329b3ddbf1c00b7767f0ec39b90eb9f4f8bd98ace60e2f6b6fbfb9adf25e3ef9 (SHA256)
rlxsbp.exe
Windows Exe (x86-32)
Created at 2019-02-19 08:31:00
Notifications (2/2)
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: rlxsbp.exe
13189
12
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\rlxsbp.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\rlxsbp.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:36, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:40, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xecc |
| Parent PID | 0x57c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
ED0
0x
EFC
0x
F00
0x
C9C
0x
C88
0x
98C
0x
4B8
0x
BF8
0x
538
0x
534
0x
6B4
0x
D0
0x
A40
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x0023ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0027ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x0038ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | rw |
|
|
|
- |
| rlxsbp.exe | 0x00400000 | 0x0041bfff | Memory Mapped File | rwx |
|
|
|
|
| locale.nls | 0x00420000 | 0x004ddfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000004e0000 | 0x004e0000 | 0x005dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005e0000 | 0x005e0000 | 0x006dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006e0000 | 0x006e0000 | 0x0075ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006e0000 | 0x006e0000 | 0x006f5fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000006e0000 | 0x006e0000 | 0x006effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000006e0000 | 0x006e0000 | 0x006e7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000006f0000 | 0x006f0000 | 0x006f0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000700000 | 0x00700000 | 0x00700fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000700000 | 0x00700000 | 0x00713fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000700000 | 0x00700000 | 0x00707fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000710000 | 0x00710000 | 0x00710fff | Private Memory | rwx |
|
|
|
- |
| counters.dat | 0x00710000 | 0x00710fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000000720000 | 0x00720000 | 0x00720fff | Private Memory | rw |
|
|
|
- |
| crypt32.dll.mui | 0x00730000 | 0x00739fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000730000 | 0x00730000 | 0x00730fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000000000740000 | 0x00740000 | 0x00740fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000750000 | 0x00750000 | 0x0075ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000760000 | 0x00760000 | 0x00761fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000770000 | 0x00770000 | 0x00770fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000780000 | 0x00780000 | 0x00780fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000790000 | 0x00790000 | 0x00790fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000790000 | 0x00790000 | 0x00792fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000007a0000 | 0x007a0000 | 0x007dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000007b0000 | 0x007b0000 | 0x007b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000007e0000 | 0x007e0000 | 0x007e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000007f0000 | 0x007f0000 | 0x007f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000800000 | 0x00800000 | 0x00801fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000800000 | 0x00800000 | 0x00800fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000810000 | 0x00810000 | 0x0081ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000820000 | 0x00820000 | 0x009a7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009b0000 | 0x009b0000 | 0x00b30fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000b40000 | 0x00b40000 | 0x01f3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x01f40000 | 0x02276fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002280000 | 0x02280000 | 0x0237ffff | Private Memory | rw |
|
|
|
- |
| crypt32.dll | 0x02380000 | 0x024f4fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002380000 | 0x02380000 | 0x0247ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002480000 | 0x02480000 | 0x024bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024c0000 | 0x024c0000 | 0x025bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025f0000 | 0x025f0000 | 0x025f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x02601fff | Private Memory | rw |
|
|
|
- |
| mpr.dll.mui | 0x02610000 | 0x02610fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02720fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02621fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x02730fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x02636fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x02740fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x0273ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002730000 | 0x02730000 | 0x02830fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002740000 | 0x02740000 | 0x02840fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002740000 | 0x02740000 | 0x02740fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002850000 | 0x02850000 | 0x02853fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002860000 | 0x02860000 | 0x02960fff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x02970000 | 0x02a4efff | Memory Mapped File | r |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x74110000 | 0x74251fff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x74260000 | 0x7426efff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x74270000 | 0x74279fff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x74280000 | 0x7428efff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x74290000 | 0x7429ffff | Memory Mapped File | rwx |
|
|
|
- |
| davhlpr.dll | 0x742a0000 | 0x742aafff | Memory Mapped File | rwx |
|
|
|
- |
| davclnt.dll | 0x742b0000 | 0x742c9fff | Memory Mapped File | rwx |
|
|
|
- |
| ntlanman.dll | 0x742d0000 | 0x742e1fff | Memory Mapped File | rwx |
|
|
|
- |
| winsta.dll | 0x742f0000 | 0x74333fff | Memory Mapped File | rwx |
|
|
|
- |
| drprov.dll | 0x74340000 | 0x74348fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x74350000 | 0x74366fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74370000 | 0x7439efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x743a0000 | 0x743bafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x743c0000 | 0x743d2fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x743e0000 | 0x74603fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74610000 | 0x7462cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x746b0000 | 0x74740fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x75180000 | 0x7518efff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75310000 | 0x766cefff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x76790000 | 0x76c6cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76fe0000 | 0x77061fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x770d0000 | 0x77161fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77170000 | 0x77259fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x77260000 | 0x772a3fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77300000 | 0x7738cfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007feaa000 | 0x7feaa000 | 0x7feacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fead000 | 0x7fead000 | 0x7feaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffc57b4ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 64 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\$Recycle.Bin\S-1-5-18\d2ca4a09d2ca4deb51b.lock | 0.00 KB |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3:: |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json | 450.04 KB |
MD5:
d136c6b32ad956dbea78600a2add77f5
SHA1: 59d731ddccdbe799a9b606bdfa19f083449bc820 SHA256: 20e62a07c4afda3d9fc27824faf680bdd50dddd3dd7fe46c5a7ec50221625a1a SSDeep: 6144:ucuS/zmxox+9UXSlxv7/Evj2Q1+JvsrfKRDo6kjsOtjswyGKJ2tlGf9+6U3/Al6S:doIX8v7sj2AIvKKDo6kltjdyG5048p |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | 11.64 KB |
MD5:
c54c34deaaef536453104a633c493016
SHA1: 7211e53ca9972e0907e08cc86a5030d37d9fe97e SHA256: 394c7deea8cbcbf3924b0b2a69a28c6d64ee4a8ba56a00ccf24d80da0d3e9139 SSDeep: 192:q4rxERau5hcPMHeGdtmk+8EUuAJ0IelKb7epXnnBuGg71QfDs3njoR7TDitd2gDG:1r+R35h4GdtnBue0Ie9pKQf4TovutMgC |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | 288.15 KB |
MD5:
0010aea5322f5a732403f973947222af
SHA1: c969952be285801809c57114b32f77e02fb293e0 SHA256: b39b0c8a4c9b73bc4f555a8fcc3740dfc07a17c14a231b2e3dd2a57e49112a63 SSDeep: 6144:pEnRo3u7ZVywfgQqQgrgZXJ7A0LDfrT8i01X19uX7vUCcnBcMxb3bnAUTrNuEF:pER+u7ZVXf/IrMlA0X8cVcBPb3bnAUVh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8bo5Ma7MZCSN.png | 17.22 KB |
MD5:
67c0417bc66cbbe85f90e00cad22fd5a
SHA1: 04f6636fdb8051e3d0006183f5984dd0a2e5fcdc SHA256: 2dfa570ede2338bb2274c9a7ba3452eb0a876bf003992776a93fa0ca980f7f40 SSDeep: 384:J5K39lkcbQKgvOeAxopWLcHLY9qY9T9E+DdRJ0F5f32Ke0ukp97sOXf/6F:rADUAxdGs9qYnE+DdA5PZuejP/u |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | 262.90 KB |
MD5:
35a3fca4d9ee43727ee296402bbcb3c8
SHA1: c370c2e34b40c47ae008250cea2848232d66fb12 SHA256: 05fdcadb437cc13bd87e6d1b658b9b8d4a34019564b48467725c0351176365f0 SSDeep: 6144:PfpOnAKIzkx0G25JfTN1IG91e02iBFbolsYW:HEnAKIBx5Jfb3ew07W |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | 18.85 KB |
MD5:
9b7975b24b85aec31dff26e3a051c329
SHA1: 5b2ebc33f98f0429917a3387c19f7e3c21e69d06 SHA256: 74e1002f0f57429287be71e467e0873f9c3977e110dfe78351115d6d7c5e3cc3 SSDeep: 384:8rx3Ke2T9+IS31NdANGotAHOzGy5CstQy8spxft3Oa3CzsuXJ6Kbu25y:8tkczYVAHm/8EX8spxcJJNu4y |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | 2.25 MB |
MD5:
d8b0d2f1fb32148556914ac3e9e5db16
SHA1: 4902138de3dde5df8f5cec953d9bb558b328e5cb SHA256: c8ed1a92af4684f9d6b2aa98cc57e5972b59d9d9fbb0ef96b4b8a3a028ffe9bf SSDeep: 49152:pZ5DQNZomnkUMlZ3FCX3CzwovQTSwW8nT:pZ6ymnHMlZ3oXSzeOwWET |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | 594.40 KB |
MD5:
a9df5ee9e5abcd9d550decf150dbfaa8
SHA1: 2d39109df7e95d60ca600d08a6de8b3b6d3fa131 SHA256: eb364a1bbb7ce61997a2ca83fb7c7b63c7a8adf6ea69ee3737c016338a16c37e SSDeep: 12288:WH+bMtMZRw0LmsXwjJpU05FHLJv+FTD7YjYfvl+dQB:xMtow0dXGpX5FH4FTD7Yjavl+dQB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json | 27.83 KB |
MD5:
e5c37b5e8ed271d64875db5ad726f4a4
SHA1: b3f34d1c04f5369ffc518da9f494882f103f61bf SHA256: bdb768fd1ac736b30b2b1292c6606c2ad4d864fe3b6396a9eabbaa3bc9f2275c SSDeep: 768:WYnBOR/44uIMq5S4gplj/ez921nbh//R3+o:WYnE24HMq5SZ/ezQhhHh+o |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | 6.17 KB |
MD5:
d5e4d7c7f124f587c070e84e17a737d8
SHA1: 0d3913cc6ec79ca2d4de28172bf99cbd1051d9a8 SHA256: db860c20efb4109b8da7b5b034ae0ecd46856e366bc67a201bddad80639e761d SSDeep: 96:4dNKYhcCpVs6NSaR8Hd2Mf78iheqM+0RnS8viPFkoW5Kwir1Q0lYCgApZkDPPU:4dNwC1wuC2c78iZMxSZuF8r1QmYCfP |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | 337.11 KB |
MD5:
43837fb6026275a536b883aa458e7123
SHA1: 3b6e561fae59f038ebad03aa968c89659f1dc0a0 SHA256: f7965bcde87db67d65c51a32113ec1600a593f8eeac7045957dce453cb2b898e SSDeep: 6144:/xDybtUMeBgKHayLiWoSvhxq05eWrIuiKb0ZNDmSc1nylan5D1k:OtABgNy3oSvhxKWUtmSCntnxG |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | 1.57 MB |
MD5:
a83367b7d259f985f017daaefe4cd4ba
SHA1: e0c74c3d756021cae8539c3113151db1aff5f8dd SHA256: 4ec117745750a6f157c47606694f3d0d9032751dc5a3f0f98c61b82d9cc54f2c SSDeep: 24576:ds+y8WJWEE6AWjMkQxD2a06qJyesVw9Xsm+/cQ9JlBGhJt6rUekDSgyM/LZTl5Kk:W+y5JWejO06+yW+1QtNrugnp6k |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | 4.67 KB |
MD5:
f253cd3810190980393520775071c5a3
SHA1: 0392953f163635ed20e7f689b98c42c188f4b0ed SHA256: 51c164f97b49a35b8508fec4da2af5e55505113408251a57775d32610b779875 SSDeep: 96:t2MjXcEcF9Ume4BrLclX7CoSMw+xju2J8K+kF7Ah4nkvt0I:sMjMEcLUme0clX7bSMwIj8K7F7AhVveI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419 | 0.54 KB |
MD5:
771fc74a593a36442c1d38c3af73c7e3
SHA1: 79090f58d4a466e109051aa7aa6092b5892d8450 SHA256: eae2b99ea9ba50b69a8f1718f683491cfd6c7cfad78678cb86af4baf3b672c46 SSDeep: 12:dF8JVa2TN6z3gw0h0IygCymLYJgVPdKt/cisYW++Yo2CC:dgVai6z+0Iz/YYkPo7v |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini | 0.73 KB |
MD5:
e59e8ce7033dee24d0058bb723f76632
SHA1: 202e18600ab8363ac2e64a37bf3e5a6ee96a5860 SHA256: a3b4961ca621061c79bad8033a5b0fde60d193abdba84ab677020fec153ccf51 SSDeep: 12:XGy+cPFzzZiE22UUMgPCPMD16uvbsB9aTe6SiCe7oX3+n+41dIN2C:Xt+cPxzUE2x80uTs/YU5X3++4/Ix |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9v0FgvA-o3wubBpr26.mp3 | 80.95 KB |
MD5:
c215d551219b197a6bf0ceded76074f5
SHA1: b64b09ee2699ee7030dca1ea3f7f0f3448567ebb SHA256: abffa449d206e92db43b6dd9f7a68cae15ac1fd66a1bcbc367066cb0e3df5210 SSDeep: 1536:n+TqUxQgJBUsxoviDpOaXo+I7+MZ3VUIukitn6kdL+Eq75pkOxjx8:+ugJBpI/7+s3VRSnHdLAdpe |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4 | 5.53 KB |
MD5:
784adc113041fd383a55596b29b7cac3
SHA1: d6e098705a9a9f3c3750f5e358eed656fd9dab61 SHA256: 96bd65199982b6434b686845bbc7dbbfe3c524eff0e55a0e85c832da452dca47 SSDeep: 96:G2kk+ZQiwnjBYnmRajQQcWLlKd+SRkT+VEbzTzPEYF8qq2hKL:G2FmQBjBYP6WLk+SRWmEHPEYFJhI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | 0.98 KB |
MD5:
75deee13cb3c2cb6b8172f7252619614
SHA1: 6d3609e97f83b344562c754f4eb5f1569553be35 SHA256: 586ac08fda3ab78f916444abc1c3497092a0b48883a2de465f38e509a79bfec8 SSDeep: 12:Wbme8jxqQxmnfhRbgprdVx+CSGsR68LGyHb4+uEzvu0+R6pFDW+xBvISyK0Nrb5X:WbmDIcmnffMbRwLlH0Gvux6n7xBUHOjI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | 249.76 KB |
MD5:
506f995983fa598242cc942a24660ad1
SHA1: cc45681988fb91773e0e11709b96a51794aa963e SHA256: 80eeec80a2119b353ab52d73ae50bf142ae6f48c058c771b12b8ecd977c1a578 SSDeep: 6144:JoTFMfM92g/7SsVbefuKdEPS2IdM0EOU+WepBDlBeolyf:iOfMp/7PeNSSg+BBJy |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | 0.55 KB |
MD5:
b061ea02de1ad45d14987d528a72ab69
SHA1: b1016734c1e67326c447644e353f90526c68a0ca SHA256: 21d1c944c984bdddc3f524c0f081363e52f47cffdb23b9f5f67b5a44e1a093bb SSDeep: 12:yjd7/I9+/4DoZch7BxzllYDHxeE0WH60EpPamzYS3q6H/9C:k7/JGCe7UDReEQ0oaTS3q6fE |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | 1.04 MB |
MD5:
ed45cb2a5843c833d448b91780084b28
SHA1: 3eab9b856c6b5fb9c8d43fe8e155ca230162ae61 SHA256: 4ba389dc095bf8410050f0c5eae1e14488eec96e628ccc3d9611c88a8415badf SSDeep: 24576:eLXBc4Uv2sX0GVXfMyYcldrZgtNhX3gfKlVY2XTXpk3Xo9z7l:Vv2sX0GVXxYkr64KE2D5knK9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json | 197.21 KB |
MD5:
0aea10b5bba2068f7b181892456b8482
SHA1: 30f58a808eaec03559aa3be219c08e081d186998 SHA256: eeb3d8795a0d78cd92b4af14029d5fdeeed44a5ce706b54c060f5cd596bdab39 SSDeep: 3072:3AzhTjeIljF4I9r9n+BDzTzd4tcOg4/YmlBzPdryznohMLCvOMq1VA8YLDzC3rtJ:wleCyEgrd4uOVlprEom+OED+35Ka |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | 290.58 KB |
MD5:
aa0742764a4bc3de8ccbf916bbf7a8ff
SHA1: 426314b85e7b6638a78fba7eca7138d72eb0d22e SHA256: 64c5a2f34db0ba9e37d2f5ac954fa44ac4f02e5210abdbb154b4d72a27ae6512 SSDeep: 6144:Jg4It/Uy4vkfitS8IntrGehyks1X9gBwCb/a+1nIHafZ:gikaYvGr/XaGCf1N |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\k8pe.docx | 23.31 KB |
MD5:
0def914339dba51d2659af1a80e1631d
SHA1: b1a9fe586c1a0700001d5f28355b9f9191c8a392 SHA256: fd3c3485924d78ab5b64720c81df2fdb86671047db8018504ec9e1a8df2fc488 SSDeep: 384:A0g8axxPjCP+jxM5UkxPDvH9y05uT++iduG4PY+cU8BIKWAmr+zSlSoIBYqFCu3N:O8WCGjaS0dETc0DcU8BIVAmr+OlSokYm |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | 0.60 KB |
MD5:
1cc10fd7567e4af44bb4307c18007bef
SHA1: e3a005fa707dd76f0446a25d0a0f55794c0fe538 SHA256: 5f0af2d52f04d06e75a2cc641e2208e35ef925223379b76bbc62b3854c6224bf SSDeep: 12:oPo7oZYfbtYvoIAv595gmWbDisgC6qfHG8u2NfpkLsGgmnkCBSEmDmq0cC:1ftYwIXbOu6qfdhbCsGgmkCBSEm6n |
|
|
| C:\Recovery\WindowsRE\ReAgent.xml | 1.54 KB |
MD5:
8ca9d04f57ebd9bcdc2e6e96f778700d
SHA1: 40eba6d5f271ee1e5d38fd6c4fe4e8611ad28cb6 SHA256: 4d0fadf5c10c0c9a3bda66ba1b5d26c31f61b56907f704975c0a70ca0204dbb7 SSDeep: 24:tJCWqL7hiQcput8QCjapZQiniqJkpqL19/7jAPBUj9t/PBh7LQGOKHB2Ud0BDirS:tJCF5cp2Lt/L1VvAEbhhPQGeaUQ6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K0spQSfUKxJCGIe.png | 66.18 KB |
MD5:
33ba98a357188cae889b6fc02963ac50
SHA1: 346cd5d8083354a0ef7c4c06af0a4067fddaacb2 SHA256: a61331f8537d133f2ad1f68c3b77f2eb5375e9615889abab4b0aedc9fc2ab24c SSDeep: 1536:yPKhPRhxtlDlXdMA0fSoodk2xWb3l9LZpyNyHyw/mORH1sgInk1+G2m/:yah5X1Po/9LZeySw/mOROkA+/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4 | 5.58 KB |
MD5:
e148fb82146751eb3275114014ac797d
SHA1: 16f2ed351a525ca68f0067bd046dea082e235781 SHA256: 6c1b8639969455bfa16ca8fc3b796dbc7c2a4df562cb723864205660237b21dc SSDeep: 96:yG8KVRfMOWsulMxoRYExvNNjKgmNIxj967nCM9EO+VjkQNt5dZH:yG8KHWHMx/2WX8jQTCM9EO+Ltr1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | 545.48 KB |
MD5:
128267151d35a82f8f3379a11139ed6d
SHA1: 495cff7f4e2c3c810de63b39bbea00ae4e9d8039 SHA256: 0ea2be63ce9a666a4f4954273824cf1fc4bb7eea0fc60ca2eda890a330cef266 SSDeep: 12288:k+p0ucVhJN2FBdiENWna9vxIIJKn8f2ROhw9K+PRQ:oucVhJN2F3iuWalx12t9K9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\eauLyTsZ.ods | 5.56 KB |
MD5:
f36cf7ac8ff848ba83d6fc4c30543fa4
SHA1: 45e5c1fd4265e399b0a3089a8a2dfe52e72071dd SHA256: 9d9a3f276e1d3e4656bcf03d50b206a41fafba520ee82a0e2caf75cc56e569e8 SSDeep: 96:vp6zH8EUvBlWk4IobywVKK5rAj7YN6iQSzUOEJfGbki50H2jcrT:B6phk4IobywVn5GQQIdE1qkiqWgT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hnb7PHQYw4L0j.swf | 85.96 KB |
MD5:
7f245ffa9fa2a260e3b305b6fce77326
SHA1: e1baca08746c3f7c8ec2bca969f738749d5d9501 SHA256: 30f9f2b307a9d4da3b17a3ab7a4e0dd15fb15cd73c08a8711953e6fec2284134 SSDeep: 1536:cKty6kmWhCF+nL/oiLBioxigVRiTOquY0Ae4xt4kgyz5i9zAys2uWhr8YjbPPp/E:VaIsc+hnO2Ae4xfzeOOljbHp0EU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | 371.63 KB |
MD5:
7a0206dd85a6d4987623547cffd963a5
SHA1: eff83005cf97e7288339505537bf3aad5901045c SHA256: e5cf308e3dc618a84d3f9b803de8ef478779091a27a539f698bb1a0f3c74e663 SSDeep: 6144:ome817DlPRuIZhTLSRkuZnb7Vo/akEa+OPg+OvS2hJCCjhyMpLOISmM+/0g:Be8zY8Wdd7K/aaRjO/JfN9ZONmAg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | 0.55 KB |
MD5:
4fa508e84bcb0c2a5dbd2c62998eb3d7
SHA1: 4511da17af18bf914fb72f2d625a21d6dcb5d926 SHA256: 8824b757f75822c84c474c3938addad8cac849e6ece0e761137cc2a181f33305 SSDeep: 12:oe5x6rVvVS0XVObSHtCIzrunEAFFEPZcd5rsYXseOtf5anIQC:tcVvVSuVO+HoIzynRgC5rc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | 3.53 MB |
MD5:
c25f3ba48690b762e2695d05c1ce09c4
SHA1: 07e1d3a8a1bf108b3f86a732dd69e1e38c5c6ce1 SHA256: 72322a1dbe5e0b0b8ddfc5119ede99c87664a14df98e4690c5aa253b3325cff6 SSDeep: 98304:J0+GgzFanO1+ZOcyOsVp+sFp4qvqgwfvXJ1lKCs:BGAUO1+9Avv3wfPACs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | 6.03 KB |
MD5:
3493a584295f8e8064247ad8176b88cb
SHA1: 3c586ba82489a54566de6ff05531c1b523945877 SHA256: 1475da8a3e719ebb0d14668c1059cc4612a8abf2ae7b155c0319d217e8293156 SSDeep: 96:WNpvi9jbOWE0BCGb+yMo60lk6UiS5FILMx9lH9GKcqn1VWE+1Nq5aA44+goCW+g+:UIbOWE0BCGNh6ZIwrl4OOEeAvmQ7N |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kIQ1x4EAWiFzt.mp3 | 22.35 KB |
MD5:
5c801b9abfd89cc9131e8bf974cd8f5c
SHA1: f2d18c2196cfa23a172a9bf6522743fc12e771d8 SHA256: 5b38c60e9a73d4825b015a24168f1665bc23d76670ddee0d58664fde7a0e7982 SSDeep: 384:8I3Gz/1YWCOYlPusIcXuBHH4JGvQpNA0Ow92qZvtgqsAVSjkqnYc7ADc:8T1WPuspXuqGvQDAR02qVtgq5SjPnYo |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2MVIrGzsQBkTtY4S.png | 62.45 KB |
MD5:
1ce10ab56e7717b57203142e7ad5e145
SHA1: 40c168b73c11947c3a08f78e541486285253d50f SHA256: 9df58c5a432c337b1456276282883316dd339703aaa907b46e18b70f2da51c4d SSDeep: 1536:zYJvn7FAGNvvGFn/UOEYA10fh1x/NHlzS4tg0lNPcQ8oQDguN1+:zYJv7FF9vUn/UO/m0fh3NHrgAlcLdguK |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db | 96.53 KB |
MD5:
56d20d89d4ead2e815930e0565d0f00c
SHA1: f31937a76ec082717ef027ffe23078942bfa09a0 SHA256: e5b6c0b03615345b5c9fd423f0ab43b7e10429e41aefb7bf890e03e546c4a7a5 SSDeep: 3072:kc6PDgBEdp4r+IrQjIv5c/pfxpdHQC/7bT/EdjoOte7et2co:kcqDgBEd8HvmBflHQQ74veSI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | 475.72 KB |
MD5:
ab65ed2095d00250139de10b5d8954d8
SHA1: 972aec43636085090d9e708841c2892666bcbf1e SHA256: fd0e74709165d63794f9add0b682d52a1e2daaba0c85fb3b8fd255c0d33c4785 SSDeep: 12288:UITn2cp+dcXswiGKA9wyBV6Lz39eyfSxt:UICQswSAtVAz05t |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4 | 5.70 KB |
MD5:
7b4b5d4b3c45690ed0ca3cb46a308820
SHA1: 17eea860ea77d614737c6a7cfead2fe5002da97b SHA256: f8c6251aa227babac6624c347605914ce14a4cb90eb43e7c6333904fdd1a4031 SSDeep: 96:1jcadts1RJSSlZwT+lVCrVVUr+fB0hHuW3C8g1M3EbnQpfRJPfS2rFE:dcadS1LDZlVCZxeull1M3kmfPXS2rFE |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | 0.98 KB |
MD5:
3a4fb5c64d6556af66e3320558918320
SHA1: 75534906f794a65fd7bdcc0523d3d36a4c42d742 SHA256: a92391da85ee092bec48038044fd0ba6f3eddaf25811551744a94fe06a20cac9 SSDeep: 24:RIHx/ds3DFTlK/i8CpcSJM+61fhmIhnjYN2KT2Sb0bdczrUv2UZ111Y:Rex/ds3DFB8Cpg+61fmNLT3zrgnZ111Y |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox | 5.56 KB |
MD5:
3da475a0cdb4891a9d90711654cde696
SHA1: be902826b85bc206f39d630f186f7de035d8aa82 SHA256: c0a375f3c6965ceb4b3381461c5370922321725f1a736db7c67209e56d8bc83d SSDeep: 96:gqvzbw4M5vMA/+pUBDNXGFobD4bFZXcg+k0ludlmyQEHml37RSyFN4l8vjO:vvpMFXheCPAZMA0MjTmlEwN4kO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | 245.97 KB |
MD5:
46a4b6fa936d4765368435a659300bfe
SHA1: 1eb2403719d0bb29de1637b2cd4d08f906b585af SHA256: 591d912413871289ea9af12944c133aa785392359fe813caea3f9af48e77c9e7 SSDeep: 6144:qG7vkQqdOdd8cV54jPkmBGX6HC12764cxT9jixVAoKX6vVVyZ:J7vkQxKAqPkmBbC1f4chlkwoVe |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\AjZgg7KeVXO.bmp | 2.62 KB |
MD5:
2e0d526cbb91dd890e33526e812867a0
SHA1: cdce13871e7b481ba96f0ec7e334e2ec75b66c0f SHA256: 7e635de26919237ff2642c7e07ca1dbe6ecd16c68714cb8ea8a6b78ca01bb14a SSDeep: 48:D2XmDZVGUj180x+qL2pF8w5hMrh6jlM9cY07rQ0/zyCRG3c5Kz8F1u2I3jd+k:D2XSVzpN42Dkhu07rQdoEz2Ih |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | 1.15 MB |
MD5:
591ceecd0518cc847b802fcbac5040b1
SHA1: ccef3243d2c56fe0f0e368fcca01761747a9bad0 SHA256: 4a0bbcdebfa57504e3e5e729b74d50761c54d86ca43e70949b9c23c550727136 SSDeep: 24576:igyUNwlRW5EKk4PX+RvIh2fgwghc8lvT9t3zYXNcEq/zWoTzRx5QNn8:ioNwlfCXMvHghRxT9hQcH/hR4N8 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4 | 5.40 KB |
MD5:
cb650c43a53ddb7f267684b0f799113b
SHA1: 2e34a8309fb1520da79ff214f9eb6ad73dc13772 SHA256: f890d9ad7972be0d7af88d5dd28cfee27cb6cf25e57dcd01346d56b27da62013 SSDeep: 96:zSdJjeu0WrpZf9BKXr6kY23Nl6ifQzqEXGPr4zdO8VeBIqja0lfhe1:cJMoZi76kZ3Nl69dXGP0g8VeBra0ze1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1OlD0DrQDAo g7.swf | 39.82 KB |
MD5:
47d504e4778b400a552f14c4410499cf
SHA1: 0e4550f328d353ec858ebf9a4d6b1e0b83cdea76 SHA256: 415bf94b66d53140a1d48b1e2c73474196ff4fd2be1e3d10a7fb758a33a46576 SSDeep: 768:jZ315nlOFeUEQBt+hXjHLP+V4cHj/ZLlA4H6x/dFXwYiwTxZeh8F2:HtXjHLhcHj/ZK4idS3wTxUh8F2 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | 6.41 KB |
MD5:
44ebec02e9d7994aae7bb789e2eaf684
SHA1: cbf69e8fcf02beef19f6b377341301bac71b4ca0 SHA256: dcbed0b18edf96a4e94dc9a47b20e6ebda99181e2eb188d23920f1e3343ee64f SSDeep: 96:q21M9xslg2Lb2U8cfV9p44YV7oZrHRg/+WcFcgwPyzK3LtTAgDeMddR3NO5ah:qteg2L68Nf3FWc/az7tsA3NO5S |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | 527.49 KB |
MD5:
10b6d8874f4536086a02026ddb93718f
SHA1: 6097a1324c0f8db79d6f9e8191de14a866a01162 SHA256: 027ad3a94d5200ae622060a6036f8e961569b06d37dc55b86cc05fda293c4e15 SSDeep: 12288:oVGq+I4He5GkI6zwr72o5R9h5u8i8XT7Oj/jwJLD2x:oVG5H2GkISwv28FuY/UjwRKx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite | 224.53 KB |
MD5:
5cce4cfaab724fd3aee0ff82bf03c9c0
SHA1: 4f8095efca3ce009db3d10ec8ee4542edbfb9939 SHA256: 106c8f6549d6d28ebd9c169ef2a54cc189dbb6028c0fb35dcae44d03abea87a7 SSDeep: 3072://KYnEzdrLlYyfxMfFYE8Alrn8sKDgGOLhKlLi4pO7tjrODZys/fUeaDy3aj3okE:lQxuMCFXlgIhKqtid/MjRdBZExX/KJs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | 9.50 KB |
MD5:
f87ff52946c5234ce3b2487930a588dc
SHA1: 9c6d3cbb330ddaf5126a8ba9a281364d9f658448 SHA256: 15c80c5463ea126813a4979afc4d610adffbbc9b37888b5a153d12d7a2d25072 SSDeep: 192:JUAwlgdHjme4qwHG+7i+I+fCPyplwVGDysyMOcu+0BaKYkgkt4IhKl:J1kzxI2CPEfDysy27Kakol |
|
|
| C:\Recovery\WindowsRE\Winre.wim | 10.00 MB |
MD5:
4f4dc4c2fad23ccb33140fe7bccb4507
SHA1: d41b973ca1ad94bbfcd284e614b02f48c9716ca6 SHA256: 29ccd5bfde69d9c8598f0f7f68f7b0c1ec50bf882073221b0c68bedbc580b3b0 SSDeep: 196608:f3aK05QP0NugCFllvMJMyRRW1pcfF2Q4U0DLgywFXBnHtykX6:f3yo0OlGJ5A1pcf0QF0PXwFRnHtM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | 1.67 MB |
MD5:
91fafe61b93080a76429b22f440f5d82
SHA1: bda0ee81d92a9e973a17b27647b1a0ec4343cfae SHA256: 1ef4cd2811645d850e2f6f0c19dc5c9e469ff005655a1b2be65b70efede905d8 SSDeep: 49152:oZAR4OPcal+k8qyL9WmUHJl6eUeW3v0FM:bcalj8vWL63e3FM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | 141.87 KB |
MD5:
29215f5fb50a05a2f22dbc89a93359c7
SHA1: a59a1d1497aad9c61768603b04a2db7c91296663 SHA256: d5ac78cfb29ce3910f023142ee76cd4333a0163655b87b324a9fd683e55c27fb SSDeep: 3072:GuktXDHEdRt8n1A8/uhBLDHmVN+JqyO5U0aMgTsKEJmI:GfJDvG8/DVNcvO57aMgumI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3SgG.png | 71.38 KB |
MD5:
f6627843b3d042658922fc65e41fbec6
SHA1: 6a224c94896c4ff29a595f045b95269a6cbe7723 SHA256: b24eef035a6898f8aa28cfd6fd36f4ee51290aa316afb8a5b6d76bdfb44f3d1c SSDeep: 1536:ZpUdiEEWCry65h4kHXxngT3DUxmVZOS4jwGN4iKaxv6CBnWM3:OibW93QBEmoRSvvFBnL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | 3.03 KB |
MD5:
966cedcb940c6161f1fb6dcfd3c170e3
SHA1: 60d95859abdb0f99eea396102b01123a1067e8b9 SHA256: ac49464c2b1587eb146ba73f5f24669ae01f55bc2fa7ab2c10b2aacee767f339 SSDeep: 48:5SESAr3fVsSWcax+IyeXcbAMkY9H6HdzTuGzA5XZ6L8yN4XGRq:MERLVsSWv+2Xch/HQdzTuV54L8rwq |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | 759.95 KB |
MD5:
bc625f9f5b477b909ad7067db4d67575
SHA1: 1134379e6beb854f7293441cf587cf663e23dc50 SHA256: 9ed0647bb68d71fd9bd60b2779c1cb7f421cb882100d4867729451c4e88ae3a1 SSDeep: 12288:MPuQxao45KkEJVkYmXclBiwHRDz9MQ8ahAsvjOvuqBGLHHjBG8O6:MPJx6a5BiA3Nhda9yjBGn6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | 11.17 KB |
MD5:
4a609af2cde1f10cafb4c8dcd79af14c
SHA1: ce3606e8bfe9a29ea9e576c7aa9cc7db0e600c86 SHA256: ab9c29d338b16117d87d20b2dab90759bde9da0ec2b9a4adcd70de6a346e9e9f SSDeep: 192:aANW6p4qpt4z/0mChF0pzOEIb5ZHgtUwIBAaRpLxBCdKAZpe8Ji5a0Fk8STl38l/:FNN6KnAyE0pLwPuB/Ke82JbSi/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | 2.86 KB |
MD5:
0ed0570cd29c014f41bfbec98cd54d19
SHA1: 16d73bf6ae1852311c81d7f15d0069eb4e689b68 SHA256: 7afcd24cdacf3170d3b3a2b40201a730af79d9457f0c2d3d64e89b2fa11ecdad SSDeep: 48:SkPKwYyIZu4uA2qAhR6jyqikzP49kUd64aMAvtntVGXSkRu+55VestS+DvFNqzCN:/PBYyMuA2qAD6jkkryke1aMABPxkRf5r |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | 7.72 KB |
MD5:
aab371d44f40e77d3580c0da0d6fc50e
SHA1: bc081c558f142ba93dfa95230a2578090d3daa1b SHA256: 3d781888c486bb08ff65a5a2b78c067e061090bad184a0e38295a063a974a4c1 SSDeep: 192:VqLsq156HSnCfBaOOUhDvV+0ZOEJI4c54ww9gaxD5H9eq/h/N:V8r6HSwaOOUhDv40ZpJIn54w9aN5d3/j |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | 124.53 KB |
MD5:
136144d0f4b108c1a93f5c34556a3c9b
SHA1: 68f7a06b4c4ec2cb019e03752c66d92c299fb5d5 SHA256: 73bd855cdd4639601e9f5cfe68a6f2b834a3eb45752b24c001ff5557bef9ab5b SSDeep: 3072:mtzXDUn75uO8r3A7EnlNZUm5ocCQVhrq+MIQq//M/GRhCI:mtKuOMaolrTo50pNQdmhV |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | 0.69 KB |
MD5:
67d14da7f43cd3cf4cbda3b5f693d5ea
SHA1: 29d652246bd9400bb2c97eb00d01c03b0a5a79cd SHA256: ac3ff9f5e12ee08553779d320df303f1960d2100b177927b80dde9bb9f255671 SSDeep: 12:UZkip/vfloIyZhWnoqMpAIgNM8OG+ElMRuG6tA2lKAN5gDhL41Hj2RBq/lyFD43X:UvJCtfGRMuIgNM88EyRuG6tl15OaKKo2 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | 0.98 KB |
MD5:
033f75c249e3f3f18b1b7cfaebf41579
SHA1: 36dd93dae70069516078fdc4262a002b4cd38bb7 SHA256: 99a9b9e5503d2927d0fddbb45f6e3cc813548806039edd15022bd4ffe7b6bf84 SSDeep: 24://88K4gBcA8zKMC7LfhqWc8MCX6sXrHmCnoEvg/uhLC5v:/08K4aQKJ7wWldKsXyLSg/uo5v |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | 512.53 KB |
MD5:
d317b269eb7aa1d0173509883a4fc71e
SHA1: 83646da77d2e1b899a1c2caeb1b40328ba7312d7 SHA256: 2b83871166a3248963484483dcd668273ca00d24fd19186403792e61f2b03713 SSDeep: 12288:sbOpwB57Ug0HhY1fx577k06DS2gb2dLv3AaQBVNp6vuBrQ:sqCBdxShYd7+22g6dLvlw56vAc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | 4.46 KB |
MD5:
cfa1620743e3089dacb67a9b227c5bdc
SHA1: 2b9bc1679ff3f0de5a27e6e373183767b5a74528 SHA256: 43506ad19501dfbe561270c6d3a67a0ea1c7ff2eac09c4b554a03bfbe702a2d4 SSDeep: 96:39bY5jj6dOfZpIHOzMqniIIFZj9kuM/VeSql0WcnkzhNjyTKticVpRND+s:Nb+jjzRpIHOzMKHIFl9ku+edOWckDyTe |
|
|
| C:\Recovery\WindowsRE\boot.sdi | 3.02 MB |
MD5:
cb945accc85db63751563785047c38f9
SHA1: af93fd12ed1f8d233f8212ccf405a19c60ea8c82 SHA256: 3a3eb5a4d7fefd641a063c99e425031f11ba89ef3e87959e0bcf99de5a8338a0 SSDeep: 24576:CuFq/5R7eoxSUIOE1GoJm5u8217GhtJw7TaoIiNXonN0SSz9pmGSBH/vx:Z4HgUIn1GoJSRbJ4/IuonN4hpMB/Z |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4 | 0.59 KB |
MD5:
3b8bc70a156a0ec846eb0b4845b646b1
SHA1: f48ec2f380dfcb46bfe80ba18b4069cce7e4b20d SHA256: 7ce3a662217756002f5384908e9982ef281a53d8c3d95032ee695caa0782d6d5 SSDeep: 12:BBxSgwwwgcKowN1uG5repxGpl4VaF6v9bjay8knhtyC:BTbwdKRNo0VPjsFbjdnht |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | 721.31 KB |
MD5:
c36eec973b574c1c747b03d168e152d2
SHA1: 458c261979f48617449def6bf711ae0a8eba230c SHA256: db33029e90309cc1b0fdd26e5b6135d1f28380b05d8c01af21d1cf6235710d48 SSDeep: 12288:8nhrcKxdcMyt2HOuE3aO1J9GLFFzkuxxwN72qQZgSH6UK2mSGnpbzZl:8nhQrAOu0nozlwN72qQZgnUKrpzZl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | 278.65 KB |
MD5:
f439db7cc80036974c1c01636aff6331
SHA1: 136440b9bd20804a25a7ab7c39e95f073c3e866e SHA256: bc5c5c6af5e8abac7c24cca4831da7482d4e83eec4321bd98939c7951abe6350 SSDeep: 6144:PoUbOhXf2ESO3esjBlxgqqbUfCPnQLGSARL:PoUaFf2VyeYqYfmnQw5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | 1.96 MB |
MD5:
06769afd0b74dbd48669be3b05659c16
SHA1: d42e4485b54623fee752919fbada5e2a86917cc1 SHA256: 6de1b6c12fbe63e2767435d816480223c6b534239b99985fe2ca30dada022d58 SSDeep: 49152:nJygzdZrIRuqQqaIAahBbHetziWp30WUVZY4XApe/xT:Jy86fQjIAahBretziWSWmFXApe/xT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | 558.05 KB |
MD5:
146ff2ac6238ac6ea96f23fd008f04e2
SHA1: d8f630755da523bd3214b8c5fc759b8e9ff13ce3 SHA256: 4652ab3134c492dd9f6cbce60bedfd5189372256738f215a606e4e44aef3921e SSDeep: 12288:OZvcebuDtksNjrqKva2eWMA6KATBDVacDGufw7v7:1ebudhXizBDMQHC |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | 4.12 KB |
MD5:
90ad28a97d3f8640d77e86632bf9d083
SHA1: d43a20beb212903f52aaca06b5c37eaa6d8d917a SHA256: 33a47cff130b78e36c6a860917281d234aacbe631a920e76c0d5b8d526024483 SSDeep: 96:2jMq+Q5hHpO3H68m45lq5+i6iNR7gwFrC:lqlhJO35iljkf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | 6.58 KB |
MD5:
52ed50bb225b9df873b7c32b3b5012f3
SHA1: 0772c50747933284f52e6e0da59289ef6e09e5f9 SHA256: 437a7e91f9860a4d40bcf67834168c61da59b2ae71332a6efb41ae593f820552 SSDeep: 192:4KtW7q939cb67TjD4XXPGDPU4kxv2Hd+jbhv10l+v0:4G93c6fjDg+Ds59bjC+v0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | 107.90 KB |
MD5:
3f90cf45372f07be96655e6e9db65914
SHA1: a740ccddc9eef02aff810970ad0fac4d16bec033 SHA256: 5bc25622dbc25598c61acf8a7196ff86c693addcd7b12bb36e97964759c1357e SSDeep: 3072:hBoNxQIHW021exnKUyUm8Sf2xB0Sf4Hz1h:h4v928V5zSf2xfQHzz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | 326.31 KB |
MD5:
94014964d5cabf8cbaa533ef1bfae00e
SHA1: 057f989bc435f15facbb09dc1a7e0095c7c831e4 SHA256: 6c648c2f80b690494f157bed29b48ef1f129e8767f7df71da8bbf50734a1d59b SSDeep: 6144:NN4D5Gm8gm83DmqTTo8kwU1FgbucwdyiyzSxsPydz1aO6tq+IRcNh+kZ9ptc+cN3:NN6GmZm83DmqTTdh+gbNRtSxsPydpanI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\- yv.wav | 58.89 KB |
MD5:
fb99df6fb61fc8bec6bfba7d7b9e5e29
SHA1: a0e4c6dc451fbc3a2689c7ae855c23442185c7be SHA256: 7cc05b585a21e9ab88d9b02b3a635c7eaec023263e5c2a7c591a7f8a2a5fa705 SSDeep: 1536:FYvDHn2b7m6t0EtxgGeqnGVpqhh+5x17F19dfeStdyX:oz2biQtxgwnpafrT0eds |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | 903.54 KB |
MD5:
b6482d7ce6ef82c8d8ad5e592da26005
SHA1: fe6735237dd3d1849a8bc7ee1a6fb1340848499b SHA256: 3539de5a6a3b15a3775fbe02899e2a9318b93462043c1174593efd6d0e56d7ac SSDeep: 24576:RnIfKUrZWYb9e1NUMuIcVcPjAlMAVEGRYIekp31:Rnl69e1oyUcGQq31 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | 2.94 MB |
MD5:
4e706e4dd0cee2e37a2dbb3f6803ef25
SHA1: ddcecb6c82549660b1a726f182fc1e2ce3c6e787 SHA256: 1424a467ec15e36fc0a8b1c0147f786be9d0e97406d158a8265b3ecaa67b230e SSDeep: 49152:GetlaeG/myafVYJHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9P:PlKIfSJA3cimUVxV05aJE2fKaDOXdN9P |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\jgJxxyHOVzXUXod-4.png | 56.95 KB |
MD5:
afd4af51319f1a14a400706238e2e5c7
SHA1: d62a3164a26426a9d596e97ca5156b32560ee230 SHA256: 76160b5e76c82795560a47fe6ae9c31dfe3438a665ad9892aebc91bedc36ecf2 SSDeep: 1536:71RZcMjZmBazLRAwSe7LkdB/HV34WaBmSi:ZRZHjZwazVSYkdBN3MBmSi |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | 2.12 MB |
MD5:
fd66a4eb15eed7cbdaaf18e8471493ff
SHA1: c8a87cb46008f5b9bb730fc877dd95576a505e35 SHA256: d81d214c62cfd83438781ea2228fea52ba4bc2d7080c9b9fd820a6b003967ca4 SSDeep: 49152:QaPN2q8mFwTeKB1M6n9l1IdO9wASFntrPEWNec:L96tB1R9MdO9w35PEWB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC | 0.56 KB |
MD5:
168d98d13975dfe4fa866dfb4bfedf4b
SHA1: 6e94af51426aa352cd6ba82adc132e140b689e49 SHA256: ae9828052da41084b204d915d6c759741cf686501866da2973da0ae7340ee49d SSDeep: 12:mF6sZuwHcdXyydABvOV8S0eDwv3xRcrKpEcda1BEoh9JRT7bZGlvLfcC:mdZ3HcIyegfHDwv3xLpEEWEORTZ0N |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | 1.39 MB |
MD5:
5393dee4ca84055fce7810dcbf2ff0f1
SHA1: 2423ea61f244aa72ec96a18f7df5f5e2be27c636 SHA256: d0bec23ac20ddb4878622e04483fe6c6833c40d7272df7611708032bab2d4fc0 SSDeep: 24576:oTzbmUjJx47Ww3XaysHbQFwI0AJHWfu9AL8XvP26PIEpdowtEV+GXr562DMJR:o6WWWDRUuI0KN9y8XjVpAV+Gb56sMT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.58 KB |
MD5:
5b7e2db6e821a5be6d654f703900e8b9
SHA1: 20cdf9de16190b51ea05bb8765163c8954a8f839 SHA256: 57dc69438a571bc8bcf1eb3d0517bfecae21664b3bc44349f16a2ef030347d5f SSDeep: 12:Uixpmz952G9Nt/9/Gicxs7ok1/bRY4ImXidv8S/9Fr9scEC:Xxpm6G9NtFkxk/9Ypbh8MVscd |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | 1.21 MB |
MD5:
7281920ddeb2f18949c7b4be11ca2bea
SHA1: 840f048a73ac971bf61f3ee0acf96fb2a482db1a SHA256: fa951b14343dc081878c23cd171bee2c0e184c96012655bc6b3f343f2537da31 SSDeep: 24576:GNYS4JXp2y7BMLC6EFLMEFb0rpH6XLI5uZ8S+FmzH+a/tf+M:wN+7BF/F49H6XLPaS+a/1l |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\mjh24v9h9 fQiLgK.bmp | 92.14 KB |
MD5:
9db6f55335ddc541e111ed79170db0cf
SHA1: fb676b3165f3ed48d0cd8eb527d39b92074a25a8 SHA256: dfce36b56e4bf51849f665049d3e4820aa92da01b8e4e05ac248bfff18aca6e4 SSDeep: 1536:FWOqtJ3o0UP6MOCWxgdOT11LdypewzHj8+xgSTX+gExYIIFn3mgUCD:wUpvOT3LdyAH+7DACIIFxUy |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | 213.01 KB |
MD5:
708046e0784868e39dd0c4a10c0ec684
SHA1: a03a4fddca83b033a9fc6fbf819d14b2e30a1ec1 SHA256: 0bec68a9e080a1608ca480618a9753419210c9e449b03eb18e193b40db8120ea SSDeep: 6144:0YN0OtVL+Rav2xKueJC7DD/pmI+1y8y276z4vLsGgD+:0M0vjreJC7//V+15LkS |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | 0.98 KB |
MD5:
890a27546610b5d071cccccd77c92878
SHA1: 037ce0f360139181119926e46c5cd3f33d9eeca0 SHA256: 1fb0ee21f93056c3de54a880aa6d2ee75681e232fde7454a7406e4256df50ecd SSDeep: 24:dsgT2e6CzzEaO/xkhMSD/RyQf/g22rWMMJGUrse928EdtsCopU:X2SzExkhM1+/D2rWMMJG4sqIspU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | 192.53 KB |
MD5:
9c3730d1057c74159afdbca3606feb5c
SHA1: f2fa4fc6978db0678da5cefe38695469b7ff78a2 SHA256: 0263768834e55a6c6b09242116329e42c642b5d506ed99d5fe8f31741c67eeb1 SSDeep: 6144:ryje7j9N5mJOr2clR4f94nKmJLf4LAKV6YFwUP4c47TZCw:CeEuV+f9rmJLf4L7EMP4cw1Cw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | 250.88 KB |
MD5:
72e2d1d54cb47eaac3702aa553f812e7
SHA1: 758ddf96cf7c04dfb9c683bec3a29c24de022da6 SHA256: ff755d2b0a96661c26413437d8773b18bb1f3463f1d28b9061e4886b7eb9f11d SSDeep: 6144:GvFh/wIEl6KKDVNJpKvBrcnR+FA/ltQMNSbgw1Ok3varKQv:0dwzKJpKxcMy/QMNSbgwFvarKQv |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | 264.83 KB |
MD5:
ae26ae0f250040e309888a5b99b0700d
SHA1: 9af24d123f5b2bcc88207b335f0095a49baea836 SHA256: 6d0d74ba3a7e05fcad41dad797c19ee88d2c8509d2a4c185351fe0dfae42aeea SSDeep: 6144:puRMZpdoyrPp/P7vileetArMacF/FUMtzymxzyw:pug1PZ2Fk8umxZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | 0.97 KB |
MD5:
7fce623b2140b6791670f97d7ca05092
SHA1: 94cf080ab1ef16c8a9d6f2fe05097a0c320970c3 SHA256: 40aff6a620c7866c568f439106338988dbd0496762a836f4011352e2eefa7be7 SSDeep: 24:NPYysf+qEKorLiIoXgvTncxsdQnzfMK1vt:6lm/J3ipQ7ncKd2fr |
|
|
| C:\\SFRPESIVT-DECRYPT.txt | 8.35 KB |
MD5:
53d0cf7e2f93993aea51495fd98ad0aa
SHA1: f9f34880027be8bbd9b85025c96600a1fcaddf28 SHA256: c655ad1ad0bcc10351228569d79ce0022e0407dd8d4f61d0ae878a61f7e3aad0 SSDeep: 192:SbChfZ/2r1LelL+tupOFmZ3/eBK24znUTMIZxHc:+ChBa1Dtupd2wIZ2 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json | 0.55 KB |
MD5:
865078f3aa709dcabf7e4c497e990696
SHA1: 18717faf2c47167e42d8133ac769bd81d8b73b90 SHA256: e23c62c52b7ce873c70baf640a2233628f91c0d463141d5ba5419db8d286c842 SSDeep: 12:Kcp4Dl4SqoMBLEg/hs2R1z5VkZOqmKSo68PFh3kXFJuC:KVPMBgKfL5VkZOqPSoNPFZk1JD |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | 37.37 KB |
MD5:
fa954bfd3a953c18e80171c8327b78cb
SHA1: c1896c69cf942f6f04e7d4b5cbae383c1d33b9e6 SHA256: 501ee97b09277ad4665dfcdd74e825f2b071590a94457cd7bcf25b1f548382aa SSDeep: 768:ppBVlUA3M43QTa12jiqB9bzqjEMXVtGgOUvqfdmK6dynegeXqB2Y0o1:pPXUbSWpB90hNiAbgHeaf1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json | 1.32 KB |
MD5:
10a6fa3bc198f47bcb8ea47546341b06
SHA1: 06768cbcc9758a01187a32089f25c36814ce26b9 SHA256: bd9cc04885cce6706ea29eb39124de145991965dddd1732f57696aa194f427e2 SSDeep: 24:9VCNnkMcqJmJSzyc6fcDG0UY2DquPNajveevjtVVUaF7QSrwFGLQQwVb:9qkM1oJ0n2XazeKjBUaFkSrw5QA |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | 0.74 KB |
MD5:
828bacf16249ca8bbf5c1d8331678d14
SHA1: a673d4bdbc3a60893197b97015c0e6bd72471993 SHA256: 1bece0ac467cec6b1e39444c01b3d27ac3b9f348ddbf5cc4889308b4e0070a53 SSDeep: 12:ah68O6zXFYeGQxGAnxvGdvQQnGJQIhyE4SxwKdUUjgJDw+O/KeDjy6lxOtC:ahxNzXieGAsBQaGKIhrvxwKdNjgJk+yr |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | 5.99 KB |
MD5:
67272bc484950db323e0bad85d46d7fa
SHA1: 274eeb564ebde99e3b64cd2858205c9aebc1880f SHA256: 5b57a5f93e6abc38ffd7869163e16020d8dcb6e406dab8bb1d7c0b7fa656e8b9 SSDeep: 96:CdFO2+HG5EXQqYXeZvmrCxO+xMIpvRSCBulh5fhQxxk6MMG2XHT08CfUJCkIzhi3:Cdf6GCfYOpmrAR3PBIaxRi2XqGuhiDp9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | 6.82 KB |
MD5:
750310c45e335467b11974a6be150cd4
SHA1: 2b04bbaaed63a90796c5327c669b8a1a3b2f2756 SHA256: 0af56bfe093d26134187c6767dbe1aa56d7bec470f5e597f8efdb02b23abd9c2 SSDeep: 96:jjbJ6UjlpG66hsYKOmj0LRt3wzvf2DmZCzDGvlpd+//RBu/Hd4IA05t9nQ:vbjpGphqitQvfTwGdXO/wyMfnQ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4 | 1.86 KB |
MD5:
a03d3f0e6e32ff37c4b0c82f3c844eb1
SHA1: ccab054dbd8dd7a9b333972fedcf859d50ea2c6d SHA256: 81dc356f627444b533fc79ea12af9fb407f376bc19b38a1341f22966dc749103 SSDeep: 48:DRPvIIR8wKjIWKO8tldEUNMFb+MUK48FZOg:lTKjBKO8tfd2s8FEg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | 16.94 KB |
MD5:
e9aaafc0d8edbadc117c11d240a72351
SHA1: cef288b9bec3b731894b4e59099f20cb316545e4 SHA256: bc14c4e4c18ae81f711339fd184ea83e9b7c0806ba385658e218e5950f5e00ae SSDeep: 384:NbTzWCUVxbFf86VKYzbjPwol6R7RQbffH+VrDkqiadW3rO1:NvzWCUVPf89y/PzX+VrYtaIrU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4 | 5.68 KB |
MD5:
4288e3e7e0f2ef4497b9219001a99926
SHA1: 810107e747322cec6eedebb6b2b5108c84512c7b SHA256: e4ad13fc30f340feea9c586fc898268ba1d17f556f349de9687a59b585654cf6 SSDeep: 96:qgv/+J623ZRvWgRnneKf76wXSfKtcyvGBVrsuMSOrxPXLGS3v2J7boeJ:qgv/xOkgQKf76ZKSrrsucr1hAboeJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | 1.15 KB |
MD5:
069aa992496eccc7897e6124e7d8568b
SHA1: 2f9b9ac6d4d13412d99b5783e2b0d9dc5c3e5306 SHA256: a70c47875be02df3c2ae93db7371e5ad42020a46e5ff20042f6d8912a6323ce7 SSDeep: 24:J1IoYrUsVxq9bLVicAHJWs2Lz0or6Klxsi3yX9ZSi1q7nTp:Hp/sS9FAHk1z0WlQ9ZSsq7nTp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\c78b.jpg | 3.81 KB |
MD5:
e2e2652bdc49ad2278265632bde1227f
SHA1: 72c13e15b83cc22a11f015ec62f9a4704a2c5df0 SHA256: 02c65dfd79d45c2afda25756f19fe7fd2b01af4c6e7f2c7e0046cbc8e7a4c130 SSDeep: 96:Y138eJ6R8hpd7pAQsw/qmyk5Hhi29wMUjdkv8u2V+SSSc+W:YlBJFPQ905F+W |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json | 0.58 KB |
MD5:
d16728d819b4e07fcc2f037d7bc3c0ce
SHA1: 28ff2a160f10de522bc733a3c6224873106beb4e SHA256: 72ebe812a257041828f372e47e4fd4be6b634077bd56ca3a9ef7c5f87d314f60 SSDeep: 12:GQn4vBOypFYA2/dq0y2bvKjJFUCIiJibi8z2ocAJqjFUQrrFC:GQn4ZOUWZFSwKaqA32ocAKFZI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | 196.53 KB |
MD5:
5eb04e104111cf43528075a33a7f4e03
SHA1: 4c28736d85af43d76776eb9f9cf48869fe10db44 SHA256: 167be92e6f61c7178fa5cbcb93929cab045ce1bdbc989bda234bc2f6da1a3144 SSDeep: 6144:Un/LzoFYOuX2TlrwUy7GpfdLPh3dxxb6xu:MLzopNtWwPh33xOxu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kjpbbRBTd.mkv | 83.67 KB |
MD5:
1683e3108aff40174c241777b6a85cd5
SHA1: f664a0943ee14e8fc382f26a5c67a5ee1def3828 SHA256: 0e7e20a4d55a39a6b97307f5c891209325d15d18d8cf64712560e7e03dd5260d SSDeep: 1536:MuWHpPBzmWM3BZ2Kf1KSHRtUvMxKBRcDvZQgPfM3/N+DYdG:ML8BZ1f1LXLQ+uuy/k3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | 5.59 KB |
MD5:
7a637933b530efe3e7f87f828cd1edc6
SHA1: c794f74f4194116ef6e187dde0221583f1ced98e SHA256: dcf1b4bbf99c3eddf18c7a4b05f196458c6db905eefc5381c6f8069af1dd9480 SSDeep: 96:nLbVChmDdWpHzBiBxiavxgrFyxd+8CFqQIAicFDicEiOAZ84oAy0Eu1eCv5V3Xhj:Lx6mDEpNiDSz8CF9acFOIloAye1eCvXl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\dcu_D0tnAih.swf | 11.27 KB |
MD5:
e804203fa0dee99e1feafbc776a00a62
SHA1: af61b18a153ad60f1c1360dd63ae95f6f218942e SHA256: d06c7963f2d945509e373977a986375f7116e1d2db0a7e1a6be50f90e32602c4 SSDeep: 192:PSVvRxoslJhDUd3mfQazGi9dBqBX5nmVwikyQfCELQe/WmYfHx6Oc0Q2yNUS:PsnoslJXRzGUdBqxXikHQG9gYOP6f |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | 5.30 KB |
MD5:
fcdc0413879f65c5136e9158b84e1b46
SHA1: 448a314c4af193589ca7a260d1460bf0827890a6 SHA256: 273b0628d2646df71837bd2e47d6acecaaf4698518a19b68c6025f3ee3aef0a1 SSDeep: 96:d99NH+qb1E8LCUhlRWa1AIgo9NPmkxCF2ECP6lPKEj/QfSlDlbC/kXS:39E8LCU5xAIgINPmnMsxKFUpbC/kXS |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | 0.94 KB |
MD5:
9088137c95c406e7263b2dafe3f06cf2
SHA1: 8635cacd091fca0badfe771a75ca6ed4abad3531 SHA256: 6ffd9b067df874fc10e2543b7cf8a9aa09332bbbc8e1b3b94732817ac420271d SSDeep: 24:Y5joiBZjQMrmtWEQcj+893VQnJkxyjC4AqeFLCL2qf6:Y5F/MD0F69FZUC4AqOCPi |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | 953.65 KB |
MD5:
d3fb5ed0bc52897c97be21cafde3f1b4
SHA1: 4830610f0d543ebe0020a8ff096dd71c520935f7 SHA256: 2a6918d7bb37efde2b02bd6b27d1fef0bdb1144173a11aee7837a6bdd1201541 SSDeep: 24576:JhnhkBQR1ADIHI+tkXELho9Qlbm/yZikm:TnZ0IHIWLC9cLZzm |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | 0.62 KB |
MD5:
47271a0bdb5e75f1d1c1ec82648949c7
SHA1: e5a73459d758417e7372667e6d7b47a506514481 SHA256: 2c68ae162f2b65aa452203f05c8f1fc435567650e9df7d41630ba20d070814ba SSDeep: 12:2TLO4g4LrZTYXVaAHc/LPolY8/ZEZFU+O1nVe3HIT9T8VC:6O8r2XVaA8/4/ZnVeXu9T1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml | 252.43 KB |
MD5:
18ad1aaff3cb368fd4359220dfed8e56
SHA1: d62a07bd1f87a28ee771453712d432c8d2863763 SHA256: f1be9d6dcc33e4c438f3def700da764df68881713a3bd989d1aaad5fafdeda94 SSDeep: 6144:Fq21AK6/a4sI2gtOXjdllsO7GZBpH9qgH:Fq2Sta4f2g4jpGZ3dqgH |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | 483.68 KB |
MD5:
25f37228a350cb780ffab6603150bc4d
SHA1: 38ee6e3d26f8693c20217b748285e61f896ac6ae SHA256: 98f5c451f0f87981de15a399c8f5b62704bd4f2d55f914abb7a4bbf0ddd8f21d SSDeep: 12288:IDGssJMvRHSOTHboXzgzxlZWlF8WzkZAQmJ:JJMvRHSO7boXzg1rg6B9mJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | 4.75 KB |
MD5:
0e147ff02d17121854a94425230cc9cc
SHA1: a6c4347e58ee5a7c6a5883dd7b8b8b74abe038cb SHA256: 1961bcf6326a41eaf52a6d2496a8d473255b7bcfef147dcb58488f5742a8dd3e SSDeep: 96:E9m5ldyrv5vi/wm92EbdhpeBon0WfiPPHkcKtejlHsJ:E9FvsDfhhpe+0WqPPEptexH8 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\mbGahTIz.jpg | 14.17 KB |
MD5:
c604e387eef7269bd2fe24624780bad7
SHA1: 480810819634ddb73d3fef4e8972d7cb59ed8c02 SHA256: d3375984a7847cab09f2bdc6100cc092dc7ae6c5eac31fa384474f6702e436fc SSDeep: 384:yeDxt93M8IZrf0RdBka5l6Glz8sXCT7hHUDyu96V+:yeH93FErf05TxpS5bu95 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4 | 6.56 KB |
MD5:
a7ef04b748f328b83799b761a29489b1
SHA1: 967eb7812588c211c402e9e7f032fca54d3fa1cc SHA256: 63ff620c26e9d386df3ef1aab5bfa458dce129bc86349f66b71560f39f7c7f49 SSDeep: 192:GMs07EFfGCH1i+xZnWn/uSCRRFd8yqXogZ5e0b0wMDcu:GMsAc7Vi+k/ux0yqYgZ5e0bhScu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | 893.37 KB |
MD5:
81ef88f655cf899b66f568ace6bed75a
SHA1: c094a8ade51966dda428021241ee0c1637f6e115 SHA256: 5274ee0305374bb5730145a60695db36070fadb7599e0f2e4f4033e704dabe04 SSDeep: 12288:+Nx3LMNv6s4O4VALN5q2PZawGag8m0pQEYoAZSOIC5OIayDK+UBsbf5nWW4HaON+:Wtwv6fcFn1exx+Ccx4UBsD5dIjdxw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | 2.79 MB |
MD5:
49e7b48863e78f8653f186ca134752d1
SHA1: 4106164a5a071ffa8a6e2cdebc3582abb8800755 SHA256: de4fde7fad1171714e89c6da6f8d90bfa1919f150914a07e0369c84117c4c9ce SSDeep: 49152:eAqEmkwLBWqDQRPbuwIsX6jfSUAO/cLf68wy9yxKrOUURBgmai2prx:eAkkw1WY8XAHGJwLx9DBax |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4 | 6.07 KB |
MD5:
4f538219c5c1f8aedd82663da9d7d793
SHA1: 5396cb27f22457eef5681d9b3d4780680c26dee8 SHA256: f6fb0e365a12a1368787973f2cb984b1507a94585951a6d2e5ea1dbc982d46b3 SSDeep: 96:TX/GxsHOjphVyiLtilKsL1yJqMn1lFEEpqcTGvq4s3WkrsNsbAr+TpLh:TvGxsHOjHLUllp0/LqwGLs3WkrJkr6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | 0.98 KB |
MD5:
625fa473d3d753bc04ea6ca1995e21f0
SHA1: e6a0ce0767d5055ecde75b8220accb729f9203ad SHA256: 64ac3209aa7cd8afaf617cde7a2131e551d59c9bb0b46bed93992383b2e5d7e1 SSDeep: 24:IZbC9u+o4KCRmunS8HFthCm415PePfiz/f:cCHo4KCTS8s1EQf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | 18.94 KB |
MD5:
f405e8c50b19f1554b6b328ab5f97b17
SHA1: 39ee076aff2253dea46a4c632a0a8719fec769e4 SHA256: b50cc6767bdc5819108d3a4e6fc442843f5fb47f1c7341e5d8ee2652d5220230 SSDeep: 384:T1dWilVuzq7xr1KKyOFj8uN9yyDu8Ba2+VYEYOedZaD0prycKy0wvpyn:T1v3ue7VMKrFj8u3vDuWaJredI8rMdWW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | 549.47 KB |
MD5:
eecaf2b01243e609fbb80f0efe4de43e
SHA1: 799743c402d6db6d12aba5567c4fc75f0ec5e9b3 SHA256: f2d3e3ed3977d66dcfe4afa3003751c7ab6e26589e6883effaa492e562d4c9af SSDeep: 12288:gIWTaAK+u2prVseBdjUp+TNLVjH9UYg8lUvAqop7tkiKvCfeyg:gIWTaAy2LTHIIThTUY1wop7tNKuDg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | 3.44 MB |
MD5:
e63678ef8b56540cdab06f44e0f9f08e
SHA1: 6c735a5fae071186383c4b89ccfc3d65f726d49f SHA256: 2b45d30a64fdb8a1c30bcfb5b012d49498d752d4d8a5a955025f431d05765818 SSDeep: 98304:3RACQyHX11RBu83hJLdoaFxTygxcoiX3M0iCL:3RACQ0FrJxpcoinM0im |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | 0.55 KB |
MD5:
23be76e80679823004c802b6f39df4cb
SHA1: 63db79ca9344dbca29b0eaf34750eb0e3e8b4976 SHA256: 959f07b619692b6b7d1e0efbcaa0431e7954f450640de9a59f0b28b152264413 SSDeep: 12:JV+2J+zpE5yMKCiCUJ36BFLCnn2o7/7yMmGP68ZP5IFDK7fM5M8W/KC:JV+ImMrpiCUJ36B5C92Md6qMK7fIqH |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JJpO.avi | 7.69 KB |
MD5:
9bb4922fb8662a6e0a117df954d66251
SHA1: d76db8a12a732dd6d92b48ec192919c62ee931c2 SHA256: 02d0b189387f40afe90067fc4c0a06942fea182ad6939aae8318eff6ca84b228 SSDeep: 96:ikl4Br8U2a9iCUqVb3U1kOwGES4wafzkZ9PxcyaRJ6+IY74bX4kyc93HP705jVcD:iCSP2bCpTUulGElb2czb6+ItnyYXcA |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini | 0.71 KB |
MD5:
9f90bd4ad675c9279066756fdfb84f02
SHA1: c37748e04e57d7a12c6230458f8b44a1ed2901a8 SHA256: 5c4ba23fa2706d8f1d59bd2da0db86f610d04c9ea2b2747f7f58891f8497b269 SSDeep: 12:0jnVflabPSVA9eQv9vjAxFiDycJLL33oAuD+0Zu2R3NlI5rYaTU2xBvPPHqi0cuU:0jnVdAqS0Qv97AT5cJP34AuJ0udm5XTj |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | 648.90 KB |
MD5:
b16222e0b68fa407e7219b3d6c39bb92
SHA1: 6250d537a9499625aec528b1e90fc7e2b990e69b SHA256: 293085a94eddefddba34ff96a8ca76219901bb33398a146f52308bf62554bfef SSDeep: 12288:uubebciP9NX9wH2XzeKa/6D6hCxdIAkJtmewOs405GfRQURt0t83Fj10D:Xat9h9wWXz5a1hCxbkJs540+dZ1+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | 0.98 KB |
MD5:
50c5d19104a5826e2d40b18495696a52
SHA1: 028e15333672870329a1a1b7c793f5a6fb7622d6 SHA256: b4c2b79b328f187d0c697380f3ba46ddb02576720a362d18a3ff28dc6f855f5c SSDeep: 24:59FeTq7lMEAgHojrAPEow73aXt7l/lRvSerAmxmTfq:59ETq7/AQ2rew7A7lTSerAAmzq |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | 511.32 KB |
MD5:
548c6291c2db33c6a8b32c79045cfa8f
SHA1: 7e188e7dbae935ec81a35135ec7a8504796e0303 SHA256: f1b56b9cd88fbd497c81878b700f49cea3a94cbfa13e9463b2fb8c5ac82a21c8 SSDeep: 12288:MpCqP04b8EOWcT54LTGg186Crf/FuT6mvrkqrD/I2fZ/v:M104a5TXf/FuT6mzTrDrf1v |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.57 KB |
MD5:
8bc0ba1753f5a7a6fe5b484f6b472aa9
SHA1: 013c776184bddacf1dcda49121ed8d8c0e7ce2da SHA256: d9b9c1c55bf417cca3d6d617da705c2f26d8bae20d58ac50d3fa6cdcbb357739 SSDeep: 12:rr7P9OVl+7jVTVDiS70eDqM8Nn3Se2EXqs7pnbjduvVa0xTimRxIGXCxKC:rr7PzvVZzDN813S3s79Xdu72SINB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | 1.02 KB |
MD5:
6a0be1e606a4a1c0f8d6994349a5115f
SHA1: a5ac39f07d6a2f00194cad1e53f765497ea98837 SHA256: cd68384ecde2758c526e928518cc9d3a11db8b5fc2403a214d71c183667c1af7 SSDeep: 24:W7jOZCG3hAZOIRUJ3J4WlTYGzVV0L/16xoufDX:NCG3xmCiWlTh/0z1ov |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json | 0.66 KB |
MD5:
ac813d297f9c38dd8785b2753d71ec59
SHA1: 060ffb179297361a3954e46d550ae9804a22f0d7 SHA256: c2f9ea270138e415697f592916a3189335d03d9ead21061a66091b673595a3ca SSDeep: 12:EZMEk4y6ADbG7N8XbIXTMu52zfDOPb0avyOoETb1BGZBayoBeOYva6MkzC:hqy6MbGWgFvGRZBayoBevvarke |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | 944.81 KB |
MD5:
b6b8c934d91d49762a921e407970101f
SHA1: f070d425170b61fd40fed8e806704bce3afe5bdd SHA256: 2e6b8518a318f9ba32e710cbdff4dc70efdd6ea68d0cf50601e22c335331d858 SSDeep: 24576:oULv782JJ5i4i5n5RWVtmo3vnQw88kw6ugZU4ruSvpWyXwn4:oULv782JOn5RgtH34wgbxZTZRWyg4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | 1.40 MB |
MD5:
806254738e8577099c00f0c83e9ba955
SHA1: 8d636b5b4787ff4a73eb621aa575dd41a252352c SHA256: f7645456a2eed0e9d8c5ea6d59198d1bc0d2dde2587a63cd0760ac89a1d79eeb SSDeep: 24576:Q+kWRBRNqpAXW3zzugmkTjHurWOgIIbnFk0uV1CBySgQ7ohZM+byLHx:Q+kauAXW3v/HHu9oLFoyBfL+ZHeLHx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | 246.08 KB |
MD5:
4bb2474377295bc77e270972a8259cdc
SHA1: 873650a06927ea8c59b37ec0f64aef8e81fbbbe3 SHA256: bdffbf14436d3ac44e388a81cf08cd242634ef6cb5c34b999f103b99912b6977 SSDeep: 6144:R1p1XOcj0cV2bh9oCb8JfouWkaVpRj6pGpGZ2qS84/v3:7XOObV2b/oCb8+zlVPUwNv3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox | 3.53 KB |
MD5:
21137b64316a6074a0f67a09c0740621
SHA1: ea3f93c5b0a85bc581f429c775dd2efa38df38a6 SHA256: 0fc9f85f9069319ec3332e415a8f743eaaca0f2f2efd7c9948b00748d0793dc0 SSDeep: 96:fm5BcmwvMTW7pHFrCNyQR5wkSjPk4pwVdy9Tqa2F0KwW:fm5BcmcF55Cxkzk4pQeBe0KwW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6iEbBl.jpg | 52.57 KB |
MD5:
ed9a263fa94e753d2344009c755599bb
SHA1: 11d0a39837a18451c49c22024ffd5dba283405f7 SHA256: e63cd88c959c93f3dff7f86e01c317c8d40daeb6a046a8b14ad92277b2f6464b SSDeep: 768:A5YTibcnSSylVtW7E7fYP069b7EYYh8+lyRTUO+qaTZjuQi7CYPQLaSktM:A5RbcnSSy/taEzijnPYCRTU/axM/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | 524.55 KB |
MD5:
a50091b91f4d64695305bc2cd38940b3
SHA1: 9daa0a9ea86183e570236a2422cc7d0f34720b9c SHA256: 12da95c574f3cdd9949e8830f5d8bccc1eb7e9d2ec7ead6ce5f2e0783240cfc8 SSDeep: 12288:0rOgIMotAn/W2QyIYQa8rB1fs24Gz+kEOSns6bkWQ/XV4b:0ToyL1EB1fs0z+kgns6h4XVW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Kfe-zKlAdWswrW6nKu.odp | 29.54 KB |
MD5:
c41167f2cd7244dae13846abdf81f5f1
SHA1: 0549bddcd50d1a89186956c6b0e679b9799b5746 SHA256: edbea9a5c47147deae58ed323edbe6e8973605ef1a6bc6adcc49227de3ce0dad SSDeep: 384:AFtQ9gGVT4IlH3tMSK/MSTcZ/HWVuKYGfwrcCTpNwnHdd/EzG4qSaxn3HDgm8RXl:AMaGWINOk/2V+GmpNwREal3HDgmiXSc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json | 6.32 KB |
MD5:
682a5dd5ebb23e215459cab462189b72
SHA1: af491df7cacc30975f7ae2bdefcd65c2999216b3 SHA256: 8b26ff785ac8729f65db6579ae0c6835c54434be6ca06d6dc80325f7a90edec2 SSDeep: 192:TMkG+mxLZh8h3f1IOf/4PaaEl6ySVUjZz:okoxFh89fS6QP5E8ySK5 |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json | 450.04 KB |
MD5:
d136c6b32ad956dbea78600a2add77f5
SHA1: 59d731ddccdbe799a9b606bdfa19f083449bc820 SHA256: 20e62a07c4afda3d9fc27824faf680bdd50dddd3dd7fe46c5a7ec50221625a1a SSDeep: 6144:ucuS/zmxox+9UXSlxv7/Evj2Q1+JvsrfKRDo6kjsOtjswyGKJ2tlGf9+6U3/Al6S:doIX8v7sj2AIvKKDo6kltjdyG5048p |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | 11.64 KB |
MD5:
c54c34deaaef536453104a633c493016
SHA1: 7211e53ca9972e0907e08cc86a5030d37d9fe97e SHA256: 394c7deea8cbcbf3924b0b2a69a28c6d64ee4a8ba56a00ccf24d80da0d3e9139 SSDeep: 192:q4rxERau5hcPMHeGdtmk+8EUuAJ0IelKb7epXnnBuGg71QfDs3njoR7TDitd2gDG:1r+R35h4GdtnBue0Ie9pKQf4TovutMgC |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | 288.15 KB |
MD5:
0010aea5322f5a732403f973947222af
SHA1: c969952be285801809c57114b32f77e02fb293e0 SHA256: b39b0c8a4c9b73bc4f555a8fcc3740dfc07a17c14a231b2e3dd2a57e49112a63 SSDeep: 6144:pEnRo3u7ZVywfgQqQgrgZXJ7A0LDfrT8i01X19uX7vUCcnBcMxb3bnAUTrNuEF:pER+u7ZVXf/IrMlA0X8cVcBPb3bnAUVh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8bo5Ma7MZCSN.png | 17.22 KB |
MD5:
67c0417bc66cbbe85f90e00cad22fd5a
SHA1: 04f6636fdb8051e3d0006183f5984dd0a2e5fcdc SHA256: 2dfa570ede2338bb2274c9a7ba3452eb0a876bf003992776a93fa0ca980f7f40 SSDeep: 384:J5K39lkcbQKgvOeAxopWLcHLY9qY9T9E+DdRJ0F5f32Ke0ukp97sOXf/6F:rADUAxdGs9qYnE+DdA5PZuejP/u |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | 262.90 KB |
MD5:
35a3fca4d9ee43727ee296402bbcb3c8
SHA1: c370c2e34b40c47ae008250cea2848232d66fb12 SHA256: 05fdcadb437cc13bd87e6d1b658b9b8d4a34019564b48467725c0351176365f0 SSDeep: 6144:PfpOnAKIzkx0G25JfTN1IG91e02iBFbolsYW:HEnAKIBx5Jfb3ew07W |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | 18.85 KB |
MD5:
9b7975b24b85aec31dff26e3a051c329
SHA1: 5b2ebc33f98f0429917a3387c19f7e3c21e69d06 SHA256: 74e1002f0f57429287be71e467e0873f9c3977e110dfe78351115d6d7c5e3cc3 SSDeep: 384:8rx3Ke2T9+IS31NdANGotAHOzGy5CstQy8spxft3Oa3CzsuXJ6Kbu25y:8tkczYVAHm/8EX8spxcJJNu4y |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | 2.25 MB |
MD5:
d8b0d2f1fb32148556914ac3e9e5db16
SHA1: 4902138de3dde5df8f5cec953d9bb558b328e5cb SHA256: c8ed1a92af4684f9d6b2aa98cc57e5972b59d9d9fbb0ef96b4b8a3a028ffe9bf SSDeep: 49152:pZ5DQNZomnkUMlZ3FCX3CzwovQTSwW8nT:pZ6ymnHMlZ3oXSzeOwWET |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | 594.40 KB |
MD5:
a9df5ee9e5abcd9d550decf150dbfaa8
SHA1: 2d39109df7e95d60ca600d08a6de8b3b6d3fa131 SHA256: eb364a1bbb7ce61997a2ca83fb7c7b63c7a8adf6ea69ee3737c016338a16c37e SSDeep: 12288:WH+bMtMZRw0LmsXwjJpU05FHLJv+FTD7YjYfvl+dQB:xMtow0dXGpX5FH4FTD7Yjavl+dQB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json | 27.83 KB |
MD5:
e5c37b5e8ed271d64875db5ad726f4a4
SHA1: b3f34d1c04f5369ffc518da9f494882f103f61bf SHA256: bdb768fd1ac736b30b2b1292c6606c2ad4d864fe3b6396a9eabbaa3bc9f2275c SSDeep: 768:WYnBOR/44uIMq5S4gplj/ez921nbh//R3+o:WYnE24HMq5SZ/ezQhhHh+o |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | 6.17 KB |
MD5:
d5e4d7c7f124f587c070e84e17a737d8
SHA1: 0d3913cc6ec79ca2d4de28172bf99cbd1051d9a8 SHA256: db860c20efb4109b8da7b5b034ae0ecd46856e366bc67a201bddad80639e761d SSDeep: 96:4dNKYhcCpVs6NSaR8Hd2Mf78iheqM+0RnS8viPFkoW5Kwir1Q0lYCgApZkDPPU:4dNwC1wuC2c78iZMxSZuF8r1QmYCfP |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | 337.11 KB |
MD5:
43837fb6026275a536b883aa458e7123
SHA1: 3b6e561fae59f038ebad03aa968c89659f1dc0a0 SHA256: f7965bcde87db67d65c51a32113ec1600a593f8eeac7045957dce453cb2b898e SSDeep: 6144:/xDybtUMeBgKHayLiWoSvhxq05eWrIuiKb0ZNDmSc1nylan5D1k:OtABgNy3oSvhxKWUtmSCntnxG |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | 1.57 MB |
MD5:
a83367b7d259f985f017daaefe4cd4ba
SHA1: e0c74c3d756021cae8539c3113151db1aff5f8dd SHA256: 4ec117745750a6f157c47606694f3d0d9032751dc5a3f0f98c61b82d9cc54f2c SSDeep: 24576:ds+y8WJWEE6AWjMkQxD2a06qJyesVw9Xsm+/cQ9JlBGhJt6rUekDSgyM/LZTl5Kk:W+y5JWejO06+yW+1QtNrugnp6k |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | 4.67 KB |
MD5:
f253cd3810190980393520775071c5a3
SHA1: 0392953f163635ed20e7f689b98c42c188f4b0ed SHA256: 51c164f97b49a35b8508fec4da2af5e55505113408251a57775d32610b779875 SSDeep: 96:t2MjXcEcF9Ume4BrLclX7CoSMw+xju2J8K+kF7Ah4nkvt0I:sMjMEcLUme0clX7bSMwIj8K7F7AhVveI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419 | 0.54 KB |
MD5:
771fc74a593a36442c1d38c3af73c7e3
SHA1: 79090f58d4a466e109051aa7aa6092b5892d8450 SHA256: eae2b99ea9ba50b69a8f1718f683491cfd6c7cfad78678cb86af4baf3b672c46 SSDeep: 12:dF8JVa2TN6z3gw0h0IygCymLYJgVPdKt/cisYW++Yo2CC:dgVai6z+0Iz/YYkPo7v |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini | 0.73 KB |
MD5:
e59e8ce7033dee24d0058bb723f76632
SHA1: 202e18600ab8363ac2e64a37bf3e5a6ee96a5860 SHA256: a3b4961ca621061c79bad8033a5b0fde60d193abdba84ab677020fec153ccf51 SSDeep: 12:XGy+cPFzzZiE22UUMgPCPMD16uvbsB9aTe6SiCe7oX3+n+41dIN2C:Xt+cPxzUE2x80uTs/YU5X3++4/Ix |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9v0FgvA-o3wubBpr26.mp3 | 80.95 KB |
MD5:
c215d551219b197a6bf0ceded76074f5
SHA1: b64b09ee2699ee7030dca1ea3f7f0f3448567ebb SHA256: abffa449d206e92db43b6dd9f7a68cae15ac1fd66a1bcbc367066cb0e3df5210 SSDeep: 1536:n+TqUxQgJBUsxoviDpOaXo+I7+MZ3VUIukitn6kdL+Eq75pkOxjx8:+ugJBpI/7+s3VRSnHdLAdpe |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4 | 5.53 KB |
MD5:
784adc113041fd383a55596b29b7cac3
SHA1: d6e098705a9a9f3c3750f5e358eed656fd9dab61 SHA256: 96bd65199982b6434b686845bbc7dbbfe3c524eff0e55a0e85c832da452dca47 SSDeep: 96:G2kk+ZQiwnjBYnmRajQQcWLlKd+SRkT+VEbzTzPEYF8qq2hKL:G2FmQBjBYP6WLk+SRWmEHPEYFJhI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | 0.98 KB |
MD5:
75deee13cb3c2cb6b8172f7252619614
SHA1: 6d3609e97f83b344562c754f4eb5f1569553be35 SHA256: 586ac08fda3ab78f916444abc1c3497092a0b48883a2de465f38e509a79bfec8 SSDeep: 12:Wbme8jxqQxmnfhRbgprdVx+CSGsR68LGyHb4+uEzvu0+R6pFDW+xBvISyK0Nrb5X:WbmDIcmnffMbRwLlH0Gvux6n7xBUHOjI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | 249.76 KB |
MD5:
506f995983fa598242cc942a24660ad1
SHA1: cc45681988fb91773e0e11709b96a51794aa963e SHA256: 80eeec80a2119b353ab52d73ae50bf142ae6f48c058c771b12b8ecd977c1a578 SSDeep: 6144:JoTFMfM92g/7SsVbefuKdEPS2IdM0EOU+WepBDlBeolyf:iOfMp/7PeNSSg+BBJy |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | 0.55 KB |
MD5:
b061ea02de1ad45d14987d528a72ab69
SHA1: b1016734c1e67326c447644e353f90526c68a0ca SHA256: 21d1c944c984bdddc3f524c0f081363e52f47cffdb23b9f5f67b5a44e1a093bb SSDeep: 12:yjd7/I9+/4DoZch7BxzllYDHxeE0WH60EpPamzYS3q6H/9C:k7/JGCe7UDReEQ0oaTS3q6fE |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | 1.04 MB |
MD5:
ed45cb2a5843c833d448b91780084b28
SHA1: 3eab9b856c6b5fb9c8d43fe8e155ca230162ae61 SHA256: 4ba389dc095bf8410050f0c5eae1e14488eec96e628ccc3d9611c88a8415badf SSDeep: 24576:eLXBc4Uv2sX0GVXfMyYcldrZgtNhX3gfKlVY2XTXpk3Xo9z7l:Vv2sX0GVXxYkr64KE2D5knK9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json | 197.21 KB |
MD5:
0aea10b5bba2068f7b181892456b8482
SHA1: 30f58a808eaec03559aa3be219c08e081d186998 SHA256: eeb3d8795a0d78cd92b4af14029d5fdeeed44a5ce706b54c060f5cd596bdab39 SSDeep: 3072:3AzhTjeIljF4I9r9n+BDzTzd4tcOg4/YmlBzPdryznohMLCvOMq1VA8YLDzC3rtJ:wleCyEgrd4uOVlprEom+OED+35Ka |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | 290.58 KB |
MD5:
aa0742764a4bc3de8ccbf916bbf7a8ff
SHA1: 426314b85e7b6638a78fba7eca7138d72eb0d22e SHA256: 64c5a2f34db0ba9e37d2f5ac954fa44ac4f02e5210abdbb154b4d72a27ae6512 SSDeep: 6144:Jg4It/Uy4vkfitS8IntrGehyks1X9gBwCb/a+1nIHafZ:gikaYvGr/XaGCf1N |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\k8pe.docx | 23.31 KB |
MD5:
0def914339dba51d2659af1a80e1631d
SHA1: b1a9fe586c1a0700001d5f28355b9f9191c8a392 SHA256: fd3c3485924d78ab5b64720c81df2fdb86671047db8018504ec9e1a8df2fc488 SSDeep: 384:A0g8axxPjCP+jxM5UkxPDvH9y05uT++iduG4PY+cU8BIKWAmr+zSlSoIBYqFCu3N:O8WCGjaS0dETc0DcU8BIVAmr+OlSokYm |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | 0.60 KB |
MD5:
1cc10fd7567e4af44bb4307c18007bef
SHA1: e3a005fa707dd76f0446a25d0a0f55794c0fe538 SHA256: 5f0af2d52f04d06e75a2cc641e2208e35ef925223379b76bbc62b3854c6224bf SSDeep: 12:oPo7oZYfbtYvoIAv595gmWbDisgC6qfHG8u2NfpkLsGgmnkCBSEmDmq0cC:1ftYwIXbOu6qfdhbCsGgmkCBSEm6n |
|
|
| C:\Recovery\WindowsRE\ReAgent.xml | 1.54 KB |
MD5:
8ca9d04f57ebd9bcdc2e6e96f778700d
SHA1: 40eba6d5f271ee1e5d38fd6c4fe4e8611ad28cb6 SHA256: 4d0fadf5c10c0c9a3bda66ba1b5d26c31f61b56907f704975c0a70ca0204dbb7 SSDeep: 24:tJCWqL7hiQcput8QCjapZQiniqJkpqL19/7jAPBUj9t/PBh7LQGOKHB2Ud0BDirS:tJCF5cp2Lt/L1VvAEbhhPQGeaUQ6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K0spQSfUKxJCGIe.png | 66.18 KB |
MD5:
33ba98a357188cae889b6fc02963ac50
SHA1: 346cd5d8083354a0ef7c4c06af0a4067fddaacb2 SHA256: a61331f8537d133f2ad1f68c3b77f2eb5375e9615889abab4b0aedc9fc2ab24c SSDeep: 1536:yPKhPRhxtlDlXdMA0fSoodk2xWb3l9LZpyNyHyw/mORH1sgInk1+G2m/:yah5X1Po/9LZeySw/mOROkA+/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4 | 5.58 KB |
MD5:
e148fb82146751eb3275114014ac797d
SHA1: 16f2ed351a525ca68f0067bd046dea082e235781 SHA256: 6c1b8639969455bfa16ca8fc3b796dbc7c2a4df562cb723864205660237b21dc SSDeep: 96:yG8KVRfMOWsulMxoRYExvNNjKgmNIxj967nCM9EO+VjkQNt5dZH:yG8KHWHMx/2WX8jQTCM9EO+Ltr1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | 545.48 KB |
MD5:
128267151d35a82f8f3379a11139ed6d
SHA1: 495cff7f4e2c3c810de63b39bbea00ae4e9d8039 SHA256: 0ea2be63ce9a666a4f4954273824cf1fc4bb7eea0fc60ca2eda890a330cef266 SSDeep: 12288:k+p0ucVhJN2FBdiENWna9vxIIJKn8f2ROhw9K+PRQ:oucVhJN2F3iuWalx12t9K9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\eauLyTsZ.ods | 5.56 KB |
MD5:
f36cf7ac8ff848ba83d6fc4c30543fa4
SHA1: 45e5c1fd4265e399b0a3089a8a2dfe52e72071dd SHA256: 9d9a3f276e1d3e4656bcf03d50b206a41fafba520ee82a0e2caf75cc56e569e8 SSDeep: 96:vp6zH8EUvBlWk4IobywVKK5rAj7YN6iQSzUOEJfGbki50H2jcrT:B6phk4IobywVn5GQQIdE1qkiqWgT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hnb7PHQYw4L0j.swf | 85.96 KB |
MD5:
7f245ffa9fa2a260e3b305b6fce77326
SHA1: e1baca08746c3f7c8ec2bca969f738749d5d9501 SHA256: 30f9f2b307a9d4da3b17a3ab7a4e0dd15fb15cd73c08a8711953e6fec2284134 SSDeep: 1536:cKty6kmWhCF+nL/oiLBioxigVRiTOquY0Ae4xt4kgyz5i9zAys2uWhr8YjbPPp/E:VaIsc+hnO2Ae4xfzeOOljbHp0EU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | 371.63 KB |
MD5:
7a0206dd85a6d4987623547cffd963a5
SHA1: eff83005cf97e7288339505537bf3aad5901045c SHA256: e5cf308e3dc618a84d3f9b803de8ef478779091a27a539f698bb1a0f3c74e663 SSDeep: 6144:ome817DlPRuIZhTLSRkuZnb7Vo/akEa+OPg+OvS2hJCCjhyMpLOISmM+/0g:Be8zY8Wdd7K/aaRjO/JfN9ZONmAg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | 0.55 KB |
MD5:
4fa508e84bcb0c2a5dbd2c62998eb3d7
SHA1: 4511da17af18bf914fb72f2d625a21d6dcb5d926 SHA256: 8824b757f75822c84c474c3938addad8cac849e6ece0e761137cc2a181f33305 SSDeep: 12:oe5x6rVvVS0XVObSHtCIzrunEAFFEPZcd5rsYXseOtf5anIQC:tcVvVSuVO+HoIzynRgC5rc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | 3.53 MB |
MD5:
c25f3ba48690b762e2695d05c1ce09c4
SHA1: 07e1d3a8a1bf108b3f86a732dd69e1e38c5c6ce1 SHA256: 72322a1dbe5e0b0b8ddfc5119ede99c87664a14df98e4690c5aa253b3325cff6 SSDeep: 98304:J0+GgzFanO1+ZOcyOsVp+sFp4qvqgwfvXJ1lKCs:BGAUO1+9Avv3wfPACs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | 6.03 KB |
MD5:
3493a584295f8e8064247ad8176b88cb
SHA1: 3c586ba82489a54566de6ff05531c1b523945877 SHA256: 1475da8a3e719ebb0d14668c1059cc4612a8abf2ae7b155c0319d217e8293156 SSDeep: 96:WNpvi9jbOWE0BCGb+yMo60lk6UiS5FILMx9lH9GKcqn1VWE+1Nq5aA44+goCW+g+:UIbOWE0BCGNh6ZIwrl4OOEeAvmQ7N |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kIQ1x4EAWiFzt.mp3 | 22.35 KB |
MD5:
5c801b9abfd89cc9131e8bf974cd8f5c
SHA1: f2d18c2196cfa23a172a9bf6522743fc12e771d8 SHA256: 5b38c60e9a73d4825b015a24168f1665bc23d76670ddee0d58664fde7a0e7982 SSDeep: 384:8I3Gz/1YWCOYlPusIcXuBHH4JGvQpNA0Ow92qZvtgqsAVSjkqnYc7ADc:8T1WPuspXuqGvQDAR02qVtgq5SjPnYo |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2MVIrGzsQBkTtY4S.png | 62.45 KB |
MD5:
1ce10ab56e7717b57203142e7ad5e145
SHA1: 40c168b73c11947c3a08f78e541486285253d50f SHA256: 9df58c5a432c337b1456276282883316dd339703aaa907b46e18b70f2da51c4d SSDeep: 1536:zYJvn7FAGNvvGFn/UOEYA10fh1x/NHlzS4tg0lNPcQ8oQDguN1+:zYJv7FF9vUn/UO/m0fh3NHrgAlcLdguK |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db | 96.53 KB |
MD5:
56d20d89d4ead2e815930e0565d0f00c
SHA1: f31937a76ec082717ef027ffe23078942bfa09a0 SHA256: e5b6c0b03615345b5c9fd423f0ab43b7e10429e41aefb7bf890e03e546c4a7a5 SSDeep: 3072:kc6PDgBEdp4r+IrQjIv5c/pfxpdHQC/7bT/EdjoOte7et2co:kcqDgBEd8HvmBflHQQ74veSI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | 475.72 KB |
MD5:
ab65ed2095d00250139de10b5d8954d8
SHA1: 972aec43636085090d9e708841c2892666bcbf1e SHA256: fd0e74709165d63794f9add0b682d52a1e2daaba0c85fb3b8fd255c0d33c4785 SSDeep: 12288:UITn2cp+dcXswiGKA9wyBV6Lz39eyfSxt:UICQswSAtVAz05t |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4 | 5.70 KB |
MD5:
7b4b5d4b3c45690ed0ca3cb46a308820
SHA1: 17eea860ea77d614737c6a7cfead2fe5002da97b SHA256: f8c6251aa227babac6624c347605914ce14a4cb90eb43e7c6333904fdd1a4031 SSDeep: 96:1jcadts1RJSSlZwT+lVCrVVUr+fB0hHuW3C8g1M3EbnQpfRJPfS2rFE:dcadS1LDZlVCZxeull1M3kmfPXS2rFE |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | 0.98 KB |
MD5:
3a4fb5c64d6556af66e3320558918320
SHA1: 75534906f794a65fd7bdcc0523d3d36a4c42d742 SHA256: a92391da85ee092bec48038044fd0ba6f3eddaf25811551744a94fe06a20cac9 SSDeep: 24:RIHx/ds3DFTlK/i8CpcSJM+61fhmIhnjYN2KT2Sb0bdczrUv2UZ111Y:Rex/ds3DFB8Cpg+61fmNLT3zrgnZ111Y |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox | 5.56 KB |
MD5:
3da475a0cdb4891a9d90711654cde696
SHA1: be902826b85bc206f39d630f186f7de035d8aa82 SHA256: c0a375f3c6965ceb4b3381461c5370922321725f1a736db7c67209e56d8bc83d SSDeep: 96:gqvzbw4M5vMA/+pUBDNXGFobD4bFZXcg+k0ludlmyQEHml37RSyFN4l8vjO:vvpMFXheCPAZMA0MjTmlEwN4kO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | 245.97 KB |
MD5:
46a4b6fa936d4765368435a659300bfe
SHA1: 1eb2403719d0bb29de1637b2cd4d08f906b585af SHA256: 591d912413871289ea9af12944c133aa785392359fe813caea3f9af48e77c9e7 SSDeep: 6144:qG7vkQqdOdd8cV54jPkmBGX6HC12764cxT9jixVAoKX6vVVyZ:J7vkQxKAqPkmBbC1f4chlkwoVe |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\AjZgg7KeVXO.bmp | 2.62 KB |
MD5:
2e0d526cbb91dd890e33526e812867a0
SHA1: cdce13871e7b481ba96f0ec7e334e2ec75b66c0f SHA256: 7e635de26919237ff2642c7e07ca1dbe6ecd16c68714cb8ea8a6b78ca01bb14a SSDeep: 48:D2XmDZVGUj180x+qL2pF8w5hMrh6jlM9cY07rQ0/zyCRG3c5Kz8F1u2I3jd+k:D2XSVzpN42Dkhu07rQdoEz2Ih |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | 1.15 MB |
MD5:
591ceecd0518cc847b802fcbac5040b1
SHA1: ccef3243d2c56fe0f0e368fcca01761747a9bad0 SHA256: 4a0bbcdebfa57504e3e5e729b74d50761c54d86ca43e70949b9c23c550727136 SSDeep: 24576:igyUNwlRW5EKk4PX+RvIh2fgwghc8lvT9t3zYXNcEq/zWoTzRx5QNn8:ioNwlfCXMvHghRxT9hQcH/hR4N8 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4 | 5.40 KB |
MD5:
cb650c43a53ddb7f267684b0f799113b
SHA1: 2e34a8309fb1520da79ff214f9eb6ad73dc13772 SHA256: f890d9ad7972be0d7af88d5dd28cfee27cb6cf25e57dcd01346d56b27da62013 SSDeep: 96:zSdJjeu0WrpZf9BKXr6kY23Nl6ifQzqEXGPr4zdO8VeBIqja0lfhe1:cJMoZi76kZ3Nl69dXGP0g8VeBra0ze1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1OlD0DrQDAo g7.swf | 39.82 KB |
MD5:
47d504e4778b400a552f14c4410499cf
SHA1: 0e4550f328d353ec858ebf9a4d6b1e0b83cdea76 SHA256: 415bf94b66d53140a1d48b1e2c73474196ff4fd2be1e3d10a7fb758a33a46576 SSDeep: 768:jZ315nlOFeUEQBt+hXjHLP+V4cHj/ZLlA4H6x/dFXwYiwTxZeh8F2:HtXjHLhcHj/ZK4idS3wTxUh8F2 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | 6.41 KB |
MD5:
44ebec02e9d7994aae7bb789e2eaf684
SHA1: cbf69e8fcf02beef19f6b377341301bac71b4ca0 SHA256: dcbed0b18edf96a4e94dc9a47b20e6ebda99181e2eb188d23920f1e3343ee64f SSDeep: 96:q21M9xslg2Lb2U8cfV9p44YV7oZrHRg/+WcFcgwPyzK3LtTAgDeMddR3NO5ah:qteg2L68Nf3FWc/az7tsA3NO5S |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | 527.49 KB |
MD5:
10b6d8874f4536086a02026ddb93718f
SHA1: 6097a1324c0f8db79d6f9e8191de14a866a01162 SHA256: 027ad3a94d5200ae622060a6036f8e961569b06d37dc55b86cc05fda293c4e15 SSDeep: 12288:oVGq+I4He5GkI6zwr72o5R9h5u8i8XT7Oj/jwJLD2x:oVG5H2GkISwv28FuY/UjwRKx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite | 224.53 KB |
MD5:
5cce4cfaab724fd3aee0ff82bf03c9c0
SHA1: 4f8095efca3ce009db3d10ec8ee4542edbfb9939 SHA256: 106c8f6549d6d28ebd9c169ef2a54cc189dbb6028c0fb35dcae44d03abea87a7 SSDeep: 3072://KYnEzdrLlYyfxMfFYE8Alrn8sKDgGOLhKlLi4pO7tjrODZys/fUeaDy3aj3okE:lQxuMCFXlgIhKqtid/MjRdBZExX/KJs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | 9.50 KB |
MD5:
f87ff52946c5234ce3b2487930a588dc
SHA1: 9c6d3cbb330ddaf5126a8ba9a281364d9f658448 SHA256: 15c80c5463ea126813a4979afc4d610adffbbc9b37888b5a153d12d7a2d25072 SSDeep: 192:JUAwlgdHjme4qwHG+7i+I+fCPyplwVGDysyMOcu+0BaKYkgkt4IhKl:J1kzxI2CPEfDysy27Kakol |
|
|
| C:\Recovery\WindowsRE\Winre.wim | 10.00 MB |
MD5:
4f4dc4c2fad23ccb33140fe7bccb4507
SHA1: d41b973ca1ad94bbfcd284e614b02f48c9716ca6 SHA256: 29ccd5bfde69d9c8598f0f7f68f7b0c1ec50bf882073221b0c68bedbc580b3b0 SSDeep: 196608:f3aK05QP0NugCFllvMJMyRRW1pcfF2Q4U0DLgywFXBnHtykX6:f3yo0OlGJ5A1pcf0QF0PXwFRnHtM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | 1.67 MB |
MD5:
91fafe61b93080a76429b22f440f5d82
SHA1: bda0ee81d92a9e973a17b27647b1a0ec4343cfae SHA256: 1ef4cd2811645d850e2f6f0c19dc5c9e469ff005655a1b2be65b70efede905d8 SSDeep: 49152:oZAR4OPcal+k8qyL9WmUHJl6eUeW3v0FM:bcalj8vWL63e3FM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | 141.87 KB |
MD5:
29215f5fb50a05a2f22dbc89a93359c7
SHA1: a59a1d1497aad9c61768603b04a2db7c91296663 SHA256: d5ac78cfb29ce3910f023142ee76cd4333a0163655b87b324a9fd683e55c27fb SSDeep: 3072:GuktXDHEdRt8n1A8/uhBLDHmVN+JqyO5U0aMgTsKEJmI:GfJDvG8/DVNcvO57aMgumI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3SgG.png | 71.38 KB |
MD5:
f6627843b3d042658922fc65e41fbec6
SHA1: 6a224c94896c4ff29a595f045b95269a6cbe7723 SHA256: b24eef035a6898f8aa28cfd6fd36f4ee51290aa316afb8a5b6d76bdfb44f3d1c SSDeep: 1536:ZpUdiEEWCry65h4kHXxngT3DUxmVZOS4jwGN4iKaxv6CBnWM3:OibW93QBEmoRSvvFBnL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | 3.03 KB |
MD5:
966cedcb940c6161f1fb6dcfd3c170e3
SHA1: 60d95859abdb0f99eea396102b01123a1067e8b9 SHA256: ac49464c2b1587eb146ba73f5f24669ae01f55bc2fa7ab2c10b2aacee767f339 SSDeep: 48:5SESAr3fVsSWcax+IyeXcbAMkY9H6HdzTuGzA5XZ6L8yN4XGRq:MERLVsSWv+2Xch/HQdzTuV54L8rwq |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | 759.95 KB |
MD5:
bc625f9f5b477b909ad7067db4d67575
SHA1: 1134379e6beb854f7293441cf587cf663e23dc50 SHA256: 9ed0647bb68d71fd9bd60b2779c1cb7f421cb882100d4867729451c4e88ae3a1 SSDeep: 12288:MPuQxao45KkEJVkYmXclBiwHRDz9MQ8ahAsvjOvuqBGLHHjBG8O6:MPJx6a5BiA3Nhda9yjBGn6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | 11.17 KB |
MD5:
4a609af2cde1f10cafb4c8dcd79af14c
SHA1: ce3606e8bfe9a29ea9e576c7aa9cc7db0e600c86 SHA256: ab9c29d338b16117d87d20b2dab90759bde9da0ec2b9a4adcd70de6a346e9e9f SSDeep: 192:aANW6p4qpt4z/0mChF0pzOEIb5ZHgtUwIBAaRpLxBCdKAZpe8Ji5a0Fk8STl38l/:FNN6KnAyE0pLwPuB/Ke82JbSi/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | 2.86 KB |
MD5:
0ed0570cd29c014f41bfbec98cd54d19
SHA1: 16d73bf6ae1852311c81d7f15d0069eb4e689b68 SHA256: 7afcd24cdacf3170d3b3a2b40201a730af79d9457f0c2d3d64e89b2fa11ecdad SSDeep: 48:SkPKwYyIZu4uA2qAhR6jyqikzP49kUd64aMAvtntVGXSkRu+55VestS+DvFNqzCN:/PBYyMuA2qAD6jkkryke1aMABPxkRf5r |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | 7.72 KB |
MD5:
aab371d44f40e77d3580c0da0d6fc50e
SHA1: bc081c558f142ba93dfa95230a2578090d3daa1b SHA256: 3d781888c486bb08ff65a5a2b78c067e061090bad184a0e38295a063a974a4c1 SSDeep: 192:VqLsq156HSnCfBaOOUhDvV+0ZOEJI4c54ww9gaxD5H9eq/h/N:V8r6HSwaOOUhDv40ZpJIn54w9aN5d3/j |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | 124.53 KB |
MD5:
136144d0f4b108c1a93f5c34556a3c9b
SHA1: 68f7a06b4c4ec2cb019e03752c66d92c299fb5d5 SHA256: 73bd855cdd4639601e9f5cfe68a6f2b834a3eb45752b24c001ff5557bef9ab5b SSDeep: 3072:mtzXDUn75uO8r3A7EnlNZUm5ocCQVhrq+MIQq//M/GRhCI:mtKuOMaolrTo50pNQdmhV |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | 0.69 KB |
MD5:
67d14da7f43cd3cf4cbda3b5f693d5ea
SHA1: 29d652246bd9400bb2c97eb00d01c03b0a5a79cd SHA256: ac3ff9f5e12ee08553779d320df303f1960d2100b177927b80dde9bb9f255671 SSDeep: 12:UZkip/vfloIyZhWnoqMpAIgNM8OG+ElMRuG6tA2lKAN5gDhL41Hj2RBq/lyFD43X:UvJCtfGRMuIgNM88EyRuG6tl15OaKKo2 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | 0.98 KB |
MD5:
033f75c249e3f3f18b1b7cfaebf41579
SHA1: 36dd93dae70069516078fdc4262a002b4cd38bb7 SHA256: 99a9b9e5503d2927d0fddbb45f6e3cc813548806039edd15022bd4ffe7b6bf84 SSDeep: 24://88K4gBcA8zKMC7LfhqWc8MCX6sXrHmCnoEvg/uhLC5v:/08K4aQKJ7wWldKsXyLSg/uo5v |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | 512.53 KB |
MD5:
d317b269eb7aa1d0173509883a4fc71e
SHA1: 83646da77d2e1b899a1c2caeb1b40328ba7312d7 SHA256: 2b83871166a3248963484483dcd668273ca00d24fd19186403792e61f2b03713 SSDeep: 12288:sbOpwB57Ug0HhY1fx577k06DS2gb2dLv3AaQBVNp6vuBrQ:sqCBdxShYd7+22g6dLvlw56vAc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | 4.46 KB |
MD5:
cfa1620743e3089dacb67a9b227c5bdc
SHA1: 2b9bc1679ff3f0de5a27e6e373183767b5a74528 SHA256: 43506ad19501dfbe561270c6d3a67a0ea1c7ff2eac09c4b554a03bfbe702a2d4 SSDeep: 96:39bY5jj6dOfZpIHOzMqniIIFZj9kuM/VeSql0WcnkzhNjyTKticVpRND+s:Nb+jjzRpIHOzMKHIFl9ku+edOWckDyTe |
|
|
| C:\Recovery\WindowsRE\boot.sdi | 3.02 MB |
MD5:
cb945accc85db63751563785047c38f9
SHA1: af93fd12ed1f8d233f8212ccf405a19c60ea8c82 SHA256: 3a3eb5a4d7fefd641a063c99e425031f11ba89ef3e87959e0bcf99de5a8338a0 SSDeep: 24576:CuFq/5R7eoxSUIOE1GoJm5u8217GhtJw7TaoIiNXonN0SSz9pmGSBH/vx:Z4HgUIn1GoJSRbJ4/IuonN4hpMB/Z |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4 | 0.59 KB |
MD5:
3b8bc70a156a0ec846eb0b4845b646b1
SHA1: f48ec2f380dfcb46bfe80ba18b4069cce7e4b20d SHA256: 7ce3a662217756002f5384908e9982ef281a53d8c3d95032ee695caa0782d6d5 SSDeep: 12:BBxSgwwwgcKowN1uG5repxGpl4VaF6v9bjay8knhtyC:BTbwdKRNo0VPjsFbjdnht |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | 721.31 KB |
MD5:
c36eec973b574c1c747b03d168e152d2
SHA1: 458c261979f48617449def6bf711ae0a8eba230c SHA256: db33029e90309cc1b0fdd26e5b6135d1f28380b05d8c01af21d1cf6235710d48 SSDeep: 12288:8nhrcKxdcMyt2HOuE3aO1J9GLFFzkuxxwN72qQZgSH6UK2mSGnpbzZl:8nhQrAOu0nozlwN72qQZgnUKrpzZl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | 278.65 KB |
MD5:
f439db7cc80036974c1c01636aff6331
SHA1: 136440b9bd20804a25a7ab7c39e95f073c3e866e SHA256: bc5c5c6af5e8abac7c24cca4831da7482d4e83eec4321bd98939c7951abe6350 SSDeep: 6144:PoUbOhXf2ESO3esjBlxgqqbUfCPnQLGSARL:PoUaFf2VyeYqYfmnQw5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | 1.96 MB |
MD5:
06769afd0b74dbd48669be3b05659c16
SHA1: d42e4485b54623fee752919fbada5e2a86917cc1 SHA256: 6de1b6c12fbe63e2767435d816480223c6b534239b99985fe2ca30dada022d58 SSDeep: 49152:nJygzdZrIRuqQqaIAahBbHetziWp30WUVZY4XApe/xT:Jy86fQjIAahBretziWSWmFXApe/xT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | 558.05 KB |
MD5:
146ff2ac6238ac6ea96f23fd008f04e2
SHA1: d8f630755da523bd3214b8c5fc759b8e9ff13ce3 SHA256: 4652ab3134c492dd9f6cbce60bedfd5189372256738f215a606e4e44aef3921e SSDeep: 12288:OZvcebuDtksNjrqKva2eWMA6KATBDVacDGufw7v7:1ebudhXizBDMQHC |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | 4.12 KB |
MD5:
90ad28a97d3f8640d77e86632bf9d083
SHA1: d43a20beb212903f52aaca06b5c37eaa6d8d917a SHA256: 33a47cff130b78e36c6a860917281d234aacbe631a920e76c0d5b8d526024483 SSDeep: 96:2jMq+Q5hHpO3H68m45lq5+i6iNR7gwFrC:lqlhJO35iljkf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | 6.58 KB |
MD5:
52ed50bb225b9df873b7c32b3b5012f3
SHA1: 0772c50747933284f52e6e0da59289ef6e09e5f9 SHA256: 437a7e91f9860a4d40bcf67834168c61da59b2ae71332a6efb41ae593f820552 SSDeep: 192:4KtW7q939cb67TjD4XXPGDPU4kxv2Hd+jbhv10l+v0:4G93c6fjDg+Ds59bjC+v0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | 107.90 KB |
MD5:
3f90cf45372f07be96655e6e9db65914
SHA1: a740ccddc9eef02aff810970ad0fac4d16bec033 SHA256: 5bc25622dbc25598c61acf8a7196ff86c693addcd7b12bb36e97964759c1357e SSDeep: 3072:hBoNxQIHW021exnKUyUm8Sf2xB0Sf4Hz1h:h4v928V5zSf2xfQHzz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | 326.31 KB |
MD5:
94014964d5cabf8cbaa533ef1bfae00e
SHA1: 057f989bc435f15facbb09dc1a7e0095c7c831e4 SHA256: 6c648c2f80b690494f157bed29b48ef1f129e8767f7df71da8bbf50734a1d59b SSDeep: 6144:NN4D5Gm8gm83DmqTTo8kwU1FgbucwdyiyzSxsPydz1aO6tq+IRcNh+kZ9ptc+cN3:NN6GmZm83DmqTTdh+gbNRtSxsPydpanI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\- yv.wav | 58.89 KB |
MD5:
fb99df6fb61fc8bec6bfba7d7b9e5e29
SHA1: a0e4c6dc451fbc3a2689c7ae855c23442185c7be SHA256: 7cc05b585a21e9ab88d9b02b3a635c7eaec023263e5c2a7c591a7f8a2a5fa705 SSDeep: 1536:FYvDHn2b7m6t0EtxgGeqnGVpqhh+5x17F19dfeStdyX:oz2biQtxgwnpafrT0eds |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | 903.54 KB |
MD5:
b6482d7ce6ef82c8d8ad5e592da26005
SHA1: fe6735237dd3d1849a8bc7ee1a6fb1340848499b SHA256: 3539de5a6a3b15a3775fbe02899e2a9318b93462043c1174593efd6d0e56d7ac SSDeep: 24576:RnIfKUrZWYb9e1NUMuIcVcPjAlMAVEGRYIekp31:Rnl69e1oyUcGQq31 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | 2.94 MB |
MD5:
4e706e4dd0cee2e37a2dbb3f6803ef25
SHA1: ddcecb6c82549660b1a726f182fc1e2ce3c6e787 SHA256: 1424a467ec15e36fc0a8b1c0147f786be9d0e97406d158a8265b3ecaa67b230e SSDeep: 49152:GetlaeG/myafVYJHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9P:PlKIfSJA3cimUVxV05aJE2fKaDOXdN9P |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\jgJxxyHOVzXUXod-4.png | 56.95 KB |
MD5:
afd4af51319f1a14a400706238e2e5c7
SHA1: d62a3164a26426a9d596e97ca5156b32560ee230 SHA256: 76160b5e76c82795560a47fe6ae9c31dfe3438a665ad9892aebc91bedc36ecf2 SSDeep: 1536:71RZcMjZmBazLRAwSe7LkdB/HV34WaBmSi:ZRZHjZwazVSYkdBN3MBmSi |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | 2.12 MB |
MD5:
fd66a4eb15eed7cbdaaf18e8471493ff
SHA1: c8a87cb46008f5b9bb730fc877dd95576a505e35 SHA256: d81d214c62cfd83438781ea2228fea52ba4bc2d7080c9b9fd820a6b003967ca4 SSDeep: 49152:QaPN2q8mFwTeKB1M6n9l1IdO9wASFntrPEWNec:L96tB1R9MdO9w35PEWB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC | 0.56 KB |
MD5:
168d98d13975dfe4fa866dfb4bfedf4b
SHA1: 6e94af51426aa352cd6ba82adc132e140b689e49 SHA256: ae9828052da41084b204d915d6c759741cf686501866da2973da0ae7340ee49d SSDeep: 12:mF6sZuwHcdXyydABvOV8S0eDwv3xRcrKpEcda1BEoh9JRT7bZGlvLfcC:mdZ3HcIyegfHDwv3xLpEEWEORTZ0N |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | 1.39 MB |
MD5:
5393dee4ca84055fce7810dcbf2ff0f1
SHA1: 2423ea61f244aa72ec96a18f7df5f5e2be27c636 SHA256: d0bec23ac20ddb4878622e04483fe6c6833c40d7272df7611708032bab2d4fc0 SSDeep: 24576:oTzbmUjJx47Ww3XaysHbQFwI0AJHWfu9AL8XvP26PIEpdowtEV+GXr562DMJR:o6WWWDRUuI0KN9y8XjVpAV+Gb56sMT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.58 KB |
MD5:
5b7e2db6e821a5be6d654f703900e8b9
SHA1: 20cdf9de16190b51ea05bb8765163c8954a8f839 SHA256: 57dc69438a571bc8bcf1eb3d0517bfecae21664b3bc44349f16a2ef030347d5f SSDeep: 12:Uixpmz952G9Nt/9/Gicxs7ok1/bRY4ImXidv8S/9Fr9scEC:Xxpm6G9NtFkxk/9Ypbh8MVscd |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | 1.21 MB |
MD5:
7281920ddeb2f18949c7b4be11ca2bea
SHA1: 840f048a73ac971bf61f3ee0acf96fb2a482db1a SHA256: fa951b14343dc081878c23cd171bee2c0e184c96012655bc6b3f343f2537da31 SSDeep: 24576:GNYS4JXp2y7BMLC6EFLMEFb0rpH6XLI5uZ8S+FmzH+a/tf+M:wN+7BF/F49H6XLPaS+a/1l |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\mjh24v9h9 fQiLgK.bmp | 92.14 KB |
MD5:
9db6f55335ddc541e111ed79170db0cf
SHA1: fb676b3165f3ed48d0cd8eb527d39b92074a25a8 SHA256: dfce36b56e4bf51849f665049d3e4820aa92da01b8e4e05ac248bfff18aca6e4 SSDeep: 1536:FWOqtJ3o0UP6MOCWxgdOT11LdypewzHj8+xgSTX+gExYIIFn3mgUCD:wUpvOT3LdyAH+7DACIIFxUy |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | 213.01 KB |
MD5:
708046e0784868e39dd0c4a10c0ec684
SHA1: a03a4fddca83b033a9fc6fbf819d14b2e30a1ec1 SHA256: 0bec68a9e080a1608ca480618a9753419210c9e449b03eb18e193b40db8120ea SSDeep: 6144:0YN0OtVL+Rav2xKueJC7DD/pmI+1y8y276z4vLsGgD+:0M0vjreJC7//V+15LkS |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | 0.98 KB |
MD5:
890a27546610b5d071cccccd77c92878
SHA1: 037ce0f360139181119926e46c5cd3f33d9eeca0 SHA256: 1fb0ee21f93056c3de54a880aa6d2ee75681e232fde7454a7406e4256df50ecd SSDeep: 24:dsgT2e6CzzEaO/xkhMSD/RyQf/g22rWMMJGUrse928EdtsCopU:X2SzExkhM1+/D2rWMMJG4sqIspU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | 192.53 KB |
MD5:
9c3730d1057c74159afdbca3606feb5c
SHA1: f2fa4fc6978db0678da5cefe38695469b7ff78a2 SHA256: 0263768834e55a6c6b09242116329e42c642b5d506ed99d5fe8f31741c67eeb1 SSDeep: 6144:ryje7j9N5mJOr2clR4f94nKmJLf4LAKV6YFwUP4c47TZCw:CeEuV+f9rmJLf4L7EMP4cw1Cw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | 250.88 KB |
MD5:
72e2d1d54cb47eaac3702aa553f812e7
SHA1: 758ddf96cf7c04dfb9c683bec3a29c24de022da6 SHA256: ff755d2b0a96661c26413437d8773b18bb1f3463f1d28b9061e4886b7eb9f11d SSDeep: 6144:GvFh/wIEl6KKDVNJpKvBrcnR+FA/ltQMNSbgw1Ok3varKQv:0dwzKJpKxcMy/QMNSbgwFvarKQv |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | 264.83 KB |
MD5:
ae26ae0f250040e309888a5b99b0700d
SHA1: 9af24d123f5b2bcc88207b335f0095a49baea836 SHA256: 6d0d74ba3a7e05fcad41dad797c19ee88d2c8509d2a4c185351fe0dfae42aeea SSDeep: 6144:puRMZpdoyrPp/P7vileetArMacF/FUMtzymxzyw:pug1PZ2Fk8umxZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | 0.97 KB |
MD5:
7fce623b2140b6791670f97d7ca05092
SHA1: 94cf080ab1ef16c8a9d6f2fe05097a0c320970c3 SHA256: 40aff6a620c7866c568f439106338988dbd0496762a836f4011352e2eefa7be7 SSDeep: 24:NPYysf+qEKorLiIoXgvTncxsdQnzfMK1vt:6lm/J3ipQ7ncKd2fr |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json | 0.55 KB |
MD5:
865078f3aa709dcabf7e4c497e990696
SHA1: 18717faf2c47167e42d8133ac769bd81d8b73b90 SHA256: e23c62c52b7ce873c70baf640a2233628f91c0d463141d5ba5419db8d286c842 SSDeep: 12:Kcp4Dl4SqoMBLEg/hs2R1z5VkZOqmKSo68PFh3kXFJuC:KVPMBgKfL5VkZOqPSoNPFZk1JD |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | 37.37 KB |
MD5:
fa954bfd3a953c18e80171c8327b78cb
SHA1: c1896c69cf942f6f04e7d4b5cbae383c1d33b9e6 SHA256: 501ee97b09277ad4665dfcdd74e825f2b071590a94457cd7bcf25b1f548382aa SSDeep: 768:ppBVlUA3M43QTa12jiqB9bzqjEMXVtGgOUvqfdmK6dynegeXqB2Y0o1:pPXUbSWpB90hNiAbgHeaf1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json | 1.32 KB |
MD5:
10a6fa3bc198f47bcb8ea47546341b06
SHA1: 06768cbcc9758a01187a32089f25c36814ce26b9 SHA256: bd9cc04885cce6706ea29eb39124de145991965dddd1732f57696aa194f427e2 SSDeep: 24:9VCNnkMcqJmJSzyc6fcDG0UY2DquPNajveevjtVVUaF7QSrwFGLQQwVb:9qkM1oJ0n2XazeKjBUaFkSrw5QA |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | 0.74 KB |
MD5:
828bacf16249ca8bbf5c1d8331678d14
SHA1: a673d4bdbc3a60893197b97015c0e6bd72471993 SHA256: 1bece0ac467cec6b1e39444c01b3d27ac3b9f348ddbf5cc4889308b4e0070a53 SSDeep: 12:ah68O6zXFYeGQxGAnxvGdvQQnGJQIhyE4SxwKdUUjgJDw+O/KeDjy6lxOtC:ahxNzXieGAsBQaGKIhrvxwKdNjgJk+yr |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | 5.99 KB |
MD5:
67272bc484950db323e0bad85d46d7fa
SHA1: 274eeb564ebde99e3b64cd2858205c9aebc1880f SHA256: 5b57a5f93e6abc38ffd7869163e16020d8dcb6e406dab8bb1d7c0b7fa656e8b9 SSDeep: 96:CdFO2+HG5EXQqYXeZvmrCxO+xMIpvRSCBulh5fhQxxk6MMG2XHT08CfUJCkIzhi3:Cdf6GCfYOpmrAR3PBIaxRi2XqGuhiDp9 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | 6.82 KB |
MD5:
750310c45e335467b11974a6be150cd4
SHA1: 2b04bbaaed63a90796c5327c669b8a1a3b2f2756 SHA256: 0af56bfe093d26134187c6767dbe1aa56d7bec470f5e597f8efdb02b23abd9c2 SSDeep: 96:jjbJ6UjlpG66hsYKOmj0LRt3wzvf2DmZCzDGvlpd+//RBu/Hd4IA05t9nQ:vbjpGphqitQvfTwGdXO/wyMfnQ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4 | 1.86 KB |
MD5:
a03d3f0e6e32ff37c4b0c82f3c844eb1
SHA1: ccab054dbd8dd7a9b333972fedcf859d50ea2c6d SHA256: 81dc356f627444b533fc79ea12af9fb407f376bc19b38a1341f22966dc749103 SSDeep: 48:DRPvIIR8wKjIWKO8tldEUNMFb+MUK48FZOg:lTKjBKO8tfd2s8FEg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | 16.94 KB |
MD5:
e9aaafc0d8edbadc117c11d240a72351
SHA1: cef288b9bec3b731894b4e59099f20cb316545e4 SHA256: bc14c4e4c18ae81f711339fd184ea83e9b7c0806ba385658e218e5950f5e00ae SSDeep: 384:NbTzWCUVxbFf86VKYzbjPwol6R7RQbffH+VrDkqiadW3rO1:NvzWCUVPf89y/PzX+VrYtaIrU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4 | 5.68 KB |
MD5:
4288e3e7e0f2ef4497b9219001a99926
SHA1: 810107e747322cec6eedebb6b2b5108c84512c7b SHA256: e4ad13fc30f340feea9c586fc898268ba1d17f556f349de9687a59b585654cf6 SSDeep: 96:qgv/+J623ZRvWgRnneKf76wXSfKtcyvGBVrsuMSOrxPXLGS3v2J7boeJ:qgv/xOkgQKf76ZKSrrsucr1hAboeJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | 1.15 KB |
MD5:
069aa992496eccc7897e6124e7d8568b
SHA1: 2f9b9ac6d4d13412d99b5783e2b0d9dc5c3e5306 SHA256: a70c47875be02df3c2ae93db7371e5ad42020a46e5ff20042f6d8912a6323ce7 SSDeep: 24:J1IoYrUsVxq9bLVicAHJWs2Lz0or6Klxsi3yX9ZSi1q7nTp:Hp/sS9FAHk1z0WlQ9ZSsq7nTp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\c78b.jpg | 3.81 KB |
MD5:
e2e2652bdc49ad2278265632bde1227f
SHA1: 72c13e15b83cc22a11f015ec62f9a4704a2c5df0 SHA256: 02c65dfd79d45c2afda25756f19fe7fd2b01af4c6e7f2c7e0046cbc8e7a4c130 SSDeep: 96:Y138eJ6R8hpd7pAQsw/qmyk5Hhi29wMUjdkv8u2V+SSSc+W:YlBJFPQ905F+W |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json | 0.58 KB |
MD5:
d16728d819b4e07fcc2f037d7bc3c0ce
SHA1: 28ff2a160f10de522bc733a3c6224873106beb4e SHA256: 72ebe812a257041828f372e47e4fd4be6b634077bd56ca3a9ef7c5f87d314f60 SSDeep: 12:GQn4vBOypFYA2/dq0y2bvKjJFUCIiJibi8z2ocAJqjFUQrrFC:GQn4ZOUWZFSwKaqA32ocAKFZI |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | 196.53 KB |
MD5:
5eb04e104111cf43528075a33a7f4e03
SHA1: 4c28736d85af43d76776eb9f9cf48869fe10db44 SHA256: 167be92e6f61c7178fa5cbcb93929cab045ce1bdbc989bda234bc2f6da1a3144 SSDeep: 6144:Un/LzoFYOuX2TlrwUy7GpfdLPh3dxxb6xu:MLzopNtWwPh33xOxu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kjpbbRBTd.mkv | 83.67 KB |
MD5:
1683e3108aff40174c241777b6a85cd5
SHA1: f664a0943ee14e8fc382f26a5c67a5ee1def3828 SHA256: 0e7e20a4d55a39a6b97307f5c891209325d15d18d8cf64712560e7e03dd5260d SSDeep: 1536:MuWHpPBzmWM3BZ2Kf1KSHRtUvMxKBRcDvZQgPfM3/N+DYdG:ML8BZ1f1LXLQ+uuy/k3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | 5.59 KB |
MD5:
7a637933b530efe3e7f87f828cd1edc6
SHA1: c794f74f4194116ef6e187dde0221583f1ced98e SHA256: dcf1b4bbf99c3eddf18c7a4b05f196458c6db905eefc5381c6f8069af1dd9480 SSDeep: 96:nLbVChmDdWpHzBiBxiavxgrFyxd+8CFqQIAicFDicEiOAZ84oAy0Eu1eCv5V3Xhj:Lx6mDEpNiDSz8CF9acFOIloAye1eCvXl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\dcu_D0tnAih.swf | 11.27 KB |
MD5:
e804203fa0dee99e1feafbc776a00a62
SHA1: af61b18a153ad60f1c1360dd63ae95f6f218942e SHA256: d06c7963f2d945509e373977a986375f7116e1d2db0a7e1a6be50f90e32602c4 SSDeep: 192:PSVvRxoslJhDUd3mfQazGi9dBqBX5nmVwikyQfCELQe/WmYfHx6Oc0Q2yNUS:PsnoslJXRzGUdBqxXikHQG9gYOP6f |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | 5.30 KB |
MD5:
fcdc0413879f65c5136e9158b84e1b46
SHA1: 448a314c4af193589ca7a260d1460bf0827890a6 SHA256: 273b0628d2646df71837bd2e47d6acecaaf4698518a19b68c6025f3ee3aef0a1 SSDeep: 96:d99NH+qb1E8LCUhlRWa1AIgo9NPmkxCF2ECP6lPKEj/QfSlDlbC/kXS:39E8LCU5xAIgINPmnMsxKFUpbC/kXS |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | 0.94 KB |
MD5:
9088137c95c406e7263b2dafe3f06cf2
SHA1: 8635cacd091fca0badfe771a75ca6ed4abad3531 SHA256: 6ffd9b067df874fc10e2543b7cf8a9aa09332bbbc8e1b3b94732817ac420271d SSDeep: 24:Y5joiBZjQMrmtWEQcj+893VQnJkxyjC4AqeFLCL2qf6:Y5F/MD0F69FZUC4AqOCPi |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | 953.65 KB |
MD5:
d3fb5ed0bc52897c97be21cafde3f1b4
SHA1: 4830610f0d543ebe0020a8ff096dd71c520935f7 SHA256: 2a6918d7bb37efde2b02bd6b27d1fef0bdb1144173a11aee7837a6bdd1201541 SSDeep: 24576:JhnhkBQR1ADIHI+tkXELho9Qlbm/yZikm:TnZ0IHIWLC9cLZzm |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | 0.62 KB |
MD5:
47271a0bdb5e75f1d1c1ec82648949c7
SHA1: e5a73459d758417e7372667e6d7b47a506514481 SHA256: 2c68ae162f2b65aa452203f05c8f1fc435567650e9df7d41630ba20d070814ba SSDeep: 12:2TLO4g4LrZTYXVaAHc/LPolY8/ZEZFU+O1nVe3HIT9T8VC:6O8r2XVaA8/4/ZnVeXu9T1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml | 252.43 KB |
MD5:
18ad1aaff3cb368fd4359220dfed8e56
SHA1: d62a07bd1f87a28ee771453712d432c8d2863763 SHA256: f1be9d6dcc33e4c438f3def700da764df68881713a3bd989d1aaad5fafdeda94 SSDeep: 6144:Fq21AK6/a4sI2gtOXjdllsO7GZBpH9qgH:Fq2Sta4f2g4jpGZ3dqgH |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | 483.68 KB |
MD5:
25f37228a350cb780ffab6603150bc4d
SHA1: 38ee6e3d26f8693c20217b748285e61f896ac6ae SHA256: 98f5c451f0f87981de15a399c8f5b62704bd4f2d55f914abb7a4bbf0ddd8f21d SSDeep: 12288:IDGssJMvRHSOTHboXzgzxlZWlF8WzkZAQmJ:JJMvRHSO7boXzg1rg6B9mJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | 4.75 KB |
MD5:
0e147ff02d17121854a94425230cc9cc
SHA1: a6c4347e58ee5a7c6a5883dd7b8b8b74abe038cb SHA256: 1961bcf6326a41eaf52a6d2496a8d473255b7bcfef147dcb58488f5742a8dd3e SSDeep: 96:E9m5ldyrv5vi/wm92EbdhpeBon0WfiPPHkcKtejlHsJ:E9FvsDfhhpe+0WqPPEptexH8 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\mbGahTIz.jpg | 14.17 KB |
MD5:
c604e387eef7269bd2fe24624780bad7
SHA1: 480810819634ddb73d3fef4e8972d7cb59ed8c02 SHA256: d3375984a7847cab09f2bdc6100cc092dc7ae6c5eac31fa384474f6702e436fc SSDeep: 384:yeDxt93M8IZrf0RdBka5l6Glz8sXCT7hHUDyu96V+:yeH93FErf05TxpS5bu95 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4 | 6.56 KB |
MD5:
a7ef04b748f328b83799b761a29489b1
SHA1: 967eb7812588c211c402e9e7f032fca54d3fa1cc SHA256: 63ff620c26e9d386df3ef1aab5bfa458dce129bc86349f66b71560f39f7c7f49 SSDeep: 192:GMs07EFfGCH1i+xZnWn/uSCRRFd8yqXogZ5e0b0wMDcu:GMsAc7Vi+k/ux0yqYgZ5e0bhScu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | 893.37 KB |
MD5:
81ef88f655cf899b66f568ace6bed75a
SHA1: c094a8ade51966dda428021241ee0c1637f6e115 SHA256: 5274ee0305374bb5730145a60695db36070fadb7599e0f2e4f4033e704dabe04 SSDeep: 12288:+Nx3LMNv6s4O4VALN5q2PZawGag8m0pQEYoAZSOIC5OIayDK+UBsbf5nWW4HaON+:Wtwv6fcFn1exx+Ccx4UBsD5dIjdxw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | 2.79 MB |
MD5:
49e7b48863e78f8653f186ca134752d1
SHA1: 4106164a5a071ffa8a6e2cdebc3582abb8800755 SHA256: de4fde7fad1171714e89c6da6f8d90bfa1919f150914a07e0369c84117c4c9ce SSDeep: 49152:eAqEmkwLBWqDQRPbuwIsX6jfSUAO/cLf68wy9yxKrOUURBgmai2prx:eAkkw1WY8XAHGJwLx9DBax |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4 | 6.07 KB |
MD5:
4f538219c5c1f8aedd82663da9d7d793
SHA1: 5396cb27f22457eef5681d9b3d4780680c26dee8 SHA256: f6fb0e365a12a1368787973f2cb984b1507a94585951a6d2e5ea1dbc982d46b3 SSDeep: 96:TX/GxsHOjphVyiLtilKsL1yJqMn1lFEEpqcTGvq4s3WkrsNsbAr+TpLh:TvGxsHOjHLUllp0/LqwGLs3WkrJkr6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | 0.98 KB |
MD5:
625fa473d3d753bc04ea6ca1995e21f0
SHA1: e6a0ce0767d5055ecde75b8220accb729f9203ad SHA256: 64ac3209aa7cd8afaf617cde7a2131e551d59c9bb0b46bed93992383b2e5d7e1 SSDeep: 24:IZbC9u+o4KCRmunS8HFthCm415PePfiz/f:cCHo4KCTS8s1EQf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | 18.94 KB |
MD5:
f405e8c50b19f1554b6b328ab5f97b17
SHA1: 39ee076aff2253dea46a4c632a0a8719fec769e4 SHA256: b50cc6767bdc5819108d3a4e6fc442843f5fb47f1c7341e5d8ee2652d5220230 SSDeep: 384:T1dWilVuzq7xr1KKyOFj8uN9yyDu8Ba2+VYEYOedZaD0prycKy0wvpyn:T1v3ue7VMKrFj8u3vDuWaJredI8rMdWW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | 549.47 KB |
MD5:
eecaf2b01243e609fbb80f0efe4de43e
SHA1: 799743c402d6db6d12aba5567c4fc75f0ec5e9b3 SHA256: f2d3e3ed3977d66dcfe4afa3003751c7ab6e26589e6883effaa492e562d4c9af SSDeep: 12288:gIWTaAK+u2prVseBdjUp+TNLVjH9UYg8lUvAqop7tkiKvCfeyg:gIWTaAy2LTHIIThTUY1wop7tNKuDg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | 3.44 MB |
MD5:
e63678ef8b56540cdab06f44e0f9f08e
SHA1: 6c735a5fae071186383c4b89ccfc3d65f726d49f SHA256: 2b45d30a64fdb8a1c30bcfb5b012d49498d752d4d8a5a955025f431d05765818 SSDeep: 98304:3RACQyHX11RBu83hJLdoaFxTygxcoiX3M0iCL:3RACQ0FrJxpcoinM0im |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | 0.55 KB |
MD5:
23be76e80679823004c802b6f39df4cb
SHA1: 63db79ca9344dbca29b0eaf34750eb0e3e8b4976 SHA256: 959f07b619692b6b7d1e0efbcaa0431e7954f450640de9a59f0b28b152264413 SSDeep: 12:JV+2J+zpE5yMKCiCUJ36BFLCnn2o7/7yMmGP68ZP5IFDK7fM5M8W/KC:JV+ImMrpiCUJ36B5C92Md6qMK7fIqH |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JJpO.avi | 7.69 KB |
MD5:
9bb4922fb8662a6e0a117df954d66251
SHA1: d76db8a12a732dd6d92b48ec192919c62ee931c2 SHA256: 02d0b189387f40afe90067fc4c0a06942fea182ad6939aae8318eff6ca84b228 SSDeep: 96:ikl4Br8U2a9iCUqVb3U1kOwGES4wafzkZ9PxcyaRJ6+IY74bX4kyc93HP705jVcD:iCSP2bCpTUulGElb2czb6+ItnyYXcA |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini | 0.71 KB |
MD5:
9f90bd4ad675c9279066756fdfb84f02
SHA1: c37748e04e57d7a12c6230458f8b44a1ed2901a8 SHA256: 5c4ba23fa2706d8f1d59bd2da0db86f610d04c9ea2b2747f7f58891f8497b269 SSDeep: 12:0jnVflabPSVA9eQv9vjAxFiDycJLL33oAuD+0Zu2R3NlI5rYaTU2xBvPPHqi0cuU:0jnVdAqS0Qv97AT5cJP34AuJ0udm5XTj |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | 648.90 KB |
MD5:
b16222e0b68fa407e7219b3d6c39bb92
SHA1: 6250d537a9499625aec528b1e90fc7e2b990e69b SHA256: 293085a94eddefddba34ff96a8ca76219901bb33398a146f52308bf62554bfef SSDeep: 12288:uubebciP9NX9wH2XzeKa/6D6hCxdIAkJtmewOs405GfRQURt0t83Fj10D:Xat9h9wWXz5a1hCxbkJs540+dZ1+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | 0.98 KB |
MD5:
50c5d19104a5826e2d40b18495696a52
SHA1: 028e15333672870329a1a1b7c793f5a6fb7622d6 SHA256: b4c2b79b328f187d0c697380f3ba46ddb02576720a362d18a3ff28dc6f855f5c SSDeep: 24:59FeTq7lMEAgHojrAPEow73aXt7l/lRvSerAmxmTfq:59ETq7/AQ2rew7A7lTSerAAmzq |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | 511.32 KB |
MD5:
548c6291c2db33c6a8b32c79045cfa8f
SHA1: 7e188e7dbae935ec81a35135ec7a8504796e0303 SHA256: f1b56b9cd88fbd497c81878b700f49cea3a94cbfa13e9463b2fb8c5ac82a21c8 SSDeep: 12288:MpCqP04b8EOWcT54LTGg186Crf/FuT6mvrkqrD/I2fZ/v:M104a5TXf/FuT6mzTrDrf1v |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.57 KB |
MD5:
8bc0ba1753f5a7a6fe5b484f6b472aa9
SHA1: 013c776184bddacf1dcda49121ed8d8c0e7ce2da SHA256: d9b9c1c55bf417cca3d6d617da705c2f26d8bae20d58ac50d3fa6cdcbb357739 SSDeep: 12:rr7P9OVl+7jVTVDiS70eDqM8Nn3Se2EXqs7pnbjduvVa0xTimRxIGXCxKC:rr7PzvVZzDN813S3s79Xdu72SINB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | 1.02 KB |
MD5:
6a0be1e606a4a1c0f8d6994349a5115f
SHA1: a5ac39f07d6a2f00194cad1e53f765497ea98837 SHA256: cd68384ecde2758c526e928518cc9d3a11db8b5fc2403a214d71c183667c1af7 SSDeep: 24:W7jOZCG3hAZOIRUJ3J4WlTYGzVV0L/16xoufDX:NCG3xmCiWlTh/0z1ov |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json | 0.66 KB |
MD5:
ac813d297f9c38dd8785b2753d71ec59
SHA1: 060ffb179297361a3954e46d550ae9804a22f0d7 SHA256: c2f9ea270138e415697f592916a3189335d03d9ead21061a66091b673595a3ca SSDeep: 12:EZMEk4y6ADbG7N8XbIXTMu52zfDOPb0avyOoETb1BGZBayoBeOYva6MkzC:hqy6MbGWgFvGRZBayoBevvarke |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | 944.81 KB |
MD5:
b6b8c934d91d49762a921e407970101f
SHA1: f070d425170b61fd40fed8e806704bce3afe5bdd SHA256: 2e6b8518a318f9ba32e710cbdff4dc70efdd6ea68d0cf50601e22c335331d858 SSDeep: 24576:oULv782JJ5i4i5n5RWVtmo3vnQw88kw6ugZU4ruSvpWyXwn4:oULv782JOn5RgtH34wgbxZTZRWyg4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | 1.40 MB |
MD5:
806254738e8577099c00f0c83e9ba955
SHA1: 8d636b5b4787ff4a73eb621aa575dd41a252352c SHA256: f7645456a2eed0e9d8c5ea6d59198d1bc0d2dde2587a63cd0760ac89a1d79eeb SSDeep: 24576:Q+kWRBRNqpAXW3zzugmkTjHurWOgIIbnFk0uV1CBySgQ7ohZM+byLHx:Q+kauAXW3v/HHu9oLFoyBfL+ZHeLHx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | 246.08 KB |
MD5:
4bb2474377295bc77e270972a8259cdc
SHA1: 873650a06927ea8c59b37ec0f64aef8e81fbbbe3 SHA256: bdffbf14436d3ac44e388a81cf08cd242634ef6cb5c34b999f103b99912b6977 SSDeep: 6144:R1p1XOcj0cV2bh9oCb8JfouWkaVpRj6pGpGZ2qS84/v3:7XOObV2b/oCb8+zlVPUwNv3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox | 3.53 KB |
MD5:
21137b64316a6074a0f67a09c0740621
SHA1: ea3f93c5b0a85bc581f429c775dd2efa38df38a6 SHA256: 0fc9f85f9069319ec3332e415a8f743eaaca0f2f2efd7c9948b00748d0793dc0 SSDeep: 96:fm5BcmwvMTW7pHFrCNyQR5wkSjPk4pwVdy9Tqa2F0KwW:fm5BcmcF55Cxkzk4pQeBe0KwW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6iEbBl.jpg | 52.57 KB |
MD5:
ed9a263fa94e753d2344009c755599bb
SHA1: 11d0a39837a18451c49c22024ffd5dba283405f7 SHA256: e63cd88c959c93f3dff7f86e01c317c8d40daeb6a046a8b14ad92277b2f6464b SSDeep: 768:A5YTibcnSSylVtW7E7fYP069b7EYYh8+lyRTUO+qaTZjuQi7CYPQLaSktM:A5RbcnSSy/taEzijnPYCRTU/axM/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | 524.55 KB |
MD5:
a50091b91f4d64695305bc2cd38940b3
SHA1: 9daa0a9ea86183e570236a2422cc7d0f34720b9c SHA256: 12da95c574f3cdd9949e8830f5d8bccc1eb7e9d2ec7ead6ce5f2e0783240cfc8 SSDeep: 12288:0rOgIMotAn/W2QyIYQa8rB1fs24Gz+kEOSns6bkWQ/XV4b:0ToyL1EB1fs0z+kgns6h4XVW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Kfe-zKlAdWswrW6nKu.odp | 29.54 KB |
MD5:
c41167f2cd7244dae13846abdf81f5f1
SHA1: 0549bddcd50d1a89186956c6b0e679b9799b5746 SHA256: edbea9a5c47147deae58ed323edbe6e8973605ef1a6bc6adcc49227de3ce0dad SSDeep: 384:AFtQ9gGVT4IlH3tMSK/MSTcZ/HWVuKYGfwrcCTpNwnHdd/EzG4qSaxn3HDgm8RXl:AMaGWINOk/2V+GmpNwREal3HDgmiXSc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json | 6.32 KB |
MD5:
682a5dd5ebb23e215459cab462189b72
SHA1: af491df7cacc30975f7ae2bdefcd65c2999216b3 SHA256: 8b26ff785ac8729f65db6579ae0c6835c54434be6ca06d6dc80325f7a90edec2 SSDeep: 192:TMkG+mxLZh8h3f1IOf/4PaaEl6ySVUjZz:okoxFh89fS6QP5E8ySK5 |
|
|
Host Behavior
File (3016)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-18\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-18\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Config.Msi\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Config.Msi\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Documents and Settings\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Documents and Settings\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\PerfLogs\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\PerfLogs\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files (x86)\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files (x86)\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Recovery\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Recovery\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Recovery\WindowsRE\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Recovery\WindowsRE\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Recovery\WindowsRE\boot.sdi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Recovery\WindowsRE\ReAgent.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Recovery\WindowsRE\Winre.wim | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\System Volume Information\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\System Volume Information\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\- yv.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1OlD0DrQDAo g7.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3SgG.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6iEbBl.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8bo5Ma7MZCSN.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9v0FgvA-o3wubBpr26.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Collab\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Collab\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Forms\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Forms\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\NAHQNPMN\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\NAHQNPMN\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Headlights\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Headlights\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Linguistics\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Linguistics\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\AjZgg7KeVXO.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\c78b.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\dcu_D0tnAih.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\eauLyTsZ.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2MVIrGzsQBkTtY4S.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hnb7PHQYw4L0j.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\jgJxxyHOVzXUXod-4.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JJpO.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K0spQSfUKxJCGIe.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\k8pe.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Kfe-zKlAdWswrW6nKu.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kIQ1x4EAWiFzt.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kjpbbRBTd.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DQQHJZ8C\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DQQHJZ8C\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\mbGahTIz.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\AddIns\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\AddIns\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Credentials\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Credentials\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel\XLSTART\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel\XLSTART\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MMC\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MMC\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\PowerPoint\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\PowerPoint\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Proof\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Proof\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Speech\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Speech\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\1033\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\1033\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Vault\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Vault\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Word\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Word\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Word\STARTUP\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Word\STARTUP\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\mjh24v9h9 fQiLgK.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Extensions\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Extensions\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\events\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\events\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp\WINNT_x86-msvc\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp\WINNT_x86-msvc\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\minidumps\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\minidumps\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\search.json.mozlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionCheckpoints.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\upgrade.js-20170518000419 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata-v2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.files\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.files\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata-v2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\journals\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\journals\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\times.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\xulstore.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\profiles.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\NkvANKxnyGb5s81ode6u.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\omP-m7We7.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\P1S_Ji0rTaUST5jb.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Q9VQRxd n.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\qr PL0R1FUBLQR.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\QSZpYjOWUTr.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\qyofbOeR.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\RootTools\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\RootTools\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\RootTools\roottools.conf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java\Deployment\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java\Deployment\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\UXD2sXrQSfL.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\vgn tOC.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Xcp-tvsdfSW.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\_Pts7aJLhPu57d 2.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\_sYWN7m-nl1.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\_XsQ9SjKeE6Bp1D7V9Mn.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Application Data\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Application Data\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Cookies\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Cookies\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\-QFzGjIj_SYIBYGTas_E.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\0hzXp8VK.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\2762mZ9WY89.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\55Vrt9K7voq.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\5hEsdqs.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\5NcRR1xvy.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\6-Qha0oEo8tfpQ_fOWn.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\8H5JzGXz94OZ2.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\cda5Yoxgafm.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\dyFjObPzbt_oPHt.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\E40fXdSolnLz3-nfivMz.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\iqejte-jV\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\iqejte-jV\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\iqejte-jV\kRZn2s.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\iqejte-jV\LsAIhJy.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\iqejte-jV\MpvxcmDvW3v6zjw.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\iqejte-jV\pVGrX.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\izt-KwBT5uUbbrPa.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Kj86Z.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\LJ4YcfuqEHamUSk.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\OrVCfsRC73odjWulI5PV.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\pAWMIQZRhS.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\PKnzkpZURIv7irqp.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\QeJewys.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\QJOs.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\rIfcj7mGdYzxuMr.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\RjX_3sKr.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\RNVsVEk.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\TglZ36pD6V-dc.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\u79PSuD7u.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\UKGZt5p3HaC8.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\X6djiU3_jrKOv.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Xr05vQefTHUi_2.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\CLfUUDoShCLW6qtlGz6p\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\CLfUUDoShCLW6qtlGz6p\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\CLfUUDoShCLW6qtlGz6p\LOYeYXmd_rZ6lBYf.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\CLfUUDoShCLW6qtlGz6p\MJ0n hOuInSAm61ycFt.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\CLfUUDoShCLW6qtlGz6p\wwZ9JDSHawZ2zQu.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\CLfUUDoShCLW6qtlGz6p\ybfbZNvC-b.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\fkfj\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\fkfj\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\fkfj\hpa6lFJdGhwdImZMy.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\fkfj\XEBSZkmUrTbwZ7C0c.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\MSsbyY-2Kt6lqcAs\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\MSsbyY-2Kt6lqcAs\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\MSsbyY-2Kt6lqcAs\4wWhMdirP8eknS7P.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\MSsbyY-2Kt6lqcAs\e_LJog2IFxL8.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\MSsbyY-2Kt6lqcAs\FMKBTM9Sij-m.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\MSsbyY-2Kt6lqcAs\gYnGDHkKhho4-XveFx41.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\MSsbyY-2Kt6lqcAs\qHBX3j87Ca.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\MSsbyY-2Kt6lqcAs\r6UCJgAvmbZhe.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\MSsbyY-2Kt6lqcAs\SsVGNXDNIGWHgb.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\toB9-s42gpg16-4b6.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\_ZzXL7MW FbaGNjrUW8L\_dQ7et8YUGjZZgROKM.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\0MGPTnqKeyIpw.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1esMIYZO0\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1esMIYZO0\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1esMIYZO0\dIAzik.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1esMIYZO0\fVtGi49W y q.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1esMIYZO0\H_Flj GN.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\3E39O2zg.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\3EpfIncuttKZH-6brkPN.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\bmz0MWIOQRolOdCACq.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\Gef0PpiSa0efBzULM.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\i10KkRo.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\n7q6pb2itbp\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\n7q6pb2itbp\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\n7q6pb2itbp\-8UjvAlpA3X7FHIE.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\n7q6pb2itbp\13cEbiUVxc.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\n7q6pb2itbp\cA9svvw.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\n7q6pb2itbp\hUX1Fx.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\n7q6pb2itbp\OqK4Uw-Erwe3LaEPvNWg.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\n7q6pb2itbp\rgp_D_jKvM 4.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\n7q6pb2itbp\Wz68DqIT.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\3X7T5bk2qLNS.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\Dvqr9Tnyt16SHHaX\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\Dvqr9Tnyt16SHHaX\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\Dvqr9Tnyt16SHHaX\7glUJMDOQKLnRNki.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\Dvqr9Tnyt16SHHaX\JKKT83g3za.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\HY3E22FAKVIlT6wRVbV1.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\LnUq-.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\p-hID_ch8.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\vhWigoZ12G025w\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\vhWigoZ12G025w\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\vhWigoZ12G025w\5HUF4GDaXATD9.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\OyFPnE10Nd\vhWigoZ12G025w\oBawUk4iiIyZ5kotn.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\BVHDGMfZC9W5\zokL.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\cjGRy3sX5slx62.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\ENCIVBNcN1Cro71eOX.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Eu-0P_F3bvO.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\feM-XuNmUP.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\fXrbXSCbUtI2GiH5P.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\j4mt0s 9.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\JKl9U5j5T_M.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\LJyV.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Music\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Music\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Pictures\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Pictures\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\_private\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\_private\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Videos\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Videos\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\nHb0wYYH.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Quick Notes.one | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files\lcfkj@kiekc.df.pst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qaMQ1OBglFC0I1 DNC.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\cn B4Z4hm\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\cn B4Z4hm\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\cn B4Z4hm\0r9W-NCdRHH.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\cn B4Z4hm\IFDGWmG2srKkLubaXLh.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\cn B4Z4hm\JFRv59P6ImQ.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\cn B4Z4hm\k723Nx.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\cn B4Z4hm\peM_q7Jn9NKxz8P.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\cn B4Z4hm\ZeDmlA.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\eSJ dXVV w9j.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\JO1ltZ49TKJoMFzeXdgF.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\rGGCbN6Q.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\SoB3UCymYX90M.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\TwA3H\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\TwA3H\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\TwA3H\8X28aWVF1YeeYq1zP.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\qYV45ej1KIK5\TwA3H\HZ7V aPuZKDL0O_i.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\S14b6rvB_S7VJTMx s.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\sKmXpQwVv3s\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\sKmXpQwVv3s\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\sKmXpQwVv3s\5EjrCV45.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\sKmXpQwVv3s\H-vIu.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\sKmXpQwVv3s\veeCcclcOk5PXW3u.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\sRXchBe6_IUU8.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\W7uZ-DVoTyTWATN6d9tO.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\z9c9y9O2ZKvxd-ypNl.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\zfCa4_X.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Downloads\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Downloads\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Links\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Links\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Links\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Links\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\aVU1H80\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\aVU1H80\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\aVU1H80\4Y5PgZnWSIVdy2QayS9i.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\aVU1H80\Bq27FJCYB.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\aVU1H80\FHrpVJsOQJe.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\aVU1H80\nXHw-QiBZBan4.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\aVU1H80\QykfzskvrUc9HS.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\aVU1H80\Vyesy.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\aVU1H80\yV8db3sb8LaqGJ.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\c5iKMzxeCR9.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\g_Xwlyn9ebnsn5.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\k 2YnlxUBRReT.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\m qwPdWlfcbJji1qm.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\2- IGq6.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\dPE690hrl2.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\FcgCIrktmd.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\hg3uRNDz3dYbIw.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\LuZ76kXA.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\prig7xcEJ3jdRoJ5yv8.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\QBba28I_.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\RuKIJy3xVda9g.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\tSs2gHjFYt5x.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\OFmtrJbWICB\yqfZ-a7C8vtP.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\qCk LCy6zNwY2.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\SPdjj-MRlecd.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\UlxEO1hMZDNWkseS.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\XmXC3a.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\My Documents\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\My Documents\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NetHood\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NetHood\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\OneDrive\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\OneDrive\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\e7NoFl4URxS9Vbn\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\e7NoFl4URxS9Vbn\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\e7NoFl4URxS9Vbn\dtJmpoNNUBkKMBV.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\e7NoFl4URxS9Vbn\Xtx89HP.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\hxR-L.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\Pz2W--acIt.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\ZoA1.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\8MbqK5lwqmRxT0Zt\zZEo0z6.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\5VBOxIsuDof1ZTU4.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\AWxAXmB6dQ_M6Fm bv\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\AWxAXmB6dQ_M6Fm bv\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\AWxAXmB6dQ_M6Fm bv\NsFGVP4bqqdOce.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\AWxAXmB6dQ_M6Fm bv\T4ye77n7MDrKoVju.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\AWxAXmB6dQ_M6Fm bv\v8lLZPxNCFULxPsmKOy.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\EIGYnYzlSgyvf.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\8F8Ls1Omj6nl\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\8F8Ls1Omj6nl\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\8F8Ls1Omj6nl\y3XGwR3wRqOFzIVfV5\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\8F8Ls1Omj6nl\y3XGwR3wRqOFzIVfV5\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\8F8Ls1Omj6nl\y3XGwR3wRqOFzIVfV5\C5HdUZ3P.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\FdCBvr.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\LD1v7OT.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\VfK0Vu2oA.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\F7bAPV8CW_pB-_\W64z8ygSnQxy.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\HvYkX9lKX7C UaZBp.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\IDcnO\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\IDcnO\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\IDcnO\yXhPa.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\Qi fPSXc\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\Qi fPSXc\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\Qi fPSXc\j3pNQyAX_DC1qd.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\Qi fPSXc\jwChAvpogHxxfKSSRQ.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\Qi fPSXc\Ln Z2LG_geayWOKbM.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\Qi fPSXc\xQecgpt52ZBgEuytMM.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\Qi fPSXc\_haUgxU.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\w2SoKy51q9e5\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\w2SoKy51q9e5\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\w2SoKy51q9e5\eiMpw.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\w2SoKy51q9e5\gK95p04H M5ST.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\ICe0cMfO\_u_Xkux86dPmcZr.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\PrintHood\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\PrintHood\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Recent\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Recent\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Saved Games\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Saved Games\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\SendTo\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\SendTo\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Start Menu\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Start Menu\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Templates\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Templates\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\2 8ViFwSLQ83Xj-z.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\gcbI XBFwUKnwev4B.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\jfT8bTPE4ILzTV9Wqz\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\jfT8bTPE4ILzTV9Wqz\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\jfT8bTPE4ILzTV9Wqz\LwEeBrBypoiRls3_8.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\kmyJXjIdxzYSefm5ES.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\Om35kEWN\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\Om35kEWN\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\Om35kEWN\ZiTTer.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\Om35kEWN\ZzGHO7OK8 LtZPq.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\mj1FIgPN.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\ohEUCQKFv.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\pmzEYYBAD34c.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\R77s u74MyBCeH6.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\dJ--Jo2EZqU L5frcr.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\laW5VE5DaV4givjO Ag.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\p6icwO1Pblpk9Mnjx.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\qA38LGpOcG aai1e a.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\sx-rXp0Eofsy8o1jXdc.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\ULjq4NavcCt1m5gA-e.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\ulzQlrpcEm.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\vkI312pbA0NI\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\vkI312pbA0NI\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\vkI312pbA0NI\5ndSEecQRr wx5.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\vkI312pbA0NI\7GOs.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\vkI312pbA0NI\8UjYABfw0Qbt9Wa.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\YUQc 4b9tYuJ\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\YUQc 4b9tYuJ\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\YUQc 4b9tYuJ\0L7u.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\YUQc 4b9tYuJ\2gSbKx5nUgZj5d8gy5.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\RS3qyBK2tQteAe3 ZZ_Z\W8a_9\YUQc 4b9tYuJ\Zya1PuQKpaiuIHM.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\SpHTpy\TaddLZHDsXb1PD2FtLTv.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\Xj4kPmNv.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Application Data\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Application Data\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\History\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\History\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Temp\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Temp\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Temporary Internet Files\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Temporary Internet Files\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Application Data\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Application Data\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Cookies\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Cookies\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Desktop\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Desktop\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Music\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Music\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Pictures\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Pictures\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Videos\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Videos\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Downloads\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Downloads\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Favorites\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Favorites\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Links\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Links\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Music\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Music\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\My Documents\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\My Documents\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\NetHood\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\NetHood\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\Pictures\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Pictures\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\PrintHood\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\PrintHood\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Recent\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Recent\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Saved Games\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Saved Games\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\SendTo\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\SendTo\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Start Menu\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Start Menu\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Templates\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Templates\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Videos\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Videos\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default User\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default User\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\AccountPictures\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\AccountPictures\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Desktop\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Desktop\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Music\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Music\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Pictures\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Pictures\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Videos\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Videos\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Downloads\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Downloads\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Libraries\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Libraries\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Libraries\RecordedTV.library-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Public\Music\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Music\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Videos\\SFRPESIVT-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Videos\d2ca4a09d2ca4deb51b.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\\bxmeoengtf.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Move | C:\Recovery\WindowsRE\boot.sdi.sfrpesivt | source_filename = C:\Recovery\WindowsRE\boot.sdi, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Recovery\WindowsRE\ReAgent.xml.sfrpesivt | source_filename = C:\Recovery\WindowsRE\ReAgent.xml, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Recovery\WindowsRE\Winre.wim.sfrpesivt | source_filename = C:\Recovery\WindowsRE\Winre.wim, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\- yv.wav.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\- yv.wav, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1OlD0DrQDAo g7.swf.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1OlD0DrQDAo g7.swf, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3SgG.png.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\3SgG.png, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6iEbBl.jpg.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\6iEbBl.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8bo5Ma7MZCSN.png.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\8bo5Ma7MZCSN.png, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9v0FgvA-o3wubBpr26.mp3.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\9v0FgvA-o3wubBpr26.mp3, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\AjZgg7KeVXO.bmp.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\AjZgg7KeVXO.bmp, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\c78b.jpg.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\c78b.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\dcu_D0tnAih.swf.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\dcu_D0tnAih.swf, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\eauLyTsZ.ods.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\eauLyTsZ.ods, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2MVIrGzsQBkTtY4S.png.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\h2MVIrGzsQBkTtY4S.png, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hnb7PHQYw4L0j.swf.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hnb7PHQYw4L0j.swf, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\jgJxxyHOVzXUXod-4.png.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\jgJxxyHOVzXUXod-4.png, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JJpO.avi.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JJpO.avi, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K0spQSfUKxJCGIe.png.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\K0spQSfUKxJCGIe.png, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\k8pe.docx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\k8pe.docx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Kfe-zKlAdWswrW6nKu.odp.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Kfe-zKlAdWswrW6nKu.odp, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kIQ1x4EAWiFzt.mp3.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kIQ1x4EAWiFzt.mp3, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kjpbbRBTd.mkv.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\kjpbbRBTd.mkv, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\mbGahTIz.jpg.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\mbGahTIz.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\NkvANKxnyGb5s81ode6u.pptx.sfrpesivt | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\NkvANKxnyGb5s81ode6u.pptx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | size = 1048576, size_out = 524288 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | size = 1048576, size_out = 196608 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db | size = 1048576, size_out = 16384 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite | size = 1048576, size_out = 1048576 |
|
1 | |
| Write | C:\Program Files\\SFRPESIVT-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Program Files (x86)\\SFRPESIVT-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\\SFRPESIVT-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\\SFRPESIVT-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\SFRPESIVT-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\SFRPESIVT-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\SFRPESIVT-DECRYPT.txt | size = 8546 |
|
1 | |
|
For performance reasons, the remaining 2012 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (43)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\ex_data\data | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\International | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Keyboard Layout\Preload | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Keyboard Layout\Preload | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\keys_data\data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | - |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | value_name = Domain, data = 0 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\International | value_name = LocaleName, data = 101 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 1, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 2, data = 48 |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = productName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = ProcessorNameString, data = 73 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = Identifier, data = 73 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 1, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 3, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 4, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 5, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 6, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 7, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 8, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | value_name = Domain, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = ProcessorNameString, data = 73 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = Identifier, data = 73 |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\ex_data\data | value_name = ext, size = 22, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data | value_name = public, size = 276, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data | value_name = private, size = 1688, type = REG_BINARY |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\wbem\wmic.exe | show_window = SW_HIDE |
|
1 |
Module (8794)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x776b0000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x77550000 |
|
6186 | |
| Load | shell32.dll | base_address = 0x75310000 |
|
1039 | |
| Load | mpr.dll | base_address = 0x74350000 |
|
12 | |
| Load | wininet.dll | base_address = 0x743e0000 |
|
17 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x776b0000 |
|
3 | |
| Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x77550000 |
|
766 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlComputeCrc32, address_out = 0x776d6b10 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenRandom, address_out = 0x77570df0 |
|
766 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtSetInformationFile, address_out = 0x77718e50 |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = AnaLab_sucks, wndproc_parameter = 0 |
|
1 |
System (532)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = LHNIWSJ |
|
2 | |
| Sleep | duration = 1337 milliseconds (1.337 seconds) |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:18 (UTC) |
|
11 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:19 (UTC) |
|
21 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:20 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:21 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:22 (UTC) |
|
26 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:23 (UTC) |
|
14 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:25 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:26 (UTC) |
|
4 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:27 (UTC) |
|
12 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:28 (UTC) |
|
6 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:29 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:30 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:31 (UTC) |
|
4 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:32 (UTC) |
|
9 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:33 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:34 (UTC) |
|
4 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:35 (UTC) |
|
6 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:36 (UTC) |
|
11 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:37 (UTC) |
|
8 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:38 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:39 (UTC) |
|
10 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:40 (UTC) |
|
15 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:41 (UTC) |
|
29 | |
| Get Time | type = System Time, time = 2019-02-19 08:32:42 (UTC) |
|
21 | |
| Get Time | type = Ticks, time = 187125 |
|
1 | |
| Get Time | type = Ticks, time = 188625 |
|
1 | |
| Get Time | type = Ticks, time = 194984 |
|
1 | |
| Get Time | type = Ticks, time = 195343 |
|
1 | |
| Get Info | type = Hardware Information |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
262 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 |
Mutex (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\8A5BA8BEE36925045F5C.luck |
|
1 | |
| Open | mutex_name = Global\iyAzNATdi7a94U8TAO7zVm5qzEjzks, desired_access = SYNCHRONIZE |
|
1 |
Network Behavior
HTTP Sessions (2)
| Information | Value |
|---|---|
| Total Data Sent | 506 bytes |
| Total Data Received | 3 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | www.kakaocorp.link |
HTTP Session #1
| Information | Value |
|---|---|
| User Agent | Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
| Server Name | www.kakaocorp.link |
| Server Port | 80 |
| Data Sent | 240 |
| Data Received | 3 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = HTTP, server_name = www.kakaocorp.link, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.kakaocorp.link/ |
|
1 | |
| Query HTTP Info | flags = HTTP_QUERY_STATUS_CODE, size_out = 3 |
|
1 | |
| Close Session | - |
|
1 |
HTTP Session #2
| Information | Value |
|---|---|
| User Agent | Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
| Server Name | www.kakaocorp.link |
| Server Port | 443 |
| Data Sent | 266 |
| Data Received | 0 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_DIRECT |
|
1 | |
| Open Connection | protocol = HTTP, server_name = www.kakaocorp.link, server_port = 443 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = includes/image/momose.bmp, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Send HTTP Request | headers = Content-Type: multipart/form-data, url = www.kakaocorp.link/includes/image/momose.bmp |
|
1 | |
| Close Session | - |
|
2 |
Process #2: wmic.exe
17
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\wbem\wmic.exe |
| Command Line | "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:43, Reason: Child Process |
| Unmonitor | End Time: 00:01:57, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x804 |
| Parent PID | 0xecc (c:\users\ciihmnxmn6ps\desktop\rlxsbp.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7A0
0x
2E4
0x
CC4
0x
2BC
0x
948
0x
AD0
0x
A3C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| wmic.exe | 0x002c0000 | 0x00323fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000c90000 | 0x00c90000 | 0x04c8ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000004c90000 | 0x04c90000 | 0x04caffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004c90000 | 0x04c90000 | 0x04c9ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000004ca0000 | 0x04ca0000 | 0x04ca3fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004cb0000 | 0x04cb0000 | 0x04cb1fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004cb0000 | 0x04cb0000 | 0x04cb0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004cc0000 | 0x04cc0000 | 0x04cd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004ce0000 | 0x04ce0000 | 0x04d1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004d20000 | 0x04d20000 | 0x04d5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004d60000 | 0x04d60000 | 0x04d63fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004d70000 | 0x04d70000 | 0x04d70fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004d80000 | 0x04d80000 | 0x04d81fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x04d90000 | 0x04e4dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004e50000 | 0x04e50000 | 0x04e8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004e90000 | 0x04e90000 | 0x04ecffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004ed0000 | 0x04ed0000 | 0x04ed0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004ee0000 | 0x04ee0000 | 0x04eeffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004ef0000 | 0x04ef0000 | 0x04f2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004f30000 | 0x04f30000 | 0x04f33fff | Private Memory | rw |
|
|
|
- |
| msxml3r.dll | 0x04f40000 | 0x04f40fff | Memory Mapped File | r |
|
|
|
- |
| wmic.exe.mui | 0x04f50000 | 0x04f5ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004f60000 | 0x04f60000 | 0x0505ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005060000 | 0x05060000 | 0x0509ffff | Private Memory | rw |
|
|
|
- |
| ole32.dll | 0x050a0000 | 0x05188fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000050a0000 | 0x050a0000 | 0x050dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000050a0000 | 0x050a0000 | 0x050bffff | Private Memory | - |
|
|
|
- |
| private_0x00000000050c0000 | 0x050c0000 | 0x050c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000050d0000 | 0x050d0000 | 0x050dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000050e0000 | 0x050e0000 | 0x0511ffff | Private Memory | rw |
|
|
|
- |
| imm32.dll | 0x050e0000 | 0x05109fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000050e0000 | 0x050e0000 | 0x050e0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000050f0000 | 0x050f0000 | 0x050f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000050f0000 | 0x050f0000 | 0x050f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005100000 | 0x05100000 | 0x0510cfff | Pagefile Backed Memory | rw |
|
|
|
- |
| wmiutils.dll.mui | 0x05100000 | 0x05104fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005110000 | 0x05110000 | 0x0511ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005120000 | 0x05120000 | 0x051affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005120000 | 0x05120000 | 0x0515ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005160000 | 0x05160000 | 0x0519ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000051a0000 | 0x051a0000 | 0x051affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000051b0000 | 0x051b0000 | 0x051bffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x051c0000 | 0x054f6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005500000 | 0x05500000 | 0x056bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005500000 | 0x05500000 | 0x055bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005500000 | 0x05500000 | 0x0553ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005540000 | 0x05540000 | 0x0557ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000055b0000 | 0x055b0000 | 0x055bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000055c0000 | 0x055c0000 | 0x0569ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000055c0000 | 0x055c0000 | 0x05677fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000005690000 | 0x05690000 | 0x0569ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000056b0000 | 0x056b0000 | 0x056bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000056c0000 | 0x056c0000 | 0x057effff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x056c0000 | 0x0579efff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000057a0000 | 0x057a0000 | 0x057dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000057e0000 | 0x057e0000 | 0x057effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000057f0000 | 0x057f0000 | 0x05beffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005bf0000 | 0x05bf0000 | 0x05d77fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005d80000 | 0x05d80000 | 0x05f00fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005f10000 | 0x05f10000 | 0x0730ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000007310000 | 0x07310000 | 0x074fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007310000 | 0x07310000 | 0x0734ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007350000 | 0x07350000 | 0x0738ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000007390000 | 0x07390000 | 0x073cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000073d0000 | 0x073d0000 | 0x074cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000074f0000 | 0x074f0000 | 0x074fffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| wmiutils.dll | 0x73400000 | 0x7341dfff | Memory Mapped File | rwx |
|
|
|
- |
| fastprox.dll | 0x73440000 | 0x734fbfff | Memory Mapped File | rwx |
|
|
|
- |
| wbemsvc.dll | 0x73500000 | 0x73510fff | Memory Mapped File | rwx |
|
|
|
- |
| ucrtbase.dll | 0x73520000 | 0x735fbfff | Memory Mapped File | rwx |
|
|
|
- |
| vcruntime140.dll | 0x73600000 | 0x73614fff | Memory Mapped File | rwx |
|
|
|
- |
| msoxmlmf.dll | 0x73620000 | 0x7362dfff | Memory Mapped File | rwx |
|
|
|
- |
| msxml3.dll | 0x73630000 | 0x737bffff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x73a30000 | 0x73b8ffff | Memory Mapped File | rwx |
|
|
|
- |
| wbemcomn.dll | 0x73c70000 | 0x73cd5fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x73db0000 | 0x74070fff | Memory Mapped File | rwx |
|
|
|
- |
| wbemprox.dll | 0x74080000 | 0x7408cfff | Memory Mapped File | rwx |
|
|
|
- |
| framedynos.dll | 0x74090000 | 0x740cefff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x740d0000 | 0x740d7fff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x740e0000 | 0x7410ffff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74370000 | 0x7439efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x743a0000 | 0x743bafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x743c0000 | 0x743d2fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x743e0000 | 0x74603fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74610000 | 0x7462cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x74d30000 | 0x74d8bfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76fe0000 | 0x77061fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x770c0000 | 0x770c6fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x770d0000 | 0x77161fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77170000 | 0x77259fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77300000 | 0x7738cfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007e8b4000 | 0x7e8b4000 | 0x7e8b6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e8b7000 | 0x7e8b7000 | 0x7e8b9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e8ba000 | 0x7e8ba000 | 0x7e8bcfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e8bd000 | 0x7e8bd000 | 0x7e8bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007e8c0000 | 0x7e8c0000 | 0x7e9bffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007e9c0000 | 0x7e9c0000 | 0x7e9e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007e9e5000 | 0x7e9e5000 | 0x7e9e7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e9e8000 | 0x7e9e8000 | 0x7e9eafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e9eb000 | 0x7e9eb000 | 0x7e9ebfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e9ec000 | 0x7e9ec000 | 0x7e9ecfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e9ed000 | 0x7e9ed000 | 0x7e9effff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
COM (7)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | F6D90F12-9C73-11D3-B32E-00C04F990BB4 | 2933BF95-7B36-11D2-B20E-00C04F983E60 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | EB87E1BD-3233-11D2-AEC9-00C04FB68820 | EB87E1BC-3233-11D2-AEC9-00C04FB68820 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli\ms_409 |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\LHNIWSJ\ROOT\CIMV2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy |
|
1 |
Registry (5)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory, data = 37 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Log File Max Size, data = 54 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\wbem\wmic.exe | base_address = 0x2c0000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = LHNIWSJ |
|
1 | |
| Get Time | type = Local Time, time = 2019-02-19 19:32:55 (Local Time) |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 |
