13a
SHA256: 1d54d553e59141c8c39e4bb392f0f59409bd611d5d10da0536a57dd64f7c5678
SSDeep: 1536:G2gA8kqtGeaF+tZovsX5If2chzDTAeLu7:G2MkiGea+ZovMIf2gTAeLu7 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\pH7Yo0Q.swf 25.03 KB MD5: e9241a37af65f79734265d51d078a5d7
SHA1: 719b005aebeb2bbb8028fbe5653331b3d8a9a112
SHA256: ea26ac4d7342afb56d54b0ec1e143793b2dd845d86fb37bd8ab718054cc91244
SSDeep: 384:zq8Ff7o9R5bbV9VLrsnod/DkDFZMq3BhFFk7QrDrtQeMp+S2A4pbRRTpikX:PzE7FqoqMkBhFkQ5QLcnbRFp5 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\UTKSb4.swf 59.99 KB MD5: fdec0853ee819c1089cabf9cc8d32841
SHA1: 6acc8dc96ae1262625ebda01a932e92fa05af776
SHA256: c092ba696e6fd8093a4cb5237e7fe7f00843703d80816cb83d8fc9e2152fc982
SSDeep: 1536:k8g+aVO9NPXvK9bmja4pgsg/tTxcMrY1b4MAGKnaRd8/gx:FUOfvj3ng/tTxHY+LGKmd8/k 		False
...
C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\YI0OJ.avi 68.28 KB MD5: 0e2d28b7d29294c6de3db7218a814bf0
SHA1: 479149f09d0807149219365fba015dd38a2ec961
SHA256: 5628aa1f6105b4ceecf49cbc481cc7516733dfcc698e41749ee314747f6a3fc3
SSDeep: 1536:T7xZH9+wbHvx9XYi748dy5W2SMMheMbK9byLhD5Nr6ItEm7i4TdFmQBYp:T7b9+wbjfdyKMMgaD5NrNJ7i4TdFdBi 		False
...
C:\Users\FD1HVy\Searches\desktop.ini 1.44 KB MD5: 4e98859421004b29207506fe8a78615a
SHA1: 10bfd5b6d5ca89cec4a6deae9c991414dc8f82b7
SHA256: 4bf593e04be86125ecda4b83e212ccc7887a7236c9ce795f19ac55645783f29e
SSDeep: 24:Oi6/8GlLwyQrdX0t3Vrmj3YgEYzQy3au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8Y:PGtmdXElCjIgEYzQDrv6AkqTvRsAAJou 		False
...
C:\Users\FD1HVy\Searches\Everywhere.search-ms 1.17 KB MD5: da868bab1954cf062c879f15cd5354ff
SHA1: 1d35c2536461f1ffe17388554c695feb54b2889d
SHA256: e0e6377bde126660efc360de4fcec5c6061918ffbe4683a04398b6655c00e554
SSDeep: 24:FQRyRTYCdBEPcUSgUYwau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8ixMZ:BDTYnrv6AkqTvRsAAJoD/1+BxU 		False
...
C:\Users\FD1HVy\Searches\Indexed Locations.search-ms 1.17 KB MD5: 1e5009b74e2e78162f17bfcf51eb9252
SHA1: e39c6162917da62e36258af8757fc916f6547e6e
SHA256: bb0852f6b6fbd9fd42d13766cdd42df22672829d5bd6583b4a8fde529ef7d9c1
SSDeep: 24:n5Ru/A00iWHRb9kZQEQau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8A5:n5I/N0UXHrv6AkqTvRsAAJoD/1+F5 		False
...
C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms 1.77 KB MD5: c502456b69526c1177e3e4118eb68eff
SHA1: c945afb7f05f6efbb4f9b58f06c4277afb23713c
SHA256: 87ff5089eacb50557b3fe653229d847d2c9ef200e523d33a93c0f0e2009d1d6b
SSDeep: 48:FefvqzItlNtVl0xtr4irv6AkqTvRsAAJoD/1+Bfv:CqktlXcb1rv60vRsZJm/olv 		False
...
C:\Users\FD1HVy\Saved Games\desktop.ini 1.20 KB MD5: c9e5bd9b4506c44e429651b8a74a990b
SHA1: 7221a929ead30d59899aefa4d8dff6828fc06a03
SHA256: 2118bcd8399ed6de9a5b50f3086f0a25ee7d4f641cdb607f1f5296644bb78ab3
SSDeep: 24:nFpAlDTlLwTU6Ch4au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8nmg1:PAlvfxPrv6AkqTvRsAAJoD/1+Omg1 		False
...
C:\Users\FD1HVy\Pictures\-2zw.jpg 71.86 KB MD5: b01c565e9863f630abfb8860d62504e2
SHA1: 667e3430c1c26b033094a71b371bebb54ef5d5dc
SHA256: 4b81223c7987b031dacc225d08ebd32f7afc3918b5a6a80eec5697063234a297
SSDeep: 1536:pgNqHmgIGMuNjDwpHkn3rN8hHZ9XXESjEUrVvB5:piuYGNgk3rN8h59kSj5Vvr 		False
...
C:\Users\FD1HVy\Pictures\-b02kVqWvf.png 15.91 KB MD5: b826f5cfa4db044ed8ea29a93d5824df
SHA1: 6c1b73b117a90cc031412df4d5e3ff56501eddb2
SHA256: 6deb1ba68cfb4fa3a54b1340734be802376a56512464224358e342d1f173c013
SSDeep: 384:WCG7BPs77wrCisJpT8nCkaHkoPGrCIprTZt8klKkka:WCG7Fm721epTICcvlTZTF 		False
...
C:\Users\FD1HVy\Pictures\1gNasKYorpdQ71V5s.jpg 11.44 KB MD5: c2ed475922ab3e1616f509d72c1b3ef2
SHA1: 0285f07bbd09ced54fb8097e1f0c955d18db9ad7
SHA256: 6cd30fa6b40a079a1538da8d13f087908400685a167f12b703d82eb2accb5907
SSDeep: 192:E+3k2JG9tNNQHhisKVV5sNRZsAiwyDW2meXDUx8OoQSyMeklMBL3O5fRhM9ADvpm:vnfBisUVWXfECW08OoDy6lM5KbI2k/Z 		False
...
C:\Users\FD1HVy\Pictures\2WNpPaYQ7bCH6uHV-Wi.bmp 35.59 KB MD5: b6ca71a1bcfe53a0014610e2f031bd59
SHA1: 8931767fed05371397976a9cd612de21666c53bb
SHA256: c32a07782385219e243960b098e281d0bb89ae80a0d33f77e6b6b7090489c49c
SSDeep: 768:LayTZHR5qduqdtQP+B9poy6AIVge0QQSxBr7o:Lay9xYduqdt46iypIh0QxxBHo 		False
...
C:\Users\FD1HVy\Pictures\5Mc5tu.jpg 34.12 KB MD5: 2e00be4548599c30d3f033b2e4306c87
SHA1: 6d45009303b566835809a9cab347eda7eb268b39
SHA256: f391741c2464920145705a2ecd16b669fc87cfcdda2156949832cbeab36dea43
SSDeep: 768:+vFWLtuKkuSJbwe/WUH0Ug9epQaCvWxc07SHQ7R1ODb6:+IZ9SJbwe/WUUUg+CvWK07SuIn6 		False
...
C:\Users\FD1HVy\Pictures\a-l cZ2WhL3Gi9EP91pv.bmp 100.52 KB MD5: e00803ecf4d9c4e785b366f5dd42f845
SHA1: eea17e2e395d1532d301e2f7e4e79d059bc80b53
SHA256: 2092b3789f7e4a64a8b877e6a54f1de867dd3db3e640d981ee638f66f12c5d36
SSDeep: 1536:nc706QSduUs7H+aegxmqhUZwlXnchVfbuDBxLaOa6Atj2HKQYdsjPdo0g:nYdLS+aPxmIUZwlshJbudBSB/niPG0g 		False
...
C:\Users\FD1HVy\Pictures\AAfDEiE2PNHO9chgg.png 4.48 KB MD5: 7502c6c074421bbb66338cb4d46aeeec
SHA1: f82e7c4353fed19b5f4597c432b0b6dd1ced90af
SHA256: 195d3ea1e5c124eafe10683662f85a89018a06d215efca0cd83c5b913af6575a
SSDeep: 96:FuI6z0pDdpIKPI/eMKZ9FCRqWxN5RNGFYqCkwrwG75H1OXOzrv60vRsZJm/oXL5:0I6kD7lPBj9IDBwG75HU+zDvpseAd 		False
...
C:\Users\FD1HVy\Pictures\AEeie.png 55.66 KB MD5: 62af64c920ad150b6c043d782b68661e
SHA1: feb8bab0110771ee283af76b80bd626d43ad26c5
SHA256: 30e9aafcca348521f9516f95e10ed32c4f3e59ffb50dccad3a0f1d5943b6eece
SSDeep: 1536:LKimHAX6xNi+p+ffg7glik9TsEk/s8sowIxTdKMK:LKiH6Pi+p+Q7I9b8fxTJK 		False
...
C:\Users\FD1HVy\Pictures\atmBsJmJ.png 28.25 KB MD5: c6aac72832e7c778c536414d4b425af1
SHA1: 3688962bd78e0ba9a03278c28b780d592167edca
SHA256: 7cc4db77d1fb3a4497d68e0ae9b76dc2096636b8a5477161266dc9801b60ce59
SSDeep: 768:b4FK8MFqj5AooaSpOu4uv9f0JAJdgg3pggtH:b40/0j5CJ9dgspggd 		False
...
C:\Users\FD1HVy\Pictures\a_cHEoVLcdMdko0UNSN.jpg 59.95 KB MD5: b8794a87bdc51dd7aa1cb3d961480adc
SHA1: 6a990ad6bec7524e922dfb2d9e9444d1435fee45
SHA256: 22818a2cbc1978624fad97bd2bd35142873ea05d5fab0635e6ba23158b9e9c76
SSDeep: 1536:jYWObilehylvGomc3wjTM/PmW3FoEbHfsEQEGU14FCK:jNedorwjT+qw/sEQEd9K 		False
...
C:\Users\FD1HVy\Pictures\desktop.ini 1.42 KB MD5: 63033b96617dc0dbcb8f5b811f15a248
SHA1: 25e11320d4edb2c93fca2588285791232e969a0d
SHA256: d264f9003e6c06b740bd05b453d4fcac33948f17a961112771494e5018cb03a0
SSDeep: 24:75pGo6UTlv+nZvveau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8Ls:2o6UTdmvJrv6AkqTvRsAAJoD/1+f 		False
...
C:\Users\FD1HVy\Pictures\DHNDov5.bmp 61.86 KB MD5: 4b8d13282eba1f94d86c89dbacdd563d
SHA1: c310f68af6202e8ca5b82449b21e5fc8d4d1140f
SHA256: 45f0f623d2f332e1480699e1aea40584ca1d22b315c0b104878cbf9712b52759
SSDeep: 768:Hx+Xw4Q+mBGr58Pn/fqH2+pOoL901WgMo+8oNpDYGVnWVlM4xQQpxoRFhJCJAux:HWGBGrqv/3+v+f9ozDYGFl2BoRFHkAux 		False
...
C:\Users\FD1HVy\Pictures\dW 4vWF3KS.jpg 92.67 KB MD5: 7abc0fd6cb1d91f47fa148badbc999a2
SHA1: 6183cdbca195b8e9c5e6428df62e9b41d74310e9
SHA256: 6481e9cd91e4e03c2ad06ff3f01e3b0579a4813a10478926182efdabc3979296
SSDeep: 1536:u0PWy0o3LkdAYHdd1MXFrAVD3y0rom92BU+Hom3yZWYqzOcNLLrcf3jFe5W1GxpX:u0PWQ3Luv9d1MSh1rz92BUaom3ysjRNZ 		False
...
C:\Users\FD1HVy\Pictures\EwKDZvQL.png 78.65 KB MD5: 9380bb422e00f9f6e554714f306d4037
SHA1: fd4c0d0656e9bdfe99a2a700885b4fe2592c0576
SHA256: 6b44f35925c7c0ef2bfe7a07e376da64f65e83932ef60092bf28ab865cef7db3
SSDeep: 1536:+EvCbPZFh9Q+DpRjDphDr21OHEFP3AJa9/kF9AuktVCWoM:+FbhFh9Q+DXrr8FPmFiuu5T 		False
...
C:\Users\FD1HVy\Pictures\FFZTJM.gif 8.80 KB MD5: ee0f5a8652a52d002ad0119de8824da9
SHA1: 982921933172bbe131808e99c1319acda9666b43
SHA256: b433db61d38b99bc3f0cb69f866d96aeba766570631cadecfc6db6115ee04787
SSDeep: 192:ujzu33cDCofcamXosT5ijq1MA/TTAe5Rgbk+1rcFFDvpseAb:M5UhYsT53GA/Tce5j+aFhkb 		False
...
C:\Users\FD1HVy\Pictures\iPiG9DnbWOn5Lccr.png 9.98 KB MD5: 792f83047c2199ce08416060f55712ca
SHA1: d6d4c60939e63cb5c488f1047df03005ff4027fc
SHA256: fe2c7e2de022f3baf11a9c4ef3c13347185fb2c7832b80eaa813284d0361e715
SSDeep: 192:FXvf6X2zfDUtwWLsOjAj/4W4inIpz9DrcwJWUJDvpseAS:9H6X2z8LQ4W4/zHcwJWqkS 		False
...
C:\Users\FD1HVy\Pictures\ISwBI.gif 58.56 KB MD5: 5a9f6968be0c281efb83aa4de90131ef
SHA1: 00f38145c174ab0e63ca947db1cf22d0b2d9288f
SHA256: 910ea9ecba6fb2ff6802a95304d36cfaf260debedeae75a91ad39ad851187580
SSDeep: 1536:T1OLeLsrdAqsWIvlzSbQ9Kl09+NbHpdtrhYF5FKjZ3gyN44mT:TcyLsFIviQ9y0UbJdJhYvSZLNDg 		False
...
C:\Users\FD1HVy\Pictures\KHN blqiETx3MDUQXCIP.bmp 82.00 KB MD5: 82207931f757ba8b24e81ab36e759e80
SHA1: 5e3a6553f7ddf5f1a49ffb39d73018fc10e768bd
SHA256: d87542a4a0db29d2d155aace103effce0f9d0823595bca306ba39efd21a5c9b4
SSDeep: 1536:d0eulvfGuBGZhlBiDFTKTtZ1ku2jzlgeO/yDs1mctPMN9uuNW6E39ohE:d0nfGusDywTtAu6zWSCmcybc6r6 		False
...
C:\Users\FD1HVy\Pictures\l-w8ML42eH7z3tMNH.png 38.88 KB MD5: a5cc1eea39c82799afb44372e87e3ace
SHA1: cc7525b39817896488e28dfa0a47fca827305d3b
SHA256: ad4f85e1d03fc415a3c3a9231fc9ddf2936c4971090d94eee2390e4127d9f05d
SSDeep: 768:NwxLBITYD+8kooIZwl3va8+1NpjqbnJL2gSLiuTLzw5n9f4tBuN:UmkCvoxW/a8+JqVygSLiuTL8t9fWBuN 		False
...
C:\Users\FD1HVy\Pictures\lzcdU5diYS_BASUK.png 93.27 KB MD5: 88fdcf40f2304c1130037efae7c6dd19
SHA1: 9be852953514c5ce17ea3aeb694f7d941cff90ec
SHA256: 824d07936ceca6460f6e78daf2c0ff9bde190e2c6878eb5365632292d7fb6ccb
SSDeep: 1536:50N4HRTDl/2DTRgR6STLvv/f2J31Y/8RBep1o2BkFrI+3e+:5JHj/2DTR0pvv32JFSXS2BMrIR+ 		False
...
C:\Users\FD1HVy\Pictures\M1wZLHN6Fkt-r.gif 3.08 KB MD5: 851e9a160348bfb62ea535cce5740bdc
SHA1: 09a6e4d8c247551e8a4f91b1ee56e2e388c0858b
SHA256: 6a21c76b5b4021fe66942ba0694966bdde7124b8e4965dd534b5837ebe190569
SSDeep: 96:T1lba7jZ27/rV4X/zJfkiJeoDjOrv60vRsZJm/oh0b:bavo7h4XNFeoD6DvpseAhw 		False
...
C:\Users\FD1HVy\Pictures\NdP2S1 XoxsMawE7P9M4.bmp 17.81 KB MD5: fc617af47c5ee7717cda51c1efd32a29
SHA1: 3d2ae0dc92755f50a5eee420272d998b5cb9f9bd
SHA256: 3b2b1193805cc4bc1c9163e5e4d44c97e7858fa40c43e7f073411b663c70ec06
SSDeep: 384:T7zvHVJAJftDueRpAJhBFq/9MXuM5ubdxJBdeUF0xJ38l44IinIbskY:fz/YJfEeRpb9MeM5uPAUF0xJj4xq4 		False
...
C:\Users\FD1HVy\Pictures\NwiXzxAjISOq6RX.jpg 66.23 KB MD5: 91865ed35c46b126207eff986553980b
SHA1: 83e21ec591635130abc7b8ef672f04a2f1b5f10b
SHA256: 1ea50bde31bd8c22e76a2b0e430bf7774ee9f722898f9b986e5c5491930f308f
SSDeep: 1536:BtCFRlF+Cx0LgbHOVXFhgwEXCCeG3bVLbUbZOfvovkUzrD:B0dF+CGkDONF2wESaLVbUbZL5D 		False
...
C:\Users\FD1HVy\Pictures\nXyIT0GyxsFB.bmp 24.12 KB MD5: f6db18e8f63fabb99ba351ff7109a0fe
SHA1: e47f97faf39dcd023c1702ae7a73836320937956
SHA256: c4aa1d65fa018ec84a54030ca2dd36f6511d769abf1effadf44e7e81be3914db
SSDeep: 768:IFffj+6JTkpZBEFwF8cM69ojN6jgXpw4f21CWP+GV:IFj+OEGhcFoAjgXVf218E 		False
...
C:\Users\FD1HVy\Pictures\NyCuwZpUZ.png 23.50 KB MD5: e1f2087de0205fbe32b016daa84b6751
SHA1: 2837123019e0c4a6825cda31c30fb2ac93b7856d
SHA256: 77b35ac8759166f78cf92f67da88d4e325b94caaa08c96d065afc0db0109a368
SSDeep: 384:FhXVBhbza+DcItJRaIpWfaIAcWhJ98eTad7j5aGFfXGbgFjuuf9i+aKQJ0wakGO:PlBFaTItJc+Wygana95aaHaKC5 		False
...
C:\Users\FD1HVy\Pictures\NYUV.png 28.52 KB MD5: 400bea0123d85fe5265dadf2b8b153a8
SHA1: 8981c53323708a3ed3b6e30d5b4b0be472462cec
SHA256: c348117e6f1c6d9167b352742f45d2131f6c6497cbb68c5c7ffe86c2d2880172
SSDeep: 384:hLPvxUp8nFiDOR6JpB+nYkYMQUsN+OjTp7CQqJ2V82XA74IJeEbe0lL01kYCUCjq:spyFjRs3sZsZjTNPqQhATJeAe40xWcN 		False
...
C:\Users\FD1HVy\Pictures\o0Nhv6wBAauXXRjT2tXD.png 47.27 KB MD5: 85b3dabdbe79e3ed98641ac0321b54ff
SHA1: 6884795b6844cd3503357275bc56b8be917b5c5c
SHA256: e5e064868ff5ab2d94ff742e5e6e0545a4393a13c73c5480d63908cace077110
SSDeep: 768:ptowRO6CU4BDW3DRPwBvRtH664O3gOpH0DHoZUHHDlX78BuHuzRENi6hsJXSZshE:9CF6TtwdxJ3j0jEUnDpwQOzipsZbdTsF 		False
...
C:\Users\FD1HVy\Pictures\ofGEte5FSqkNeh.png 53.42 KB MD5: 198654c312f7cb0522ab7d27108764d5
SHA1: f030606e10632bb7746a022fbff2a08c2c69e73f
SHA256: 7aa57032342a711b0e723b57820fbe33a72eeb00c8e3fd948d234f964321cfb7
SSDeep: 1536:LhQZ1ybqlbfCmAG+9NH8QBigMvaTQ3WRQGPWWQ0Uw:F4ybwA99ZNLMvaXKAWdM 		False
...
C:\Users\FD1HVy\Pictures\PxAGmyezRVyRmSZAc0.jpg 98.97 KB MD5: 72dccc730ea8f67ea4990923dd12dc25
SHA1: ff414358bb76be2213d079537828409c0cbdaf74
SHA256: 9c6094d6a6ca3f440ceef9598374530c814d04d2996788043dc46b609c98ba75
SSDeep: 1536:Di62u1Gl+vD5vSlSHRGXQnFdPMMSoi9UWGaV74MRRqdkBZANAaiJkUFDAnSKlcGS:lnG+vFvSlSVbkNrNIcJ8nS9LPJv 		False
...
C:\Users\FD1HVy\Pictures\siYWMQkbaR.jpg 10.33 KB MD5: af218046a6cef1cccf69b751adfae1e0
SHA1: 81e5784bba05ed52418eb058935cf3d07751e0a6
SHA256: 9f460ee99759d147e656de86412fefe42c1d5e1fda5e7e1115a2d4134cc32e5f
SSDeep: 192:2/5i43bXxYMEda6R3qQa0dZFNLs3F9PDD8wjIBU14EXSm+3k2fhDvpseAG:khNYME9vaM+RDtsOSmilVkG 		False
...
C:\Users\FD1HVy\Pictures\T333.gif 42.72 KB MD5: 827e3508413fa76e4841989ebe7eea98
SHA1: 4df101cfd41a8cf812c97b3bc712353d855f2282
SHA256: 705bbb8485eb4960a47c351b1b6dbe3b84d7e596d71a5ef95f5fb7453b3acc45
SSDeep: 768:lUzc5PGLBgeiO7n1MkJm4GQB5if3fHMdKkYBm1igXURDZYTBrUOfPnvq4Bg:lUz0wBCMlo4ZB563PvBg3XoSrHnvq4Bg 		False
...
C:\Users\FD1HVy\Pictures\Tcd9M dgrM7.jpg 17.16 KB MD5: c3db873d3de60a4b1d42c4abbefbbb19
SHA1: ea49326c127dd59460b36f2b41e94b4aa9ef9ca4
SHA256: cf2ff4a653dc07e43f04d7e1553f58fa587269b7ec0b34f6a474c528d621d9a5
SSDeep: 384:8XJUIRtqs8b0XOyorEY+g/kqxeq1cdz2pWqk34in0BANF2meNvupjePaVk1t7Ea+:8XOIRtqs8gtQR/0ldz2s/IRANFB4ojge 		False
...
C:\Users\FD1HVy\Pictures\xnkbNTgPvTY.bmp 87.92 KB MD5: 76c8426ec7d9ba4d09858ba9fae7cae2
SHA1: 953cfd352f162908acefb3f4ed8aa9eda0a0114b
SHA256: c68375edada46dbb477bb613d4bd9fe4b8813b3d9166e2fdbf607e300343f1ef
SSDeep: 1536:6QYvAW2dojWVep+tRzhZ83hRz0TvAoWQJo/hnu0uynCDZGWYe99b2apGeT6:Wkoy9RNZWRgTtWQgZuwCFGWFON 		False
...
C:\Users\FD1HVy\Pictures\XT8TZGP8nb_M.gif 91.97 KB MD5: 0e0a9ec158dd80c8197fba20f0e49194
SHA1: f55d94f738b304f1edad7703c2eb70e332611264
SHA256: 9bb97cdac517e3a4b187e77f369a92cef337ed69b496948baf34de6ddc963f27
SSDeep: 1536:zmUta2VdvKel5N9zrkD1abKPwjkf2ZVIa9kram2hF/y5NhTRNTY3HT:zxf7hrmWlkaVi0y5LyHT 		False
...
C:\Users\FD1HVy\Pictures\YBTX2K.png 94.82 KB MD5: d5b6e3ab196af48bdd14a9b40b96a7e6
SHA1: 258e25681dda083889a9637f0f674398c51bf3d3
SHA256: 8e7977d4fa926f11d1c66257edd4795adb1b1e6364494652ea0bd55b0ce7fd6d
SSDeep: 1536:UMmoiuQWKOMHgVhl8IgIJupm2gbaPXRmPsTKMdcIBIQgsG7UsR1+Segi2k:UPVLYMAzl8IgIJuRgbiXdOMdf6IsP4T 		False
...
C:\Users\FD1HVy\Pictures\YU pTz2YsRXNYdiKDM.gif 47.69 KB MD5: 476983d564352b410bf6fa709f064f61
SHA1: 8db8fab1b33a72edb6472ed10968940d4c65d3ad
SHA256: b57660d705e94928cd2ad1157f6cce19172af404eefbf8f26247db412dddd71c
SSDeep: 768:yt7LiuAUU+BpPlOp1MZG8pUnI2ZD9iWO5MqEUAeMlD+UyPGcAfVOAge+Wf3PDApL:ytnQpCGZII9O5MqEUAeCJvzfV/genf3e 		False
...
C:\Users\FD1HVy\Pictures\yWGb9EM5K6eaJ.png 27.48 KB MD5: c5189e282cc076fb4c298e753e6834d0
SHA1: 796ab1911101aff5b19019ca4ff0b9c4dedf9f4c
SHA256: 2102f83e93cdc0ee37ece7cbeb2bdf6957896e77fcc153028168f48972b1541f
SSDeep: 768:JmGDruUJ6kEK89+cWE1TCqwkbZI70UF/e:JXkWE1Tp5beI+G 		False
...
C:\Users\FD1HVy\Pictures\zj2VFMQGp.gif 85.16 KB MD5: 258ab2f9f918e42ca4211b7f9e8073ec
SHA1: df8a872709810faad164fe07f69bbc29b374d250
SHA256: 9c3e4d20822af6c28ce9c54aa702fafd4e0d070a66e1e5ee1fff1d892228d13b
SSDeep: 1536:iox5DjN6tehfUmpLdFAXdihRE2c2YgyL+UMQysvmpY0oOQNfUTglp:Rx5fN6tehfUSLLad2cgYIM6YlZNsQ 		False
...
C:\Users\FD1HVy\Pictures\ZXNoV6pTeigFzJ_.jpg 67.80 KB MD5: e525880569538973311bfd12f5058614
SHA1: 36b4078830f01fce8b88002fe831cd2eb59151fd
SHA256: db77b57fed52e8d04606c92f7875c7d50f3b3e62d9a2d187868ac9002a23bf25
SSDeep: 1536:rM4TlGqoKwu68SoHpQNyqVnJLVYQct0JiUUkIXPtSs:rMclSB/Md+VYvBfZ1j 		False
...
C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini 1.11 KB MD5: 754ff018c09eccfed7ebb63a4face566
SHA1: 51a243a95103fd06bd4f46f3f8dc6c613dcac9ba
SHA256: dc880f5556f66d64bf644ffce5d50c995928fac46bdfb8d791816d5aa24d31c7
SSDeep: 24:UdaeSnCbKau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR89V:UinCb1rv6AkqTvRsAAJoD/1+6V 		False
...
C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini 1.11 KB MD5: 189405b73b8252d43a0044de2893ea9f
SHA1: fbb55a125934e3a84781c2a3382b60c9a7ddfa4b
SHA256: 46296e74456098066cd89f8ef2b4fe63e9d31a3a02ee587be002a3189b6f05d1
SSDeep: 24:lVjv8925I35B5Cau0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8pP:lVjvG3j5Nrv6AkqTvRsAAJoD/1+IP 		False
...
C:\Users\FD1HVy\OneDrive\desktop.ini 1.03 KB MD5: 581ac16f227a4b12a8c1f79e44df464b
SHA1: 54d49dab5e8703d51a3825997a1b4986a5571ba5
SHA256: 3f952dc7b58ce3e1e44657c1eb7a045cead9c2e35f8fa80fade6fc8b6953ed02
SSDeep: 24:bhtgY2t+dbu3au0Ftv6AzIqSgwYRsbliY9Jo9hMix1MR8FAH0:bh27srv6AkqTvRsAAJoD/1+ZU 		False
...
C:\Users\FD1HVy\Music\1_zlm.mp3 88.81 KB MD5: 5f9c821de6fcb35dc0e9d4d59cc85e19
SHA1: 809e5593756050840ffd8171f1d801037eadf198
SHA256: b5741d5b2b8c230ee0a070daff66f6ee0162918d3725e0966a56b3b868f39ef5
SSDeep: 1536:6lWVOEDUm87fnDSQzly7h3ICSYDUZHMZN3IsSLtDE/rvsBPcJSELo4d2TBU09wEK:yWVPD87fJlimYDU1KzSRE48Ro4d2DqEK 		False
...
C:\Users\FD1HVy\Music\desktop.ini 1.42 KB MD5: 1f995b6dd27dbdf6bb2fba38863a011a
SHA1: aa0cfd6429baa8b83895e2d4d44e38b12c7bec5f
SHA256: 3474d70dc659309b00791243b5cd27dbaac23e123beaf8994965d6dfdbc00540
SSDeep: 24:T7pWOFXvEGqZPNtoZ4cl5ivEXQAvzVjFZwdX8lQgAXG9au0Ftv6AzIqSgwYRsbl8:QOF/5qZ7oZ4cPnBjXN2WOrv6AkqTvRs6 		False
...
C:\Users\FD1HVy\Music\Faq2bp18.mp3 58.08 KB MD5: 3bbc8f23c967e49481371437f7468f2f
SHA1: 376e84b2ad3a5504e46ba94f3a1c4b999c2cf9b4
SHA256: dbee6631b0f40366421fac5a177a7d3236d0bf173c26143a575674108da91d7e
SSDeep: 1536:4vI1NAv0DuslKhnJk8xK2gm15Nn9ObqJMzP//qYES0m5r:vE0SJk8x7/fN9XA/fESr5r 		False
...
C:\Users\FD1HVy\Music\PvZb.mp3 33.92 KB MD5: 3ac5ab3b65ce97bdacefa49656296ebe
SHA1: a52061ae11c7c4b2d1228973d648fed82c8e9835
SHA256: b7a3776b2b6c5cd89e392c8d0449bd747f4dd6813c2ce2902ae2ffb4923ff7e0
SSDeep: 768:2qNLecyCM0dOEEAh+wXNNQ9xWrOefn110BBtRGBMBN:3qP7oOxiVTpqeP112tRyM/ 		False
...
C:\Users\FD1HVy\Music\Q4s2ptq2.m4a 44.69 KB MD5: 3dcb46fdd5ddf0081f874bf1f84b6016
SHA1: 1d886f01785dfa0e7a6f10babac51dc4892e6081
SHA256: 807135b11ab8256e8fd528d50f48f021b41af31c1525646ace5ffe853f9975c8
SSDeep: 768:ruGyPvg17+rmBjmkRUqBlsd83HpyXNMipSMSD9c0tJuOFJpUnnwhrPw1Zndb:ruHvg1yrwmETad83Hp50S+uWwhbwJ 		False
...
C:\Users\FD1HVy\Music\WnzFd.mp3 85.45 KB MD5: b758bce383ea9f6192cfb7ec8592dda4
SHA1: a885b1cc57228034a9629e56b040010661a73fb9
SHA256: 4b028037b749eaf1dcbe5a607ddbbf0e09d708b8d647e8776eeca2c13c5d2c0a
SSDeep: 1536:Y+TQm1XHdWNgj3HGO0fLbyJmYx+LWAMm8XXtzhnzkL4c141qfMIxabW:lcm9c2j2Oeifx+yrmSXhhIL4c5fhabW 		False
...
C:\Users\FD1HVy\Music\f9Y8dx-\IXGTQQAcvQ.wav 7.09 KB MD5: ce105bd89c4fd7986acd3d0a2d267792
SHA1: d250fb8616968cbfb0b04827a6989aa6f759ffc7
SHA256: e13d97913c3fb3034e9bbced94c8f5bcc8ffb7c253e71490b2d087f33cae7091
SSDeep: 192:xEt85p3CLzHSkoXv8jQWPwzVRTuLKGMvUK8JUDvpseA0:xEtQ3ygXv85y7iBMMKUCk0 		False
...
C:\Users\FD1HVy\Music\f9Y8dx-\kupntcSqN.mp3 32.33 KB MD5: fb44aaaef0137eed0b4c2ced216c874a
SHA1: 4b406c6ff5b182948864009350e84815f352793c
SHA256: eaa07e17ce132e3e5a872fb96aebf3e312f31d7d34aee6a04e3124054f243d82
SSDeep: 768:k5US6QAXu/jk0lupDjOGR2vzOEQSYp2R2f/dp8m+A:kAQA+jk0UfKz/Af/dp8m1 		False
...
C:\Users\FD1HVy\Music\f9Y8dx-\uulyokO0sZL4s.m4a 27.28 KB MD5: 97ac649dbb0f1c13ae306b198ddb2b32
SHA1: a7a9feb27f4d3f42696ce0f630b9bc47603fb2a3
SHA256: f661b03b244ae579049ab14565648377ec78f9f4e90765694aead9882cc4ca1d
SSDeep: 768:5t84tReLFlL+CWdqIEnciRz8tqEg0v7nXP3hwC:5t847eJlyCWdinhzjt07XPyC 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\jqyCF3Kx006 jNKpA.wav 70.02 KB MD5: 6e730dbab4e051dd56429eefd00a098a
SHA1: cd654c97866ba24b9d77120b2c3ceadb99433d89
SHA256: 42b38b17a7851bda3c8af13a82efc9d900490a5e3117bdd522eb173237756a0f
SSDeep: 1536:A3l7tBfVFhZ+ZM1EIBdRYzAE+1nlRp/lS/AivEZ2OCfbrmeIOW8y4KBxc8H:kttBfb+ZMSmdCzAE+1nPptu8zQ/mes80 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\LY325VqD.wav 23.00 KB MD5: 7edb89a946ab0616e0f1253563e7ecbf
SHA1: 3baf1f24a5d421a1543cfa93407888b07ca2638a
SHA256: 046bc9f90f87399837556fd6b44786035e4d93240ed3364f309f3343f2a93688
SSDeep: 384:35K+o0yB80LkYqW6/6vrb/wpBVFYCTSWw8vSykqLWIbjKrY4f7VyQyQQiOwL2P8J:35Ly5rqWvDLwrYCTzvWqLpbjcVsSyP8J 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\qckyy-4-m.wav 16.17 KB MD5: d067ba1214b013a44726dd7b6b75976e
SHA1: 4f4760cfead6ff609df22c9342fb1ea6d6a4d2e5
SHA256: 3a771a33475e6b0781e460d4064383faff6bf9c5d2a3ea6f826267fd00895872
SSDeep: 384:P4dzqVB3OWvY40XaoeqqCq1cf8CVngYfyE613z3qFRcDQ3QACqmoZaUkh:P0zONbQ1baWfBVn/6I3zCwZa5 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\-eMcFt1lTpcIk.m4a 3.39 KB MD5: cb9dd68f45b8129ed1d03d61ed53d25d
SHA1: 487bbe450d1effe8e199d4c8a547751f6b81a579
SHA256: 02361ed84cac619a649428d8eef3cf41a63e3535a0e16c8532c92005134e9d9d
SSDeep: 96:qK79GlKQcQB6nmQgq5Ztm2Baa14+PjZrrv60vRsZJm/ox:qK5gXIoq5HBBaae+rhDvpseAx 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\HHZsqNo.wav 2.19 KB MD5: da9fdf39c8710a02fbf69bfa80c885df
SHA1: 918b086ed803122810298052033934a9c009fe94
SHA256: 1aa46f9c303deb1eb98deefdee3b2b4d263696f603fa29d8957ccf23bf15dbc3
SSDeep: 48:xntcCtlK5eq5R28pBa7qQXZ5bSLrv6AkqTvRsAAJoD/1+DJO:FtVKFr28pBa7qaZErv60vRsZJm/oA 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\s1sEELv-P.wav 86.83 KB MD5: f0eb96f072a1354aa13c704667020db1
SHA1: 2936c51a5aa79e478f563e8f0bdbfa3e693a0d77
SHA256: 0a38032a31e91813ab03430bc3e8477fd7cc9fda966518340eb2373932449fc2
SSDeep: 1536:lFH7vfa3bXacORu7YP0X1jdG05doA3qwxeDNA44sU/TIkW7nDQG61TElFC:l93arach8M5dp5dh3F4DNAnsU/TwDQhB 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\KAwef_CpO2I6YOJ7bT.m4a 26.73 KB MD5: 4d544ed00e386853c77de7f0b0e342b9
SHA1: 2aeb3ca6ec2ea6440b1660774abe18d4c64748b5
SHA256: 058b7c6ec55cd7156fe2bf720736bdf6dbea7f251c131085c9f7073152027d69
SSDeep: 384:/olisV7dto4laCdrBgELym61QE7zRi581qtm5N97QhWSHM9/ukr2tKwa7PELKGy/:1sZo4laUum6SEJibEdMMLrqKwW8K/Sy 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\oUwDwHpc7yvxphvDrY.mp3 36.83 KB MD5: aae646f850a2e991171d4606b80e5258
SHA1: 0ea30a4199479122fa6f0bec02ef1060d3eca97e
SHA256: 33e40a650051569ea34576e36da5160e37b2ef41cc7aa781425f86768ae11027
SSDeep: 768:K7iuW3eyHy5Kj3XqGfW4tvuuvbXnrsjo8qB8loos8ckT:q5yRoKj3XXW4t2mDng88J5sr4 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\PXt_aUReRHQ_ubQ3.mp3 71.73 KB MD5: d984f4f3ba7028735ee9ee659c145655
SHA1: 3eafae5326c5faf70ca99ae99086115024df87c4
SHA256: a1e7896f25e823f5d0d7ceafbecf883701e2a2f7cb038537d6a2ff2368db5345
SSDeep: 1536:vNDjECSHQqs9HVPelwJlTeO1gi+qEJUZEzilmtvErSFGPkLxF:FfWHnshWkTeOgPUZEHFGCxF 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\GWdFXKk5.wav 68.97 KB MD5: cd16d912388d6338d35dffe8717d242b
SHA1: 26ff149e4a8f99c7c0575ed977ca4b94d0bac5b3
SHA256: a25ada5ef0e74cc36ab598e14532ffc306b0f8ec77e74bca7beb4a78f6e43162
SSDeep: 1536:dfnqWok7rzQbvoKK3+OvtCa4xJ2E+Z9yM83quh/3UCrLesqDe:dok7v8ojOcm0RwMm3UCHX 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\iPKgYx-e.wav 39.42 KB MD5: 0fb78aef9472bc86b8110d4c7455141e
SHA1: e647860c87b831ef39d40911736e0846ec6840e2
SHA256: c1843a661827b3cadf3806b8313184c1334f8c617ba2acf310493ddc0c9ca280
SSDeep: 768:Zok4SHxVQ6kcqtW28ILIwpMfJjNZ7T9u6bWql4bxblXgMaN:OklRr28KFCpv7QElW1fU 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\ZipKeGLiNvFiFN_Dai.wav 44.44 KB MD5: eb7c1de23d177f808db66a4cb9f1b243
SHA1: 1527e687f14c1762d9d2cfb4455601a8879c48e1
SHA256: ec9f4a6ba6fb09ecee234b197449f2ea4e34df285e85dfeaec596bab39e452f7
SSDeep: 768:U6k0BDf4cZfuAL6heCSWeKLHyeyx4vZX1CUfKQXpEe6XmwvlzUX+YU8Ujs:UB0BDf4Ra6QXWryIZNfKqptQlzxI 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\LM4F-Q9mEj1iog.m4a 19.64 KB MD5: 037f1a7c2d9bfacee4874eb685dd4270
SHA1: f7a3848f7c113efb65547ba73fbcc8443c3c1330
SHA256: c81d9b985feb8257a676c8fae05289a40267ef0094101c0b32b3928a470bc33e
SSDeep: 384:cA2N1sJ7azbZ1qdXv4n4rBJ+tQqV2UEu+uHk2:cZNIazbbn4rBJYnFEubr 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\qTZ_rt3NhfeWG-dwmp.mp3 15.57 KB MD5: 9c765851549f06e197e2775ca4c5c343
SHA1: 3f31bae6e303dda64d596fac78735c61dacf5897
SHA256: ec349e8c3648da798610d8fc8728035bebb0942e7cfda234dde63d30470e7428
SSDeep: 384:WhHHje9om8nOOKs+ESfMlanIM3cRPxyikm:WhHHq9omfsD3lEIM2x 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\XQ-rsbyj0qzm.mp3 77.01 KB MD5: f990591e9d1a52822ba4520dced7a408
SHA1: ab8147f2eeedaae5252884ace9aa051e9b93ac85
SHA256: a365d995e76b376f9fd7af8eae55d3cf125b1a6effd86a4f4c79976e9b41b80f
SSDeep: 1536:ip4In1O2eYwywM62Ax6AywbgxCxWRVXtj9aPtF116xC/l7q9:84Inbwdhy0gxjV9ZEWxr9 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\60UrEB nNZ.mp3 58.22 KB MD5: d9ac5d8bf63ddd291ecbf3972c370648
SHA1: d31aa07cfda791732179ac0ae601f0502daa1159
SHA256: e14b28d9243e3d4cf46345ac94ee7d404edbf31a78d1863556c3f61db56f33ff
SSDeep: 1536:beDPOgokZivJfyxl0f7/snhV50L41uxVZ2lNmlAswT:boW3eUyxlMDyR0L+uxqjHP 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\8xod8JR wYWOtLbR.wav 61.80 KB MD5: 70b8542f0ff777e0d648ce888620ac09
SHA1: 7ab4e26ca4a29924950e0961250d8a9d3eef0446
SHA256: 66f3d94fbc6069011b2e7af6a9a117bc9a5fdc6e4f0d506258930e9a310e00c2
SSDeep: 1536:swvoXDM9rShThDnXGZT40J2WCZcXWMgZSvj2:swwT+4T9GZTlwcnYSC 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\pHNh8pr9MG.wav 98.00 KB MD5: 7eca1d448cfb7716eecc173d89a55da9
SHA1: 40bf72450a24cce93f9354822706d6b25cb640b7
SHA256: cf11263d0f356c8fe388afbaf408db4617c42e0550ed46b460b60f63f597fe50
SSDeep: 3072:YyEM5MUREjr4hqP7tqJ6CsDL4rsdXs4RjIMrDgvjtNpX85ME:DEzPjraM+CLNC4PWFu3 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\fi4GXHvoE.m4a 70.09 KB MD5: ff846eafce1ba152e294e99a931c0d46
SHA1: 25ca00d4ec7188b7f572c1308b7ce00bfc93e042
SHA256: 1fca27202a97d225371b55f20c7909ab9b68c683581eb8032f46951ee14fa421
SSDeep: 1536:s8UDShhmsby6Yq2w9FKf8i2zqrWgoMHyzmJibkcDSuZ6w:s8/C6Yq8fl2EWgoMsMcHZb 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\lwbM.m4a 15.49 KB MD5: 2a83521ba0c738e6e81578428666dbcc
SHA1: c8921bb540f86a3bc830a42340496aa950f5c7a1
SHA256: f2b7040d91d348a6a95137c8eff49b91e05e952627f9e3c63c1e184aba4aaf1f
SSDeep: 384:/QKgTEZ1T+OC4dGA4YRKFm8krQIgh0HLDqkm0:/QxT86O/dt4YRKxN8h 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\npfoUNG.mp3 59.36 KB MD5: f306956c8597a0e386195fcbf44453a9
SHA1: deda1ff2d5536c15ce509e216f2f80bb16f02a6f
SHA256: c6328494252e49a53696d3432e308759c62dce2a64ff7dd63938ba436c825436
SSDeep: 1536:763rOPkMrMdvnk/YKC0esDl4UDUYV6uEVwf9w:7fAKwKCCDlYuE2fG 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\oESa-56Lwow.wav 97.97 KB MD5: 37624a9e52bdfe63bcdda4cb43dd9277
SHA1: a2906a405ec9c001ab747668590091ce8605e882
SHA256: 5e96f773a3a0246ef677498f450add493a753ac16675cd7da8276aeb19a4a395
SSDeep: 1536:eWjoC6o0n1KQBhPq/gTAtry9iTQU3NxLLw3fO/xz35hkWWrFxZcMKpO3+yMN:eWjoo0kAh9009U333wm/xTwBrGJN 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\sRDmYrpUcB.wav 33.59 KB MD5: 4723c284aab64f380559c85efa370dc7
SHA1: 69d649dd7e5c14ef549de79f515d35df2843ee30
SHA256: e81c7b0821ef88afc68965b1f2f5088d56aceb8d569b865161875b60374cbfd8
SSDeep: 768:5Fhnx0FAKd+pe6ckjKX8i4Kiw2NRGbBDsWrpRKyiWnEY:5Fr0FA7yKKsT4Z1Kyia 		False
...
C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\uwpIml4ss_wW9q.mp3 6.67 KB MD5: 52fe27e45c39ced84113d126c8d4356d
SHA1: 59bc5ae50aa9b22338ea70dedc1e745b2b6db9e3
SHA256: 28a44b50c6612a686040fe7c28c37c9c5cbdd63b7ba9380b2bdb0a420b3cc067
SSDeep: 192:yt24c2dZ5enBpOJmriLD7zvjUGiDvpseAF:ytlc2MK4gTgPkF 		False
...
Host Behavior
File (14797)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\Public\987D0A577E52701B2BC411B375E79D954AE4355674A1B58EA37913B0886E2882 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\$WINRE_BACKUP_PARTITION.MARKER desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\BOOTNXT desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\BOOTSECT.BAK desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\hiberfil.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\pagefile.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\swapfile.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Windows10Upgrade\appraiserxp.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\bootsect.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\Configuration.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\cosquery.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\DevInv.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\downloader.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\DW20.EXE desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\DWDCW20.DLL desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\DWTRIG20.EXE desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\EnableWiFiTracing.cmd desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\ESDHelper.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\esdstub.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\GatherOSState.EXE desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\GetCurrentDeploy.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\GetCurrentOOBE.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\GetCurrentRollback.EXE desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\HttpHelper.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\PostOOBEScript.cmd desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\upgrader_default.log desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\upgrader_win10.log desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\wimgapi.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\windlp.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\Windows10UpgraderApp.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\WinREBootApp32.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\WinREBootApp64.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\hwcompatShared.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\block.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\bluelogo.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\bullet.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default_eos.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default_eos.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default_oobe.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default_oobe.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\eula.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\GetStarted.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\loading.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\lock.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\logo.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\marketing.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\pass.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\BiosBlocks.xml desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\i386\hwcompat.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\hwexclude.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\nxquery.cat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\nxquery.inf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\NXQuery.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\hwcompat.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\hwexclude.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\nxquery.cat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\nxquery.inf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\NXQuery.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\dll2\webservices.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\dll2\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\dll1\cosqueryxp.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\dll1\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\dll1\wdscore.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\dll1\webservices.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\2052\DWINTL20.DLL desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\2052\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Videos\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Videos\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Pictures\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Music\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Music\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Libraries\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Libraries\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Libraries\RecordedTV.library-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Downloads\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Downloads\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Documents\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Documents\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Desktop\Acrobat Reader DC.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Desktop\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Desktop\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Desktop\Google Chrome.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Desktop\Mozilla Firefox.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\AccountPictures\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\AccountPictures\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\NTUSER.DAT desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\ntuser.dat.LOG1 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\ntuser.dat.LOG2 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\ntuser.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\2G4jHr_jKsfJA-R.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\7ZAQ_8-z.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\n3vlmZ6-.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\tO9pAo.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\xmT13G_wqq.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Jl0C.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\UHxSn8V6bAV.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\46Y sA4xqn1mkiWfe4.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\EAExctTFQPMl8WtaYS.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\Pb9eQoao SP.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\bh AN-eEd3pAd.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\sfAW.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\1ny84OLSFqFQ9.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\2RV7ZqtkIQAy.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\RbHKQb.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\Z5Ha.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\b4iPziHdJp0rZ.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\HrWnwNEc.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\jEPjuBAsOvP1O7SS4rI1.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\N6mOHgddbvke6KjX.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\tnr9kITOz2NeRQ_.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\wvm_YPLQQnYUMnD1hGKw.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\g4fjfKB2.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\LB 3vCSyt.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\Pam-rO9WSYDB5Aau0.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\pH7Yo0Q.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\UTKSb4.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\YI0OJ.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Searches\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Searches\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Searches\Everywhere.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Searches\Indexed Locations.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Saved Games\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Saved Games\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Pictures\-2zw.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Pictures\-b02kVqWvf.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\1gNasKYorpdQ71V5s.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\2WNpPaYQ7bCH6uHV-Wi.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\5Mc5tu.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\a-l cZ2WhL3Gi9EP91pv.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\AAfDEiE2PNHO9chgg.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\AEeie.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\atmBsJmJ.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\a_cHEoVLcdMdko0UNSN.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\DHNDov5.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\dW 4vWF3KS.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\EwKDZvQL.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\FFZTJM.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\iPiG9DnbWOn5Lccr.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\ISwBI.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\KHN blqiETx3MDUQXCIP.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\l-w8ML42eH7z3tMNH.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\lzcdU5diYS_BASUK.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\M1wZLHN6Fkt-r.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\NdP2S1 XoxsMawE7P9M4.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\NwiXzxAjISOq6RX.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\nXyIT0GyxsFB.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\NyCuwZpUZ.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\NYUV.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\o0Nhv6wBAauXXRjT2tXD.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\ofGEte5FSqkNeh.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\PxAGmyezRVyRmSZAc0.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\siYWMQkbaR.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\T333.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Tcd9M dgrM7.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\xnkbNTgPvTY.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\XT8TZGP8nb_M.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\YBTX2K.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\YU pTz2YsRXNYdiKDM.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\yWGb9EM5K6eaJ.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\zj2VFMQGp.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\ZXNoV6pTeigFzJ_.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Saved Pictures\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Camera Roll\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\OneDrive\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\OneDrive\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\1_zlm.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\Faq2bp18.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\PvZb.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\Q4s2ptq2.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\WnzFd.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\f9Y8dx-\IXGTQQAcvQ.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\f9Y8dx-\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\f9Y8dx-\kupntcSqN.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\f9Y8dx-\uulyokO0sZL4s.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\jqyCF3Kx006 jNKpA.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\LY325VqD.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\qckyy-4-m.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\-eMcFt1lTpcIk.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\HHZsqNo.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\s1sEELv-P.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\KAwef_CpO2I6YOJ7bT.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\oUwDwHpc7yvxphvDrY.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\PXt_aUReRHQ_ubQ3.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\GWdFXKk5.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\iPKgYx-e.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\ZipKeGLiNvFiFN_Dai.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\LM4F-Q9mEj1iog.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\qTZ_rt3NhfeWG-dwmp.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\XQ-rsbyj0qzm.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\60UrEB nNZ.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\8xod8JR wYWOtLbR.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\pHNh8pr9MG.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\fi4GXHvoE.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\lwbM.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\npfoUNG.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\oESa-56Lwow.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\sRDmYrpUcB.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\uwpIml4ss_wW9q.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\4ATtLPU.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\4Jnf1ouQEG6aHo2ckE87.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\hX-fIvuqQP.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\Rblpx.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\Tl4wJ5ltjPGm_.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\tLv2P49E.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Links\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Links\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Links\Desktop.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Links\Downloads.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Links\OneDrive.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Favorites\Bing.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Favorites\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Favorites\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Favorites\Links\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Favorites\Links\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Downloads\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Downloads\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\1U69-uoew0.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\how_to_back_files.html desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\6mKhK_9dE.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Local\svchost.exe type = file_attributes False 1
Fn
Get Info C:\$WINRE_BACKUP_PARTITION.MARKER type = size, size_out = 0 True 1
Fn
Get Info C:\BOOTNXT type = size, size_out = 1 True 1
Fn
Get Info C:\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\BOOTSECT.BAK type = size, size_out = 8192 True 1
Fn
Get Info C:\how_to_back_files.html type = file_attributes True 1
Fn
Get Info C:\Windows10Upgrade\appraiserxp.dll type = size, size_out = 459976 True 1
Fn
Get Info C:\Windows10Upgrade\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\bootsect.exe type = size, size_out = 118472 True 1
Fn
Get Info C:\Windows10Upgrade\how_to_back_files.html type = file_attributes True 24
Fn
Get Info C:\Windows10Upgrade\Configuration.ini type = size, size_out = 212 True 1
Fn
Get Info C:\Windows10Upgrade\cosquery.dll type = size, size_out = 61640 True 1
Fn
Get Info C:\Windows10Upgrade\DevInv.dll type = size, size_out = 329928 True 1
Fn
Get Info C:\Windows10Upgrade\downloader.dll type = size, size_out = 206536 True 1
Fn
Get Info C:\Windows10Upgrade\DW20.EXE type = size, size_out = 643784 True 1
Fn
Get Info C:\Windows10Upgrade\DWDCW20.DLL type = size, size_out = 49864 True 1
Fn
Get Info C:\Windows10Upgrade\DWTRIG20.EXE type = size, size_out = 45768 True 1
Fn
Get Info C:\Windows10Upgrade\EnableWiFiTracing.cmd type = size, size_out = 9810 True 1
Fn
Get Info C:\Windows10Upgrade\ESDHelper.dll type = size, size_out = 68808 True 1
Fn
Get Info C:\Windows10Upgrade\esdstub.dll type = size, size_out = 40648 True 1
Fn
Get Info C:\Windows10Upgrade\GatherOSState.EXE type = size, size_out = 564936 True 1
Fn
Get Info C:\Windows10Upgrade\GetCurrentDeploy.dll type = size, size_out = 539848 True 1
Fn
Get Info C:\Windows10Upgrade\GetCurrentOOBE.dll type = size, size_out = 144072 True 1
Fn
Get Info C:\Windows10Upgrade\GetCurrentRollback.EXE type = size, size_out = 73416 True 1
Fn
Get Info C:\Windows10Upgrade\HttpHelper.exe type = size, size_out = 27848 True 1
Fn
Get Info C:\Windows10Upgrade\PostOOBEScript.cmd type = size, size_out = 577 True 1
Fn
Get Info C:\Windows10Upgrade\upgrader_default.log type = size, size_out = 250186 True 1
Fn
Get Info C:\Windows10Upgrade\upgrader_win10.log type = size, size_out = 20548 True 1
Fn
Get Info C:\Windows10Upgrade\wimgapi.dll type = size, size_out = 557256 True 1
Fn
Get Info C:\Windows10Upgrade\windlp.dll type = size, size_out = 915656 True 1
Fn
Get Info C:\Windows10Upgrade\Windows10UpgraderApp.exe type = size, size_out = 1415880 True 1
Fn
Get Info C:\Windows10Upgrade\WinREBootApp32.exe type = size, size_out = 25288 True 1
Fn
Get Info C:\Windows10Upgrade\WinREBootApp64.exe type = size, size_out = 25800 True 1
Fn
Get Info C:\Windows10Upgrade\resources\hwcompatShared.txt type = size, size_out = 825371 True 1
Fn
Get Info C:\Windows10Upgrade\resources\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\block.png type = size, size_out = 919 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\bluelogo.png type = size, size_out = 7080 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\how_to_back_files.html type = file_attributes True 19
Fn
Get Info C:\Windows10Upgrade\resources\ux\bullet.png type = size, size_out = 221 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default.css type = size, size_out = 5767 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default.htm type = size, size_out = 62541 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default_eos.css type = size, size_out = 6700 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default_eos.htm type = size, size_out = 55866 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default_oobe.css type = size, size_out = 5224 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default_oobe.htm type = size, size_out = 65710 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\eula.css type = size, size_out = 82 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\GetStarted.png type = size, size_out = 3824 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png type = size, size_out = 4067 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\loading.gif type = size, size_out = 17395 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\lock.png type = size, size_out = 3677 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\logo.png type = size, size_out = 2611 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\marketing.png type = size, size_out = 493 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht type = size, size_out = 622093 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png type = size, size_out = 2165 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png type = size, size_out = 2212 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\pass.png type = size, size_out = 1822 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js type = size, size_out = 1283526 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js type = size, size_out = 3046842 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\how_to_back_files.html type = file_attributes True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css type = size, size_out = 40953 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css type = size, size_out = 269159 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\how_to_back_files.html type = file_attributes True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm type = size, size_out = 110445 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm type = size, size_out = 253453 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\how_to_back_files.html type = file_attributes True 38
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm type = size, size_out = 83315 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm type = size, size_out = 65173 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm type = size, size_out = 70461 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm type = size, size_out = 239446 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm type = size, size_out = 58549 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm type = size, size_out = 58549 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm type = size, size_out = 69816 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm type = size, size_out = 69816 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm type = size, size_out = 63101 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm type = size, size_out = 70746 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm type = size, size_out = 69386 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm type = size, size_out = 69386 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm type = size, size_out = 864647 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm type = size, size_out = 64872 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm type = size, size_out = 84570 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm type = size, size_out = 69485 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm type = size, size_out = 210254 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm type = size, size_out = 634083 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm type = size, size_out = 76091 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm type = size, size_out = 83909 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm type = size, size_out = 67188 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm type = size, size_out = 67224 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm type = size, size_out = 81812 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm type = size, size_out = 68292 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm type = size, size_out = 71054 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm type = size, size_out = 78176 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm type = size, size_out = 283852 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm type = size, size_out = 81953 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm type = size, size_out = 66159 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm type = size, size_out = 75552 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm type = size, size_out = 70391 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm type = size, size_out = 254145 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm type = size, size_out = 75137 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm type = size, size_out = 266731 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm type = size, size_out = 126241 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm type = size, size_out = 147140 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm type = size, size_out = 147140 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\BiosBlocks.xml type = size, size_out = 91648 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\hwcompat.txt type = size, size_out = 16497 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\how_to_back_files.html type = file_attributes True 5
Fn
Get Info C:\Windows10Upgrade\resources\i386\hwexclude.txt type = size, size_out = 2263 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\nxquery.cat type = size, size_out = 9860 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\nxquery.inf type = size, size_out = 1495 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\NXQuery.sys type = size, size_out = 20144 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml type = size, size_out = 93884 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\hwcompat.txt type = size, size_out = 73135 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\how_to_back_files.html type = file_attributes True 5
Fn
Get Info C:\Windows10Upgrade\resources\amd64\hwexclude.txt type = size, size_out = 2317 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\nxquery.cat type = size, size_out = 9910 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\nxquery.inf type = size, size_out = 1495 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\NXQuery.sys type = size, size_out = 20656 True 1
Fn
Get Info C:\Windows10Upgrade\dll2\webservices.dll type = size, size_out = 754688 True 1
Fn
Get Info C:\Windows10Upgrade\dll2\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\dll1\cosqueryxp.dll type = size, size_out = 132296 True 1
Fn
Get Info C:\Windows10Upgrade\dll1\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\dll1\wdscore.dll type = size, size_out = 241864 True 1
Fn
Get Info C:\Windows10Upgrade\dll1\how_to_back_files.html type = file_attributes True 2
Fn
Get Info C:\Windows10Upgrade\dll1\webservices.dll type = size, size_out = 958152 True 1
Fn
Get Info C:\Windows10Upgrade\2052\DWINTL20.DLL type = size, size_out = 118472 True 1
Fn
Get Info C:\Windows10Upgrade\2052\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info C:\Users\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\Public\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info C:\Users\Public\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\Public\Videos\desktop.ini type = size, size_out = 380 True 1
Fn
Get Info C:\Users\Public\Videos\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\Public\Pictures\desktop.ini type = size, size_out = 380 True 1
Fn
Get Info C:\Users\Public\Pictures\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\Public\Music\desktop.ini type = size, size_out = 380 True 1
Fn
Get Info C:\Users\Public\Music\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\Public\Libraries\desktop.ini type = size, size_out = 175 True 1
Fn
Get Info C:\Users\Public\Libraries\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\Public\Libraries\RecordedTV.library-ms type = size, size_out = 960 True 1
Fn
Get Info C:\Users\Public\Libraries\how_to_back_files.html type = file_attributes True 1
Fn
Get Info C:\Users\Public\Downloads\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info C:\Users\Public\Downloads\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\Public\Documents\desktop.ini type = size, size_out = 278 True 1
Fn
Get Info C:\Users\Public\Documents\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\Public\Desktop\Acrobat Reader DC.lnk type = size, size_out = 2130 True 1
Fn
Get Info C:\Users\Public\Desktop\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\Public\Desktop\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info C:\Users\Public\Desktop\how_to_back_files.html type = file_attributes True 3
Fn
Get Info C:\Users\Public\Desktop\Google Chrome.lnk type = size, size_out = 2330 True 1
Fn
Get Info C:\Users\Public\Desktop\Mozilla Firefox.lnk type = size, size_out = 999 True 1
Fn
Get Info C:\Users\Public\AccountPictures\desktop.ini type = size, size_out = 196 True 1
Fn
Get Info C:\Users\Public\AccountPictures\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\ntuser.ini type = size, size_out = 20 True 1
Fn
Get Info C:\Users\FD1HVy\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\2G4jHr_jKsfJA-R.mp4 type = size, size_out = 7687 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\7ZAQ_8-z.avi type = size, size_out = 69896 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\how_to_back_files.html type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Videos\desktop.ini type = size, size_out = 504 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\n3vlmZ6-.avi type = size, size_out = 94733 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\tO9pAo.avi type = size, size_out = 8068 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\xmT13G_wqq.flv type = size, size_out = 34567 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Jl0C.swf type = size, size_out = 31813 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\UHxSn8V6bAV.mp4 type = size, size_out = 97599 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\how_to_back_files.html type = file_attributes True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\46Y sA4xqn1mkiWfe4.mp4 type = size, size_out = 68586 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\EAExctTFQPMl8WtaYS.mkv type = size, size_out = 13607 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\how_to_back_files.html type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\Pb9eQoao SP.flv type = size, size_out = 29164 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\bh AN-eEd3pAd.mkv type = size, size_out = 80433 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\sfAW.mp4 type = size, size_out = 34346 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\how_to_back_files.html type = file_attributes True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\1ny84OLSFqFQ9.avi type = size, size_out = 81300 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\2RV7ZqtkIQAy.swf type = size, size_out = 31819 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\how_to_back_files.html type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\RbHKQb.mp4 type = size, size_out = 97035 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\Z5Ha.mkv type = size, size_out = 15184 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\b4iPziHdJp0rZ.mkv type = size, size_out = 85604 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\HrWnwNEc.mp4 type = size, size_out = 57738 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\how_to_back_files.html type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\jEPjuBAsOvP1O7SS4rI1.avi type = size, size_out = 20290 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\N6mOHgddbvke6KjX.avi type = size, size_out = 85970 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\tnr9kITOz2NeRQ_.swf type = size, size_out = 39429 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\wvm_YPLQQnYUMnD1hGKw.flv type = size, size_out = 52132 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\g4fjfKB2.swf type = size, size_out = 43252 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\LB 3vCSyt.flv type = size, size_out = 6488 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\how_to_back_files.html type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\Pam-rO9WSYDB5Aau0.flv type = size, size_out = 63672 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\pH7Yo0Q.swf type = size, size_out = 24687 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\UTKSb4.swf type = size, size_out = 60484 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\YI0OJ.avi type = size, size_out = 68965 True 1
Fn
Get Info C:\Users\FD1HVy\Searches\desktop.ini type = size, size_out = 524 True 1
Fn
Get Info C:\Users\FD1HVy\Searches\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Searches\Everywhere.search-ms type = size, size_out = 248 True 1
Fn
Get Info C:\Users\FD1HVy\Searches\how_to_back_files.html type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Searches\Indexed Locations.search-ms type = size, size_out = 248 True 1
Fn
Get Info C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms type = size, size_out = 855 True 1
Fn
Get Info C:\Users\FD1HVy\Saved Games\desktop.ini type = size, size_out = 282 True 1
Fn
Get Info C:\Users\FD1HVy\Saved Games\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Pictures\-2zw.jpg type = size, size_out = 72629 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Pictures\-b02kVqWvf.png type = size, size_out = 15349 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\how_to_back_files.html type = file_attributes True 38
Fn
Get Info C:\Users\FD1HVy\Pictures\1gNasKYorpdQ71V5s.jpg type = size, size_out = 10773 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\2WNpPaYQ7bCH6uHV-Wi.bmp type = size, size_out = 35491 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\5Mc5tu.jpg type = size, size_out = 33985 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\a-l cZ2WhL3Gi9EP91pv.bmp type = size, size_out = 101976 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\AAfDEiE2PNHO9chgg.png type = size, size_out = 3638 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\AEeie.png type = size, size_out = 56035 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\atmBsJmJ.png type = size, size_out = 27979 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\a_cHEoVLcdMdko0UNSN.jpg type = size, size_out = 60447 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\desktop.ini type = size, size_out = 504 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\DHNDov5.bmp type = size, size_out = 62402 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\dW 4vWF3KS.jpg type = size, size_out = 93954 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\EwKDZvQL.png type = size, size_out = 79592 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\FFZTJM.gif type = size, size_out = 8053 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\iPiG9DnbWOn5Lccr.png type = size, size_out = 9279 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\ISwBI.gif type = size, size_out = 59017 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\KHN blqiETx3MDUQXCIP.bmp type = size, size_out = 83024 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\l-w8ML42eH7z3tMNH.png type = size, size_out = 38855 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\lzcdU5diYS_BASUK.png type = size, size_out = 94560 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\M1wZLHN6Fkt-r.gif type = size, size_out = 2202 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\NdP2S1 XoxsMawE7P9M4.bmp type = size, size_out = 17281 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\NwiXzxAjISOq6RX.jpg type = size, size_out = 66879 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\nXyIT0GyxsFB.bmp type = size, size_out = 23757 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\NyCuwZpUZ.png type = size, size_out = 23113 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\NYUV.png type = size, size_out = 28259 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\o0Nhv6wBAauXXRjT2tXD.png type = size, size_out = 47457 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\ofGEte5FSqkNeh.png type = size, size_out = 53748 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\PxAGmyezRVyRmSZAc0.jpg type = size, size_out = 100396 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\siYWMQkbaR.jpg type = size, size_out = 9634 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\T333.gif type = size, size_out = 42802 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Tcd9M dgrM7.jpg type = size, size_out = 16614 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\xnkbNTgPvTY.bmp type = size, size_out = 89079 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\XT8TZGP8nb_M.gif type = size, size_out = 93232 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\YBTX2K.png type = size, size_out = 96150 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\YU pTz2YsRXNYdiKDM.gif type = size, size_out = 47888 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\yWGb9EM5K6eaJ.png type = size, size_out = 27192 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\zj2VFMQGp.gif type = size, size_out = 86248 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\ZXNoV6pTeigFzJ_.jpg type = size, size_out = 68476 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini type = size, size_out = 190 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Saved Pictures\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini type = size, size_out = 190 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Camera Roll\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\OneDrive\desktop.ini type = size, size_out = 97 True 1
Fn
Get Info C:\Users\FD1HVy\OneDrive\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\1_zlm.mp3 type = size, size_out = 89987 True 1
Fn
Get Info C:\Users\FD1HVy\Music\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\desktop.ini type = size, size_out = 504 True 1
Fn
Get Info C:\Users\FD1HVy\Music\how_to_back_files.html type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Music\Faq2bp18.mp3 type = size, size_out = 58525 True 1
Fn
Get Info C:\Users\FD1HVy\Music\PvZb.mp3 type = size, size_out = 33787 True 1
Fn
Get Info C:\Users\FD1HVy\Music\Q4s2ptq2.m4a type = size, size_out = 44815 True 1
Fn
Get Info C:\Users\FD1HVy\Music\WnzFd.mp3 type = size, size_out = 86549 True 1
Fn
Get Info C:\Users\FD1HVy\Music\f9Y8dx-\IXGTQQAcvQ.wav type = size, size_out = 6319 True 1
Fn
Get Info C:\Users\FD1HVy\Music\f9Y8dx-\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\f9Y8dx-\kupntcSqN.mp3 type = size, size_out = 32158 True 1
Fn
Get Info C:\Users\FD1HVy\Music\f9Y8dx-\how_to_back_files.html type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Music\f9Y8dx-\uulyokO0sZL4s.m4a type = size, size_out = 26986 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\jqyCF3Kx006 jNKpA.wav type = size, size_out = 70748 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\LY325VqD.wav type = size, size_out = 22603 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\how_to_back_files.html type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\qckyy-4-m.wav type = size, size_out = 15619 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\-eMcFt1lTpcIk.m4a type = size, size_out = 2528 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\HHZsqNo.wav type = size, size_out = 1295 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\how_to_back_files.html type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\s1sEELv-P.wav type = size, size_out = 87954 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\KAwef_CpO2I6YOJ7bT.m4a type = size, size_out = 26431 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\oUwDwHpc7yvxphvDrY.mp3 type = size, size_out = 36761 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\how_to_back_files.html type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\PXt_aUReRHQ_ubQ3.mp3 type = size, size_out = 72508 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\GWdFXKk5.wav type = size, size_out = 69677 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\iPKgYx-e.wav type = size, size_out = 39412 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\how_to_back_files.html type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\ZipKeGLiNvFiFN_Dai.wav type = size, size_out = 44562 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\LM4F-Q9mEj1iog.m4a type = size, size_out = 19157 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\qTZ_rt3NhfeWG-dwmp.mp3 type = size, size_out = 15001 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\how_to_back_files.html type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\XQ-rsbyj0qzm.mp3 type = size, size_out = 77913 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\60UrEB nNZ.mp3 type = size, size_out = 58672 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\8xod8JR wYWOtLbR.wav type = size, size_out = 62344 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\how_to_back_files.html type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\pHNh8pr9MG.wav type = size, size_out = 99395 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\fi4GXHvoE.m4a type = size, size_out = 70821 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\lwbM.m4a type = size, size_out = 14916 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\how_to_back_files.html type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\npfoUNG.mp3 type = size, size_out = 59845 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\oESa-56Lwow.wav type = size, size_out = 99372 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\sRDmYrpUcB.wav type = size, size_out = 33445 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\uwpIml4ss_wW9q.mp3 type = size, size_out = 5887 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\4ATtLPU.m4a type = size, size_out = 9256 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\4Jnf1ouQEG6aHo2ckE87.wav type = size, size_out = 68831 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\how_to_back_files.html type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\hX-fIvuqQP.mp3 type = size, size_out = 6000 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\Rblpx.mp3 type = size, size_out = 2673 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\Tl4wJ5ltjPGm_.mp3 type = size, size_out = 46230 True 1
Fn
Get Info C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\tLv2P49E.wav type = size, size_out = 11882 True 1
Fn
Get Info C:\Users\FD1HVy\Links\desktop.ini type = size, size_out = 504 True 1
Fn
Get Info C:\Users\FD1HVy\Links\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Links\Desktop.lnk type = size, size_out = 501 True 1
Fn
Get Info C:\Users\FD1HVy\Links\how_to_back_files.html type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Links\Downloads.lnk type = size, size_out = 942 True 1
Fn
Get Info C:\Users\FD1HVy\Links\OneDrive.lnk type = size, size_out = 1338 True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\Bing.url type = size, size_out = 208 True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Favorites\desktop.ini type = size, size_out = 402 True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\how_to_back_files.html type = file_attributes True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\Links\desktop.ini type = size, size_out = 80 True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\Links\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Downloads\desktop.ini type = size, size_out = 282 True 1
Fn
Get Info C:\Users\FD1HVy\Downloads\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\1U69-uoew0.xlsx type = size, size_out = 56499 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\how_to_back_files.html type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\6mKhK_9dE.docx type = size, size_out = 22456 True 1
Fn
Copy C:\Users\FD1HVy\AppData\Local\svchost.exe source_filename = C:\Users\FD1HVy\Desktop\svchost.exe True 1
Fn
Move C:\BOOTNXT.xxxxx source_filename = C:\BOOTNXT, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\BOOTSECT.BAK.xxxxx source_filename = C:\BOOTSECT.BAK, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\appraiserxp.dll.xxxxx source_filename = C:\Windows10Upgrade\appraiserxp.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\bootsect.exe.xxxxx source_filename = C:\Windows10Upgrade\bootsect.exe, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\Configuration.ini.xxxxx source_filename = C:\Windows10Upgrade\Configuration.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\cosquery.dll.xxxxx source_filename = C:\Windows10Upgrade\cosquery.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\DevInv.dll.xxxxx source_filename = C:\Windows10Upgrade\DevInv.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\downloader.dll.xxxxx source_filename = C:\Windows10Upgrade\downloader.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\DW20.EXE.xxxxx source_filename = C:\Windows10Upgrade\DW20.EXE, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\DWDCW20.DLL.xxxxx source_filename = C:\Windows10Upgrade\DWDCW20.DLL, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\DWTRIG20.EXE.xxxxx source_filename = C:\Windows10Upgrade\DWTRIG20.EXE, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\EnableWiFiTracing.cmd.xxxxx source_filename = C:\Windows10Upgrade\EnableWiFiTracing.cmd, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\ESDHelper.dll.xxxxx source_filename = C:\Windows10Upgrade\ESDHelper.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\esdstub.dll.xxxxx source_filename = C:\Windows10Upgrade\esdstub.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\GatherOSState.EXE.xxxxx source_filename = C:\Windows10Upgrade\GatherOSState.EXE, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\GetCurrentDeploy.dll.xxxxx source_filename = C:\Windows10Upgrade\GetCurrentDeploy.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\GetCurrentOOBE.dll.xxxxx source_filename = C:\Windows10Upgrade\GetCurrentOOBE.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\GetCurrentRollback.EXE.xxxxx source_filename = C:\Windows10Upgrade\GetCurrentRollback.EXE, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\HttpHelper.exe.xxxxx source_filename = C:\Windows10Upgrade\HttpHelper.exe, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\PostOOBEScript.cmd.xxxxx source_filename = C:\Windows10Upgrade\PostOOBEScript.cmd, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\upgrader_default.log.xxxxx source_filename = C:\Windows10Upgrade\upgrader_default.log, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\upgrader_win10.log.xxxxx source_filename = C:\Windows10Upgrade\upgrader_win10.log, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\wimgapi.dll.xxxxx source_filename = C:\Windows10Upgrade\wimgapi.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\windlp.dll.xxxxx source_filename = C:\Windows10Upgrade\windlp.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\Windows10UpgraderApp.exe.xxxxx source_filename = C:\Windows10Upgrade\Windows10UpgraderApp.exe, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\WinREBootApp32.exe.xxxxx source_filename = C:\Windows10Upgrade\WinREBootApp32.exe, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\WinREBootApp64.exe.xxxxx source_filename = C:\Windows10Upgrade\WinREBootApp64.exe, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\hwcompatShared.txt.xxxxx source_filename = C:\Windows10Upgrade\resources\hwcompatShared.txt, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\block.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\block.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\bluelogo.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\bluelogo.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\bullet.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\bullet.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\default.css.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\default.css, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\default.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\default.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\default_eos.css.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\default_eos.css, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\default_eos.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\default_eos.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\default_oobe.css.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\default_oobe.css, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\default_oobe.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\default_oobe.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\eula.css.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\eula.css, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\GetStarted.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\GetStarted.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\loading.gif.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\loading.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\lock.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\lock.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\logo.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\logo.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\marketing.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\marketing.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\pass.png.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\pass.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm.xxxxx source_filename = C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\i386\BiosBlocks.xml.xxxxx source_filename = C:\Windows10Upgrade\resources\i386\BiosBlocks.xml, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\i386\hwcompat.txt.xxxxx source_filename = C:\Windows10Upgrade\resources\i386\hwcompat.txt, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\i386\hwexclude.txt.xxxxx source_filename = C:\Windows10Upgrade\resources\i386\hwexclude.txt, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\i386\nxquery.cat.xxxxx source_filename = C:\Windows10Upgrade\resources\i386\nxquery.cat, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\i386\nxquery.inf.xxxxx source_filename = C:\Windows10Upgrade\resources\i386\nxquery.inf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\i386\NXQuery.sys.xxxxx source_filename = C:\Windows10Upgrade\resources\i386\NXQuery.sys, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml.xxxxx source_filename = C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\amd64\hwcompat.txt.xxxxx source_filename = C:\Windows10Upgrade\resources\amd64\hwcompat.txt, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\amd64\hwexclude.txt.xxxxx source_filename = C:\Windows10Upgrade\resources\amd64\hwexclude.txt, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\amd64\nxquery.cat.xxxxx source_filename = C:\Windows10Upgrade\resources\amd64\nxquery.cat, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\amd64\nxquery.inf.xxxxx source_filename = C:\Windows10Upgrade\resources\amd64\nxquery.inf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\resources\amd64\NXQuery.sys.xxxxx source_filename = C:\Windows10Upgrade\resources\amd64\NXQuery.sys, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\dll2\webservices.dll.xxxxx source_filename = C:\Windows10Upgrade\dll2\webservices.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\dll1\cosqueryxp.dll.xxxxx source_filename = C:\Windows10Upgrade\dll1\cosqueryxp.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\dll1\wdscore.dll.xxxxx source_filename = C:\Windows10Upgrade\dll1\wdscore.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\dll1\webservices.dll.xxxxx source_filename = C:\Windows10Upgrade\dll1\webservices.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\2052\DWINTL20.DLL.xxxxx source_filename = C:\Windows10Upgrade\2052\DWINTL20.DLL, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\desktop.ini.xxxxx source_filename = C:\Users\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\desktop.ini.xxxxx source_filename = C:\Users\Public\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Videos\desktop.ini.xxxxx source_filename = C:\Users\Public\Videos\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Pictures\desktop.ini.xxxxx source_filename = C:\Users\Public\Pictures\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Music\desktop.ini.xxxxx source_filename = C:\Users\Public\Music\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Libraries\desktop.ini.xxxxx source_filename = C:\Users\Public\Libraries\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Libraries\RecordedTV.library-ms.xxxxx source_filename = C:\Users\Public\Libraries\RecordedTV.library-ms, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Downloads\desktop.ini.xxxxx source_filename = C:\Users\Public\Downloads\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Documents\desktop.ini.xxxxx source_filename = C:\Users\Public\Documents\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Desktop\Acrobat Reader DC.lnk.xxxxx source_filename = C:\Users\Public\Desktop\Acrobat Reader DC.lnk, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Desktop\desktop.ini.xxxxx source_filename = C:\Users\Public\Desktop\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Desktop\Google Chrome.lnk.xxxxx source_filename = C:\Users\Public\Desktop\Google Chrome.lnk, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\Desktop\Mozilla Firefox.lnk.xxxxx source_filename = C:\Users\Public\Desktop\Mozilla Firefox.lnk, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\Public\AccountPictures\desktop.ini.xxxxx source_filename = C:\Users\Public\AccountPictures\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\ntuser.ini.xxxxx source_filename = C:\Users\FD1HVy\ntuser.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\2G4jHr_jKsfJA-R.mp4.xxxxx source_filename = C:\Users\FD1HVy\Videos\2G4jHr_jKsfJA-R.mp4, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\7ZAQ_8-z.avi.xxxxx source_filename = C:\Users\FD1HVy\Videos\7ZAQ_8-z.avi, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Videos\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\n3vlmZ6-.avi.xxxxx source_filename = C:\Users\FD1HVy\Videos\n3vlmZ6-.avi, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\tO9pAo.avi.xxxxx source_filename = C:\Users\FD1HVy\Videos\tO9pAo.avi, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\xmT13G_wqq.flv.xxxxx source_filename = C:\Users\FD1HVy\Videos\xmT13G_wqq.flv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Jl0C.swf.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Jl0C.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\UHxSn8V6bAV.mp4.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\UHxSn8V6bAV.mp4, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\46Y sA4xqn1mkiWfe4.mp4.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\46Y sA4xqn1mkiWfe4.mp4, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\EAExctTFQPMl8WtaYS.mkv.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\EAExctTFQPMl8WtaYS.mkv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\Pb9eQoao SP.flv.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\zjZrYYkb44qqQEFnHqom\Pb9eQoao SP.flv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\bh AN-eEd3pAd.mkv.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\bh AN-eEd3pAd.mkv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\sfAW.mp4.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\NcXnYr6x6woBEiON-rN\sfAW.mp4, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\1ny84OLSFqFQ9.avi.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\1ny84OLSFqFQ9.avi, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\2RV7ZqtkIQAy.swf.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\2RV7ZqtkIQAy.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\RbHKQb.mp4.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\RbHKQb.mp4, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\Z5Ha.mkv.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\Bn1EL_rNfqQMckmEi\Z5Ha.mkv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\b4iPziHdJp0rZ.mkv.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\b4iPziHdJp0rZ.mkv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\HrWnwNEc.mp4.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\HrWnwNEc.mp4, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\jEPjuBAsOvP1O7SS4rI1.avi.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\jEPjuBAsOvP1O7SS4rI1.avi, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\N6mOHgddbvke6KjX.avi.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\N6mOHgddbvke6KjX.avi, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\tnr9kITOz2NeRQ_.swf.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\tnr9kITOz2NeRQ_.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\wvm_YPLQQnYUMnD1hGKw.flv.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\5ogEXtNZf0B\wvm_YPLQQnYUMnD1hGKw.flv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\g4fjfKB2.swf.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\g4fjfKB2.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\LB 3vCSyt.flv.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\LB 3vCSyt.flv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\Pam-rO9WSYDB5Aau0.flv.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\Pam-rO9WSYDB5Aau0.flv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\pH7Yo0Q.swf.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\pH7Yo0Q.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\UTKSb4.swf.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\UTKSb4.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\YI0OJ.avi.xxxxx source_filename = C:\Users\FD1HVy\Videos\JwYzrY1QYURz\-kQaMk6N3RTKBidRVR6\YI0OJ.avi, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Searches\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Searches\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Searches\Everywhere.search-ms.xxxxx source_filename = C:\Users\FD1HVy\Searches\Everywhere.search-ms, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Searches\Indexed Locations.search-ms.xxxxx source_filename = C:\Users\FD1HVy\Searches\Indexed Locations.search-ms, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms.xxxxx source_filename = C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Saved Games\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Saved Games\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\-2zw.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\-2zw.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\-b02kVqWvf.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\-b02kVqWvf.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\1gNasKYorpdQ71V5s.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\1gNasKYorpdQ71V5s.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\2WNpPaYQ7bCH6uHV-Wi.bmp.xxxxx source_filename = C:\Users\FD1HVy\Pictures\2WNpPaYQ7bCH6uHV-Wi.bmp, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\5Mc5tu.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\5Mc5tu.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\a-l cZ2WhL3Gi9EP91pv.bmp.xxxxx source_filename = C:\Users\FD1HVy\Pictures\a-l cZ2WhL3Gi9EP91pv.bmp, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\AAfDEiE2PNHO9chgg.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\AAfDEiE2PNHO9chgg.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\AEeie.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\AEeie.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\atmBsJmJ.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\atmBsJmJ.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\a_cHEoVLcdMdko0UNSN.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\a_cHEoVLcdMdko0UNSN.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Pictures\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\DHNDov5.bmp.xxxxx source_filename = C:\Users\FD1HVy\Pictures\DHNDov5.bmp, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\dW 4vWF3KS.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\dW 4vWF3KS.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\EwKDZvQL.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\EwKDZvQL.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\FFZTJM.gif.xxxxx source_filename = C:\Users\FD1HVy\Pictures\FFZTJM.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\iPiG9DnbWOn5Lccr.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\iPiG9DnbWOn5Lccr.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\ISwBI.gif.xxxxx source_filename = C:\Users\FD1HVy\Pictures\ISwBI.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\KHN blqiETx3MDUQXCIP.bmp.xxxxx source_filename = C:\Users\FD1HVy\Pictures\KHN blqiETx3MDUQXCIP.bmp, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\l-w8ML42eH7z3tMNH.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\l-w8ML42eH7z3tMNH.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\lzcdU5diYS_BASUK.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\lzcdU5diYS_BASUK.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\M1wZLHN6Fkt-r.gif.xxxxx source_filename = C:\Users\FD1HVy\Pictures\M1wZLHN6Fkt-r.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\NdP2S1 XoxsMawE7P9M4.bmp.xxxxx source_filename = C:\Users\FD1HVy\Pictures\NdP2S1 XoxsMawE7P9M4.bmp, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\NwiXzxAjISOq6RX.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\NwiXzxAjISOq6RX.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\nXyIT0GyxsFB.bmp.xxxxx source_filename = C:\Users\FD1HVy\Pictures\nXyIT0GyxsFB.bmp, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\NyCuwZpUZ.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\NyCuwZpUZ.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\NYUV.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\NYUV.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\o0Nhv6wBAauXXRjT2tXD.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\o0Nhv6wBAauXXRjT2tXD.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\ofGEte5FSqkNeh.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\ofGEte5FSqkNeh.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\PxAGmyezRVyRmSZAc0.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\PxAGmyezRVyRmSZAc0.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\siYWMQkbaR.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\siYWMQkbaR.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\T333.gif.xxxxx source_filename = C:\Users\FD1HVy\Pictures\T333.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\Tcd9M dgrM7.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\Tcd9M dgrM7.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\xnkbNTgPvTY.bmp.xxxxx source_filename = C:\Users\FD1HVy\Pictures\xnkbNTgPvTY.bmp, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\XT8TZGP8nb_M.gif.xxxxx source_filename = C:\Users\FD1HVy\Pictures\XT8TZGP8nb_M.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\YBTX2K.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\YBTX2K.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\YU pTz2YsRXNYdiKDM.gif.xxxxx source_filename = C:\Users\FD1HVy\Pictures\YU pTz2YsRXNYdiKDM.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\yWGb9EM5K6eaJ.png.xxxxx source_filename = C:\Users\FD1HVy\Pictures\yWGb9EM5K6eaJ.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\zj2VFMQGp.gif.xxxxx source_filename = C:\Users\FD1HVy\Pictures\zj2VFMQGp.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\ZXNoV6pTeigFzJ_.jpg.xxxxx source_filename = C:\Users\FD1HVy\Pictures\ZXNoV6pTeigFzJ_.jpg, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\OneDrive\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\OneDrive\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_zlm.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_zlm.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Music\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\Faq2bp18.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\Faq2bp18.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\PvZb.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\PvZb.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\Q4s2ptq2.m4a.xxxxx source_filename = C:\Users\FD1HVy\Music\Q4s2ptq2.m4a, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\WnzFd.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\WnzFd.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\f9Y8dx-\IXGTQQAcvQ.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\f9Y8dx-\IXGTQQAcvQ.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\f9Y8dx-\kupntcSqN.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\f9Y8dx-\kupntcSqN.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\f9Y8dx-\uulyokO0sZL4s.m4a.xxxxx source_filename = C:\Users\FD1HVy\Music\f9Y8dx-\uulyokO0sZL4s.m4a, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\jqyCF3Kx006 jNKpA.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\jqyCF3Kx006 jNKpA.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\LY325VqD.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\LY325VqD.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\qckyy-4-m.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\qckyy-4-m.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\-eMcFt1lTpcIk.m4a.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\-eMcFt1lTpcIk.m4a, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\HHZsqNo.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\HHZsqNo.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\s1sEELv-P.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\s1sEELv-P.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\KAwef_CpO2I6YOJ7bT.m4a.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\KAwef_CpO2I6YOJ7bT.m4a, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\oUwDwHpc7yvxphvDrY.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\oUwDwHpc7yvxphvDrY.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\PXt_aUReRHQ_ubQ3.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\PXt_aUReRHQ_ubQ3.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\GWdFXKk5.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\GWdFXKk5.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\iPKgYx-e.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\iPKgYx-e.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\ZipKeGLiNvFiFN_Dai.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\NY7c7TBw5p\AYoFGbZ\kHNjZV_y\ZipKeGLiNvFiFN_Dai.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\LM4F-Q9mEj1iog.m4a.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\LM4F-Q9mEj1iog.m4a, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\qTZ_rt3NhfeWG-dwmp.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\qTZ_rt3NhfeWG-dwmp.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\XQ-rsbyj0qzm.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\XQ-rsbyj0qzm.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\60UrEB nNZ.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\60UrEB nNZ.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\8xod8JR wYWOtLbR.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\8xod8JR wYWOtLbR.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\pHNh8pr9MG.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\vWya\pHNh8pr9MG.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\fi4GXHvoE.m4a.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\fi4GXHvoE.m4a, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\lwbM.m4a.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\lwbM.m4a, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\npfoUNG.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\npfoUNG.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\oESa-56Lwow.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\oESa-56Lwow.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\sRDmYrpUcB.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\sRDmYrpUcB.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\uwpIml4ss_wW9q.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\ilgk0lJV\CCM9emPBDlXJ1x\uwpIml4ss_wW9q.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\4ATtLPU.m4a.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\4ATtLPU.m4a, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\4Jnf1ouQEG6aHo2ckE87.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\4Jnf1ouQEG6aHo2ckE87.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\hX-fIvuqQP.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\hX-fIvuqQP.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\Rblpx.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\Rblpx.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\Tl4wJ5ltjPGm_.mp3.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\Tl4wJ5ltjPGm_.mp3, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\tLv2P49E.wav.xxxxx source_filename = C:\Users\FD1HVy\Music\1_kDgtiBq1\hkMV\tLv2P49E.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Links\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Links\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Links\Desktop.lnk.xxxxx source_filename = C:\Users\FD1HVy\Links\Desktop.lnk, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Links\Downloads.lnk.xxxxx source_filename = C:\Users\FD1HVy\Links\Downloads.lnk, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Links\OneDrive.lnk.xxxxx source_filename = C:\Users\FD1HVy\Links\OneDrive.lnk, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Favorites\Bing.url.xxxxx source_filename = C:\Users\FD1HVy\Favorites\Bing.url, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Favorites\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Favorites\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Favorites\Links\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Favorites\Links\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Downloads\desktop.ini.xxxxx source_filename = C:\Users\FD1HVy\Downloads\desktop.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Documents\1U69-uoew0.xlsx.xxxxx source_filename = C:\Users\FD1HVy\Documents\1U69-uoew0.xlsx, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Read C:\BOOTNXT size = 16, size_out = 16 True 1
Fn
Data
Read C:\BOOTSECT.BAK size = 8192, size_out = 8192 True 1
Fn
Data
Read C:\Windows10Upgrade\appraiserxp.dll size = 459984, size_out = 459984 True 1
Fn
Data
Read C:\Windows10Upgrade\bootsect.exe size = 118480, size_out = 118480 True 1
Fn
Data
Read C:\Windows10Upgrade\Configuration.ini size = 224, size_out = 224 True 1
Fn
Data
Read C:\Windows10Upgrade\cosquery.dll size = 61640, size_out = 61640 True 1
Fn
Data
Read C:\Windows10Upgrade\DevInv.dll size = 329936, size_out = 329936 True 1
Fn
Data
Read C:\Windows10Upgrade\downloader.dll size = 206536, size_out = 206536 True 1
Fn
Data
Read C:\Windows10Upgrade\DW20.EXE size = 643792, size_out = 643792 True 1
Fn
Data
Read C:\Windows10Upgrade\DWDCW20.DLL size = 49872, size_out = 49872 True 1
Fn
Data
Read C:\Windows10Upgrade\DWTRIG20.EXE size = 45768, size_out = 45768 True 1
Fn
Data
Read C:\Windows10Upgrade\EnableWiFiTracing.cmd size = 9810, size_out = 9810 True 1
Fn
Data
Read C:\Windows10Upgrade\ESDHelper.dll size = 68816, size_out = 68816 True 1
Fn
Data
Read C:\Windows10Upgrade\esdstub.dll size = 40656, size_out = 40656 True 1
Fn
Data
Read C:\Windows10Upgrade\GatherOSState.EXE size = 564944, size_out = 564944 True 1
Fn
Data
Read C:\Windows10Upgrade\GetCurrentDeploy.dll size = 539848, size_out = 539848 True 1
Fn
Data
Read C:\Windows10Upgrade\GetCurrentOOBE.dll size = 144072, size_out = 144072 True 1
Fn
Data
Read C:\Windows10Upgrade\GetCurrentRollback.EXE size = 73424, size_out = 73424 True 1
Fn
Data
Read C:\Windows10Upgrade\HttpHelper.exe size = 27848, size_out = 27848 True 1
Fn
Data
Read C:\Windows10Upgrade\PostOOBEScript.cmd size = 592, size_out = 592 True 1
Fn
Data
Read C:\Windows10Upgrade\upgrader_default.log size = 250192, size_out = 250192 True 1
Fn
Data
Read C:\Windows10Upgrade\upgrader_win10.log size = 20560, size_out = 20560 True 1
Fn
Data
Read C:\Windows10Upgrade\wimgapi.dll size = 557264, size_out = 557264 True 1
Fn
Data
Read C:\Windows10Upgrade\windlp.dll size = 915656, size_out = 915656 True 1
Fn
Data
Read C:\Windows10Upgrade\Windows10UpgraderApp.exe size = 1415888, size_out = 1415888 True 1
Fn
Read C:\Windows10Upgrade\WinREBootApp32.exe size = 25288, size_out = 25288 True 1
Fn
Data
Read C:\Windows10Upgrade\WinREBootApp64.exe size = 25800, size_out = 25800 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\hwcompatShared.txt size = 825376, size_out = 825376 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\block.png size = 928, size_out = 928 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\bluelogo.png size = 7088, size_out = 7088 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\bullet.png size = 224, size_out = 224 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\default.css size = 5776, size_out = 5776 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\default.htm size = 62541, size_out = 62541 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\default_eos.css size = 6704, size_out = 6704 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\default_eos.htm size = 55872, size_out = 55872 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\default_oobe.css size = 5232, size_out = 5232 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\default_oobe.htm size = 65712, size_out = 65712 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\eula.css size = 96, size_out = 96 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\GetStarted.png size = 3824, size_out = 3824 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png size = 4080, size_out = 4080 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\loading.gif size = 17408, size_out = 17408 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\lock.png size = 3680, size_out = 3680 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\logo.png size = 2624, size_out = 2624 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\marketing.png size = 496, size_out = 496 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht size = 622093, size_out = 622093 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png size = 2176, size_out = 2176 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png size = 2224, size_out = 2224 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\pass.png size = 1824, size_out = 1824 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js size = 1283536, size_out = 1283536 True 1
Fn
Read C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js size = 3046842, size_out = 3046842 True 1
Fn
Read C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css size = 40960, size_out = 40960 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css size = 269168, size_out = 269168 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm size = 110445, size_out = 110445 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm size = 253456, size_out = 253456 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm size = 83328, size_out = 83328 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm size = 65173, size_out = 65173 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm size = 70464, size_out = 70464 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm size = 239446, size_out = 239446 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm size = 58549, size_out = 58549 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm size = 58549, size_out = 58549 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm size = 69824, size_out = 69824 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm size = 69824, size_out = 69824 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm size = 63101, size_out = 63101 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm size = 70752, size_out = 70752 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm size = 69392, size_out = 69392 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm size = 69392, size_out = 69392 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm size = 864647, size_out = 864647 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm size = 64872, size_out = 64872 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm size = 84576, size_out = 84576 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm size = 69488, size_out = 69488 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm size = 210254, size_out = 210254 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm size = 634083, size_out = 634083 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm size = 76091, size_out = 76091 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm size = 83920, size_out = 83920 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm size = 67200, size_out = 67200 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm size = 67232, size_out = 67232 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm size = 81812, size_out = 81812 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm size = 68304, size_out = 68304 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm size = 71056, size_out = 71056 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm size = 78176, size_out = 78176 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm size = 283856, size_out = 283856 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm size = 81968, size_out = 81968 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm size = 66160, size_out = 66160 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm size = 75552, size_out = 75552 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm size = 70400, size_out = 70400 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm size = 254145, size_out = 254145 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm size = 75137, size_out = 75137 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm size = 266736, size_out = 266736 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm size = 126241, size_out = 126241 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm size = 147140, size_out = 147140 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm size = 147140, size_out = 147140 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\i386\BiosBlocks.xml size = 91648, size_out = 91648 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\i386\hwcompat.txt size = 16512, size_out = 16512 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\i386\hwexclude.txt size = 2272, size_out = 2272 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\i386\nxquery.cat size = 9860, size_out = 9860 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\i386\nxquery.inf size = 1504, size_out = 1504 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\i386\NXQuery.sys size = 20144, size_out = 20144 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml size = 93884, size_out = 93884 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\amd64\hwcompat.txt size = 73136, size_out = 73136 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\amd64\hwexclude.txt size = 2320, size_out = 2320 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\amd64\nxquery.cat size = 9910, size_out = 9910 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\amd64\nxquery.inf size = 1504, size_out = 1504 True 1
Fn
Data
Read C:\Windows10Upgrade\resources\amd64\NXQuery.sys size = 20656, size_out = 20656 True 1
Fn
Data
Read C:\Windows10Upgrade\dll2\webservices.dll size = 754688, size_out = 754688 True 1
Fn
Data
Read C:\Windows10Upgrade\dll1\cosqueryxp.dll size = 132304, size_out = 132304 True 1
Fn
Data
Read C:\Windows10Upgrade\dll1\wdscore.dll size = 241864, size_out = 241864 True 1
Fn
Data
Read C:\Windows10Upgrade\dll1\webservices.dll size = 958160, size_out = 958160 True 1
Fn
Data
Read C:\Windows10Upgrade\2052\DWINTL20.DLL size = 118480, size_out = 118480 True 1
Fn
Data
Read C:\Users\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\Videos\desktop.ini size = 384, size_out = 384 True 1
Fn
Data
Read C:\Users\Public\Pictures\desktop.ini size = 384, size_out = 384 True 1
Fn
Data
Read C:\Users\Public\Music\desktop.ini size = 384, size_out = 384 True 1
Fn
Data
Read C:\Users\Public\Libraries\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\Downloads\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\Documents\desktop.ini size = 288, size_out = 288 True 1
Fn
Data
Read C:\Users\Public\Desktop\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\AccountPictures\desktop.ini size = 208, size_out = 208 True 1
Fn
Data
Read C:\Users\FD1HVy\Videos\desktop.ini size = 512, size_out = 512 True 1
Fn
Data
Read C:\Users\FD1HVy\Searches\desktop.ini size = 528, size_out = 528 True 1
Fn
Data
Read C:\Users\FD1HVy\Saved Games\desktop.ini size = 288, size_out = 288 True 1
Fn
Data
Read C:\Users\FD1HVy\Pictures\desktop.ini size = 512, size_out = 512 True 1
Fn
Data
Read C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini size = 192, size_out = 192 True 1
Fn
Data
Read C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini size = 192, size_out = 192 True 1
Fn
Data
Read C:\Users\FD1HVy\OneDrive\desktop.ini size = 112, size_out = 112 True 1
Fn
Data
Read C:\Users\FD1HVy\Music\desktop.ini size = 512, size_out = 512 True 1
Fn
Data
Read C:\Users\FD1HVy\Links\desktop.ini size = 512, size_out = 512 True 1
Fn
Data
Read C:\Users\FD1HVy\Favorites\desktop.ini size = 416, size_out = 416 True 1
Fn
Data
Read C:\Users\FD1HVy\Favorites\Links\desktop.ini size = 80, size_out = 80 True 1
Fn
Data
Read C:\Users\FD1HVy\Downloads\desktop.ini size = 288, size_out = 288 True 1
Fn
Data
Write C:\Users\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\Public\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\Public\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Videos\desktop.ini size = 900 True 1
Fn
Data
Write C:\Users\Public\Videos\desktop.ini size = 384 True 1
Fn
Data
Write C:\Users\Public\Videos\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Pictures\desktop.ini size = 900 True 1
Fn
Data
Write C:\Users\Public\Pictures\desktop.ini size = 384 True 1
Fn
Data
Write C:\Users\Public\Pictures\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Music\desktop.ini size = 900 True 1
Fn
Data
Write C:\Users\Public\Music\desktop.ini size = 384 True 1
Fn
Data
Write C:\Users\Public\Music\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Libraries\desktop.ini size = 897 True 1
Fn
Data
Write C:\Users\Public\Libraries\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\Public\Libraries\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Downloads\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\Public\Downloads\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\Public\Downloads\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Documents\desktop.ini size = 906 True 1
Fn
Data
Write C:\Users\Public\Documents\desktop.ini size = 288 True 1
Fn
Data
Write C:\Users\Public\Documents\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Desktop\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\Public\Desktop\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\Public\Desktop\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\AccountPictures\desktop.ini size = 908 True 1
Fn
Data
Write C:\Users\Public\AccountPictures\desktop.ini size = 208 True 1
Fn
Data
Write C:\Users\Public\AccountPictures\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Videos\desktop.ini size = 904 True 1
Fn
Data
Write C:\Users\FD1HVy\Videos\desktop.ini size = 512 True 1
Fn
Data
Write C:\Users\FD1HVy\Videos\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Searches\desktop.ini size = 900 True 1
Fn
Data
Write C:\Users\FD1HVy\Searches\desktop.ini size = 528 True 1
Fn
Data
Write C:\Users\FD1HVy\Searches\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Saved Games\desktop.ini size = 902 True 1
Fn
Data
Write C:\Users\FD1HVy\Saved Games\desktop.ini size = 288 True 1
Fn
Data
Write C:\Users\FD1HVy\Saved Games\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\desktop.ini size = 904 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\desktop.ini size = 512 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini size = 192 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini size = 192 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\OneDrive\desktop.ini size = 911 True 1
Fn
Data
Write C:\Users\FD1HVy\OneDrive\desktop.ini size = 112 True 1
Fn
Data
Write C:\Users\FD1HVy\OneDrive\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Music\desktop.ini size = 904 True 1
Fn
Data
Write C:\Users\FD1HVy\Music\desktop.ini size = 512 True 1
Fn
Data
Write C:\Users\FD1HVy\Music\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Links\desktop.ini size = 904 True 1
Fn
Data
Write C:\Users\FD1HVy\Links\desktop.ini size = 512 True 1
Fn
Data
Write C:\Users\FD1HVy\Links\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\desktop.ini size = 910 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\desktop.ini size = 416 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\Links\desktop.ini size = 896 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\Links\desktop.ini size = 80 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\Links\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Downloads\desktop.ini size = 902 True 1
Fn
Data
Write C:\Users\FD1HVy\Downloads\desktop.ini size = 288 True 1
Fn
Data
Write C:\Users\FD1HVy\Downloads\desktop.ini size = 48 True 1
Fn
Data
For performance reasons, the remaining 985 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (4)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce value_name = BrowserUpdateCheck, data = 0 False 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce value_name = BrowserUpdateCheck, data = C:\Users\FD1HVy\AppData\Local\svchost.exe, size = 82, type = REG_SZ True 1
Fn
Module (1)
»
Operation Module Additional Information Success Count Logfile
Get Filename - process_name = c:\users\fd1hvy\desktop\svchost.exe, file_name_orig = C:\Users\FD1HVy\Desktop\svchost.exe, size = 2048 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) False 1
Fn
Environment (2)
»
Operation Additional Information Success Count Logfile
Get Environment String name = LOCALAPPDATA, result_out = C:\Users\FD1HVy\AppData\Local True 1
Fn
Get Environment String name = public, result_out = C:\Users\Public True 1
Fn
Process #2: svchost.exe
0 0
»
Information Value
ID #2
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k DcomLaunch
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:00, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:57
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x2e8
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 2EC
0x 2F4
0x 2F8
0x 2FC
0x 304
0x 320
0x 324
0x 32C
0x 33C
0x 340
0x 348
0x 350
0x 354
0x 394
0x 3A8
0x 3CC
0x 3D0
0x 3D8
0x 3F4
0x 2A0
0x 43C
0x 4B0
0x 4C8
0x 5A8
0x 638
0x 694
0x 29C
0x 6C8
0x 340
0x A24
0x A28
0x AC8
0x DC8
Process #3: svchost.exe
0 0
»
Information Value
ID #3
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k RPCSS
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:08, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:49
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x310
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Network Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 314
0x 318
0x 31C
0x 328
0x 330
0x 334
0x 344
0x 34C
0x 35C
0x 3E8
0x 4C4
0x 5B8
0x 53C
0x 5A4
0x 634
0x 60C
0x 6DC
0x 600
0x 25C
Process #4: svchost.exe
0 0
»
Information Value
ID #4
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k netsvcs
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:21, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:36
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x3ec
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 3F0
0x 60
0x 1A8
0x 3A8
0x 1AC
0x 360
0x 194
0x 404
0x 408
0x 40C
0x 410
0x 414
0x 41C
0x 42C
0x 438
0x 44C
0x 46C
0x 484
0x 4B4
0x 564
0x 5C0
0x 5CC
0x 65C
0x 680
0x 6D0
0x 72C
0x 73C
0x 748
0x 778
0x 77C
0x 7B8
0x 7BC
0x 7C0
0x 7DC
0x 7E8
0x 448
0x 480
0x 4B4
0x 4C0
0x 4F0
0x 514
0x 378
0x 5FC
0x 5D0
0x 610
0x 1FC
0x 7E0
0x 810
0x 814
0x 818
0x 860
0x 86C
0x 870
0x 874
0x 87C
0x 880
0x 884
0x 894
0x 898
0x 89C
0x 8A0
0x 8F8
0x 8FC
0x 92C
0x 988
0x 9A4
0x 9A8
0x 9D4
0x AA8
0x AAC
0x AC8
0x ACC
0x AD0
0x AD4
0x AD8
0x ADC
0x AE0
0x AF0
0x AF4
0x AF8
0x AFC
0x B60
0x 73C
0x 6F4
0x 3A4
0x 7E0
0x 890
0x A0C
0x 55C
0x 560
0x ACC
0x ADC
0x 4B8
0x 7D0
0x 418
0x A4C
0x A50
0x 5E8
0x C04
0x C08
0x C0C
0x CA4
0x CCC
Process #5: svchost.exe
0 0
»
Information Value
ID #5
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:21, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:36
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x3f8
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Local Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 3FC
0x 128
0x 1AC
0x 1B0
0x 60C
0x 618
0x 66C
0x 670
0x 674
0x 678
0x 694
0x 698
0x 6A0
0x 6A4
0x 6AC
0x 6B4
0x 6B8
0x 6CC
0x 724
0x 728
0x 740
0x 7A4
0x 7B0
0x 7B4
0x 7C8
0x 570
0x 608
0x 2D0
0x 7A8
0x 844
0x 848
0x 850
0x 854
0x 864
0x 8A4
Process #6: svchost.exe
0 0
»
Information Value
ID #6
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:21, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:36
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x154
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Local Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 168
0x 170
0x 1B4
0x 194
0x 244
0x 2F8
0x 320
0x 440
0x 444
0x 450
0x 454
0x 458
0x 45C
0x 460
0x 464
0x 468
0x 488
0x 48C
0x 498
0x 49C
0x 51C
0x 56C
0x 570
0x 574
0x 5FC
0x 828
0x 8BC
0x 8C0
0x A58
0x A74
Process #7: svchost.exe
0 0
»
Information Value
ID #7
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:21, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:36
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x17c
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 178
0x 16C
0x 19C
0x 2FC
0x 31C
0x 1A8
0x 474
0x 494
0x 4C0
0x 4C8
0x 4CC
0x 4D8
0x 580
0x 6E0
0x 714
0x 718
0x 71C
0x 720
0x 730
0x 75C
0x 7A8
0x 7AC
0x 80C
0x 84C
0x 900
0x B44
0x B4C
0x B84
0x 89C
0x 8C4
0x CA0
0x DDC
Process #8: svchost.exe
0 0
»
Information Value
ID #8
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k LocalService
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:26, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:30
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x368
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Local Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x F4
0x 3C0
0x 418
0x 420
0x 424
0x 428
0x 448
0x 478
0x 480
0x 490
0x 4AC
0x 4F0
0x 4F8
0x 500
0x 504
0x 508
0x 50C
0x 510
0x 520
0x 5A0
0x 5D0
0x 600
0x 630
0x 69C
0x 738
0x 77C
0x 8C4
0x 8CC
0x 930
0x B0C
0x B10
0x B14
0x B18
0x B24
0x B28
0x BC0
0x BC4
0x BC8
0x BCC
0x BD0
0x BD4
0x BDC
0x BE0
0x 80C
0x DC0
Process #9: svchost.exe
0 0
»
Information Value
ID #9
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\System32\svchost.exe -k NetworkService
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:36, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:20
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x4a0
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Network Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 4A4
0x 4A8
0x 4BC
0x 4D0
0x 4D4
0x 4DC
0x 4E0
0x 4F4
0x 4FC
0x 558
0x 568
0x 578
0x 57C
0x 584
0x 588
0x 58C
0x 590
0x 594
0x 598
0x 59C
0x 5F8
0x 610
0x 620
0x 64C
0x 6C8
0x 708
0x 768
0x 704
0x 8B4
0x 8B8
0x 8C8
0x 8F4
0x B30
0x B7C
0x 708
Process #10: svchost.exe
0 0
»
Information Value
ID #10
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:38, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:18
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x4e4
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Local Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 4E8
0x 4EC
0x 514
0x 518
0x 524
0x 528
0x 52C
0x 530
0x 534
0x 538
0x 540
0x 554
0x 734
0x 744
0x 74C
Process #11: svchost.exe
0 0
»
Information Value
ID #11
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:40, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:17
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x544
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Local Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 548
0x 55C
0x 5A4
0x 5BC
0x 61C
0x 624
0x 628
0x 62C
0x 63C
0x 640
0x 644
0x 650
Process #12: svchost.exe
0 0
»
Information Value
ID #12
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:40, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:17
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x54c
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Local Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 550
0x 560
0x 5A8
0x 654
0x 658
0x 804
0x D78
Process #13: svchost.exe
0 0
»
Information Value
ID #13
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k appmodel
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:42, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:15
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x5ac
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 5B0
0x 5B4
0x 608
0x 614
0x 660
0x 664
0x 668
0x 67C
0x 684
0x 6F4
0x 8A8
0x 8B0
0x A44
0x A48
0x A54
0x B58
0x B5C
0x D7C
0x D8C
Process #14: taskhostw.exe
0 0
»
Information Value
ID #14
File Name c:\windows\system32\taskhostw.exe
Command Line taskhostw.exe SYSTEM
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:42, Reason: Child Process
Unmonitor End Time: 00:04:17, Reason: Self Terminated
Monitor Duration 00:01:34
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x5c4
Parent PID 0x3ec (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 5C8
0x 6E8
0x 8AC
0x A10
0x A8C
0x A88
0x B80
Process #15: svchost.exe
0 0
»
Information Value
ID #15
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k wsappx
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:50, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:02:07
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x688
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 68C
0x 690
0x 6A8
0x 700
0x 710
0x 9B0
Process #16: audiodg.exe
0 0
»
Information Value
ID #16
File Name c:\windows\system32\audiodg.exe
Command Line C:\WINDOWS\system32\AUDIODG.EXE 0x3ac
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:02:58, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:01:59
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x750
Parent PID 0x4e4 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Local Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 754
0x 760
0x 20C
0x 268
0x 748
0x 6E0
0x 2BC
Process #18: dllhost.exe
0 0
»
Information Value
ID #18
File Name c:\windows\system32\dllhost.exe
Command Line C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:29, Reason: Child Process
Unmonitor End Time: 00:03:39, Reason: Self Terminated
Monitor Duration 00:00:10
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x8d0
Parent PID 0x2e8 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 8D4
0x 8D8
0x 8DC
0x 8E0
0x 8E4
0x 8E8
0x 8EC
0x 8F0
Process #19: rundll32.exe
0 0
»
Information Value
ID #19
File Name c:\windows\system32\rundll32.exe
Command Line rundll32.exe acmigration.dll,ApplyMigrationShims
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:30, Reason: Child Process
Unmonitor End Time: 00:03:32, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x904
Parent PID 0x17c (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 908
0x 90C
Process #20: sihost.exe
0 0
»
Information Value
ID #20
File Name c:\windows\system32\sihost.exe
Command Line sihost.exe
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:31, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:01:26
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x914
Parent PID 0x3ec (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 918
0x 91C
0x 944
0x 950
0x 954
0x 98C
0x 9AC
0x 9D8
0x A18
0x A1C
0x A20
0x A5C
0x A68
0x A94
0x A98
0x B50
0x AE8
0x 474
Process #21: svchost.exe
0 0
»
Information Value
ID #21
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:31, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:01:25
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x920
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 924
0x 928
0x 934
0x 938
0x 93C
0x 940
0x 948
0x 94C
0x 960
0x 964
0x 968
0x 974
0x 9DC
0x A38
0x A3C
0x A40
0x A4C
0x A50
0x B00
0x 170
0x DB4
Process #22: mdmagent.exe
0 0
»
Information Value
ID #22
File Name c:\windows\system32\mdmagent.exe
Command Line C:\WINDOWS\system32\MDMAgent.exe
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:32, Reason: Child Process
Unmonitor End Time: 00:04:23, Reason: Self Terminated
Monitor Duration 00:00:50
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x958
Parent PID 0x3ec (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 95C
0x A84
0x 878
0x A90
0x 8B0
Process #23: taskhostw.exe
0 0
»
Information Value
ID #23
File Name c:\windows\system32\taskhostw.exe
Command Line taskhostw.exe
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:33, Reason: Child Process
Unmonitor End Time: 00:03:39, Reason: Self Terminated
Monitor Duration 00:00:06
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x96c
Parent PID 0x3ec (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 970
0x 978
0x 9B4
0x 9B8
0x 9C0
Process #24: taskhostw.exe
0 0
»
Information Value
ID #24
File Name c:\windows\system32\taskhostw.exe
Command Line taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:33, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:01:24
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x97c
Parent PID 0x3ec (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 980
0x 984
0x 9BC
0x 9C8
0x 9CC
0x 9D0
0x 9E4
0x 9F0
0x 9E8
0x 9EC
0x 9F4
0x 9F8
0x 9FC
0x A00
0x A0C
0x A04
0x A08
0x A14
0x A70
0x CE8
0x CE4
0x CEC
Process #25: msoia.exe
0 0
»
Information Value
ID #25
File Name c:\program files\microsoft office\root\office16\msoia.exe
Command Line "C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:33, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:01:23
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x990
Parent PID 0x3ec (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 994
0x AB4
0x B3C
0x DB8
Process #26: taskhostw.exe
0 0
»
Information Value
ID #26
File Name c:\windows\system32\taskhostw.exe
Command Line taskhostw.exe USER
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:33, Reason: Child Process
Unmonitor End Time: 00:04:24, Reason: Self Terminated
Monitor Duration 00:00:50
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x998
Parent PID 0x3ec (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 99C
0x 9A0
0x 9C4
0x 9E0
0x A2C
0x A30
0x A34
0x B94
0x BA8
0x CA8
Process #28: svchost.exe
0 0
»
Information Value
ID #28
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:52, Reason: Autostart
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:01:04
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb64
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Local Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B68
0x B6C
0x B88
0x B8C
0x BD8
0x BEC
0x BF0
0x BF4
0x BFC
0x 3A0
0x 39C
Process #29: cliprenew.exe
0 0
»
Information Value
ID #29
File Name c:\windows\system32\cliprenew.exe
Command Line C:\WINDOWS\system32\ClipRenew.exe -e
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:03:53, Reason: Child Process
Unmonitor End Time: 00:04:30, Reason: Self Terminated
Monitor Duration 00:00:37
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb70
Parent PID 0x3ec (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x B74
0x 84C
0x 4EC
0x 84C
Process #30: svchost.exe
0 0
»
Information Value
ID #30
File Name c:\windows\system32\svchost.exe
Command Line C:\WINDOWS\system32\svchost.exe -k netsvcs
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:04:10, Reason: Autostart
Unmonitor End Time: 00:04:23, Reason: Self Terminated
Monitor Duration 00:00:13
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xb0c
Parent PID 0x24c (c:\windows\system32\services.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege, SeDelegateSessionUserImpersonatePrivilege
Thread IDs
0x 690
0x B44
0x B4C
0x 128
0x 6D8
0x 1A0
0x 37C
0x 6FC
Process #31: shellexperiencehost.exe
0 0
»
Information Value
ID #31
File Name c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe
Command Line "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
Initial Working Directory C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\
Monitor Start Time: 00:04:11, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:00:46
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x760
Parent PID 0x2e8 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Low
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 388
0x 3E4
0x 27C
0x 3B0
0x BB0
0x 370
0x 398
0x 3B8
0x 7EC
0x 3D4
0x BAC
0x 498
0x 3B4
0x 374
0x BF4
0x 614
0x C14
0x C18
0x C24
0x C6C
0x C70
0x C74
0x C78
0x C7C
0x C80
0x C84
0x C88
0x C8C
0x C90
0x C98
0x C9C
0x CF0
0x D74
0x D80
0x DAC
0x DB0
0x E34
0x E38
0x E40
0x E50
Process #32: searchui.exe
0 0
»
Information Value
ID #32
File Name c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
Command Line "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
Initial Working Directory C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\
Monitor Start Time: 00:04:11, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:00:45
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x7cc
Parent PID 0x2e8 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Low
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 3DC
0x BB4
0x BE8
0x F0
0x EC
0x 964
0x 9E0
0x B1C
0x A64
0x A6C
0x 84
0x 8AC
0x C10
0x C34
0x CAC
0x CB0
0x CB4
0x CB8
0x CBC
0x CC0
0x CC4
0x CC8
0x CD0
0x CD4
0x CD8
0x CF4
0x CF8
0x CFC
0x D00
0x D1C
0x D20
Process #33: wmiprvse.exe
0 0
»
Information Value
ID #33
File Name c:\windows\system32\wbem\wmiprvse.exe
Command Line C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:04:16, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:00:40
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xc1c
Parent PID 0x2e8 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\Network Service
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x C20
0x C28
0x C2C
0x C30
0x C38
0x C3C
0x C40
0x C44
0x C48
0x C68
Process #34: runtimebroker.exe
0 0
»
Information Value
ID #34
File Name c:\windows\system32\runtimebroker.exe
Command Line C:\Windows\System32\RuntimeBroker.exe -Embedding
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:04:17, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:00:40
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xc4c
Parent PID 0x2e8 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x C50
0x C54
0x C58
0x C5C
0x C60
0x C64
Process #35: dllhost.exe
0 0
»
Information Value
ID #35
File Name c:\windows\system32\dllhost.exe
Command Line C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:04:28, Reason: Child Process
Unmonitor End Time: 00:04:57, Reason: Terminated by Timeout
Monitor Duration 00:00:29
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xd28
Parent PID 0x2e8 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D2C
0x D30
0x D54
0x D58
0x D5C
0x D60
0x D68
0x D70
0x DD0
0x DD4
0x E14
0x E18
0x E1C
0x E20
0x E24
0x E28
0x E2C
0x E30
0x E88
0x E8C
0x E90
0x E94
0x E98
0x E9C
0x EA0
0x EA4
Process #36: mobsync.exe
0 0
»
Information Value
ID #36
File Name c:\windows\system32\mobsync.exe
Command Line C:\WINDOWS\System32\mobsync.exe -Embedding
Initial Working Directory C:\WINDOWS\system32\
Monitor Start Time: 00:04:36, Reason: Child Process
Unmonitor End Time: 00:04:48, Reason: Self Terminated
Monitor Duration 00:00:12
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xde0
Parent PID 0x2e8 (c:\windows\system32\svchost.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level Medium
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeCreateGlobalPrivilege
Thread IDs
0x DE4
0x DE8
0x DEC
0x DF0
0x DF4
0x DF8
0x DFC
0x E00
0x E04
0x E08
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image