67beeb7a...2f08 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

Remarks (2/2)

(0x200000e): The overall sleep time of all monitored processes was truncated from "1 minute, 10 seconds" to "10 seconds" to reveal dormant functionality.

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xa6c Analysis Target High (Elevated) rdfg546fgh.exe "C:\Users\FD1HVy\Desktop\rdfg546fgh.exe" -
#3 0xfc8 Child Process High (Elevated) cmd.exe "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\FD1HVy\Desktop\rdfg546fgh.exe:Zone.Identifier" #1
#5 0x540 Child Process High (Elevated) cmd.exe "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\FD1HVy\Desktop\rdfg546fgh.exe:Zone.Identifier" #1
#7 0xed4 Child Process High (Elevated) rdfg546fgh.exe "C:\Users\FD1HVy\Desktop\rdfg546fgh.exe" #1

Behavior Information - Grouped by Category

Process #1: rdfg546fgh.exe
126 0
»
Information Value
ID #1
File Name c:\users\fd1hvy\desktop\rdfg546fgh.exe
Command Line "C:\Users\FD1HVy\Desktop\rdfg546fgh.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:00:30, Reason: Analysis Target
Unmonitor End Time: 00:01:49, Reason: Self Terminated
Monitor Duration 00:01:19
OS Process Information
»
Information Value
PID 0xa6c
Parent PID 0x860 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x E0
0x CFC
0x 2D4
0x F90
0x 15C
0x F6C
0x D98
0x E3C
0x EFC
0x EF8
0x B60
0x A60
0x 174
0x 798
0x 6C0
0x 4BC
0x EF0
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C6304 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743BE8A8 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C9824 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743B9218, 0x743B8748, ... False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743BF000 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C5D79 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C9824 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x7443D1C4, 0x743CB220, ... False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C02E0 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C21E8 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x74442A68, 0x7446A0E8 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C12F0 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C6284 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743D3260 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C3000 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C4000 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743BA438, 0x7443EB8C, ... False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743BA438 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C8084, 0x743D29CC False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743CFC90 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743CDB70 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743C7000 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743D0214 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743B79C0 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743B7F10 False False
system.configuration.ni.dll 0x743A0000 0x74494FFF Content Changed - 32-bit 0x743D1A50 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6C2BF8 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6C2C00 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6CEEF8 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6DBB68 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E7A5660, 0x6E6DD0DC, ... False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6DA2B8 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6CF090 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6C9E2C, 0x6E7C0E90, ... False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E7A90FC, 0x6E6C9E2C False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6C8450 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6C8450 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E7C7E20 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E7C814C, 0x6E7A8A58 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E77929C False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6D6330, 0x6E6D4650 False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6C41EC, 0x6E6C3628, ... False False
system.drawing.ni.dll 0x6E690000 0x6E823FFF Content Changed - 32-bit 0x6E6CBF38, 0x6E6CF000, ... False False
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Pictures\desktop.ini 1.42 KB MD5: 37549bc693b6804657d4c018cd0d0bf2
SHA1: c64a2453c3b5e59c74e5cd8b468f65f67875dd9c
SHA256: 914cb20a561a2606ba5086b805567b31daffdb4aa970cad38eb4ab4f06478c24
SSDeep: 24:RPBcf7uoEi0T+FyAqBhrusuJ2cLx6RtiWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ny:Rpcg//KwDRt+8qCKGDpBVJKgUW1EcmQ0
False
C:\Users\FD1HVy\Music\desktop.ini 1.42 KB MD5: 1bdab89e9d6cb69ae785f721be5f66f5
SHA1: acfd409f26940d38c6b8e88c4120b5f0af99a395
SHA256: ea6f57fecb9fc46dc38cce06cdc767814300dcf3154ab299d575af91a370b314
SSDeep: 24:bEccRCnPrrUQp/KHg2BjDetSKWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2O:bEchPk80g4jDgZ8qCKGDpBVJKgUW1Ec1
False
C:\Users\FD1HVy\Videos\desktop.ini 1.42 KB MD5: 097c36eb26c03190b8323a23a34f8c13
SHA1: bd2d6e7cabaf2f93eed93532365d8185627480d5
SHA256: 6ecf067cb23e82f0e6ae9c739a86e07f010ef2cf3bcaef5b4d8ed2f6abaac0fa
SSDeep: 24:Pv5OOf+u9peWyaTMTCHQpmiGqw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DE:EOfFoWyawTyQpRGv8qCKGDpBVJKgUW15
False
C:\Users\FD1HVy\OneDrive\desktop.ini 1.03 KB MD5: 442772dca3adbae66c615928c5f04966
SHA1: d15da409b3f32ec3a78b8aa42ceafc7caf74ac6b
SHA256: 4270ab9f36d32510246ed97b224dfe3ebf72e8ecf81d3e0af604fecbbcd7a2dc
SSDeep: 24:YLLhh3U6bSw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhM:YLLv3U6r8qCKGDpBVJKgUW1EcmQ29M
False
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Pictures\desktop.ini 1.42 KB MD5: 37549bc693b6804657d4c018cd0d0bf2
SHA1: c64a2453c3b5e59c74e5cd8b468f65f67875dd9c
SHA256: 914cb20a561a2606ba5086b805567b31daffdb4aa970cad38eb4ab4f06478c24
SSDeep: 24:RPBcf7uoEi0T+FyAqBhrusuJ2cLx6RtiWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ny:Rpcg//KwDRt+8qCKGDpBVJKgUW1EcmQ0
False
C:\Users\FD1HVy\Music\desktop.ini 1.42 KB MD5: 1bdab89e9d6cb69ae785f721be5f66f5
SHA1: acfd409f26940d38c6b8e88c4120b5f0af99a395
SHA256: ea6f57fecb9fc46dc38cce06cdc767814300dcf3154ab299d575af91a370b314
SSDeep: 24:bEccRCnPrrUQp/KHg2BjDetSKWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2O:bEchPk80g4jDgZ8qCKGDpBVJKgUW1Ec1
False
C:\Users\FD1HVy\Videos\desktop.ini 1.42 KB MD5: 097c36eb26c03190b8323a23a34f8c13
SHA1: bd2d6e7cabaf2f93eed93532365d8185627480d5
SHA256: 6ecf067cb23e82f0e6ae9c739a86e07f010ef2cf3bcaef5b4d8ed2f6abaac0fa
SSDeep: 24:Pv5OOf+u9peWyaTMTCHQpmiGqw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DE:EOfFoWyawTyQpRGv8qCKGDpBVJKgUW15
False
C:\Users\FD1HVy\OneDrive\desktop.ini 1.03 KB MD5: 442772dca3adbae66c615928c5f04966
SHA1: d15da409b3f32ec3a78b8aa42ceafc7caf74ac6b
SHA256: 4270ab9f36d32510246ed97b224dfe3ebf72e8ecf81d3e0af604fecbbcd7a2dc
SSDeep: 24:YLLhh3U6bSw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhM:YLLv3U6r8qCKGDpBVJKgUW1EcmQ29M
False
Host Behavior
File (52)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\FD1HVy\Desktop\rdfg546fgh.exe desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config type = file_attributes True 4
Fn
Get Info C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config type = file_type True 2
Fn
Get Info C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config type = size, size_out = 0 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\rdfg546fgh.exe.config type = file_attributes False 5
Fn
Get Info C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config type = file_type True 2
Fn
Get Info C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config type = size, size_out = 0 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\evezaloxunebarid\rdfg546fgh.exe_Url_xhiknzc4t0e2fxaf55hdcgcx4n11vraw\1.0.0.0\user.config type = file_attributes False 3
Fn
Get Info C:\Users\FD1HVy\AppData\Local\evezaloxunebarid\rdfg546fgh.exe_Url_xhiknzc4t0e2fxaf55hdcgcx4n11vraw\1.0.0.0\user.config type = file_attributes False 3
Fn
Get Info C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config type = file_type True 2
Fn
Get Info C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config type = size, size_out = 0 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\rdfg546fgh.exe type = file_type True 2
Fn
Read C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config size = 4096, size_out = 4096 True 8
Fn
Data
Read C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config size = 4096, size_out = 3215 True 1
Fn
Data
Read C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config size = 4096, size_out = 0 True 1
Fn
Read C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config size = 4096, size_out = 4096 True 6
Fn
Data
Read C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config size = 4096, size_out = 4096 True 6
Fn
Data
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext - False 1
Fn
Open Key HKEY_CURRENT_USER - True 1
Fn
Read Value HKEY_CURRENT_USER type = REG_NONE False 2
Fn
Write Value HKEY_CURRENT_USER data = -boot, size = 14, type = REG_SZ True 1
Fn
Process (3)
»
Operation Process Additional Information Success Count Logfile
Create cmd.exe show_window = SW_HIDE True 2
Fn
Create C:\Users\FD1HVy\Desktop\rdfg546fgh.exe os_pid = 0xed4, creation_flags = CREATE_SUSPENDED, CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE True 1
Fn
Thread (3)
»
Operation Process Additional Information Success Count Logfile
Get Context c:\users\fd1hvy\desktop\rdfg546fgh.exe os_tid = 0xe0 True 1
Fn
Set Context c:\users\fd1hvy\desktop\rdfg546fgh.exe os_tid = 0xe0 True 1
Fn
Resume c:\users\fd1hvy\desktop\rdfg546fgh.exe os_tid = 0xe0 True 1
Fn
Memory (5)
»
Operation Process Additional Information Success Count Logfile
Allocate C:\Users\FD1HVy\Desktop\rdfg546fgh.exe address = 4194304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 54784 True 1
Fn
Read C:\Users\FD1HVy\Desktop\rdfg546fgh.exe address = 14192648, size = 4 True 1
Fn
Data
Write C:\Users\FD1HVy\Desktop\rdfg546fgh.exe address = 0x400000, size = 1024 True 1
Fn
Data
Write C:\Users\FD1HVy\Desktop\rdfg546fgh.exe address = 0x401000, size = 50688 True 1
Fn
Data
Write C:\Users\FD1HVy\Desktop\rdfg546fgh.exe address = 0xd89008, size = 4 True 1
Fn
Data
Module (2)
»
Operation Module Additional Information Success Count Logfile
Get Filename - process_name = c:\users\fd1hvy\desktop\rdfg546fgh.exe, file_name_orig = C:\Users\FD1HVy\Desktop\rdfg546fgh.exe, size = 2048 True 2
Fn
User (1)
»
Operation Additional Information Success Count Logfile
Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
System (22)
»
Operation Additional Information Success Count Logfile
Sleep duration = 1000 milliseconds (1.000 seconds) True 11
Fn
Sleep duration = 2500 milliseconds (2.500 seconds) True 1
Fn
Sleep duration = 70000 milliseconds (70.000 seconds) True 1
Fn
Sleep duration = 1500 milliseconds (1.500 seconds) True 2
Fn
Sleep duration = 15 milliseconds (0.015 seconds) True 1
Fn
Sleep duration = 500 milliseconds (0.500 seconds) True 2
Fn
Sleep duration = -1 (infinite) True 1
Fn
Sleep duration = 20 milliseconds (0.020 seconds) True 1
Fn
Get Time type = Performance Ctr, time = 18207185285 True 1
Fn
Get Time type = Performance Ctr, time = 25237401773 True 1
Fn
Process #3: cmd.exe
62 0
»
Information Value
ID #3
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\FD1HVy\Desktop\rdfg546fgh.exe:Zone.Identifier"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:01:22, Reason: Child Process
Unmonitor End Time: 00:01:25, Reason: Self Terminated
Monitor Duration 00:00:02
OS Process Information
»
Information Value
PID 0xfc8
Parent PID 0xa6c (c:\users\fd1hvy\desktop\rdfg546fgh.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x FC4
0x 8AC
Host Behavior
File (24)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\FD1HVy\Desktop\rdfg546fgh.exe:Zone.Identifier desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create nul desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Get Info C:\Users\FD1HVy\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 1
Fn
Get Info nul type = file_attributes True 1
Fn
Get Info - type = file_type True 1
Fn
Open STD_OUTPUT_HANDLE - True 10
Fn
Open STD_INPUT_HANDLE - True 4
Fn
Open - - True 2
Fn
Read - size = 512, size_out = 0 True 1
Fn
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 208, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\cmd.exe base_address = 0x12f0000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 2
Fn
Get Filename - process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadUILanguage, address_out = 0x75ea4f70 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CopyFileExW, address_out = 0x75ea4330 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsDebuggerPresent, address_out = 0x75ea5930 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 True 1
Fn
Environment (11)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 4
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 1
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\FD1HVy\Desktop True 1
Fn
Process #5: cmd.exe
62 0
»
Information Value
ID #5
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\FD1HVy\Desktop\rdfg546fgh.exe:Zone.Identifier"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:01:25, Reason: Child Process
Unmonitor End Time: 00:01:30, Reason: Self Terminated
Monitor Duration 00:00:04
OS Process Information
»
Information Value
PID 0x540
Parent PID 0xa6c (c:\users\fd1hvy\desktop\rdfg546fgh.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x FB8
0x 6CC
Host Behavior
File (24)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\FD1HVy\Desktop\rdfg546fgh.exe:Zone.Identifier desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Create nul desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Get Info C:\Users\FD1HVy\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 1
Fn
Get Info nul type = file_attributes True 1
Fn
Get Info - type = file_type True 1
Fn
Open STD_OUTPUT_HANDLE - True 10
Fn
Open STD_INPUT_HANDLE - True 4
Fn
Open - - True 2
Fn
Read - size = 512, size_out = 0 True 1
Fn
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 0, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module (8)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\syswow64\cmd.exe base_address = 0x12f0000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 2
Fn
Get Filename - process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadUILanguage, address_out = 0x75ea4f70 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CopyFileExW, address_out = 0x75ea4330 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsDebuggerPresent, address_out = 0x75ea5930 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 True 1
Fn
Environment (11)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 4
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 1
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\FD1HVy\Desktop True 1
Fn
Process #7: rdfg546fgh.exe
10657 0
»
Information Value
ID #7
File Name c:\users\fd1hvy\desktop\rdfg546fgh.exe
Command Line "C:\Users\FD1HVy\Desktop\rdfg546fgh.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:01:43, Reason: Child Process
Unmonitor End Time: 00:02:14, Reason: Self Terminated
Monitor Duration 00:00:30
OS Process Information
»
Information Value
PID 0xed4
Parent PID 0xa6c (c:\users\fd1hvy\desktop\rdfg546fgh.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D84
0x FDC
0x D2C
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
buffer 0x00400000 0x0040DFFF First Execution - 32-bit 0x00405C5B, 0x0040A3D4, ... True False
Injection Information
»
Injection Type Source Process Source Os Thread ID Information Success Count Logfile
Modify Memory #1: c:\users\fd1hvy\desktop\rdfg546fgh.exe 0xe0 address = 0x400000, size = 1024 True 1
Fn
Data
Modify Memory #1: c:\users\fd1hvy\desktop\rdfg546fgh.exe 0xe0 address = 0x401000, size = 50688 True 1
Fn
Data
Modify Memory #1: c:\users\fd1hvy\desktop\rdfg546fgh.exe 0xe0 address = 0xd89008, size = 4 True 1
Fn
Data
Modify Control Flow #1: c:\users\fd1hvy\desktop\rdfg546fgh.exe 0xe0 os_tid = 0xd84, address = 0x0 True 1
Fn
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Desktop\rdfg546fgh.exe 416.93 KB MD5: bd4ea1c3cb843597d5b3a560f95840bb
SHA1: f81c504435d27e6a502acee3d1834121517ea194
SHA256: 67beeb7a196a91ffdb77af4e53143e75a157ea6cf3432a2e14e1c55d11ef2f08
SSDeep: 3072:1VAz+HYRuV4ek4gX/am6/iQ0ET1fY/Tnib6qICONXvm0JZxkW5QGmwFp+1mSZoNJ:7c+HY0n/p0VTJq+9wm0sfi4J
False
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js 1.22 MB MD5: 1c34f48ec3e19efab308a83fb825ae47
SHA1: 5298177ab1480b5886eb44c7540abd4a4564e190
SHA256: c926e831c36b055a813e271f6383e4356ea9ca29a88e89fb9f8e05fe4375dfdc
SSDeep: 24576:lklFJPXJy0Si+aExNPeOAwkVR8IRPVZif36l+22ep:lODPXJHS6ExNHAwkL86aqc+p
True
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js 2.91 MB MD5: 0849bc2845318e144eac216dc0ad474c
SHA1: c71c22858e96fdbdd5ad80fcd5e39f2fe6facbe6
SHA256: 1f79908df613dd75b158a8bc881cef372975e1e6a0ab371b4da60f52f8ee3add
SSDeep: 49152:21yQZVoloK2yLs3nYvdo2jg6pavkcOyfrPSxh2OC4gepf4m1cN2HpLnk52y:WrtK2WvP+za4ZYS
True
C:\BOOTNXT 960 bytes MD5: 67aa82989798624eefdf950c6c2c141a
SHA1: 0cb7beff1300537a96d9cd789f5482d3d0a06884
SHA256: 385a8e3484cb87131ed58496bad3140f8abf4ee34b7aa44b89fd5dc13a332b4b
SSDeep: 24:vW+AVtbGAPLhWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhHHZHn:+3bd8qCKGDpBVJKgUW1EcmQ29HHd
False
C:\BOOTSECT.BAK 8.92 KB MD5: a25e31be478515f72a7352c2c39af9df
SHA1: 8f53bdad046cbdaba9b8a7a3e2fa864f30d7b812
SHA256: 664bdddf0278831934ea4c4cc05dce36e41e3436870ea177cae92b06854209ed
SSDeep: 192:WwPgGnN+RMuEbuu0XUtA5nrZ3NifyN7W5qF6hPuIvGlDoYC3MWmZ:WwpN+RMYPQfETyvG9HCcZZ
False
C:\Windows10Upgrade\cosquery.dll 61.12 KB MD5: 8cd261fea4a468689786e75eca758801
SHA1: 3697e75ff5246c051ff29c2b3e978f124a28b920
SHA256: 3170c84bb4cfb9a682bc59c548bbf28e2df491ad0eec3de7daeaf8fabc382964
SSDeep: 1536:RYeaqm4sDvVeX9p/wbr5dRaX1T8+A2vXVmj1iJ51PsJDA94W7N:RYeaqm/vVeX9p/gHQanUqDA94QN
False
C:\Windows10Upgrade\DevInv.dll 323.12 KB MD5: 1064a1145f75c55ac768ca424358ac2e
SHA1: 70c27ce640e32dfd0d0efe913e79d02fde938e49
SHA256: 8371ffefb46df2331ec8afbf82752ef5ddbf5d311bf1bdb8fb05dfa6299b9592
SSDeep: 6144:vRrkCypy3kRakghmewAllD1jrigWT9481iR0JwoYDDXZUdJtOk1ov9KdIU5:pICy947ni9iCiR2E3idIs
False
C:\Windows10Upgrade\DWDCW20.DLL 49.62 KB MD5: 1464c207f703b1c9fdc8100bf4d5a81e
SHA1: 9bee3cac6f26973e21fe33645772f16efad6509e
SHA256: 2f5df8f5a9f68abefeefe9bb9ccae4cee622269d5c5e468196e664b8ccabc858
SSDeep: 1536:kHa5YZWT40jWSJ7kJOfbmQBBiDgoS09XbVd4ZG:EUMSJIgjmQH439XZ2ZG
False
C:\Windows10Upgrade\DWTRIG20.EXE 45.62 KB MD5: 17ecb33734337d1b284c1d2673268189
SHA1: 1d51545843f446ae8fb9efba150c9c18b1b17df1
SHA256: a06425ab710e927875509036fe2e1e6e96aa0308ec0c548dd55f716b098e7fa9
SSDeep: 768:vxZ1HW4AB3B9dFAFYaIylkOZMtDpiG7c1VpcASmHq6gxmJfMPkA0G0hMdMTT:vp2P7VyYclkOZKDpx7crpbpH4mJfW9gV
False
C:\Windows10Upgrade\EnableWiFiTracing.cmd 10.50 KB MD5: 501605e21fc9cc65aa08685de68515f6
SHA1: 8dd12220fabb7d8009b41a410ada5ccc0a1351e5
SHA256: ecb953f06e35a60e8c34e462fb49bbe5dbc31c649a6f4490420fcad2bb2b7699
SSDeep: 192:YKJ9uNDxS3xSyOEgX4m536Y5v+8d4I9OlzH1TR8a9C3MWmz:YKJg1S3xSyOEgX4GVvYIcl7VR8kCcZz
False
C:\Windows10Upgrade\esdstub.dll 40.62 KB MD5: 189ef9fa51dce2fd68606d8047a2c28c
SHA1: 7a7fc8b112138aa82cd5449e44ffacef025b28a5
SHA256: 069c781f3af3c6faa6d1d0b91c6672f92a824fe350d08bd4ca0a6c85c8d94a68
SSDeep: 768:EPK8b2QOqryLdVD4IuuMpXwRiha4DR9ITh:EP2QOqEKrpXUoIV
False
C:\Windows10Upgrade\GatherOSState.EXE 552.62 KB MD5: 278b3a5b8943961de9e25ad463c5f091
SHA1: 381aeded123fd918780a9801c2812ba4a87cd31d
SHA256: 95cac80995bcb61d7197fff653b996c72ac0118771d4db554ddee1300f6a9f02
SSDeep: 12288:fIQq99xNSTe+ZVSpfXWDTM1osqfD5AiaeuW7XdZNE0VjBbXU7j1G1Z4sHqA6gkGc:fIlfSTe+ZVEfXWvM1Yfql23NEATgo4sy
False
C:\Windows10Upgrade\HttpHelper.exe 28.12 KB MD5: d9843ee6fbc48e89c23ae8f3e9861cf2
SHA1: 942f54589b30e63ad250b1d7a94ebb8d2b4a2176
SHA256: 74c2f87da9fb813c95101e83076d086972520392663b4ff513a759beeb85ada8
SSDeep: 384:5ToZ7/8ScJ/4WJb3Kmqr80aq0Gftp0B8fKCEWBdwl8QFOx0+oqpZMi34+n+CcZK:do5Lc1JlakimgKCEWB2GEO+q3UTK
False
C:\Windows10Upgrade\upgrader_win10.log 21.00 KB MD5: a73b0b122ba249723b4e3d1987b5695f
SHA1: 1dccf6246b1a1751109233104eea3d027b6804f9
SHA256: cc584d7a36fefa83edf35c01ee9417d736c809560d18bb3c192d51f689a1dd28
SSDeep: 384:ayeh0t1OtdygEONkNrNasFK7PcHvzgsYjPe0LgnnTHybZ5cJkaeM9gCcZx:m0tMdJEONkNrcrcHvUsYjDg2b3ukaeMO
False
C:\Windows10Upgrade\wimgapi.dll 545.12 KB MD5: 5d39cd76d83e2a9e8242928a6de03225
SHA1: b0300c6ea4f59f790df97a7de92855fc8ec4cbda
SHA256: e3f2147b9e4a59c3b3bbb221d675c8f57f347d5b194026c23f634275c13e54ee
SSDeep: 12288:GG0zfgeNVVL9CppWfhfhWpiCS7i+R4J/jCMUhaPRDehAPLu:MjVVL9IWfhfhWpiv7iv/2vzhAPK
False
C:\Windows10Upgrade\Windows10UpgraderApp.exe 1.35 MB MD5: 13d7470e4dc68370a6fce00ec5b32ea9
SHA1: 6bbc32df1fcc2f862a624bd0324772bd02e409dc
SHA256: bae2ebd5f9505c8c2fbcc161622179274c8326f728cea0ab2795602df6e40303
SSDeep: 24576:L+x2y4aEAuUSH49uXlVVEcqoL1Kr4UQoAuGlTIZ+wbuv:L02/alDqCcqowr48AHlTC9buv
False
C:\Windows10Upgrade\WinREBootApp32.exe 25.62 KB MD5: 0faeb91859c7ebf52583c7e89c72af7c
SHA1: 5fd23ea6812e2b975b016f410cc86a27a5dc7796
SHA256: aee112c58b81a2fcbb8100dbfa05d99865a2445e8c8853624e902f62fa8134af
SSDeep: 384:CjrsfbKQm5hVKjrbnjAYvSkXTMq0GftpBj8Krpse5wayGX7e+RJ4QBw/LCcZX8:CjrsDKZ/8nj5SkDuiLrm+r/RyQITX8
False
C:\Windows10Upgrade\WinREBootApp64.exe 26.12 KB MD5: fb31b6203e5971962b9fb1e5a6373627
SHA1: 3bb808fe2bca7ac1beff5239aa17085a83081d7d
SHA256: dd15e0c3e8b15a3b84bf1afbcb8c9fd4b9c964335169d09d6fa34cfeaedbbb87
SSDeep: 384:D8hjHHaWn9T5vvE8C1QlF3zMGvO8D9WG80aq0GftpBjEJnRQq40WqfJeR3cpC9C1:D4a8tvv5fbzp28DmiARQp669T0
False
C:\Windows10Upgrade\resources\ux\block.png 1.83 KB MD5: 4482ecd98342a7b4b35f38197ac8a394
SHA1: 6a714b5e63691638ecbaf589b7395c893984a2c7
SHA256: 6c5074e2449c2339424243dc701c8228a8ae27058cbb70f9f5b4dbacae575c78
SSDeep: 48:BG0bQbcbGPrw95tt/3efKBgKa8qCKGDpBVJKgUW1EcmQ29JIH:BG0YcbGPkJ4fF8q6p3wjWnm5IH
False
C:\Windows10Upgrade\resources\ux\bluelogo.png 7.84 KB MD5: f85918476e9ae05e32bb4244b7ef8992
SHA1: a5e06fa5c0a767e57fb13a5601c29457cdb71529
SHA256: 1fde367e0eb9d17dd6597d384bf96e8eea5d94adab929082291d4f7e2c6b2b39
SSDeep: 192:vbCWqODlSBFrdN2WS9EQjGf0fRnbkoasIjjADZ2Ky1C3MWmeh:EP9N2cmE0fRnbgjjAV2P1CcZ8
False
C:\Windows10Upgrade\resources\ux\bullet.png 1.14 KB MD5: 84a8e568bcaee9815e49def6bec7d96b
SHA1: 942b0597c17762340d9a7232df1918718f8f292a
SHA256: deb4c2b85cca697bfe8a59dadebaa2e1b5b5cb1b382e7c1f8877dd7865705f75
SSDeep: 24:GoAv8Wpw+N8u6w+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhrUV:Mt3f8qCKGDpBVJKgUW1EcmQ29ru
False
C:\Windows10Upgrade\resources\ux\default.htm 62.00 KB MD5: 09506c727148dc06ee9389c2c45509cf
SHA1: 2c243459ffac19b43ab777b269589375585d841a
SHA256: 5a09adf98dd4ccf301331b86c516943aaab4a7b682faa648b3511936936005a4
SSDeep: 1536:F4J6XolQOZN4+Ydo0TbCqFkBm0TEnsREx/n01DSnWnU96BySTjMxK6sudzD:iYX8fj4+Ydo0TbCqFkBm0TEsREx/0xS9
False
C:\Windows10Upgrade\resources\ux\default_eos.css 7.47 KB MD5: 030408627170cd3c416fd431973e8f82
SHA1: 634cb8ddf7d62fd7a1105874f372cee01ba490cb
SHA256: 0a16ac91a79d9fe0b947b6744b3d0d8e3d098afe03669edd71278b1eba516891
SSDeep: 96:cyaBK7lSxz9MrRVh49sI8SINLO86FRRaVzFMQYhdJWjMRPejFLuCqFQIMUXoW5tj:0R9MrT/pSKivIYhvWHgvFeUXEC3MWmk
False
C:\Windows10Upgrade\resources\ux\default_eos.htm 55.48 KB MD5: 3da7c9c4c7f4e4be8eecf904479c7fd2
SHA1: d7cd2d0ad70a4f2312366a9590b0298a0c45dd89
SHA256: 90444a53cfa957db0810633d9d3b3e2e29344b4adaac2579f09e1abfc78dbab9
SSDeep: 1536:bifZZ2+c4cRhYU009+445lnDWt1SunNE4B8yG0:b6f2+c4cRhYU009+4wlDWtsuNPB/G0
False
C:\Windows10Upgrade\resources\ux\default_oobe.css 6.03 KB MD5: 37b36555b541d81e0bfc103fb8747aee
SHA1: 1a1b1c764fa3390c4fcf8e1b89ee1aefe2d0bee1
SHA256: d3b9b6613f6c385b7209d79966de401a97effe50c7f741f7b5ca057a53c74619
SSDeep: 192:HbEg0QDtSUf4+hUWGxhB7pg/Fz3hPZ5r3jC3MWm+:HbEctSuUnw3Nzr3jCcZ+
False
C:\Windows10Upgrade\resources\ux\default_oobe.htm 65.09 KB MD5: f10448546a745282843378bdc0bc7cde
SHA1: 37c240e73fc95c545255d306ed3ad1525fa81a75
SHA256: 9da0709f4746a2e4485846dca2167272629ce8b7dd5a1f329ee74192bb66dba3
SSDeep: 1536:z3KMtuhw18pZsy87RJIX6+oWDjzOpntkSBn01e1evnUlagGVCs8aK:LKKuC2al7RJ66hWDjzOptkSB08wvUlaC
False
C:\Windows10Upgrade\resources\ux\eula.css 1.02 KB MD5: f18e9ecd6ee29b58eae372680bb69712
SHA1: 38814300e960f07b5578fc36c150a37af247bb58
SHA256: ef30f7f4991ddc97b32bc781a3ce52a650ec4cead0f8f9daaf30d8ccaa0bdc21
SSDeep: 24:YQ77K6CqWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh3lt0:1VHL8qCKGDpBVJKgUW1EcmQ29v0
False
C:\Windows10Upgrade\resources\ux\GetStarted.png 4.66 KB MD5: 23e1cbe663e4d89a2f38b6faed7717ab
SHA1: f7fb47cb9b3e29b2f3b67cd8e56bbc1e7fe00cd8
SHA256: 9e91a9340e837fc1c2fd20df764e8b043386efaf808d8f6224f752297b019da5
SSDeep: 96:hN4KrgWxF+R19NIFmhPEcScmHRNTwm9tnQNY8q6p3wjWnmo:AYgsy1P9hMQyRhRnQNYC3MWmo
False
C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png 4.91 KB MD5: 9aeb34950623b557f1857c42b2741726
SHA1: 772e90be1a68394bed07ea7c2c2e381d706a5a1a
SHA256: 40081a6532f22fee0d40455d90c9126ae3cb0f47d6870822feb2bd619fa8ce53
SSDeep: 96:OlzkYoi4pR0Xz/4VjyRrT/PEHgB3EJqXkWWWV8q6p3wjWnm4:EzspRGznRrrMHgFENsC3MWm4
False
C:\Windows10Upgrade\resources\ux\lock.png 4.52 KB MD5: d35c70b07468f7aa9b4cbee16d4bc6d2
SHA1: ead5d0a61fbda7641c6367c917c3cbe154e7ff15
SHA256: 68e9cc0590f4b2baaedc8498a47f780226251b6317f00722f1f6a3b66d2f6ad2
SSDeep: 96:P4pQ8Ybh45drG6eyF8jSe/PfxoEQ5CbYcKW7Fk20/ABtaGchEf8q6p3wjWnmj:PV8HNeyFBe/xoEQ5AYvSFkdAOlEfC3MZ
False
C:\Windows10Upgrade\resources\ux\marketing.png 1.41 KB MD5: b3ba0ad665fbef64ee28dbfc29db0e50
SHA1: fd9d013e038841710e2e1b4fb7757e2ec89a6831
SHA256: af1492ddb90165997081d0e301bb8247243c21e0be4d9564bcd606e8aa43c2da
SSDeep: 24:EyNvVhK8fxHaysYcmwZyWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh5RU:BTK8JUYXHL8qCKGDpBVJKgUW1EcmQ29I
False
C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png 3.05 KB MD5: 41c46f2f7f961974a3463914d67db8b8
SHA1: c868b47a2d989d461883ac375351eca90caf640e
SHA256: ec82649bd5329300e2109fdbf681db3015178f16e8a92ed927d5be9c0e9b4f6e
SSDeep: 96:LunKRlEVabpd95sTTnXWA4ur8ep8q6p3wjWnman:FRmabzoTTnXWA4ur8IC3MWmu
False
C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png 3.09 KB MD5: fe4772f0a560cc3b0c6f2c55141e492f
SHA1: e39f551a80a541d9cb5ea8cacc73600d905ca7ed
SHA256: 5cef1de5e5f43751a993bdaf1b5872fa4d7dea441123921cdd15e89aa5361abc
SSDeep: 96:f+AsuVOZ7AwhtWOk0GrPXuTs2ZBsM8q6p3wjWnmu:2UUZ8YtWOEjZ2mMC3MWmu
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm 108.78 KB MD5: 30c7e6f46c52c2173a8ae3a8f0bdbfbf
SHA1: 1b867674c26179d10f7d8005049bb985d23da2f4
SHA256: fa951439d8ae29b4690acea1b6b95304f2fc5b9a78f595bbea030acc1919a492
SSDeep: 1536:D91REhZgNsQd7xjn5tQZH167d2PEzQVIpkQ8+a1H+YAR6eJTRwRx9Cn/gX8RDtDQ:D97NrkO8LQwRouaJS1RFJAoV
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm 248.44 KB MD5: 8eda6b4890bea6c3ee8db72184f2db4b
SHA1: 43eaacdd339dd496e812355ca17c2277a16c403a
SHA256: bae30fdd9bec0872917d4cca6e99b05281faa418bec0fcf302a9a137d95d5201
SSDeep: 3072:bJIW5Eq1yW0XFHheFuPfIlh0hPDmMX0pTnHqRN2bH:bJIWzyW01HIFm/rmMX0puRN2bH
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm 82.30 KB MD5: ba167861f2dddd3167f6c08d0fb6197d
SHA1: 32247be8ab979720f0e7ea297d47c0e563ad4e79
SHA256: a7100241d2b2c2b698dde54efeb1fc7f65ff9b2ac5bd502daa2f5d4d610f6714
SSDeep: 1536:bXQrpAVgrkDyu9aE0mwOa2ErPl660gQzMuaxg7IdqrCbiPcQSRb8pFOLmSM8I2Ew:b3NasLrGBzkhBsOxk
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm 64.57 KB MD5: b18f5a4bacf2aa664fc68e68674fcbab
SHA1: a90a1590b78b47fe10de174555eec66b4167c5ee
SHA256: 8d5a3d3be5c1705fe13904c27d81d8233fc2bfbaa73c818d1562d4cf156c0fc8
SSDeep: 1536:loV9i109aEMwnZVpEb9fw2OUYxgmF3J5ghwPuZptjJ/CaGFoewY2TXYaQWOaUW8v:loV8mlQWOu8Ox
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm 69.73 KB MD5: 1d87a1bc485d27a63da6c8cad19c1d56
SHA1: a3d968eb8b331358d7cf1f491f35e1ee486c1c9c
SHA256: 3320df682a3b3ceb1ac4e1c8055a39a89e4c3839ded587d8de2c56034cabca30
SSDeep: 1536:jZFqQ996SM4Mz8ds462b5nDfr96X5atDe83KMRoM+Y51DxJr9e0Wlc5bGHkeIJMK:r9r6Mk5cKM9ZGss0
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm 234.76 KB MD5: dbfbad99e993e992fd1d5766f84cfdc9
SHA1: 2884be90201fdd19e1028a36ff4fbebff75bca2b
SHA256: 0330d0522a439c75be1a945f81b6ae1622ce8b0f5d51f62a85e4c85f74c63c8b
SSDeep: 3072:Xts1tpN33vog1Y011RQwAv1dHxuFH02QT+GgqHMtJkQI+jfnhrHMSn:9CtX3Qg1jQwAHHxLnmqstz1HMSn
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm 58.10 KB MD5: 3bca22be2813ca6dc8197d2234bc18ad
SHA1: ac24a5ed7315eafc7055062447a823ae6bee7acb
SHA256: ff64c003dbebdf5fa1b418b4ba4cdd58a58d955d4ed72edb12ac2d30e6186b8c
SSDeep: 1536:sS+/G0cg1JxtaSN/Bo/xftrYHpbA5stZmS0bGMavtHV3hemUsfBsGRWBVPjLsGSP:sSyGALSSzvBdpHZEAp
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm 58.10 KB MD5: 9276acbba9140cd2e754b0f3cc6eb076
SHA1: 41d51ad8d234c40255188bc00e96908f954b9d5d
SHA256: 87bf6bf0193e98925aff190f0e75843effb4cc710937f675b5a0e862d7b80dc6
SSDeep: 1536:rXkFlg1JxtaSN/Bo/xftrYHpbA+rbabGMavtHV3hemUsBK2ChNBVPjLsGSkBWzJY:wkDndRLHT0TVt
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm 69.11 KB MD5: 30e35cb79c82a20b89971c0415f65e18
SHA1: 52e27b11cdbceb6f54cf537dca4901d6bd7fb724
SHA256: ac7f127ee53dfaa5b25dccf9654d48e9f16b362609c217044d6a52597c3e4c51
SSDeep: 1536:PdkFtxV1NILDBgpCCzDWLQq8yOpm2OoEunZh7M0/rFHJY1GWrLwNkSU7A5rf3GkA:P+FLpZFHivSUEVGkp0yWSM95
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm 69.11 KB MD5: 0088953ccee5ea26789af33d0e1a61ab
SHA1: 5d9490d8252bed4f5d32663f945d26b27054a886
SHA256: 89a0e041719a802f36f74d169624468fec142676cb66b6b24f5b947ff2b61d88
SSDeep: 1536:PhaxV1NILDBgpCCzDWLQTCky31rBoEunZh7M0/DhwAGOa8p/GWrLwNkSU7A5rfVa:PgCkKrEw1+BSUEvJfvSME4sb9
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm 62.54 KB MD5: 6dd3f7719ab869fd54ed33e0c888a8cb
SHA1: 4f3dbd305d666384aa0eb8758379ccc70aafd9f4
SHA256: 9f79302a1e22ace8f4b56df5326324da11c4c0d5a3db43105d5ca685bddbde8b
SSDeep: 1536:8jCmzLQFY/TRBm5cMyIYH8fP8qaJntgsK5KQc+IWGx5TIuTEtjHt0Zp15O3Ov2pS:8hVZ5IIOjRntc
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm 70.02 KB MD5: 1f68390550c8611ff338f71dcedb97fd
SHA1: 74edefdbbd8dea8be77bf46fadc79dff94002497
SHA256: bcb719ef7a0e89935c16477315576ce670a4c7792f900ec75c8597e76b30646a
SSDeep: 1536:b387ucHR12we4/B4GW77k0ZAUwvB8D/Z5rbFTjF0VukHBI75WQ97UbTnEsUHNwVJ:bsagMSvB8DnF4q8WHOiW61g
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm 68.69 KB MD5: c1c8a8a5545fd8def07e30cba17bab30
SHA1: ad950c0a0e65e7138cf3d9aacc6bca28bf3ff5ce
SHA256: aca124a1cd2787035070f53c15ce04df92e3f788f18e7bafb89354762664663e
SSDeep: 1536:oF4V06i69uMl7Meo5zpi3ZTTVOCYjNQ51dj8FnyXO/K0ED+AQg/Dj3RwhQWkDlm4:6beEcRPBc1BxM
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm 68.69 KB MD5: fa58422f95e31442b34f6f11ec9a0bc0
SHA1: 182ec87c1714a1302070e896051f29f80561493c
SHA256: 3ce432a57e3714c81fdbfc4afd47926759dd3d505fabedde1296cbd2eb811c22
SSDeep: 1536:016006i69uMl7Meo5zpi3ZTTVObdj8FnyXO/K0ED+AQg/DuTsuQWkDlmcB3/rD+a:bicjBYp66J1ySw
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm 845.30 KB MD5: 894b18ebae05b0ed58421863d222641b
SHA1: 27c19d781dececac65af17329f95b43ca83bfb95
SHA256: b429cc7d840e6914893d6941c67df4ee9d0b90f9b5e728399b08b397009fc934
SSDeep: 12288:w/IQ8jYtE3DKqWCzrpoSn7BmVETr8OyFMKMe:wPvwLL7BmVETr8Ok3b
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm 64.27 KB MD5: 84a6d5b41d41efa2dc2ebcbbba0cbdaa
SHA1: 90486f47591954398d6ede18a18a4df7f1a90ffe
SHA256: 861da5b41e8527f2a70bd2ee9910b167c66d736e7c23cc6eeba1c2228d25390e
SSDeep: 1536:80guaoZlUgjuI4ZQco6L24kpM/1pCdmslDuIIclCHLrAW8lT6gTF/4VUvhWmTzOC:8fZk81a1+QYF7vi
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm 83.52 KB MD5: 026646e397462c553cb7292eecceb4b0
SHA1: 8e0f67997ce33ae196d18f1b5ee16f6515ffc398
SHA256: a8e6b4094262849cd98427af0db58d5ee8bb030dab5e222dd02089270c00d4e5
SSDeep: 1536:16YQSonBFLquTAAEuKddUUjRh0lSNAH0dHeIe9+J4dxfwuCDL5Khzv7B2kHAy9DF:16lSonBS70lim55xIuCDL5KhrdziFMVL
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm 68.78 KB MD5: 9e4415e502c5684104a8d64e11ad3e32
SHA1: 8ce29d05afd054b95f2870e842ce1e7abd0860d3
SHA256: b6ae72eada068a10cd6d617716a3c4dfd9fbd56630e82930c8c2c68fe9983475
SSDeep: 1536:DtbwhLZNJwgSvRY+VxACURGyIkGxF/rFPUUFoBy9XdK1/G0pc+3qxsLGKjCe1jqg:pmU76SKLfGKA+Ahrmt
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm 206.25 KB MD5: c85b0e64f2b424936ace288a8c31172e
SHA1: e0f44c23ebe0eb42e238f9bd4dea6676201e5c01
SHA256: 025fadda291029763f6c32d5d5e5264fcc6d189af6cf1be2641d1165d94bc74d
SSDeep: 1536:lbvvaLr1EDHKHh7I30adXeQdlhVr0SowN8sO8WY1YLK1xkfNM8jJy+nFuRovhiJR:lLP/Xe/w7k2k8UhDpt5+kBP+QS
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm 620.14 KB MD5: 529e861870a9fa9640c5075c2be06129
SHA1: 9f35811f25974b557f7afa3117af91fe265765f4
SHA256: 399b90c794a209d5123efca3ba64430e6c1a0974588f602a2892952f8c46cb10
SSDeep: 6144:Te6ocNz1Bk87w6811mAnpEGFNJfs9ct9zNvwIVrvfu02ZeMKcD:i6VRVA1mAnpdGct9zjrYyK
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm 75.23 KB MD5: 59f91452eb7eff1a7266f1edf731e88d
SHA1: 72d7348cac29d062e00b7211c754a427aee677f8
SHA256: 8f398f84ce69b238d05b189a3685eb8aeef5c3a21c9d94c4b50e8243eddc1570
SSDeep: 1536:+iO2Ec1uEaQ3KN7jhrQUm56AjdMUlhSlMrMQGm0wDleFQfToc7wFtGd0rfVhboVE:DOmzV0Gr292eFQfeVh8O31X
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm 82.88 KB MD5: baad474e2d07aef7d8618bd67398a991
SHA1: 511547001ae332a44bd50ce024e1c1828c77614f
SHA256: 0ebf115db1911149183b0cbcb3cc31f96b355ccce11edf26fd96a0d76bf33ef4
SSDeep: 1536:y5fxZaRnraZuL/wog/Rka/3lliRxIMMQbDvcuaZKz8dgy0O2acfpOqHnX9xAVUMI:Kb9llingDIU2CX5Fcp
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm 66.55 KB MD5: 0579897c1abc3a90ed7bb892b6c22fda
SHA1: 0fa87fa57fb986e61ff98a75f36e9989bd00cc7f
SHA256: df5cf8b319e31a6ee1ac019f87e24343c2fa09da1cfb813adcb3ccecc7a83687
SSDeep: 1536:EGN1AleurzVZJi6kAoABwPKL2bWdAywOZrkKliHmCvZuls/SfuUnHKgyTGdguE38:bceKFHFzi5Q7RwKc0
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm 66.58 KB MD5: 87dd2e1b704c69930802f9fc3c21ef58
SHA1: 8f9f5e6c717461f6d3754a7438e4309793703611
SHA256: af723edc6f39df07ddefa518a0f3d1e0c59cd2c51c4537ff010c192d439bf14f
SSDeep: 1536:jwyvholRTOzJOZVnqR5ybLzCDxVngNvgh7pYqbqB0blWB3gkH+DLY4IXaPTedstB:jaCjb3blWSLUcpra1M
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm 80.82 KB MD5: a36c0299a68f2cc98c8c6cf92b9fc17c
SHA1: 8b3053687a216c6ce4a4091289d6130341ec09bb
SHA256: 1e4e613f9f5bc36654566acff3af449d622a95d94c3717f6c050b092b6c48930
SSDeep: 1536:F+W1I4GuXYZ91wL+lOo4JEVkDZxIeQQJ53WBV+ydFyNoqwCkPJcBAExzPVFpSYU/:5rrDFSwyfpquCBtTHlaD1D3
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm 67.62 KB MD5: 4e9e4fad9e9748c7407b00ac88600118
SHA1: b837266ed4324ee3229b9f95a0a963855be0cf5d
SHA256: 5d39a7e0d959b9202168871bb6b252def019b1b41b51a159bd8b2818b4501a48
SSDeep: 1536:uO39aV9dNUl68w/R5/Vt7WPrlths6VJ2SdOfc684AGNyRX1ZnK5fG18fkCdQrxna:u2Pr/9V+SCdQdnOpM8
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm 70.31 KB MD5: c1e3a5e4481141360428c25bc190db1e
SHA1: 172b65bad9c951b487e060527b5a5b404d62493c
SHA256: e99080387979f80897e411b6a8f505cea1f45f0f9ac87432c6ab7fa81e2f90a8
SSDeep: 1536:ZFI0sEYDhr7UNyJcjNEqhCABOZmfUQ2HX/k8LeDFU2MIkup7s1veGbV9KEr26pt4:UBTdXdir+2BXAQ
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm 77.27 KB MD5: a4c60e5afffcb69a87b3967619153bbc
SHA1: ea041b3c665b4554973df46fde9197aaad9d331b
SHA256: 926346b02813a7023d243f275fc0a46856f843a70c1ef215f101ab28d8c6fd45
SSDeep: 1536:2fDLBq3IPirANA7i9OGQH4EgTeArGxkIkBGnCZxvJefnO65+BZQHV+ECzaqqSTUl:2MH6CkIQplqydWMej8a
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm 278.12 KB MD5: a966d9e220dc9088d891d1e3f3093407
SHA1: a317056d260161f518fd77e1c105ef7b77110881
SHA256: b35a8639d7689ea5efdcf6d70900cfb3abbb623ad34043356ff4d394a3e91f83
SSDeep: 3072:CGKgeLZN204YMXYgciBztpCgLdjLUF4RFdP/T6qnw78iITV:3nvBztjLpLUqxzGoV
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm 80.97 KB MD5: 6901cff2887f88560101f4766ce75006
SHA1: 29b486e1436e67db9838c6818821a035dc998140
SHA256: 8f5954ff795b32d0e018b61f538671684c5f8c6260215e0f300b98010ebb9f8c
SSDeep: 1536:6AQAVcovLMS1M78hIVPWeFI3lWDWcrLWXZ1axIUt1QBXf7qJ9y7a4n7nU1EHXMGt:1Qg/44BP7N3kbQ5
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm 65.53 KB MD5: c6e0a536cbae4de8465166c8a73052ad
SHA1: 48232e17e255f1de426b78f30520bc4955c70054
SHA256: 9d527f454a409e1559896c9da9ecf601fae46a18f7e4c0618e906cf09b8ffb5e
SSDeep: 1536:hSxhY66qaGlT34yU25bRUg2g5HMXNNWEuIQPWZ9F/dOVlFmRQui4owxn7Qkvg6K9:4xhY6z5sdXPQdfFmH5y1F
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm 74.70 KB MD5: b235546da5be659a1498f85dd5334a6e
SHA1: 302462ecb0efc41f52c350f39bdc1a19cfb9c05f
SHA256: ba86eb0d9a175857576901ba5eb4f2c5537fc489b095f02edc2d42d570742b6c
SSDeep: 1536:K7osEG7LZbpV9L9r6whUOzZb+rhSTDtthELrgnCKr/u0ZEXuw/hBo8CaID1WcNpR:KUq9zIVST3/uNvMkJ7W8i
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm 69.67 KB MD5: 3d0d5b940f8fd26422655dd036475360
SHA1: b1662d8ad6ccc9619789612dcc170b74c6f41a03
SHA256: 2a6b89385516921f09d99c983e47634087f2810e50e01d3937530c448fc3a55b
SSDeep: 1536:6c42b+/QYrr8ZcbCZ7wN91HsNp8zWexC/gOZr4LXKiMW3wRmBFAAUD0t6eHuWcha:6c42iWexC/jr4BWcPJbX
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm 249.11 KB MD5: dfb6c33f38d66db7c032fe5592f69765
SHA1: 46ee8a5e43592dcd80e959faff118fe364f9f084
SHA256: 5460b9a9974c1158262f7f09cc450cb9188f793e7e7dbcf1b813f86773f048d4
SSDeep: 3072:K4c2YpZ6AnrJSBH/16eM1DeK9/URVUQ9/M9A6B5e:w2YpbrJSpNCtpUUwU9A+5e
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm 74.30 KB MD5: 3064ed32636b544755a84d34c3f269b7
SHA1: 8baae2887c8fa9b1d5623f3307121332c2cab6e8
SHA256: 642fd66d0c6ec7b80caa1b072bd1cfef23c162871cc9aef5d901d56a3111b36b
SSDeep: 1536:bkYPB37z9dG7GHrOky8O1XhvMSVve8RapF2rJp7wFN7evMXKOh7AaCb9B0JKRpVu:bkqr587+E9XK7wxQ3KH1FTvpVbvc
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm 261.41 KB MD5: c802e02560dd59ba1393e71409932d09
SHA1: 512a75fc6bfe36e985f665386951c096dd52df66
SHA256: f063712dbba32870b9aad10c2fe7a6233fb6dfee52b088ebddb469426504a1f8
SSDeep: 3072:a3auIGn6w5KZtRaazkUwHcjPpN55a1Y2Lk7by3YPYZqW:huD6UJIAHQPp7QOUmyIPYZqW
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm 124.20 KB MD5: 1b2b442b13e64c5015d61831af946ebc
SHA1: 67484735eb2b8e502bfba1178cc4966d39aae206
SHA256: 29263b7684c84226176672165cf2d75f83b0fd45db87753252681cadc76c7531
SSDeep: 1536:9RvVZlnLwlEXxFWezyEtEvk8EK+9OeKoMF8ythtw1elPMkKrqP165gt/oI3wNUFu:9RvVZl3Wq8EK+9OOJgt/lH2ESEt/mGu
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm 144.61 KB MD5: 5f663df20aff6ecd3b12ffb1311c65c3
SHA1: e3e8b9b38503e3dda85a534f00e17b76d281c832
SHA256: b5693f3a9f84593fe1143647852ad100b872536afddf6e3d90678a1c00d6832e
SSDeep: 1536:7fhh6KriyByVFXQkCVabNpwpT0k7dmIIEDQB56VJ7vkSdlbBVfBFC+L2Ri8LBTrA:7fSlAe4dyiXVJFCQ8jZtsM/APz
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm 144.61 KB MD5: 7902bd89f0fd694bbb65187a7301b070
SHA1: 5e2aeecf37bd56f098ea8ba496f44631bd49539f
SHA256: fb73fb3951baca9e3590008696412d21f99d81a3618d619ff2a1f11366150ed1
SSDeep: 1536:3gnWriyBf2CVabNpwpTNCdpDQBBcITmxvkSdlbMZ96/WFQL2RtgjBTr5RkH6HRg6:3gnxdmc7YD2WX65Dg5CnE4
False
C:\Windows10Upgrade\resources\i386\hwexclude.txt 3.14 KB MD5: e75ad74a4a1479540fdbfc8b7b778fcb
SHA1: d85da2bfbb3dedb88d62a9aa7b985ce68d287720
SHA256: 82c9d3c504be91f4a6469a6026e2c91c6bbcd568aafdec15b87d599afff73f22
SSDeep: 96:3vOXaYHXZBm8dSbCrumjbdnut8q6p3wjWnmKi:3vApsYrumjh4C3MWm5
False
C:\Windows10Upgrade\resources\i386\nxquery.inf 2.39 KB MD5: c969d84918b3a5953e52dbfb443bc51e
SHA1: 9f8637ddb7bfa19399bd6f9a510c0ee48824c025
SHA256: e11bd8bce21bd8f0ffce2a34e187e09e1d788078bbf20ff0470d87c3fc6eaaaa
SSDeep: 48:MsuKhansu6btKE7II5zrO7N4Iw533/L3Fh1YznOw3Sp2Fg4X8qCKGDpBVJKgUW1U:MtKont6Rz7BRrO7Xw5H/Zhd2Fg4X8q6E
False
C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml 92.61 KB MD5: e63d74a8442a0ac46e7133e500ee307c
SHA1: d3efb7f990a8c4c3b1edfcd5767abc6ee806f309
SHA256: afa016864191e321ed1d7c8884032e7303640e734b152982a79f65ea3c6f81a7
SSDeep: 768:HjhtR3cmNVKPAkykaUB/WF5ZFJdWr6ftKynUyVyjfBnSIS0XKMarlHmB7TR:D3BcmfHRZ5ZFWriUVbBSVJjlHmB7d
False
C:\Windows10Upgrade\resources\amd64\hwcompat.txt 72.34 KB MD5: 972fb6765af580c1dad460a7960c3789
SHA1: 0d9a33eb58777a4d135ec8748b6175ddb0f720ea
SHA256: 014b1177d8da5ff7f8676dadcc46e582d7870d73f38f2c51e0bce040723aa26f
SSDeep: 768:GJvgQwkZRQEvp+fQAtmlM/jt0nrdhRczKC4x2gk2aW8n/SbEl3Som6tlyIsRt92p:15kQEvwom2PNxDaWeSb50lyl2Gi/
False
C:\Windows10Upgrade\resources\amd64\NXQuery.sys 21.09 KB MD5: 807006c6a8500b2dfbd4302ebb16b611
SHA1: f957a1435a324f60cf58b4ceda79bf4492d3bedb
SHA256: fc60c73b8ac66456e8da036763326876ab4ee5c5d13b12dba0e0e360caf8b100
SSDeep: 384:g11o3akEa4lRpjXYFcGftpBjczTMwWi0aBsKGStkZpCcZp:g112b4vpbYFci+h9B5ApTp
False
C:\Windows10Upgrade\dll1\wdscore.dll 237.12 KB MD5: e9cccb82f907aa97f4c245bde06d3581
SHA1: ac6a9a819eee6f2400a574fcea0918631d7a22a7
SHA256: 6d9e8002ee09259bf13af7f62e69ecb953a5db97cfd8d4d83848a8451eff4144
SSDeep: 6144:mol4FSPYvdmDF5mriiBnGTPeg/Pi4gfG3V:zlhPFFIfNg/Piul
False
C:\Windows10Upgrade\dll1\webservices.dll 936.62 KB MD5: c2e7cfdfb802864d0de58a8a2721ffe0
SHA1: 1abcf1f36bc185e38c3596d7ad78e5b61669f3f3
SHA256: a3b88889c9e95e7569461f5d6feb65b77221eb4e7e914e6db555c002272d39be
SSDeep: 24576:KkWn28zsANjhsmnsv6IOyIvYFc4cWdv37I6:vv+ddx/JvkcK7z
False
C:\Windows10Upgrade\2052\DWINTL20.DLL 116.62 KB MD5: a162760856531f37b5c3e90f07a0fe4a
SHA1: fae3e5f15f86aae690c392cbd6eb7ba75b64eebf
SHA256: 14bafe4edde2a19ae2d01155929b8b8f737d66c97aa8c3b9677b7899a0f376c0
SSDeep: 1536:Y/MPYlpLbeaEoP1/OvntU190Yc88zQyuGGZQcjL+2DpbgLvnO:Y/MPYlptEoP1kt0kEdX+gpsLvnO
False
C:\Users\desktop.ini 1.09 KB MD5: 7c8ec79aafd67905189f086f85e8b281
SHA1: 53463004d1dbc7f548880c984818c89b1fb21391
SHA256: 8801356d0a0116b4fc9d743c5bf41f018e79670b003101be224fe2669d8eaffa
SSDeep: 24:AJpSyCr5UGQzjqw+vpKSsWyL4Qw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ24:AqyCFlQzj8voSst4d8qCKGDpBVJKgUWT
False
C:\Users\Public\Pictures\desktop.ini 1.30 KB MD5: eb90bff9f1e495bd83f15e6992536aa0
SHA1: 9e03d6a63d6d85afecbc3e39f0daa0881e41f295
SHA256: 8f07a298651eb946389abc533c1da42981ce576b969db998575889d9405772c2
SSDeep: 24:/JfaPtbiuIbzXEPpw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhiLNl4:xfatPSSC8qCKGDpBVJKgUW1EcmQ29INC
False
C:\Users\Public\Libraries\desktop.ini 1.09 KB MD5: 1d92f6b28fa79477511c80277e407c48
SHA1: 96586fc64a1bf90f80429eb2af0bb453043d370f
SHA256: 3b1fdee72b6050123365bd941c4ce9b7f3950e26ebb25f43be6c7b4bc2cc8008
SSDeep: 24:E/W9mXw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dhj:9Z8qCKGDpBVJKgUW1EcmQ29j
False
C:\Users\Public\Libraries\RecordedTV.library-ms 1.86 KB MD5: 989314f4a8945b89e83d25fd26c0f338
SHA1: 09f8410d7101f45a0811059ce093b6d052e72785
SHA256: c52113882279223688f93e5e0e89df1efd7f34520f338218a111eb7b1443f472
SSDeep: 48:WNm5WxoGql85m094cpKY2Tf4gI8qCKGDpBVJKgUW1EcmQ29Ze:svmfT84Yi4gI8q6p3wjWnmY
False
C:\Users\Public\Downloads\desktop.ini 1.09 KB MD5: 2be6caa936e4df02a94c512b72d04ad9
SHA1: faac4160583b2d8fea9cdac965df0aff63ead3b0
SHA256: e3edee6c5fe3a955eee2efaf667d842a026a669b36f6295cf8b8f60678d8cf95
SSDeep: 24:R0bbUQWTCsw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhKU:ubbTWI8qCKGDpBVJKgUW1EcmQ29F
False
C:\Users\Public\Documents\desktop.ini 1.20 KB MD5: 7555f2bd91312e6fbc222a47ce1dccbf
SHA1: 4a2e95aadeb8c067af04905e94e73bdbc329fbad
SHA256: e137404848d97bd4198932e49cde63f59b41624b4bdc2f27e52a2ed5d5de9522
SSDeep: 24:6LagkuAj8Qq0MthXw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh/j:X+AgQq0x8qCKGDpBVJKgUW1EcmQ29r
False
C:\Users\Public\Desktop\desktop.ini 1.09 KB MD5: 73d291eda9d5bf134ae9185c2c3a17ee
SHA1: 1866cdf9f4bd45cb967f2e90b4ef815e98597f5c
SHA256: 6601fffd5746a25b9a2fa9357a5fa1d929381e67dfa95403ed7645110c52b545
SSDeep: 24:mm3w59QvUCsmnhw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhT7y6:h3JS8qCKGDpBVJKgUW1EcmQ29T
False
C:\Users\Public\Desktop\Google Chrome.lnk 3.20 KB MD5: 44e81c463b2dd01f62edb164d98f1195
SHA1: 55f6fa402ef4a131de41f52a6112cb7ffb491927
SHA256: c7dd165385b7007b4fa930732c9eab4529fd1799809fa12ba9760168ddb86123
SSDeep: 48:ZpXWSiNngnOV3nfEV89eP3OS2is+vQWGHZsdfMrje8qCKGDpBVJKgUW1EcmQ297q:ff9nOVY+r+25s+Xe8q6p3wjWnmml
False
C:\Users\Public\Desktop\Mozilla Firefox.lnk 1.91 KB MD5: d42f7557218e2d5b2f9609ccb55485e3
SHA1: ecafb9a6bd8513a7dcb4c8e17f925ebf05046e05
SHA256: 2008f4ae9d9029b32938ff10375d3cebf0929d3824cc5240015962dde57746d8
SSDeep: 48:TaAdNkbuHO10bd6emm0v8qCKGDpBVJKgUW1EcmQ29N:TamNsuu1Kbmm0v8q6p3wjWnmd
False
C:\Users\Public\AccountPictures\desktop.ini 1.12 KB MD5: 9589367e4b59125a5a0d6c9a89bc7ded
SHA1: 81c3aa526531bd38cbe06e180d261d93d526689f
SHA256: 50cf098eae9a5b93bce6179a0f9580f09701b51f68353ffcd2f27849798e272f
SSDeep: 24:z8xM/bqheib7LHw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dhvn:z8xMQC8qCKGDpBVJKgUW1EcmQ29vn
False
C:\Users\FD1HVy\ntuser.ini 976 bytes MD5: cb3ae1f8dd080884cec728da0188ff55
SHA1: 9508f8503fa5ab4be72377d126bdc3e036004ed8
SHA256: cbebd0d0c56315ed3029ace210d5c65a2578aad566ce196fc1ffcab7bfe92aa6
SSDeep: 24:ilFgR5Chw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dhjn:E25L8qCKGDpBVJKgUW1EcmQ29z
False
C:\Users\FD1HVy\Videos\457XRRHEeRC4UfGUI.avi 43.57 KB MD5: e687022e2b3d44876fa6540063e347a4
SHA1: 7826a6cebe0b150d2cc1ba574e1ae3f51a8f2026
SHA256: dfffa0e2f73b01042e2a7d1d90926ede2e1ced1ed09f9a977984e8792d97ad93
SSDeep: 768:lytlsZvvGseGer2SDnpK2kJzCsTowizPT85LUn2e9hqt4CPig9gpOAQarT3:+laesA2WnBXPT8tt4hg2pnQsj
False
C:\Users\FD1HVy\Videos\i_9zyxoZSXHlx.avi 89.09 KB MD5: 7038982dab1ca891a2f8bfd297f49c17
SHA1: 22fc5a1a7ac107f9c007e6d6709af82b1aeea3b6
SHA256: bd2c58cbf5e6bc7c77043f9b0cea2744be358fb8c00d7a9f32a07c6ab6cb358a
SSDeep: 1536:s8Ei5s3PD7eQ5fG9qw5SCsmsQs13lMGvxSP8UzvXjOpirUN0q:fEi5yD7B+VSCFsJlteHLrUN0q
False
C:\Users\FD1HVy\Videos\mP h7Lt-\52HiljouxlX.flv 52.52 KB MD5: b16b75e14b9e8cafb03857f4be6d3e05
SHA1: f2acd8b5e1c9eac9595c89c1d17bee9d818579e7
SHA256: 216a815f916650bb0aa38b9a600521b20348d8a4629a3126c2997aae9f9a8a2b
SSDeep: 1536:t0053l0r68P2rwTwVYoyvccm8nTIMP0w+5hqnE/d:eO3lY2rwTwVYoyUcm8nUinE/d
False
C:\Users\FD1HVy\Videos\mP h7Lt-\FI5N.mkv 34.52 KB MD5: 9e7a4b2f183a307158af7c7c5be5d066
SHA1: d0c789681e23c2fe004f62591b5b4149c9deda0c
SHA256: 1be18c9f3b2640785763d4c27f0edfcd1d6a5eeef95367c4d38ecda95aaca0e1
SSDeep: 768:sSOKL+BKO88SisLV/V3jKR5xkL45hshfGOjJjIY/Ty:sSOKaBKOfSp/FSIL5egu
False
C:\Users\FD1HVy\Videos\mP h7Lt-\Gokf5TGMJc_QsIuaMfW.mp4 56.31 KB MD5: 9d340d30bbb0878ed605a768df6e88a9
SHA1: f23264cc6f8a33872f72762566dc6a15fa5bf4b0
SHA256: 95a6aeefba794fa5d6427706586056be9f1d9c2584bff497167b4ac4ebe5f958
SSDeep: 1536:zBm/sdKY8nFeSxCWXXMz8tvMCTuNrpZniWj/WIPCG5Rb3ltT:z4dXnll8z8tvMCTkV57j/DPbT
False
C:\Users\FD1HVy\Videos\mP h7Lt-\_WK_66PMS1WfZEiv.mkv 33.88 KB MD5: 3b95b58742b55bf82d56e345eb5f4790
SHA1: 7ca2c50b441b3c22e1f229b25c163fa2d6cbb716
SHA256: c0f73e3f3719d366cac9d11be8dc02806829269a7bd599e5992c8212c0934d69
SSDeep: 768:vugfEhPtxBEgRq3PpmWk3XytZRiDA0xRLdjN0IxhPTTb:NqVzVROIWkny2ygbX
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\0_w4.flv 74.65 KB MD5: 4165cfedb8e0e70bebba8398b57d8bd5
SHA1: 3d54ec477370e6badabb2d854270e3464ace0842
SHA256: fcc56039c1f4e985abaddbb7d0831052da3f43f760e90295abb40193f55e251f
SSDeep: 1536:lvAn8Cpztk4LJzWDKIhLjUsbUY+xpStsU8yqFnxtkRC5:g8CHLJCDTjnr+xpwsUgFbKC5
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\3s38Gm.avi 86.30 KB MD5: e673a2421efa514fd54f6eebfc5f1feb
SHA1: bd3aba3d129859f7e1c373429b6f42e4a43ccb31
SHA256: cf68ed79ff903f463a4b7c6650da4661ad2d5b91accbd54c7d8be865d848dbf3
SSDeep: 1536:UCe+2M2UCuGjM3sB37wZQF648STj7pMwavLOs5LnzGZtFVT1pEl55TDi7A:Ua2vXBt04Xj7ijvL9nzGZfVIW7A
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\wqxE4PKLcBhEx_-.swf 26.98 KB MD5: e0d1f022f6a6a021c97e532228a253f0
SHA1: 7656d25b71f32521a8833dd5997ad83e060df539
SHA256: 0729cd1a25ce4133777af0de9ed9b3508330257e5dfc20deefe991ce14a2c881
SSDeep: 768:uFZimBn9/cKcTI+v/3ATSLev6ErkHIRE5zQNsTY:k90rpqkHOEpQNss
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\FQEZGWQS0yL.avi 72.06 KB MD5: bc17d7c795610fe3a1d70736b4da7f81
SHA1: 289a76e2f32ef372531d628ed50e4c981f78006d
SHA256: 24bc5e509b64375f4ff7e21635e7ab23553cec5d937fd433e81c693b25b4381f
SSDeep: 1536:Lkzxql3m7AyOIjHPkoUZOsYPZV0di5taVPwNbm1QwbD8TP:LkVqwcNmHPkfYPZV0sQYbmWwbmP
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\qDMrOHgyW.mkv 27.03 KB MD5: 2233eedc5902ba692b61db97d4f3feb3
SHA1: 8a4ae4ebd01d7144a00e2956844778b15458ad42
SHA256: 9d1d23742f3c2068cd4ca534348964b99d2acc4de97967d57b5b4b1164c13971
SSDeep: 768:qM9licMXDH6HkbJikUyKe9WLfZDt0aOH+4vWT7:qM2cMXDaHMJjBULXh3f
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\yMeSugojL-NDXZ.mkv 94.44 KB MD5: 76aafcd65325ad69762005be602def93
SHA1: 679c2559dc291790fc840da8b283fb2ed87e80cd
SHA256: 36b8ea68c15d3b663d767f81888fc05fb9e1e1853d79eb39c297891dc9f0f6b5
SSDeep: 1536:LBqVGuZQQl8xJPmQH/obxD7Yt+rw0H7ZVdx7Fd2rpWCXYDPvbTHupV7UGbpT+OB2:LBj4llUJOQHQJk4bdBXbTK3Vt/uTVkWd
False
C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\9J5o-K5rlPWB-d.avi 5.44 KB MD5: 77acb9903f9a52f8b0d03bf8f486861f
SHA1: b451f2140e433b594cf364272626d6709ed4bb19
SHA256: 982cb482cee89cda97c01c47242b0bf02615b64629e7d708f866a2702a5e017a
SSDeep: 96:N1jm2ss5zL4hSvQqSe3Ep/U9mBh1dMptXqY5xXyYlChx4hkOBgQWC1g+Mt8q6p32:N1ZdL4hUQOk/U9iya+XyYlChWSOBVWCG
False
C:\Users\FD1HVy\Videos\0Jit\bYsS_YlaY9z2LOgk.avi 28.38 KB MD5: f124cdeca55e184af64e23e0d7796809
SHA1: 932603fe8a447511879a4a50c768b663f84e298a
SHA256: a10ff27f41b76262aad9754bacf5ae2691776fe03c7a75d493d1f40a3daf5cd6
SSDeep: 768:/F0PZxWRIrkvDOYtdeIfWXU9PGlniitkxVDKahTv:90GIMDp9OXU9Qnft0tKahT
False
C:\Users\FD1HVy\Videos\0Jit\ka0XqJkvY.flv 58.35 KB MD5: c91cb6d451484d11e9a21873a39c0c02
SHA1: 4029e8fd04cd875e88f9057b607d1fef7fa09847
SHA256: dc3f47c7864dea35f22a05f48209de254000e53dbfdb33ed6fc0711fce049efe
SSDeep: 1536:DvhrnwXcCZCvNpTiQl4GQFpiPwfvVtxzzfEymuCiFQv:lscfvNpl4Z+P03LBmuf2v
False
C:\Users\FD1HVy\Videos\0Jit\we3h9wVdNt2OG8gH.flv 63.00 KB MD5: d92fa36b962d9c01371bf2ceefb2c5d5
SHA1: 2542357d1811e34340044dc5a577e976d571730a
SHA256: 69e58314ac57a707325ef575347663724e0c9f9aeb7455d2d14ea23d9c428a30
SSDeep: 1536:8UpzleDGbCjVNxscPhiszd9QmTPmo0XXUR8s6cn6l6:8UpzYDQCbisNyoMa8sLn6l6
False
C:\Users\FD1HVy\Searches\desktop.ini 1.44 KB MD5: ee95b645ff5bb29c9c03f43a221b607f
SHA1: 548a0049bf40769d3ab8a5aad4d5979143b75712
SHA256: 30f9a342cd5adbdb303b5d9c3f6a357be8ecb6e0bbd0ef7409f56f7492dd05dd
SSDeep: 24:nWmmhvt97bGmX3FNJsbansuwrtoMWWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dl:9uJb/X3FLsbcsuwtoMWL8qCKGDpBVJK7
False
C:\Users\FD1HVy\Searches\Indexed Locations.search-ms 1.17 KB MD5: 0fac0ea82a3cbec4ed342580b9fdafdd
SHA1: ab795053dfe1a4e1360e11427a95213d33ac1764
SHA256: fd79eb761143b0afd9e1f87d01fe9bb19d0b169b6314865be671fe20dd95b245
SSDeep: 24:s3KdEN2QUJ6ZvQlw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhqkZ:syIekZvD8qCKGDpBVJKgUW1EcmQ29v
False
C:\Users\FD1HVy\Pictures\0eHZ_3WhSTBcCzE8.jpg 96.26 KB MD5: 6e60bc8dbb45b6675bcdcbb9d7407b73
SHA1: 4d811e910c803b6f7024fb4fb319afc1aec034fd
SHA256: c0541e0093268c6502cb5a8058771419c07f42af0c42c93a3563b1cf5b22ceae
SSDeep: 3072:pTn7ic69nvg0ZAGhoYnx8zxZ83Pp66NvsaF:p/MnvrLhpYxCr0aF
False
C:\Users\FD1HVy\Pictures\90TDXbBi_nI bB.bmp 95.73 KB MD5: 0ebb5f7dd7b40790905f4c4b84617124
SHA1: 86dd779de3de2443f078b9eb93a808935beadd5e
SHA256: 9272e6050618ff8757efe2c331e0129e53b2f4487e3142dd05b108f45632a9ce
SSDeep: 1536:Rt2qZiRQk71XZwM7htZc9+KcIRpnwtIrqBs5KcH1hyHV8Wx99IyoLGf6AcxO9+:FRkfZhtCM8ytIsxUSV8WxA7Ly6Acx0+
False
C:\Users\FD1HVy\Pictures\desktop.ini 1.42 KB MD5: 37549bc693b6804657d4c018cd0d0bf2
SHA1: c64a2453c3b5e59c74e5cd8b468f65f67875dd9c
SHA256: 914cb20a561a2606ba5086b805567b31daffdb4aa970cad38eb4ab4f06478c24
SSDeep: 24:RPBcf7uoEi0T+FyAqBhrusuJ2cLx6RtiWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ny:Rpcg//KwDRt+8qCKGDpBVJKgUW1EcmQ0
False
C:\Users\FD1HVy\Pictures\e_rAGl109.bmp 61.16 KB MD5: 95039c00b88f4b1fbe8ec8243bddf62f
SHA1: 2f566950aac8da66e1c672e022fcecd9af2eadd2
SHA256: b5221aebc660a7d4228f86fd2214837b4237ef869cbfc51627e86febaded7abe
SSDeep: 1536:EFzMOvZLHnrYRH902bnlBmYEiwI32bnu2tWGszh+Uy:yMmLwH22DlBm432TWGszkUy
False
C:\Users\FD1HVy\Pictures\JCevQv3sR4zWuvdiroaf.png 44.28 KB MD5: 9d83d946d3bb9ddc4cdd4105d2cddf17
SHA1: 2be8b7b3dc3db3ff4028f14fe229e755edde31c3
SHA256: d0af719df05b00e0f1b2bb11e7d06d879b81aacb88bf0067fbcaa01bffe0d22b
SSDeep: 768:PXQlabERYKhJFcU7u8RHzJmgl4VgjKJetrhU04GCynbROpkmjAmzn4CaO+EbvuTC:PA4mZ7u8t8gygeJvGRnkppAgxD+EDuW
False
C:\Users\FD1HVy\Pictures\JQTgE9tvFrhK2 G1Dls.bmp 62.38 KB MD5: ae807f9e374d425631d4f15f49f79703
SHA1: 8eab2311a57b747684a8a2b7a6e38bfa88afdd50
SHA256: d281c3fcc8ae67fd547ec399c7aa27b52533cfa6187e6b5cd94f328c14cc1759
SSDeep: 1536:SM7w+W5VIEC+DfABqRj7Yga3PXf7C9X2u31N:SpVI7+DYBEjsDff0X2QN
False
C:\Users\FD1HVy\Pictures\jUIAgiN6w3v.gif 29.22 KB MD5: a41c35cfdcdfdc7158d82ed0e340d7b7
SHA1: 91ee434c76ddbb597810b9afa9bf0a32addebe6f
SHA256: 9150e7be5260883db209407b6e86896f57696ec0d3017061131f6488de531e4a
SSDeep: 768:mcRlZWrwFpOKKFaw5c8vJVcJsdf9cbHHskVhOcAKY848cCfQZTzdsTc:mcHIryMnUw2QDcJsdfNkU6utCfuqY
False
C:\Users\FD1HVy\Pictures\l1nWbEX73V5RO.png 30.58 KB MD5: f6595893361f1001385ed618e99cf429
SHA1: 7e79541d56da33d16cd2246e3b9fe35dc46d35e3
SHA256: 1f1294d51058bcd9aee7a88bd8d404d69bdec6d02c0927ccc570e59166c4a1d3
SSDeep: 768:vCvJ04OCbwXi4bJNb6/6BBlyON2v/z8ynLGc2VZm0WiTk:eiSbwXiO6iBBly99LGcIm0WiY
False
C:\Users\FD1HVy\Pictures\MlQJ8yCmxq5jsR.gif 81.22 KB MD5: fdb90b54920e0d50fafd9efd6e36c791
SHA1: 2e2a8d98a4045ddd3a289c3dc7ead52027d5807e
SHA256: ce8364ecdc63bc62bd79d94cc7424195ccc1aed4306a1041cce8863ff5786807
SSDeep: 1536:dbchR6j7jVLCQdCLwRCpCcC84NJqGTFuB3YNg6bCDU8xSs9:tcD1hwRCpC2V+FMY2ovs9
False
C:\Users\FD1HVy\Pictures\n kdsPg6tJT4a99pz.jpg 69.41 KB MD5: 265cb42e1fd90666755e86d699f30250
SHA1: 3349bf9719ce2c6b7c8d8282f3c6b7505e9cdca9
SHA256: 6a22fae3118fa1162267f5a19adb3ff4d2cdd937876a55d329bb85c93fca36cd
SSDeep: 1536:NilEXmCBnlJ+x2344n6Vsih2QQG98OO+kP5GdRCJpC:VJL344n6uicA98OO+NSJpC
False
C:\Users\FD1HVy\Pictures\N8Pzx.png 57.23 KB MD5: 10afa2f57888efb37a3e9af663af093e
SHA1: 9edcfff861c5e3541791deb4aee2ede5e8b669ed
SHA256: e3eedc3d34ad20f5696fee698658a9424e0cb802a7efae08faf027dd3d2099f5
SSDeep: 768:gukAx6Il3XMXzYmWXgsGD/nTaJp3yTeSU3q5hzlRs73Cmo3YyjCqfJMuVxfD1vEl:gpAxR0Wiyn3CzLoyL2uTfDxqpH7Szot
False
C:\Users\FD1HVy\Pictures\p_yVA4jYCd-zL DX.bmp 14.09 KB MD5: 13cf658bf91f5253e03df9964bb50fe3
SHA1: 956fe28cfa4e41b778041d4ad123ab4caf0925e5
SHA256: c493725f5df204a748b3c3c81bc6704184876fb43c6ee30c0208a656f46b3a1a
SSDeep: 384:vGgEz7Oaf7UX9eLED6xNack5MBZDF9af6zCcZD:urj8nMNack5MB5jTD
False
C:\Users\FD1HVy\Pictures\rv8WAxpJ6.png 59.31 KB MD5: 8fbb15564a771ae5ee518e723f870b30
SHA1: c64c0b688452ce22edd175d30e228e76dcd099a0
SHA256: 7301b369c6d0c935486b7ad0f36470961f08486f89c192955af18b05dbab6b14
SSDeep: 1536:2MhDeme1aMsrKZLQGo8gBv32Kct5OQp+fakMq+poSCLkm:RDeme1/ucLZo8g53/ctURaHqAoZkm
False
C:\Users\FD1HVy\Pictures\ucDmOcTieCLOpWpKJX.gif 40.05 KB MD5: 837eacdd2e8441853daeb34afb552046
SHA1: 29ab9442a38c4507a9624bc1ce4f9c0bc9ec173d
SHA256: 5e95ddc354f89bbe1625de9acebeaa025a3a07f871304f3ba4d627dafa46546f
SSDeep: 768:xyFb/LwI3pvuqM3BcU+1wUStAYsgkt7HSwHaX5RyHTCKTK:IeApuV+1zIkRP6eHTCKW
False
C:\Users\FD1HVy\Pictures\uqUo.gif 69.30 KB MD5: 26da6e099bf77cc84b63b25cf5ede17f
SHA1: c993a8d5f9adf3f5fc8785d1a724a89f47ec546c
SHA256: bf9b8e7381985b0788f880572ca6090ef7648591563be0cdd29e97b5e9d8d9ff
SSDeep: 1536:Rp6d1YTV1iYRaofPyqvABjr9hk8cpOXzguFTmg/rU9iRAEpHA4h5X:KvYB1f42hvA9rrxDgUmg/YARAyHAUX
False
C:\Users\FD1HVy\Pictures\WgAe-lk.bmp 65.70 KB MD5: eb31997cde111624645db6e7cd6f3ef8
SHA1: 84e919846f273610313d7974f2996511c764fb51
SHA256: 21dfa9b95b936fa3b39b1b719152fe17ff9376c8e4c11cfb87e003e55a7b057a
SSDeep: 1536:2kB076y2pbNkqLjLAQ0nJ6DIzCUsZLG7whoe8yfjB57Ls:2J7StNkUHDDYL7yv7Ls
False
C:\Users\FD1HVy\Pictures\Xwj8aUsr5KISbCH.gif 96.60 KB MD5: 3f835b2f4650b24e925aef11080998a0
SHA1: 07d7bac945256cdd538520c7345c21609f5adec9
SHA256: 04447198ff6bcd695c111d5b4138c5cc2991b6344eed513095fd884cfd58d105
SSDeep: 1536:qNxBH769PuuLkyxNbdCPK+Govu/YRIhtPswNWsrYtiR3mKvIjK8fi8lIvgr5OzKi:YQHj4fGuPmEMWqhvQjLl3r5OzKpYIVzq
False
C:\Users\FD1HVy\Pictures\YAi 7SSuqQL.gif 63.42 KB MD5: e53cd03e1cbaa3e7e6aebe9ff89919a7
SHA1: c8bda77e5c7ff9e7ff8fb44c570099dd21cc4c28
SHA256: 84cc406e7ef625869ca67d7b8bfad117abca2919ecc95e164431f90721fdd12d
SSDeep: 1536:yMFbAuWIAa/VebdTV4xfcr26QqX0+TV+q/c6mqilFaGsGmPOHU:DARIp/oxx4Vcr26QRo+h6PilEGsMU
False
C:\Users\FD1HVy\Music\desktop.ini 1.42 KB MD5: 1bdab89e9d6cb69ae785f721be5f66f5
SHA1: acfd409f26940d38c6b8e88c4120b5f0af99a395
SHA256: ea6f57fecb9fc46dc38cce06cdc767814300dcf3154ab299d575af91a370b314
SSDeep: 24:bEccRCnPrrUQp/KHg2BjDetSKWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2O:bEchPk80g4jDgZ8qCKGDpBVJKgUW1Ec1
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\F47mcjmxOLj.mp3 44.23 KB MD5: 618fd7f9a764e8ad4bdbc73424f02467
SHA1: 5a22fa8144c013a487ee1ad0578cf9debfde1c86
SHA256: 033654b818bdc5e8dce39d3eea9de454e2262e9fdca13e30e5a0fa6f47c4a398
SSDeep: 768:ygCRngRIMZ3HLWMua7t2qh0YhQxSHel9JxjS69MuYokyKz01ePp5sIPjTx:dCpo/Hbx7t1+SHel9vjd9MVPz01K55j9
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ocv58-qJyi.wav 80.00 KB MD5: d1c53de01c18781e3ab1af7e9e5561d1
SHA1: 92af0d318ed89925b365e0636420dbcdabe0bd9b
SHA256: a68be4db6d5e85df26a54cd1a2762311e791d5ffd81154e73372197b61939bfe
SSDeep: 1536:d+f+NG/sO5xjbsE8BhUa/7jK8lbeilgPaS38r/JBy00rRZZQDIauJQNM:I2N8559bq/Dllg338zJBy00BQ8auMM
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\xoEix01H8r8Gb.mp3 17.47 KB MD5: 033cf98b255041c4cae6bed4fa2c5f27
SHA1: 0930547c18750b6c250c3630021d72c85c3400a2
SHA256: a1ea88095735a4fb9c4bec88c9ee0899ea5a2fd6c1d3695de8fb08a0dc30ae26
SSDeep: 384:zw/aXS3dR9ew9KD9vCEzV+kAzcyLFb+OeJBX7z4cQTjNiCCcZs:VS39ezvCvzcyJqDz4cQ9jTs
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\yGlGNTCmxEmW-X_p.mp3 78.59 KB MD5: 5061d84b089a1aae89e1eca7fdf1de1a
SHA1: 866bf045bda5f611a12f516ffb6464a9c00aa50d
SHA256: 0f66411b9e0cf86c414c01e1fc75a2f5807dbef20a4e9453d5c9abb36c28d5a9
SSDeep: 1536:9wHce5SGyRaltHtcdYQl54Vy0mI5lgxAW/T/h8b5eyPtPLeONc4IsjC64mKQucMC:CH1S9YtHtHw4VyxpAW/FXQ5Ism64Tcbt
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\GIbA_.m4a 61.86 KB MD5: e879a2a37b9cfa43e5434d0786d1f37b
SHA1: 80e56feb4166575e11cf4834534f68a116584ec3
SHA256: fad35afd3db0ec9d6561f0ee48f69d5fd4edf265077a5f850585205e31afb616
SSDeep: 1536:EOJwLWFcCuFQFHN1QGFCYfZJkPR2xGOeIXei/:EOegcCuedT5IhPUTvt/
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\wdaj18HGC2anUg.mp3 55.25 KB MD5: 5d6280e46e1388e9cc7275674df70e6f
SHA1: 8060ef5a973f27e670fbb19f2baa0119aec2bc3d
SHA256: c0d12ecaa8d16e206ef3b8a8ea1ef373d68222b35d5c3c12b97494016ed81564
SSDeep: 1536:VpYUGzlMR9HEh+oO59kIHJXu3x33wOpiplTNo:ElzmHkGa8QBAlTNo
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\3yMQVi4Ib7NBzSV.m4a 86.38 KB MD5: 336906e8ae6cedb43119647fd5b0b326
SHA1: 9dbceddba95e9cfd94f40224f11fc41b76a99725
SHA256: b7bfd6938fea73dd41f09e2bf72ec10802386588a52fa6b6a3439420166997eb
SSDeep: 1536:O62cRvdWc8/UDh+U4TwipGHwb3RZiMcqlA8MH2+2lK2fhpLW8:Ov2vUV/UDPjUGQbeUl5M0zE8
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\M8 ByX8vq.m4a 73.50 KB MD5: e54f266cb32d5d6b8d49ff99afb3a970
SHA1: e1cd12ed12228a0d2ddd203ebe8245257c1464d5
SHA256: dd415b111469734eedf48f76a826ac5d558ca17b6e791507ebad7af5a4cba005
SSDeep: 1536:HS4E6jd6juNAV6gl7QuwBSOMtwZNIEWtP38NGB41LEfaDHKztg:y4fYjH1l7QuwvxnmEs2LELztg
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\QRuixFGCDWAncl5AbmZ.wav 27.28 KB MD5: 93daa17b729049c64452985a38a88650
SHA1: 3c7bf78073d4b737f2840429aea9966b31343f8e
SHA256: 873e36e1ce3492dcaf447e4f5f01eb2d33f2604c366f09d78c3df281192625cf
SSDeep: 768:9G+F046kZyOnI7Qp+T3muBSCm2X3erkt7oTt:97bZV6WuY2XZFop
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\uY5_Z 6FH.wav 96.39 KB MD5: 594c9dbcfc34f64f31bef8563f87f4c2
SHA1: c5b97770ae9766250429900b5f9c3433625cc984
SHA256: da55ad79a034d4a3984b38fdfc8b3eba37ee06b8d87b36409d15c85b7577ce5e
SSDeep: 1536:/qsj5k5Qc+ZQYIhzERlhFfpq9IA/vcKU5w08T45sGqUI78Qmf/jfef44C3gdE:/wOcpV+/5AHB0goaUE8Q0y23AE
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\v9-kpgHfycaPisG2zG.m4a 11.93 KB MD5: 73c74b076969f65e09371b12917e828a
SHA1: e6e9e0be8b2635aa65cfdadca956213f659ded5a
SHA256: b1e7d7f2b566f62581c6fd893fb1ea8e827f504cc1b99fde3bfac3818cc5c623
SSDeep: 192:eM2YEND1AtWbNKAW2FFRoWEdNj0nvSrlaAmbldOtgTbFh0bJL2mkfs8pT88LuUmk:eM9MgWxKA1FFWWGNSWKmtQ8TkfsJUmF6
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Deupb3VmhF.wav 75.39 KB MD5: 3c26b558af2c6ad8858663165ba24175
SHA1: b0dd19dcb12311268a83c08feb8caf012e71369b
SHA256: 96b20188d5d8804149a408f57305673f4079aa8f01371fc58ff42713e5b51c59
SSDeep: 1536:5aan8JWeNO1qU3KY6jeThf797KtLAKsYeiB4Rn62fe/0kYL+f+eW0:AanQIqU3J6STpJKtszWS6GkI+GX0
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\JW0rnE-6Xut0CIcI.wav 74.16 KB MD5: 7488c01421ea16356fdc718a4d3c7cef
SHA1: 17649f7ee7e5b5774717629607932eeab6335d34
SHA256: 000ef3b60ba61e925b90cf317a79deb6e6904ca48ade586e13cbeb929b9af4e1
SSDeep: 1536:iid6rBkQvexSu1ZvYwjIGSSIwSOcTt+O5VXVQ:ii8zWhbZI9R/LXVQ
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\mj8IN.m4a 13.54 KB MD5: ca5879793b5531a2335a0a51a0aa6154
SHA1: bd2b81c30c7e219a207f0bdb56d2be70f21ee8d4
SHA256: 4a214ace761c13518a75c991562c32fa2c73b63c8c67f13702f8d41ef0cfedda
SSDeep: 384:PUpskHehUIc4wSE/lmk9yj8zZ1bP7TCcZs:38e+5X/lmk9yj8zTTs
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\s8HsO.m4a 35.80 KB MD5: 01e4f3858a45b3107568669b53eb7a57
SHA1: 71edfb749a30f5bad3d368a5aa5410c393cc2434
SHA256: 77d87166783968c9dae3926da29e7c5cba3ab15c794852496c1799852280b8d1
SSDeep: 768:XbpkjYl1m5fFan+ndLF67qupB6gm6wR871WfCdmyqb7SINc/mvtTe:S9f7nYwR85Woq7SIC/8t6
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\uznHK8YoJt.m4a 70.94 KB MD5: 948d2213ed2e130e6d10a3ba57577aad
SHA1: e2919b3d445174138612959c0e00303bfa9a6220
SHA256: 2a871363d98d733eef85784a9b3a2449b69ce80e8f7abf4d6619989f8f460fa7
SSDeep: 1536:YBLhvscji4HpSA/SoMWP0Jg3fhhdLTDF2V9mSFL5lYooaLbHxy:+1EcjT1P0Jg3BLPF2HDFll2aRy
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\KmPQcO2v E2UpcJS9.wav 50.48 KB MD5: dd7018b014c7aff5055d45eba388252a
SHA1: 2954206320c1a0a0223491a2ae40c7e0feef1165
SHA256: b2c58c5ca77504232108fb839385bb0b67dc49479b4031471733c244818c184a
SSDeep: 1536:+97rLEjG/GuNCcb2fDIZw4d6E7WYOiv5g1:+SqaEwix81
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\SjE dCES6E76kFP2AXnm.m4a 4.47 KB MD5: e1060cfbd6f280eb51e54ec59678d407
SHA1: dfcc5f4dc0db3d419e03c95dc00f52d19e70a0db
SHA256: 887a5fd7e90438b0565ffbf56be23ef7fca2f9b73d6f03901b38da134bce0052
SSDeep: 96:QRz4DsE5miFfW5+ykC+IxyXM5FPvDadprSZk6kH8q6p3wjWnml:iPE5hw+tC92MrP7aS2HC3MWml
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\w3H2 yJco0KHxo9cfC.m4a 70.06 KB MD5: af28a5bbf90dbe617a633cf1e986ac3f
SHA1: 6cf912abfe0cff573f524fc145b99ff4ec9ba491
SHA256: a6d1cc3bb22eb022d9ab38caf8a29cb6d5b3271f61d0fbfe849240685b2d5f82
SSDeep: 1536:O5P8+E+DXbqx+uUdc8IpRX4yRk7aQ+Tj9lWlSoESvPXw90Jg:wk+FXbS+ucc7pRo573oP7oESvfoog
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\PR3ENDw94r3DF0R.mp3 92.28 KB MD5: 919be814a99935779df46a01fec31770
SHA1: ac1aa8e5581c23cd6601dd71d452f4f0094415f5
SHA256: a0c9f105f6bc90c4912e0ff96a770ffd295fc4a396d0e84f89f4bf18ea46f6a3
SSDeep: 1536:qS4QjHJTEOCEA+KRacRww21EEEy6YDYG68JCCcd/YpdVYlzg7uludB5NKRa:qTQ1CQ8FmZ1236CCi/YpdVgz2dlKRa
False
C:\Restore-My-Files.txt 1.61 KB MD5: 12be5699701d276e455d5d03612285be
SHA1: 8a320c9fb4d3330e3de4469cb8057ee4fcc5d5a4
SHA256: d52145e7ba8f7ba58c91c3e68d25df80ea88ee155459f3c4c1aa03c0017435ab
SSDeep: 24:GyXWIB0aYXc6ZBnRs1eVFOw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh:GlFs6ZVem18qCKGDpBVJKgUW1EcmQ29
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\Z0sB.mp3 10.45 KB MD5: 742cfd2de979a47ae8721c61175d99e2
SHA1: 0207a4bdb8bf8ac4b83ecc89b45873e159382c6e
SHA256: 73541180ebd070726bad303609e6ebba88ac3fca82a5c78fc1c9f292d7ccd90d
SSDeep: 192:E9SJ++Bc9mnzs5UftyC1ikd4BjEhnPom1sBGtmPIEHC3MWmh:E0RBckQC1dOJ0PDsYtmwKCcZh
False
C:\Users\Public\2720DE842C148E18C1E0270ABEF877C91C879E2B7AB4070B193C1EFF3F1AC1CA 1.00 KB MD5: 80c2d8184f9b68b7535afccf4d3cd04f
SHA1: cf28c996527e215f7ae110f778973ecda617a964
SHA256: 5ce1357e69f2e99c935c7cb21471fd43c25d6c26a19cf20e84ad67c962744e6b
SSDeep: 24:yrEmdnsUrNCUUw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dhx:lUhL8qCKGDpBVJKgUW1EcmQ29x
False
C:\Windows10Upgrade\appraiserxp.dll 450.12 KB MD5: c892cfd45f82b5e743d57655eba752fa
SHA1: 1e9dd747e8a2b395006a99eaf578af5b8aae09be
SHA256: 1f42bae75ef96fcc9359800933adc64de5985cafb45ee366de8450e4ca629c53
SSDeep: 12288:gn0YMonEzfC0FBRnz8NPlV3GD+yJxc+sD:4nETb8ZlV39y4lD
False
C:\Windows10Upgrade\bootsect.exe 116.62 KB MD5: 2daf2266e29dccb04a8342990bc2e67f
SHA1: 4815ee7136053270e42adb53a157235787d2139f
SHA256: c9d15b7eeaf2195f320f050c286093d834b7a73a4b13265eae49768dc13e377a
SSDeep: 1536:PT1NnmQ5v/85tzFW238G50/FV/kqcuYQejeyugJu+5TkBaAebDDe:bjn1ytj38G5zUdYw+5Trpze
False
C:\Windows10Upgrade\Configuration.ini 1.14 KB MD5: fba3d22937c5f7c5342b8bb4f629543b
SHA1: 309ad59d5874ae2be2e3622db59a5c438178c366
SHA256: 21a00c3a4c32117701bb423b19c071bd1c296277a146fef3d71720cbecda67fe
SSDeep: 24:tbQCjWRsxQHZbSTqw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhyI:1j0JCv8qCKGDpBVJKgUW1EcmQ29yI
False
C:\Windows10Upgrade\downloader.dll 202.62 KB MD5: 3e452377da5409ebd7fb25abdd0b7571
SHA1: 7d0d82f636ed02292b2cc0e33d022b09de75bd05
SHA256: 9bc86bff7dac1926488839ff43fdfd6038f8a1012920d8051d2808272d2ee2d4
SSDeep: 6144:YnGy+KzqGxDR479tUrb0m7DdITHBFUsjFaXAwl7L4:Y82i79tTmfq3UgFav6
False
C:\Windows10Upgrade\DW20.EXE 629.62 KB MD5: 69c7a2c5d202debf4aa7a73acb33099b
SHA1: 25fd2c215f9835a4ea08b6412d7de458a6d89a05
SHA256: bf9896e9d773c7fc42f2c476a48f37232293ea13fc3a14a2f9c4755a41387728
SSDeep: 12288:ouPi1dJIB3/F9/XGzxTkqF6t7PNV0SmiqUSHrSzXdccZV+d0Wl8PFe5O/QMVm:tPi1dJIB3t94Yt7XmSySRZZV+d0a8Ps1
False
C:\Windows10Upgrade\ESDHelper.dll 68.12 KB MD5: 66aca133fca1f820272e9c914f632af3
SHA1: b2140ac79dba1f11d0256e52bc6cb47c52230231
SHA256: 9be1891ee5f7ba7e495fb9f372b3773d20e2a2903bafd3b5d569ae31df08e1b5
SSDeep: 1536:rHwqfvXug5lSaI3ighp/FezVv05Zl+WZHbW0K:Liaci0tezOLHHJK
False
C:\Windows10Upgrade\GetCurrentDeploy.dll 528.12 KB MD5: 0f5c582d7eb001ea95678ba69bc0e7ac
SHA1: 344e9407152d49e5d57f697c4cd75f070794e4cb
SHA256: 86a63c714cc780629ed46e4904c08f0be5e07e5f03bcc8993ccdd91895f7ef13
SSDeep: 12288:9ncDbSwkR7RjPLdQjp5v+/SRF+xU5IaFF:RcDeV79hWL+KRF+xUJFF
False
C:\Windows10Upgrade\GetCurrentOOBE.dll 141.62 KB MD5: 570a7d4ba4b11107e264155b28a2841a
SHA1: b050e0513e801d5e8ce45daad0eb0d231be477a6
SHA256: e1844983b2fa1cae2474fcdad5361b4d092249879b3847761316b1c3623a6836
SSDeep: 3072:tsuWjpPR4CJOvjRM4nnkhSEt+jjdQUSArLHdmC2ZrLL:t0Etnk4juW0ZrLL
False
C:\Windows10Upgrade\GetCurrentRollback.EXE 72.62 KB MD5: 2ad3951c513c35c5868d4dd6c43461f8
SHA1: 0ff90e7093bce433c0a3f6110dee3960935faa66
SHA256: 9f1cdcbdc846fdc69f3fb6ba9ab729c2fa38b4a408683ee99883b74a78a2523b
SSDeep: 1536:zL8xabE+F0Zc2AGQg/F8Km/U3f/W7BrPdrH89H:PI+eZc2AW98jU3fu7BUH
False
C:\Windows10Upgrade\PostOOBEScript.cmd 1.50 KB MD5: 36d77d2e5156edce03a37608e060ef87
SHA1: eda70cb3fc2d8b0fcac71d3b137810d8e96311fe
SHA256: 7a9bb33e92dc381c0e4667ed203024ea11f00deef032a9bbfb80586916dde5c0
SSDeep: 24:SpsKpIpWwT1NFZz40M2uIaB17NG63792rWw+7q7OKGE+p2maz2vL1KlGcAGT5k1E:SGpWu1nZM0M2unzRG6UrL8qCKGDpBVJI
False
C:\Windows10Upgrade\upgrader_default.log 245.25 KB MD5: 07bd0b4327d5b0b6a7c5c74cd37574b5
SHA1: 8510b5d111107943dbac1425570ff94f1aa3d220
SHA256: 507bb7c34e6011e3aa858c529195a7ee22045760235af86f97094be50e8a53ca
SSDeep: 3072:BaIkw2nsFw3kwGzaQ5tm6kcLeL2/CKQnueRgmw5NoT1To3vRvYpu:15a3UQueRF+NQ+vlYpu
False
C:\Windows10Upgrade\windlp.dll 895.12 KB MD5: 9ee726b9fe092218c54f59052d50b45a
SHA1: 6b2cf49a6783598eb232f78042a0ed824a2aa15c
SHA256: 6138ed7becfad9c70aa15c6f96c7a70f196cab3356356dbbe6e884cf471741be
SSDeep: 24576:gv4tlOpdxLuXzBbYWhPQlABDys3Tl9wInxsYPh+nW:gv4jOpuXnB+qwIr0W
False
C:\Windows10Upgrade\resources\hwcompatShared.txt 806.95 KB MD5: 49b12d6908c4e533247cf31f10454725
SHA1: 4b24400dc524483cd699f865c773afb93f0663f9
SHA256: 7310d3593a90e5979c24bed45cdcf7d9517bcc9586b47d0a359fd0ff2afec1e9
SSDeep: 12288:NtKt85AkByFVbSbuhrlCqgh8H61H17SQbkq4fH405CLO:NA851By2SrlXmH17So4A05l
False
C:\Windows10Upgrade\resources\ux\default.css 6.56 KB MD5: a8a1df1a8347352fb83593f995de0f12
SHA1: 8106b36bc26789ed7c2ce9a48a75c31c186933f9
SHA256: d6c1cba220e0af92a23544906a991d8b1125279207b5de3ce1a0e28e73048da8
SSDeep: 192:+dCS5U+Q9FVA9zdhvVMEloJ5jpu4Uoqf3gM/yKfRxC3MWmG:+dd5U+Qe9JBVubUpoQfzCcZG
False
C:\Windows10Upgrade\resources\ux\loading.gif 17.92 KB MD5: ce282801de6eafec9cad924604fba035
SHA1: a812fd7bc63ac851fb2cb8bcf56881b82acfaf00
SHA256: 003e81a0575d59b7b65c4330466a208d49279d6f15574004c9a5743d759c8dff
SSDeep: 384:CipR5KNIvA19yHK+T609+7WXg75BWRtH/Wsw/sjgmedGTdCcZ3:ppR5KNIYSK0z9+7WE23wr7qdT3
False
C:\Windows10Upgrade\resources\ux\logo.png 3.48 KB MD5: 7e59468176a54134c6d8895b99a634f3
SHA1: 74d84c49a4b413ced4a2aa6789275f3fb7a2c778
SHA256: 68bab5b79130e799d0264fcd8f07bbf1c28f1286df608286daf734446f6a0f28
SSDeep: 96:XgfgJriUbZUDV3npimsTOxo5Kbi3wZX8q6p3wjWnmz:waFUx3pcTOxo5KbiMXC3MWmz
False
C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht 608.43 KB MD5: 03c182aa6b04ed5823a3db6dc3f7a314
SHA1: 6bae57001faa6163cf805e18d6f6644dcdcb554d
SHA256: 02c907c20ab771a2900d9640469381ca32f7a10274e1aa305445de882f55f087
SSDeep: 6144:t2GT5nF+Rkl/bz0tRNsB7J1NESCtpec3xo6Tbu/rmDEAw1beh6B4Oi0vJTciVa3C:NskxvCMJ1NbcBHuTmxwgaYoKXePka1Z
False
C:\Windows10Upgrade\resources\ux\pass.png 2.70 KB MD5: 744d42d1f70a1a8396b46cf59f995876
SHA1: c9e8f07b439646dadd45819f3f87e7926612646b
SHA256: ea2429690162a4b413b1e3b9b8c63eea825a438be48fb531adc8fa706da8583d
SSDeep: 48:6ICd6zdjayzUpjv02UjZ70btOSJEUL88qCKGDpBVJKgUW1EcmQ298C:665jayzUa2UjZ70btOUL88q6p3wjWnm9
False
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css 40.92 KB MD5: 3d5a275033091b6e2a1ee8d8f3cbd89b
SHA1: f538a5d8cc0324a264c5b476aa51e57b821197db
SHA256: 083e94bf82823907def1977d2cbce8f61623a37412ccf5ecb9c254988feb2e5f
SSDeep: 768:fuhUm+tc1Tsolo/9t7n2eBvgrLapOnR1X41T/:7tAHlsL7vaz1o1L
False
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css 263.78 KB MD5: 0d64abdcc6e3e726b79708106625617c
SHA1: c45eecf4d41b77e3a663a06ebbf933987fd526f1
SHA256: 1513835b2bb8edd2cff7560e68cb9fdebc15faddc6f6c3e22fcd42e1e4f43062
SSDeep: 6144:s8qxX6vasS7fd4GDLxXFCr1kvLr7HDYjwB6:dasK4ijyR
False
C:\Windows10Upgrade\resources\i386\BiosBlocks.xml 90.42 KB MD5: 050a4cdf97c2b43173342f689aa9a9da
SHA1: 7d752963b78efd2b90561a8ba13ea3aeff35924c
SHA256: 4eae805412221ed5646ef2a204dc198e64b27a5112a96ce558d9945cc9bfc0e6
SSDeep: 1536:wRvAnr1FcD7LzRDhPurpjrpKP1Gt5abdTgLV:wRYnr1efLzOfodrbJgLV
False
C:\Windows10Upgrade\resources\i386\hwcompat.txt 17.05 KB MD5: 264faa97d56b9d2842625a2d6f8d34da
SHA1: 37d9007101e3def6942fc855293520f45aedc0ca
SHA256: 8380e386572a992bcd192bea9170700313bdebbeac6cf40ea80dc3d8d89fe8c3
SSDeep: 384:R0lUgPxgFsW+wRxkS7EWkKT0ukWC+EsRNQW+ClmCcZJ:R0lxSsXwRxkS7bT0uND1N7+CATJ
False
C:\Windows10Upgrade\resources\i386\nxquery.cat 10.55 KB MD5: 50b7c99d32816d8dadb7b5e023903cd6
SHA1: d2344cec061982f9d6ed91cb6821a9c831971c35
SHA256: 40cc9b1666d00ea89d9e548961fa2c0a2b2ca5180ebff994ed61fe03db4c1256
SSDeep: 192:7GnwJNmE7PQyoAxWx+WFm+Uq1GN/R9fmZLo2oB82voCDOwpL7W+Kd0C3MWmN:7GnyMF7x+C4GGj9fEeToQOwpL7mqCcZN
False
C:\Windows10Upgrade\resources\i386\NXQuery.sys 20.59 KB MD5: 91eb3b53e68c548b6e05bab0bce30b76
SHA1: 1c3d6817731bb453bef8027394ef0944b7c7fb51
SHA256: 2fa25de010048c209c91ac69fb1db0e49f12bba231a11c24d6b86c21b88f4a6a
SSDeep: 384:+7venVuCKOzR0/ewWhDSk6nHpBjQ9aFwWEFkEQkTNFoSe4oLI2CcZE:+inVZoYhBWa9BGxTjtLI2TE
False
C:\Windows10Upgrade\resources\amd64\hwexclude.txt 3.19 KB MD5: 676860ef2310c243a0e5c883cdf444d7
SHA1: ada1b1a86f4aa1a531f9cef8ec6a9e3866497118
SHA256: b6d33b4c5a7ce79253f1ade435a5addb878cac5cc8dd2403bed747c5b9e90173
SSDeep: 96:o7bBkrFO8S0/5TZwOAb6JgUHlpx98q6p3wjWnmc:yWrE8X/5anilpx9C3MWmc
False
C:\Windows10Upgrade\resources\amd64\nxquery.cat 10.60 KB MD5: 60a79c7271f6712cf40f1f0390bfaf7d
SHA1: 233feeb9c4875426dec85d470388194f54d1d67d
SHA256: d0e7fea1a94c7651eb6a07f63aba2228dd712dae673b36045ca5540c838dd947
SSDeep: 192:hwJnwSAmHLcS8drHq3O90hR4opsVkfaEI5y4pAmzHRA179eddYC3MWmF:YP3leNlVYaEL4pAmzHRAvfCcZF
False
C:\Windows10Upgrade\resources\amd64\nxquery.inf 2.39 KB MD5: dd252233dbef81447952abe8fe06486c
SHA1: ddb01e09f83a99808e2e7e9fefa0108bf565837d
SHA256: 21ebefc02692c4b4984bc47f49c17ac4ac2aa968602cb323c16f252205597f96
SSDeep: 48:yFYb43fVhFts1cj05QKAoOLYHbec8qCKGDpBVJKgUW1EcmQ29YTJp:yFTflo5+YHqc8q6p3wjWnmgp
False
C:\Windows10Upgrade\dll2\webservices.dll 737.92 KB MD5: c6de998bf7f2372b3e2f7d92672affea
SHA1: 18bba4f2a5a1bc4e5c3b2317c78966a7534eae88
SHA256: 5ef57d769d502d4bdf70ab41257b647464362f86edcd2c50b6b724b2e9508f1c
SSDeep: 12288:NL8+zBqGi+K5q46q1BY/a/bWyojSf4brb:NLX0RqK1G/2WyojSf4bX
False
C:\Windows10Upgrade\dll1\cosqueryxp.dll 130.12 KB MD5: 82006f6b6b0d6609d0341468ed944d0b
SHA1: be1bf2ff4f407af73b3bfa1d1a1b6568c49563ad
SHA256: 2e256329b106950d4e74cc6e0e3071134d21940c9dbce3cc7039ed72b3d2629b
SSDeep: 3072:4P6qUaOE5qmKDjnQqWUHCyISiFyf/slscgjiwjs48pcTP9chlaB8:4P+E8Z/SUiz0f/4sm7ZaB8
False
C:\Users\Public\desktop.ini 1.09 KB MD5: 9165a4b99ecc72f497f53309ae15ab00
SHA1: 48eff256a07c5b6c4c1c973b301235ff300362bb
SHA256: 9c23bc206be0c00f58bf520e7a9e87385673a7fa5207c0e283049e2bafa1f929
SSDeep: 24:2DbFmfBbi/2xTeFNWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhjsV:0AJbWy6FN8qCKGDpBVJKgUW1EcmQ292
False
C:\Users\Public\Videos\desktop.ini 1.30 KB MD5: 31a2596121040ab07f591e07832af1d8
SHA1: 2f16d5c5d040337c39a5a925a77b65a50d8026ca
SHA256: 72d6e5bc6c0d81dd378008a43742c885ccd65a176cfc15a347846cef8f1343e2
SSDeep: 24:sscLoHXeCPI5mSEw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh2:5cLoHCbB8qCKGDpBVJKgUW1EcmQ292
False
C:\Users\Public\Music\desktop.ini 1.30 KB MD5: 083c0e3e9e1b1a12c66c55aac15eb7f3
SHA1: fae0dc4c1d073df19402c63cb4c72f9ada9fc22c
SHA256: 5007c93e0039e0f40f8aa7a2c180bdbcb1b6806f3ff4367817766e2af3d136f2
SSDeep: 24:VX9L7eI1JHnoP0X/eDJEh9olRnP4UIw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7d6:VXR7eIXnow/EG9oXPPV8qCKGDpBVJKgz
False
C:\Users\Public\Desktop\Acrobat Reader DC.lnk 3.02 KB MD5: 0f51277420e76b337f57297e5e4f7edf
SHA1: 40b3f76cc8143342873e774142c5d5ca604a06ec
SHA256: 32705485cd916c402038c930b338aa7e45b72d49b5a186918d6142c5d517f635
SSDeep: 96:1qzHL/1HwIFZCi1lf+NVsOb8q6p3wjWnmhs:1qzr1HfCWlOVsObC3MWmhs
False
C:\Users\FD1HVy\Videos\desktop.ini 1.42 KB MD5: 097c36eb26c03190b8323a23a34f8c13
SHA1: bd2d6e7cabaf2f93eed93532365d8185627480d5
SHA256: 6ecf067cb23e82f0e6ae9c739a86e07f010ef2cf3bcaef5b4d8ed2f6abaac0fa
SSDeep: 24:Pv5OOf+u9peWyaTMTCHQpmiGqw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DE:EOfFoWyawTyQpRGv8qCKGDpBVJKgUW15
False
C:\Users\FD1HVy\Videos\DH14kRkDJ-8wwl8H.mkv 85.61 KB MD5: 08f520f45e1fb95d13e1951f20d81521
SHA1: 7ade0f0aacbf6789222023cadb59ba55ff2e6085
SHA256: d9e8a3a724d2e66311c9a5a1bec7a67e7da5114ba46a9bdb00797a800fdcc12d
SSDeep: 1536:19seYLPTgQpqkuUC0kXT9SXJwV2LhU1ZroCg89TPN7No0gPBKzQLA3AgD9a3PXgc:Psew7gINPXkZSXJu9lLXrgPBmVzD9a39
False
C:\Users\FD1HVy\Videos\mP h7Lt-\JlYeyYLPwK4Xpyt.mkv 96.66 KB MD5: 7f02ea9e7cc8d39f489abdab8bfd2ea6
SHA1: 9b38ea2f422beb7014031c5e56649d9c676cfc8f
SHA256: 811d11ab76a01a2caa4b90fbeec2a5392bd34504a6af070e1f19a817ec073593
SSDeep: 3072:gQjbyFmn1rl8xFNKYuz3ZT1UnWw/FQRmyxeG7:DHmlKHV1yWw9umlG7
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\YHk1VvX0c.swf 7.25 KB MD5: f52129f5ce350a5668e295e3f685bd10
SHA1: 4b127062644685bb39451f8c1845475d9eed13e4
SHA256: 6bfc71ad256750c4624119c8e64b81c06794683a6d0b5cae38f1e84bdbb45336
SSDeep: 192:/vE2WwrBVJcY8ZxF2FGFj/Pc6H2tO+X/CSasuZ0C3MWmId:U2LrRcYw0Wnce2tO+aHsuqCcZo
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\cZl6rLvj5g7uCc.flv 60.00 KB MD5: e24f02ea279f8cf10bb0a06b6283410a
SHA1: 4be59119ba9606d7be7b1a75d6313b1478f35a88
SHA256: f00dca6112a6dddc40f71748fefee5944ba98a2aa57c6bd9c9aea7e27b99b677
SSDeep: 1536:OO65lqLINvdsAk2eZmG3Osn4hwiwKTYvE88IB6:S5XjsAumGlnKwN+YvEE6
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\smk-WRzZEtvv3zm.swf 91.91 KB MD5: de26fea62db2d0ced8d4d0a94ba89b7f
SHA1: 062105d31359af6f312f7340c0e134340c5c0afb
SHA256: 0a92f09419025d31f62dbe6f235be989537888cb50cb5d9f7f8c4f8b675bfddb
SSDeep: 1536:vERn4j8CGDYRpVpzuX7kNAXfeEIbs9C/Umhhzn44JUGlwlO8G+29oSPeZURK+s58:vERnyG+6Xs9hT7zNJUMwIH9omUMKn5Az
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\Z7WOkahHFEPtvl0hHDd4.mp4 72.47 KB MD5: e2245cf07293bda2b65a35ebf92f1ce6
SHA1: f81d9edd9bfbbc66ba852234b1843b8f7f9c735a
SHA256: cd9cbba0128c0b2174ab30fe29869efaeb461f5d44006a10e11e1dc217e20881
SSDeep: 1536:GIxy0CXoMtkO5IYf3FdvHyjol2q2+zq9GgcKFhEIiRj:pL2H5NFx+RYqUgcYENj
False
C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\zo81.mp4 78.32 KB MD5: 486608e3ba0ae631deef69679051afb3
SHA1: 19eab26fe684a6c39d58fafdebaeeacf443c9312
SHA256: 63b60733a7645f2037fd591fb6e3e0acb9e99007f61feadedcdd89b0e7bc24c4
SSDeep: 1536:8E3H5/JPH+n5d39zmcC1jPaQo5NkU6FqTziqvkFG4PN4://pH+f9mRZef6FYLr4PN4
False
C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\SAxLYmvTaCBnnGJsau.mp4 63.38 KB MD5: 0586715387552d2c01d3cffe6e5b4748
SHA1: 9735f3f112a13604f08c427345907dd881461eae
SHA256: b1403004ba1e35d7afd79de49b0f985202c2fc087005795f13598a6929b5cc33
SSDeep: 1536:9vwK6iCD+xn9wX2y8F7IeoIiCSbL6rL7WaXOkq94DvWHwt:9CFqSrksd/6LWaXXW4D+wt
False
C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\zOgRlt_PaSqS2gBYyJ.avi 12.17 KB MD5: 3fe399796798c60e7bfc9e4b9aeebd5c
SHA1: 13d2a2c75e80ef96ee81a9c5b085a7acac30b936
SHA256: 07aefd68679655a008b9d8bc9d630751f2b33a2673c5bb98d78d7071066b0ae0
SSDeep: 384:aPenNx8Y1ne9e9ytpKHIoYdM3hvQnDfKAVU86MACcZQ:aPox8Y07MUMqn2n84TQ
False
C:\Users\FD1HVy\Videos\0Jit\Kye1.mkv 73.77 KB MD5: 545f66df6f0beedcf2da0947b0764281
SHA1: e29ab9c4f0b4ec913e0b2d1f75c60f10e5cb66ee
SHA256: ee0745e16afc4fa7689b54b13f238d5240e6524aedc59c1ebc774a5c68e2f187
SSDeep: 1536:EubNCXY4xvYS5X5E49l5Vgnqi+u75C0CUG/NjE6+wIETwnmSMZu/IZTLeT:EubyK5MvVGZ+U5C0ns+wIEknmz2IUT
False
C:\Users\FD1HVy\Videos\0Jit\LIMK2KYhSGbY3.avi 48.52 KB MD5: e91b7fe17a90a53397f77bd52cee7cd6
SHA1: 5ce5a16555f62f4dd7022204de18793adfaa9edd
SHA256: 1788d67e65b7632947eff8123f8559285bdf6ba8d50c5845f746ded290648095
SSDeep: 768:lQOd5YhXJPvcQLkMNpN9HrXm7u0wvTKS6enqKdV8EqmqOUTy:lnd5YhZPUiHDHrXmaVpTnqQaEqBOUO
False
C:\Users\FD1HVy\Videos\0Jit\y9ZS.mp4 80.65 KB MD5: 742faebbe13c57f8031f36eeeee29554
SHA1: 0e070e32bc2ab92a1add6830d3504cbe73fe016a
SHA256: 3a40cc7767b16bcbdc0a95a8bf26fda5855e85b090d9007e05780fa0907d64db
SSDeep: 1536:RKZbCf8v0lwxqfQ9QQah+nst6xfvhvxAu4iJ3zHZBv7ngNg3m/Pz+O6JOo8LTvnk:RQbC8TxqfQaQaknCufJ34iJ5Bv7nyzAd
False
C:\Users\FD1HVy\Searches\Everywhere.search-ms 1.17 KB MD5: 6041a0046e0198d71dae017b0c7ba95c
SHA1: f1e97f939b4634410f52d6a8476ff728d3ec03ca
SHA256: 48404e2418cfd95f7008fc2d2010b3ecc33b4df706e4565b51f3ce07857f554e
SSDeep: 24:r6g8FAZCL9yWkVuiMw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhbfOid:r6pCZCL9yWWJ8qCKGDpBVJKgUW1EcmQG
False
C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms 1.77 KB MD5: a9aa913d0099ae87dd34fa6d404de2e4
SHA1: fa8f3873ac2453758c2b0f66026c8604889f5e16
SHA256: 4396328ceb1f2f9f194b3570adc40e4ca21a52371cf013348e390e23f9dd224b
SSDeep: 48:l9P+V6ISllWFp5QYdz1bVHAd8qCKGDpBVJKgUW1EcmQ29Q:l9PgSutRdzJKd8q6p3wjWnmg
False
C:\Users\FD1HVy\Saved Games\desktop.ini 1.20 KB MD5: d55d1c343f46eca279d11a8cb431ced3
SHA1: 9bccfd3a57d28bf286e4238df4cf9e2aa9c78171
SHA256: 3ec6d71815dd52b033d24a9b4f575d109519bd86e1df0567ce1edc1e0def2b1b
SSDeep: 24:YMGrlamPSucyDLR3Aw3w+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dhq1:JENSucyDLdg8qCKGDpBVJKgUW1EcmQ2O
False
C:\Users\FD1HVy\Pictures\1A1pfm.png 3.05 KB MD5: d795a11ae8ba7c6d696723d7fdd7d0f2
SHA1: b487bf293a4f86179fa0a9cefc2686739d0a2be3
SHA256: 50ee79227b1e3e23484efdb0f923d4c135ea35cb3d1619e94873d6d14d1f47ba
SSDeep: 96:ATcMAlE4IixnnuRPXNwhf18q6p3wjWnmBN:ABAlE7ixnMPNa1C3MWmz
False
C:\Users\FD1HVy\Pictures\37R8aHt.bmp 86.31 KB MD5: 186718965b7206442c5e7355d484c01b
SHA1: 00c9a807dd92bcde12eb07d56756941e05ea6654
SHA256: 0f8f2ba8cb5153775825c365b86e941a3772db27f13b4072ee00d83541b27382
SSDeep: 1536:wUQ2j66hP86VxLEMnrQ2+oDY5h0tG2+BBTKxmueIg2cBnRxT5qEGStO:6x/6wOVLDY5hIGU/ebcT0O
False
C:\Users\FD1HVy\Pictures\4yuX.bmp 21.39 KB MD5: 7407caff2e40345d14736bad94f9f8c4
SHA1: 50d4c3ad9963d58dad8d7c47b685679370b8f378
SHA256: a7e466773094d646f953a15a5d3e078eb11ac939b55522b2567c802a0972256f
SSDeep: 384:HB9h41s/gprTkXfPxItpSnvjT1G+fR4HoXdPDXUx9UV1TVphAygJoTUme5O1bDCC:jupprTkXuSdhfDdPDXUx01TVfPcoImI+
False
C:\Users\FD1HVy\Pictures\69rhLdMoVCQ.gif 89.01 KB MD5: e951c59c41b414e455a40864779b4c8d
SHA1: 9f0123d69998605ca2b69aeda032e08ab0ccb7ab
SHA256: 09cac8610b6e1a7ba78ed0a936d4559dffb0ea4fdcd4b15f72208e2a59249a08
SSDeep: 1536:JRg/l03X2YNsxhXw5DBF1FoHl2jPlweVnBYM+j1+Uv47HaXEZ6u7CZ:T92ae25DBiGPNVn2M+j1+MK6u7CZ
False
C:\Users\FD1HVy\Pictures\8J4nPD.png 72.92 KB MD5: 9cd60b62c65ca5a66fca34cb47c4e081
SHA1: f300cb46005a22d7d675f53440faff2591b05a7b
SHA256: 79a745238d9c604674473bf89f2a4438ecd341c4532dff55716d43836b04d3b7
SSDeep: 1536:ibmRow0GhcInUZnhGCgdrrfespZjIzi645CMmG4ja/ojj:ibuoMcInUepDjIW6ngj/ojj
False
C:\Users\FD1HVy\Pictures\a1i3b7A5pHU82I.png 18.62 KB MD5: 80834dc838f6b220a53d5c8a34605e38
SHA1: f1063e137ac113708b5ad44340f54453673449b0
SHA256: b2c9c3cab48524103c7e07e0fd0dd27b0f1f875355441715bfca7aac1ef0e816
SSDeep: 384:3cnEIAGnx3YX25mIcRcPDMIW4FNQI3SlZ1oU20L1zXnWyZ+NxxhqOHmzCcZy:lvXm5icPZW4Lnsmy1zXWya9qhzTy
False
C:\Users\FD1HVy\Pictures\aXeXUP6k-snF.png 17.98 KB MD5: a6e6ad08f01bfd0290a28b3b75ca1a54
SHA1: 86c31026c7b567c5bed39ddbf108728ea5e305f9
SHA256: 8dfa5c624f02ebb91242974450e6eaad8cbf1d06dc22d34416e5bf45a661d62b
SSDeep: 384:QE9Dp42MJ3SBiJMh/HfjC5pduHrnJk+FQMW3WDnkiQCcZB:QE9DWl9jJMhTCMHrnfFzWmz7QTB
False
C:\Users\FD1HVy\Pictures\cDL2gR6a-IbLz3x.jpg 84.05 KB MD5: ced732801d412a1457d1329f1c7b1c1c
SHA1: 8013f2349c392bb19c4618a9acee58e89f283f89
SHA256: e966ba31695f2b8bf0def13f3a83b2de6590387192dd8b94117c1b888c976ead
SSDeep: 1536:jB3EnJWGP0AF8AmhWYg7/ERN1nuGMT+7s5ubdvgEc/ND2QIEE0Qnsomxq:d34W+TnmhW/+7s5nEc1W0usoIq
False
C:\Users\FD1HVy\Pictures\eBfX1Df0J.gif 1.97 KB MD5: 3aa03524a070cb8ca78c307eb521cc28
SHA1: 8b69e4354afd1ff634e87b062fa8f9c9a01783c0
SHA256: b1cd2d18a4d448acdde60a640fa6488f25bc0ae47f5f3a3695012aa1a1aaf541
SSDeep: 48:dnZjmmnW60ZkxdgwjsHMKp8qCKGDpBVJKgUW1EcmQ29FM:dnVmm50ixdtssW8q6p3wjWnm+
False
C:\Users\FD1HVy\Pictures\eyrJY ehH0.gif 21.92 KB MD5: 85207a95105d6f9a132d86c34dfb7b01
SHA1: 8c642f22f5f6a799d75c364435d043e32f82bfb2
SHA256: 0f4d989c2c4065d6626037cd048607f72fe29d3cd36c3d69eeaa55fe03dbd1c5
SSDeep: 384:k43Pqm/SPi1mZgYU/2vwXcZr6t3xr34FYjX07L8IE1cZUdBd+ZCLLDDOoC6zm6VK:k70SkmqYz4lx8FYjE7JEWZB+XOvsm6VK
False
C:\Users\FD1HVy\Pictures\fiznQaqNRLajHUms2A.png 54.61 KB MD5: 2ed0bced3081e6530c8f3ed4017ae6a2
SHA1: 3e32023cadcd28f2e326b705f491cdcc3a671926
SHA256: 7ef757a5d3ecbad7f1122735e46a816552c9bf7987bb4ef21941a238ba8365a4
SSDeep: 1536:Ob02r146PlmaC+eSc6duVuAc/QoQFRTwooA:sVpPlmFwsV9c7QFtMA
False
C:\Users\FD1HVy\Pictures\fvA5IQ_5PavX.png 81.88 KB MD5: 7295d6a6ed138e971a7c8c84e80cc3f5
SHA1: 4a2fc2ac0595551b4a83f72a0f3242001e2db1be
SHA256: 9e2e8c48a605a2aae1569dc78207b0252503cc1b8ac1f798199108cdd052f380
SSDeep: 1536:Ls6mUTjJLNMBKulznm9gNegXLmy3C2j/DHMbLGb68KRxNZY0D/gzXLGvwgg9HGxU:LsnUNyKIznm9g5nCoobAKnvYJz7GIFqU
False
C:\Users\FD1HVy\Pictures\j0tyQmSHBzZT2.bmp 7.05 KB MD5: c71c3468555cd396c280cc28599ce3d3
SHA1: cad663f76b8283a4010194e402929e99e1c76f45
SHA256: 2ba081e0b0f24e70020fb58fe4f6b426a2795271c4e9bbe885d627127a462a54
SSDeep: 192:Wt1I7Kspi2aVjkPhZNjMVP8mlC1rAoGCC3MWmVh:WfIMjjSfmPbEpFTCcZL
False
C:\Users\FD1HVy\Pictures\nM_Byv6DBsnL.png 90.89 KB MD5: b698874f7502af7a324bd3a1b1f3c881
SHA1: 3ef8c9e246f25f59d5c46a68b74c6cd5e120752f
SHA256: a9b1d8e89e8cbec676025897db3526180a3f777ce441ce8a16b147ba29a9f0fa
SSDeep: 1536:MB4qAKED/95etgT7QHPKRJM4NB3rv4irSACFwYxnOY4Oc9DIXempjwzwk0Rj9p00:hqAKa/95Mq+PyjN9b4HFYb9EXeQjwzmX
False
C:\Users\FD1HVy\Pictures\rrF_r4.bmp 38.11 KB MD5: 8aa903041984f791c8cde95c1797fa7c
SHA1: c1eff5c9073cc0bfefae5f1b562941a35fd1e0fd
SHA256: 6a5f52fe63c36a93265da77c82f066762510a43ecda5458a74e97c086b93ac22
SSDeep: 768:0Gk6wEBn7dLH6iVGrbITurxCCmjwV3vQSVDs5y3mSQQTD:I6wGn7dDVGgTu1CCmSZDGZQf
False
C:\Users\FD1HVy\Pictures\Sc6Jajus_ESL5w yG8.gif 99.19 KB MD5: 2991e239c6db8bf4aa918397987c4666
SHA1: cda15bb443392ca653568adc11d49840dfd73833
SHA256: aea059680d08e38855a63d9986c483bdb97b0f66093e2c59d50286820291aaa1
SSDeep: 1536:2DgcbxHrGTf2wUuPKrI6lcwffDsB8LedBpF72hsSzm+jp6qjRY8IFeCNxaus5LEI:tf2w4I6l5D48LeeuSifWRdr8AFaCH
False
C:\Users\FD1HVy\Pictures\tWeSxYdyFHpRSLgu.bmp 82.17 KB MD5: abd2e5d4c2fd42f56bac07d13588f8e3
SHA1: 1aa0eaf198e39b6dca247a9611d7b23674d020fc
SHA256: 3facb9a14efbf559458a5112b1f3c8fdf3a06b0dcc6f248894e298180b643b81
SSDeep: 1536:jNwtcGBys6GbGUx9821zfPtfR6NTNzjzHazgqDTUH1WXx2EkcciJUcgtzEHjmuSA:jNZdz6Gkq21j6NTNz3aztDTUHo4Y2YH3
False
C:\Users\FD1HVy\Pictures\We_HpS54_a0D.gif 20.83 KB MD5: a83a7f6cf32030e03f7069e452c0653b
SHA1: 2d6a109e0fa41fe342a193a7c407fd31cfec5409
SHA256: da7902badb304b2afb567a6a31766008d0f55f501b19116c8bae17a7b390ad12
SSDeep: 384:JpnK7d/Vz8LVjW9xyGeG0rUCL1PInuHd4AlZq+KkZvZ/fBYEPpSFwYmCcZr:Jprg97v0rUyPIuSEE+FZx/fBYmcwYmTr
False
C:\Users\FD1HVy\Pictures\XxaTc-hwy798uwvin.png 65.80 KB MD5: a456c077b87887c617581173acd2dff0
SHA1: 59d7b8b3a48218724ca4a4bd0bb54e52ed458b60
SHA256: e8ebea62090d024bc9e37648c746be23347efb93f45501b3f536ebb7b895376a
SSDeep: 1536:TZYaYWu+5EzUzPnkoR56+TDHjmXMWNbBoY15pLPZ:KBWuozBznHjmXMEdoY15pLPZ
False
C:\Users\FD1HVy\Pictures\zy-huTJy.bmp 88.41 KB MD5: e95613644fb82e043d41ea64cf705bb6
SHA1: fa7738adb49eff5f9d222a64dd40991c9eaff9c4
SHA256: f91763a0f3418b3e5467248b547144c9feaaed8768f8237a8891a97b90faa6b2
SSDeep: 1536:aH1onB1bi6FCUHDv0A/sOVU5TyJdidxGdzyu6rW+WnVKLLSroWbX+niVr6Hv:aHCrtrHDv0klD60NZiqhbUA6Hv
False
C:\Users\FD1HVy\Pictures\_cKcOyWheqI.jpg 24.64 KB MD5: e7db63c70861ff4390b5be4d7ad09819
SHA1: a442a40274bc9b054883841a64eb111a7eb7b798
SHA256: 5581b3167fc8ee98dc74e4a4e66b37d0429b12e3d3efe9bdfc500699d74115c5
SSDeep: 768:2oNRzhHSxzzMpYhEKjmCrMfheYYOePZTe:2oXdHSxzz4YeKjmvfheYCRK
False
C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini 1.11 KB MD5: 85c592fdc00b626e0a08b4486d057ae2
SHA1: d4957acd0c9db4e7c32938045eb97f552417c17c
SHA256: 9037ec4ff0918b930eaee257311d800fe6103bafe0858f7eafbf8b48257e8b60
SSDeep: 24:J8mdXW3xmRHJQcgw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh44q:J8JVg8qCKGDpBVJKgUW1EcmQ29o
False
C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini 1.11 KB MD5: 7479981f97f7121c88235c7d854a352b
SHA1: 612bd4d7df91c66d637cbcd0c0b167a43133b30e
SHA256: 0da90372a630b2e7e40f8957b75c301e6c69ebc376fe0b65a54b45d6dd63ef89
SSDeep: 24:0VeRdyYwS2URAUqyOwGaOyw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhDd:0VAdyzlUfbGj8qCKGDpBVJKgUW1EcmQI
False
C:\Users\FD1HVy\OneDrive\desktop.ini 1.03 KB MD5: 442772dca3adbae66c615928c5f04966
SHA1: d15da409b3f32ec3a78b8aa42ceafc7caf74ac6b
SHA256: 4270ab9f36d32510246ed97b224dfe3ebf72e8ecf81d3e0af604fecbbcd7a2dc
SSDeep: 24:YLLhh3U6bSw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhM:YLLv3U6r8qCKGDpBVJKgUW1EcmQ29M
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\iyC7tW4Ojj7RBRjiv.m4a 13.76 KB MD5: 3a80a755ceabcc9092c2f0abd94fffca
SHA1: 7b8f1aeb0d81b2984c2f545fb6e8bea65c0d14ba
SHA256: ffbd87917bfe43dde0cdc2f30d145a28fecd5980d32202248ced8516c33a92aa
SSDeep: 384:tUoCzcp0wNy1w5PJK713eKHEi+RRMZ6CcZH:tUdzcBBK713UdRq6TH
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\xN4AUbEaCl-f1xZI.mp3 77.07 KB MD5: 344bf385df8ede5de21e7094342111cd
SHA1: 21150cee4f2c656b3278dac86fd2ecab15b910d9
SHA256: 24ea48a2a2d28ae338b638cc749dcd7e8f7a99f1f618e60844c85401bb2c177b
SSDeep: 1536:uN6vSkEaZ3Oul6nPW7OflEQwH0zdZIa3mnSnwl2Whzzxo62VXwFw0J81viq0/j:2biOul6nmOtE7WXIa2nYmp9zxo62Aw0d
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\h3weC1KwwHE.wav 49.22 KB MD5: f0d64a8ba2ce0a6f844a1e880faa046e
SHA1: 1ee062d06626158711d63ec3f05376b4456ef1b7
SHA256: 570c1819e9a013723688ccc664411a41877dea4bbc4eaf711c8e66b8f29d53d4
SSDeep: 768:FjHon8rgSpuciih+aSNShnPpLYfZlq/P1yq/yAayz34Qx+em1Bg1GKT5:GSoi4nyP+u17lakx+em1egK9
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\twKU.mp3 58.45 KB MD5: 9459189a2ce2b1962e46ef6f7f8c24c6
SHA1: fa78c52202ee1ef894938708836cf51053cf6d97
SHA256: 1d02491a9d4517c078cd7c248bbfea00bdbf18fd18ae836c6529715a8ca4bcf1
SSDeep: 768:3nvwUE1lTExyE2oAL8musaiHzvky93r9U/aJ5pfYHoXYSRaDgLE+QDAKAg+wwZEb:oBfo1musay9UkDXYSgD0wyZEOtdI
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\6bZRhWw.mp3 19.42 KB MD5: ddeee3ca489e9ec5652691e83529742a
SHA1: 037c87b10538963141738acd88d834b9720b0f12
SHA256: cf63b4739fbb4574324acc7867f4bfb296ce22562d546e0f640f9f0df5b475a4
SSDeep: 384:f+u7boXG80r8JQKR3zpUkFruQzCLGc/sROA+aQmvSzHUXxwCcZf:fHbzVOFpCTWv5AHYwTf
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\DzJl9qZz.wav 33.19 KB MD5: 7f8b5e4606423d22a76a810c428c6740
SHA1: 0dc2fe0edb5e3a8280c1c61c9c8bde402917c728
SHA256: 368c8d24639e26cfaf46f42e4ec73ff018dd5d5836c389f6c2f3f7e1bee1d02d
SSDeep: 768:l5pW27PR60WmECjSIPn9hzyWh0suwf1H3UAmUJlTn:lvnp6zmECPn9hyWh0Yf5Uelj
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\kuJc FfRcut4b.m4a 81.28 KB MD5: 09d717bc1c2236b53ce5a43d5f83f0d6
SHA1: dc0769f183af0ea7880d0bd814b352e9cdf9185f
SHA256: 427adf84425f1e191747ad09355f63c0345bd3c09bbfc7de445cc4e53829da6b
SSDeep: 1536:qzZkMXh5BlcmF49xK7h4OAR5UaEgf4Hb6jOJNSnRxGPgh6heJA8ZhkWMPm0TMFpx:qzZtlcxzKnAMajf4L+bGYh6n8ZqWkZWD
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\pEpFQi.mp3 77.57 KB MD5: eae9ea809bf772c0eb8be5b734def607
SHA1: e12486a44a080cde27fa7e9c8533811fd25aceed
SHA256: 3f93e0db08649ea5f8338cc3796a419968c6b376fe2db94cd58942f0eb1d8e0b
SSDeep: 1536:fcKclRtZyPdhGBQr1JlkFoV2di+RwehibxzNY0WyHiuq5ERQYHAolpYQdPo:fcKO2lEoQiQJhmxzNYqHir5E+YHAolpa
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Cgdvi2MgC_w.m4a 19.38 KB MD5: 4d4e6a7be4ddc4fe05d7d2eee5efa0c3
SHA1: d4c7d2274f3b81a078e9a42caa80e41c42ab7f0c
SHA256: 4940de97882c21a6967cd61f16c987f9fe02c45977bf8bfedbbf263d8aa99b27
SSDeep: 384:2kpIQkKnphPp1oPjDzrjw4rQDbCcqOodr28nHpU2hVodaaeNOUs84CcZi:2kzkKbp1oPTrA/CJJdScJlodFA9f4Ti
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\OFRJqA4.m4a 29.98 KB MD5: 8c3b4ca9cbd6803c64c31fe6d1ab1371
SHA1: 5e0f88d95c8298567703532b1fb82a10ebffdc17
SHA256: 2de10368e5c763c7bf70d42a1dadb023230e4139d3fa263ebbf51255c69b712b
SSDeep: 768:rnrkGIW/ahECUu8oxId6Nn8FfcD7bZJe1RLCcHOmoTqaIrxliDbivLoT2:rnoFwo06n8eD7bZI1RLZumonBbSoK
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\FOOxWsHmP 33F468ydKn.mp3 78.71 KB MD5: 1c03abf5c97dbd0e0edf0a79310cca1e
SHA1: e5c3622ee104d7d9cb237b580fafe77d117bfe4f
SHA256: 24fe40acbf0761badcc3db8f1a5d7da2d84bf80b75c29f9da1303a8807b5c298
SSDeep: 1536:jNimuDedZHS2R1cMbk5mWKP+A31Ja9BRQAfQUwFrC5StIskD:jV20yq1crd2lr0BeeQUwFgSAD
False
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js 1.22 MB MD5: 1c34f48ec3e19efab308a83fb825ae47
SHA1: 5298177ab1480b5886eb44c7540abd4a4564e190
SHA256: c926e831c36b055a813e271f6383e4356ea9ca29a88e89fb9f8e05fe4375dfdc
SSDeep: 24576:lklFJPXJy0Si+aExNPeOAwkVR8IRPVZif36l+22ep:lODPXJHS6ExNHAwkL86aqc+p
True
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js 2.91 MB MD5: 0849bc2845318e144eac216dc0ad474c
SHA1: c71c22858e96fdbdd5ad80fcd5e39f2fe6facbe6
SHA256: 1f79908df613dd75b158a8bc881cef372975e1e6a0ab371b4da60f52f8ee3add
SSDeep: 49152:21yQZVoloK2yLs3nYvdo2jg6pavkcOyfrPSxh2OC4gepf4m1cN2HpLnk52y:WrtK2WvP+za4ZYS
True
C:\BOOTNXT 960 bytes MD5: 67aa82989798624eefdf950c6c2c141a
SHA1: 0cb7beff1300537a96d9cd789f5482d3d0a06884
SHA256: 385a8e3484cb87131ed58496bad3140f8abf4ee34b7aa44b89fd5dc13a332b4b
SSDeep: 24:vW+AVtbGAPLhWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhHHZHn:+3bd8qCKGDpBVJKgUW1EcmQ29HHd
False
C:\BOOTSECT.BAK 8.92 KB MD5: a25e31be478515f72a7352c2c39af9df
SHA1: 8f53bdad046cbdaba9b8a7a3e2fa864f30d7b812
SHA256: 664bdddf0278831934ea4c4cc05dce36e41e3436870ea177cae92b06854209ed
SSDeep: 192:WwPgGnN+RMuEbuu0XUtA5nrZ3NifyN7W5qF6hPuIvGlDoYC3MWmZ:WwpN+RMYPQfETyvG9HCcZZ
False
C:\Windows10Upgrade\cosquery.dll 61.12 KB MD5: 8cd261fea4a468689786e75eca758801
SHA1: 3697e75ff5246c051ff29c2b3e978f124a28b920
SHA256: 3170c84bb4cfb9a682bc59c548bbf28e2df491ad0eec3de7daeaf8fabc382964
SSDeep: 1536:RYeaqm4sDvVeX9p/wbr5dRaX1T8+A2vXVmj1iJ51PsJDA94W7N:RYeaqm/vVeX9p/gHQanUqDA94QN
False
C:\Windows10Upgrade\DevInv.dll 323.12 KB MD5: 1064a1145f75c55ac768ca424358ac2e
SHA1: 70c27ce640e32dfd0d0efe913e79d02fde938e49
SHA256: 8371ffefb46df2331ec8afbf82752ef5ddbf5d311bf1bdb8fb05dfa6299b9592
SSDeep: 6144:vRrkCypy3kRakghmewAllD1jrigWT9481iR0JwoYDDXZUdJtOk1ov9KdIU5:pICy947ni9iCiR2E3idIs
False
C:\Windows10Upgrade\DWDCW20.DLL 49.62 KB MD5: 1464c207f703b1c9fdc8100bf4d5a81e
SHA1: 9bee3cac6f26973e21fe33645772f16efad6509e
SHA256: 2f5df8f5a9f68abefeefe9bb9ccae4cee622269d5c5e468196e664b8ccabc858
SSDeep: 1536:kHa5YZWT40jWSJ7kJOfbmQBBiDgoS09XbVd4ZG:EUMSJIgjmQH439XZ2ZG
False
C:\Windows10Upgrade\DWTRIG20.EXE 45.62 KB MD5: 17ecb33734337d1b284c1d2673268189
SHA1: 1d51545843f446ae8fb9efba150c9c18b1b17df1
SHA256: a06425ab710e927875509036fe2e1e6e96aa0308ec0c548dd55f716b098e7fa9
SSDeep: 768:vxZ1HW4AB3B9dFAFYaIylkOZMtDpiG7c1VpcASmHq6gxmJfMPkA0G0hMdMTT:vp2P7VyYclkOZKDpx7crpbpH4mJfW9gV
False
C:\Windows10Upgrade\EnableWiFiTracing.cmd 10.50 KB MD5: 501605e21fc9cc65aa08685de68515f6
SHA1: 8dd12220fabb7d8009b41a410ada5ccc0a1351e5
SHA256: ecb953f06e35a60e8c34e462fb49bbe5dbc31c649a6f4490420fcad2bb2b7699
SSDeep: 192:YKJ9uNDxS3xSyOEgX4m536Y5v+8d4I9OlzH1TR8a9C3MWmz:YKJg1S3xSyOEgX4GVvYIcl7VR8kCcZz
False
C:\Windows10Upgrade\esdstub.dll 40.62 KB MD5: 189ef9fa51dce2fd68606d8047a2c28c
SHA1: 7a7fc8b112138aa82cd5449e44ffacef025b28a5
SHA256: 069c781f3af3c6faa6d1d0b91c6672f92a824fe350d08bd4ca0a6c85c8d94a68
SSDeep: 768:EPK8b2QOqryLdVD4IuuMpXwRiha4DR9ITh:EP2QOqEKrpXUoIV
False
C:\Windows10Upgrade\GatherOSState.EXE 552.62 KB MD5: 278b3a5b8943961de9e25ad463c5f091
SHA1: 381aeded123fd918780a9801c2812ba4a87cd31d
SHA256: 95cac80995bcb61d7197fff653b996c72ac0118771d4db554ddee1300f6a9f02
SSDeep: 12288:fIQq99xNSTe+ZVSpfXWDTM1osqfD5AiaeuW7XdZNE0VjBbXU7j1G1Z4sHqA6gkGc:fIlfSTe+ZVEfXWvM1Yfql23NEATgo4sy
False
C:\Windows10Upgrade\HttpHelper.exe 28.12 KB MD5: d9843ee6fbc48e89c23ae8f3e9861cf2
SHA1: 942f54589b30e63ad250b1d7a94ebb8d2b4a2176
SHA256: 74c2f87da9fb813c95101e83076d086972520392663b4ff513a759beeb85ada8
SSDeep: 384:5ToZ7/8ScJ/4WJb3Kmqr80aq0Gftp0B8fKCEWBdwl8QFOx0+oqpZMi34+n+CcZK:do5Lc1JlakimgKCEWB2GEO+q3UTK
False
C:\Windows10Upgrade\upgrader_win10.log 21.00 KB MD5: a73b0b122ba249723b4e3d1987b5695f
SHA1: 1dccf6246b1a1751109233104eea3d027b6804f9
SHA256: cc584d7a36fefa83edf35c01ee9417d736c809560d18bb3c192d51f689a1dd28
SSDeep: 384:ayeh0t1OtdygEONkNrNasFK7PcHvzgsYjPe0LgnnTHybZ5cJkaeM9gCcZx:m0tMdJEONkNrcrcHvUsYjDg2b3ukaeMO
False
C:\Windows10Upgrade\wimgapi.dll 545.12 KB MD5: 5d39cd76d83e2a9e8242928a6de03225
SHA1: b0300c6ea4f59f790df97a7de92855fc8ec4cbda
SHA256: e3f2147b9e4a59c3b3bbb221d675c8f57f347d5b194026c23f634275c13e54ee
SSDeep: 12288:GG0zfgeNVVL9CppWfhfhWpiCS7i+R4J/jCMUhaPRDehAPLu:MjVVL9IWfhfhWpiv7iv/2vzhAPK
False
C:\Windows10Upgrade\Windows10UpgraderApp.exe 1.35 MB MD5: 13d7470e4dc68370a6fce00ec5b32ea9
SHA1: 6bbc32df1fcc2f862a624bd0324772bd02e409dc
SHA256: bae2ebd5f9505c8c2fbcc161622179274c8326f728cea0ab2795602df6e40303
SSDeep: 24576:L+x2y4aEAuUSH49uXlVVEcqoL1Kr4UQoAuGlTIZ+wbuv:L02/alDqCcqowr48AHlTC9buv
False
C:\Windows10Upgrade\WinREBootApp32.exe 25.62 KB MD5: 0faeb91859c7ebf52583c7e89c72af7c
SHA1: 5fd23ea6812e2b975b016f410cc86a27a5dc7796
SHA256: aee112c58b81a2fcbb8100dbfa05d99865a2445e8c8853624e902f62fa8134af
SSDeep: 384:CjrsfbKQm5hVKjrbnjAYvSkXTMq0GftpBj8Krpse5wayGX7e+RJ4QBw/LCcZX8:CjrsDKZ/8nj5SkDuiLrm+r/RyQITX8
False
C:\Windows10Upgrade\WinREBootApp64.exe 26.12 KB MD5: fb31b6203e5971962b9fb1e5a6373627
SHA1: 3bb808fe2bca7ac1beff5239aa17085a83081d7d
SHA256: dd15e0c3e8b15a3b84bf1afbcb8c9fd4b9c964335169d09d6fa34cfeaedbbb87
SSDeep: 384:D8hjHHaWn9T5vvE8C1QlF3zMGvO8D9WG80aq0GftpBjEJnRQq40WqfJeR3cpC9C1:D4a8tvv5fbzp28DmiARQp669T0
False
C:\Windows10Upgrade\resources\ux\block.png 1.83 KB MD5: 4482ecd98342a7b4b35f38197ac8a394
SHA1: 6a714b5e63691638ecbaf589b7395c893984a2c7
SHA256: 6c5074e2449c2339424243dc701c8228a8ae27058cbb70f9f5b4dbacae575c78
SSDeep: 48:BG0bQbcbGPrw95tt/3efKBgKa8qCKGDpBVJKgUW1EcmQ29JIH:BG0YcbGPkJ4fF8q6p3wjWnm5IH
False
C:\Windows10Upgrade\resources\ux\bluelogo.png 7.84 KB MD5: f85918476e9ae05e32bb4244b7ef8992
SHA1: a5e06fa5c0a767e57fb13a5601c29457cdb71529
SHA256: 1fde367e0eb9d17dd6597d384bf96e8eea5d94adab929082291d4f7e2c6b2b39
SSDeep: 192:vbCWqODlSBFrdN2WS9EQjGf0fRnbkoasIjjADZ2Ky1C3MWmeh:EP9N2cmE0fRnbgjjAV2P1CcZ8
False
C:\Windows10Upgrade\resources\ux\bullet.png 1.14 KB MD5: 84a8e568bcaee9815e49def6bec7d96b
SHA1: 942b0597c17762340d9a7232df1918718f8f292a
SHA256: deb4c2b85cca697bfe8a59dadebaa2e1b5b5cb1b382e7c1f8877dd7865705f75
SSDeep: 24:GoAv8Wpw+N8u6w+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhrUV:Mt3f8qCKGDpBVJKgUW1EcmQ29ru
False
C:\Windows10Upgrade\resources\ux\default.htm 62.00 KB MD5: 09506c727148dc06ee9389c2c45509cf
SHA1: 2c243459ffac19b43ab777b269589375585d841a
SHA256: 5a09adf98dd4ccf301331b86c516943aaab4a7b682faa648b3511936936005a4
SSDeep: 1536:F4J6XolQOZN4+Ydo0TbCqFkBm0TEnsREx/n01DSnWnU96BySTjMxK6sudzD:iYX8fj4+Ydo0TbCqFkBm0TEsREx/0xS9
False
C:\Windows10Upgrade\resources\ux\default_eos.css 7.47 KB MD5: 030408627170cd3c416fd431973e8f82
SHA1: 634cb8ddf7d62fd7a1105874f372cee01ba490cb
SHA256: 0a16ac91a79d9fe0b947b6744b3d0d8e3d098afe03669edd71278b1eba516891
SSDeep: 96:cyaBK7lSxz9MrRVh49sI8SINLO86FRRaVzFMQYhdJWjMRPejFLuCqFQIMUXoW5tj:0R9MrT/pSKivIYhvWHgvFeUXEC3MWmk
False
C:\Windows10Upgrade\resources\ux\default_eos.htm 55.48 KB MD5: 3da7c9c4c7f4e4be8eecf904479c7fd2
SHA1: d7cd2d0ad70a4f2312366a9590b0298a0c45dd89
SHA256: 90444a53cfa957db0810633d9d3b3e2e29344b4adaac2579f09e1abfc78dbab9
SSDeep: 1536:bifZZ2+c4cRhYU009+445lnDWt1SunNE4B8yG0:b6f2+c4cRhYU009+4wlDWtsuNPB/G0
False
C:\Windows10Upgrade\resources\ux\default_oobe.css 6.03 KB MD5: 37b36555b541d81e0bfc103fb8747aee
SHA1: 1a1b1c764fa3390c4fcf8e1b89ee1aefe2d0bee1
SHA256: d3b9b6613f6c385b7209d79966de401a97effe50c7f741f7b5ca057a53c74619
SSDeep: 192:HbEg0QDtSUf4+hUWGxhB7pg/Fz3hPZ5r3jC3MWm+:HbEctSuUnw3Nzr3jCcZ+
False
C:\Windows10Upgrade\resources\ux\default_oobe.htm 65.09 KB MD5: f10448546a745282843378bdc0bc7cde
SHA1: 37c240e73fc95c545255d306ed3ad1525fa81a75
SHA256: 9da0709f4746a2e4485846dca2167272629ce8b7dd5a1f329ee74192bb66dba3
SSDeep: 1536:z3KMtuhw18pZsy87RJIX6+oWDjzOpntkSBn01e1evnUlagGVCs8aK:LKKuC2al7RJ66hWDjzOptkSB08wvUlaC
False
C:\Windows10Upgrade\resources\ux\eula.css 1.02 KB MD5: f18e9ecd6ee29b58eae372680bb69712
SHA1: 38814300e960f07b5578fc36c150a37af247bb58
SHA256: ef30f7f4991ddc97b32bc781a3ce52a650ec4cead0f8f9daaf30d8ccaa0bdc21
SSDeep: 24:YQ77K6CqWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh3lt0:1VHL8qCKGDpBVJKgUW1EcmQ29v0
False
C:\Windows10Upgrade\resources\ux\GetStarted.png 4.66 KB MD5: 23e1cbe663e4d89a2f38b6faed7717ab
SHA1: f7fb47cb9b3e29b2f3b67cd8e56bbc1e7fe00cd8
SHA256: 9e91a9340e837fc1c2fd20df764e8b043386efaf808d8f6224f752297b019da5
SSDeep: 96:hN4KrgWxF+R19NIFmhPEcScmHRNTwm9tnQNY8q6p3wjWnmo:AYgsy1P9hMQyRhRnQNYC3MWmo
False
C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png 4.91 KB MD5: 9aeb34950623b557f1857c42b2741726
SHA1: 772e90be1a68394bed07ea7c2c2e381d706a5a1a
SHA256: 40081a6532f22fee0d40455d90c9126ae3cb0f47d6870822feb2bd619fa8ce53
SSDeep: 96:OlzkYoi4pR0Xz/4VjyRrT/PEHgB3EJqXkWWWV8q6p3wjWnm4:EzspRGznRrrMHgFENsC3MWm4
False
C:\Windows10Upgrade\resources\ux\lock.png 4.52 KB MD5: d35c70b07468f7aa9b4cbee16d4bc6d2
SHA1: ead5d0a61fbda7641c6367c917c3cbe154e7ff15
SHA256: 68e9cc0590f4b2baaedc8498a47f780226251b6317f00722f1f6a3b66d2f6ad2
SSDeep: 96:P4pQ8Ybh45drG6eyF8jSe/PfxoEQ5CbYcKW7Fk20/ABtaGchEf8q6p3wjWnmj:PV8HNeyFBe/xoEQ5AYvSFkdAOlEfC3MZ
False
C:\Windows10Upgrade\resources\ux\marketing.png 1.41 KB MD5: b3ba0ad665fbef64ee28dbfc29db0e50
SHA1: fd9d013e038841710e2e1b4fb7757e2ec89a6831
SHA256: af1492ddb90165997081d0e301bb8247243c21e0be4d9564bcd606e8aa43c2da
SSDeep: 24:EyNvVhK8fxHaysYcmwZyWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh5RU:BTK8JUYXHL8qCKGDpBVJKgUW1EcmQ29I
False
C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png 3.05 KB MD5: 41c46f2f7f961974a3463914d67db8b8
SHA1: c868b47a2d989d461883ac375351eca90caf640e
SHA256: ec82649bd5329300e2109fdbf681db3015178f16e8a92ed927d5be9c0e9b4f6e
SSDeep: 96:LunKRlEVabpd95sTTnXWA4ur8ep8q6p3wjWnman:FRmabzoTTnXWA4ur8IC3MWmu
False
C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png 3.09 KB MD5: fe4772f0a560cc3b0c6f2c55141e492f
SHA1: e39f551a80a541d9cb5ea8cacc73600d905ca7ed
SHA256: 5cef1de5e5f43751a993bdaf1b5872fa4d7dea441123921cdd15e89aa5361abc
SSDeep: 96:f+AsuVOZ7AwhtWOk0GrPXuTs2ZBsM8q6p3wjWnmu:2UUZ8YtWOEjZ2mMC3MWmu
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm 108.78 KB MD5: 30c7e6f46c52c2173a8ae3a8f0bdbfbf
SHA1: 1b867674c26179d10f7d8005049bb985d23da2f4
SHA256: fa951439d8ae29b4690acea1b6b95304f2fc5b9a78f595bbea030acc1919a492
SSDeep: 1536:D91REhZgNsQd7xjn5tQZH167d2PEzQVIpkQ8+a1H+YAR6eJTRwRx9Cn/gX8RDtDQ:D97NrkO8LQwRouaJS1RFJAoV
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm 248.44 KB MD5: 8eda6b4890bea6c3ee8db72184f2db4b
SHA1: 43eaacdd339dd496e812355ca17c2277a16c403a
SHA256: bae30fdd9bec0872917d4cca6e99b05281faa418bec0fcf302a9a137d95d5201
SSDeep: 3072:bJIW5Eq1yW0XFHheFuPfIlh0hPDmMX0pTnHqRN2bH:bJIWzyW01HIFm/rmMX0puRN2bH
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm 82.30 KB MD5: ba167861f2dddd3167f6c08d0fb6197d
SHA1: 32247be8ab979720f0e7ea297d47c0e563ad4e79
SHA256: a7100241d2b2c2b698dde54efeb1fc7f65ff9b2ac5bd502daa2f5d4d610f6714
SSDeep: 1536:bXQrpAVgrkDyu9aE0mwOa2ErPl660gQzMuaxg7IdqrCbiPcQSRb8pFOLmSM8I2Ew:b3NasLrGBzkhBsOxk
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm 64.57 KB MD5: b18f5a4bacf2aa664fc68e68674fcbab
SHA1: a90a1590b78b47fe10de174555eec66b4167c5ee
SHA256: 8d5a3d3be5c1705fe13904c27d81d8233fc2bfbaa73c818d1562d4cf156c0fc8
SSDeep: 1536:loV9i109aEMwnZVpEb9fw2OUYxgmF3J5ghwPuZptjJ/CaGFoewY2TXYaQWOaUW8v:loV8mlQWOu8Ox
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm 69.73 KB MD5: 1d87a1bc485d27a63da6c8cad19c1d56
SHA1: a3d968eb8b331358d7cf1f491f35e1ee486c1c9c
SHA256: 3320df682a3b3ceb1ac4e1c8055a39a89e4c3839ded587d8de2c56034cabca30
SSDeep: 1536:jZFqQ996SM4Mz8ds462b5nDfr96X5atDe83KMRoM+Y51DxJr9e0Wlc5bGHkeIJMK:r9r6Mk5cKM9ZGss0
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm 234.76 KB MD5: dbfbad99e993e992fd1d5766f84cfdc9
SHA1: 2884be90201fdd19e1028a36ff4fbebff75bca2b
SHA256: 0330d0522a439c75be1a945f81b6ae1622ce8b0f5d51f62a85e4c85f74c63c8b
SSDeep: 3072:Xts1tpN33vog1Y011RQwAv1dHxuFH02QT+GgqHMtJkQI+jfnhrHMSn:9CtX3Qg1jQwAHHxLnmqstz1HMSn
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm 58.10 KB MD5: 3bca22be2813ca6dc8197d2234bc18ad
SHA1: ac24a5ed7315eafc7055062447a823ae6bee7acb
SHA256: ff64c003dbebdf5fa1b418b4ba4cdd58a58d955d4ed72edb12ac2d30e6186b8c
SSDeep: 1536:sS+/G0cg1JxtaSN/Bo/xftrYHpbA5stZmS0bGMavtHV3hemUsfBsGRWBVPjLsGSP:sSyGALSSzvBdpHZEAp
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm 58.10 KB MD5: 9276acbba9140cd2e754b0f3cc6eb076
SHA1: 41d51ad8d234c40255188bc00e96908f954b9d5d
SHA256: 87bf6bf0193e98925aff190f0e75843effb4cc710937f675b5a0e862d7b80dc6
SSDeep: 1536:rXkFlg1JxtaSN/Bo/xftrYHpbA+rbabGMavtHV3hemUsBK2ChNBVPjLsGSkBWzJY:wkDndRLHT0TVt
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm 69.11 KB MD5: 30e35cb79c82a20b89971c0415f65e18
SHA1: 52e27b11cdbceb6f54cf537dca4901d6bd7fb724
SHA256: ac7f127ee53dfaa5b25dccf9654d48e9f16b362609c217044d6a52597c3e4c51
SSDeep: 1536:PdkFtxV1NILDBgpCCzDWLQq8yOpm2OoEunZh7M0/rFHJY1GWrLwNkSU7A5rf3GkA:P+FLpZFHivSUEVGkp0yWSM95
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm 69.11 KB MD5: 0088953ccee5ea26789af33d0e1a61ab
SHA1: 5d9490d8252bed4f5d32663f945d26b27054a886
SHA256: 89a0e041719a802f36f74d169624468fec142676cb66b6b24f5b947ff2b61d88
SSDeep: 1536:PhaxV1NILDBgpCCzDWLQTCky31rBoEunZh7M0/DhwAGOa8p/GWrLwNkSU7A5rfVa:PgCkKrEw1+BSUEvJfvSME4sb9
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm 62.54 KB MD5: 6dd3f7719ab869fd54ed33e0c888a8cb
SHA1: 4f3dbd305d666384aa0eb8758379ccc70aafd9f4
SHA256: 9f79302a1e22ace8f4b56df5326324da11c4c0d5a3db43105d5ca685bddbde8b
SSDeep: 1536:8jCmzLQFY/TRBm5cMyIYH8fP8qaJntgsK5KQc+IWGx5TIuTEtjHt0Zp15O3Ov2pS:8hVZ5IIOjRntc
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm 70.02 KB MD5: 1f68390550c8611ff338f71dcedb97fd
SHA1: 74edefdbbd8dea8be77bf46fadc79dff94002497
SHA256: bcb719ef7a0e89935c16477315576ce670a4c7792f900ec75c8597e76b30646a
SSDeep: 1536:b387ucHR12we4/B4GW77k0ZAUwvB8D/Z5rbFTjF0VukHBI75WQ97UbTnEsUHNwVJ:bsagMSvB8DnF4q8WHOiW61g
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm 68.69 KB MD5: c1c8a8a5545fd8def07e30cba17bab30
SHA1: ad950c0a0e65e7138cf3d9aacc6bca28bf3ff5ce
SHA256: aca124a1cd2787035070f53c15ce04df92e3f788f18e7bafb89354762664663e
SSDeep: 1536:oF4V06i69uMl7Meo5zpi3ZTTVOCYjNQ51dj8FnyXO/K0ED+AQg/Dj3RwhQWkDlm4:6beEcRPBc1BxM
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm 68.69 KB MD5: fa58422f95e31442b34f6f11ec9a0bc0
SHA1: 182ec87c1714a1302070e896051f29f80561493c
SHA256: 3ce432a57e3714c81fdbfc4afd47926759dd3d505fabedde1296cbd2eb811c22
SSDeep: 1536:016006i69uMl7Meo5zpi3ZTTVObdj8FnyXO/K0ED+AQg/DuTsuQWkDlmcB3/rD+a:bicjBYp66J1ySw
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm 845.30 KB MD5: 894b18ebae05b0ed58421863d222641b
SHA1: 27c19d781dececac65af17329f95b43ca83bfb95
SHA256: b429cc7d840e6914893d6941c67df4ee9d0b90f9b5e728399b08b397009fc934
SSDeep: 12288:w/IQ8jYtE3DKqWCzrpoSn7BmVETr8OyFMKMe:wPvwLL7BmVETr8Ok3b
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm 64.27 KB MD5: 84a6d5b41d41efa2dc2ebcbbba0cbdaa
SHA1: 90486f47591954398d6ede18a18a4df7f1a90ffe
SHA256: 861da5b41e8527f2a70bd2ee9910b167c66d736e7c23cc6eeba1c2228d25390e
SSDeep: 1536:80guaoZlUgjuI4ZQco6L24kpM/1pCdmslDuIIclCHLrAW8lT6gTF/4VUvhWmTzOC:8fZk81a1+QYF7vi
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm 83.52 KB MD5: 026646e397462c553cb7292eecceb4b0
SHA1: 8e0f67997ce33ae196d18f1b5ee16f6515ffc398
SHA256: a8e6b4094262849cd98427af0db58d5ee8bb030dab5e222dd02089270c00d4e5
SSDeep: 1536:16YQSonBFLquTAAEuKddUUjRh0lSNAH0dHeIe9+J4dxfwuCDL5Khzv7B2kHAy9DF:16lSonBS70lim55xIuCDL5KhrdziFMVL
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm 68.78 KB MD5: 9e4415e502c5684104a8d64e11ad3e32
SHA1: 8ce29d05afd054b95f2870e842ce1e7abd0860d3
SHA256: b6ae72eada068a10cd6d617716a3c4dfd9fbd56630e82930c8c2c68fe9983475
SSDeep: 1536:DtbwhLZNJwgSvRY+VxACURGyIkGxF/rFPUUFoBy9XdK1/G0pc+3qxsLGKjCe1jqg:pmU76SKLfGKA+Ahrmt
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm 206.25 KB MD5: c85b0e64f2b424936ace288a8c31172e
SHA1: e0f44c23ebe0eb42e238f9bd4dea6676201e5c01
SHA256: 025fadda291029763f6c32d5d5e5264fcc6d189af6cf1be2641d1165d94bc74d
SSDeep: 1536:lbvvaLr1EDHKHh7I30adXeQdlhVr0SowN8sO8WY1YLK1xkfNM8jJy+nFuRovhiJR:lLP/Xe/w7k2k8UhDpt5+kBP+QS
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm 620.14 KB MD5: 529e861870a9fa9640c5075c2be06129
SHA1: 9f35811f25974b557f7afa3117af91fe265765f4
SHA256: 399b90c794a209d5123efca3ba64430e6c1a0974588f602a2892952f8c46cb10
SSDeep: 6144:Te6ocNz1Bk87w6811mAnpEGFNJfs9ct9zNvwIVrvfu02ZeMKcD:i6VRVA1mAnpdGct9zjrYyK
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm 75.23 KB MD5: 59f91452eb7eff1a7266f1edf731e88d
SHA1: 72d7348cac29d062e00b7211c754a427aee677f8
SHA256: 8f398f84ce69b238d05b189a3685eb8aeef5c3a21c9d94c4b50e8243eddc1570
SSDeep: 1536:+iO2Ec1uEaQ3KN7jhrQUm56AjdMUlhSlMrMQGm0wDleFQfToc7wFtGd0rfVhboVE:DOmzV0Gr292eFQfeVh8O31X
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm 82.88 KB MD5: baad474e2d07aef7d8618bd67398a991
SHA1: 511547001ae332a44bd50ce024e1c1828c77614f
SHA256: 0ebf115db1911149183b0cbcb3cc31f96b355ccce11edf26fd96a0d76bf33ef4
SSDeep: 1536:y5fxZaRnraZuL/wog/Rka/3lliRxIMMQbDvcuaZKz8dgy0O2acfpOqHnX9xAVUMI:Kb9llingDIU2CX5Fcp
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm 66.55 KB MD5: 0579897c1abc3a90ed7bb892b6c22fda
SHA1: 0fa87fa57fb986e61ff98a75f36e9989bd00cc7f
SHA256: df5cf8b319e31a6ee1ac019f87e24343c2fa09da1cfb813adcb3ccecc7a83687
SSDeep: 1536:EGN1AleurzVZJi6kAoABwPKL2bWdAywOZrkKliHmCvZuls/SfuUnHKgyTGdguE38:bceKFHFzi5Q7RwKc0
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm 66.58 KB MD5: 87dd2e1b704c69930802f9fc3c21ef58
SHA1: 8f9f5e6c717461f6d3754a7438e4309793703611
SHA256: af723edc6f39df07ddefa518a0f3d1e0c59cd2c51c4537ff010c192d439bf14f
SSDeep: 1536:jwyvholRTOzJOZVnqR5ybLzCDxVngNvgh7pYqbqB0blWB3gkH+DLY4IXaPTedstB:jaCjb3blWSLUcpra1M
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm 80.82 KB MD5: a36c0299a68f2cc98c8c6cf92b9fc17c
SHA1: 8b3053687a216c6ce4a4091289d6130341ec09bb
SHA256: 1e4e613f9f5bc36654566acff3af449d622a95d94c3717f6c050b092b6c48930
SSDeep: 1536:F+W1I4GuXYZ91wL+lOo4JEVkDZxIeQQJ53WBV+ydFyNoqwCkPJcBAExzPVFpSYU/:5rrDFSwyfpquCBtTHlaD1D3
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm 67.62 KB MD5: 4e9e4fad9e9748c7407b00ac88600118
SHA1: b837266ed4324ee3229b9f95a0a963855be0cf5d
SHA256: 5d39a7e0d959b9202168871bb6b252def019b1b41b51a159bd8b2818b4501a48
SSDeep: 1536:uO39aV9dNUl68w/R5/Vt7WPrlths6VJ2SdOfc684AGNyRX1ZnK5fG18fkCdQrxna:u2Pr/9V+SCdQdnOpM8
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm 70.31 KB MD5: c1e3a5e4481141360428c25bc190db1e
SHA1: 172b65bad9c951b487e060527b5a5b404d62493c
SHA256: e99080387979f80897e411b6a8f505cea1f45f0f9ac87432c6ab7fa81e2f90a8
SSDeep: 1536:ZFI0sEYDhr7UNyJcjNEqhCABOZmfUQ2HX/k8LeDFU2MIkup7s1veGbV9KEr26pt4:UBTdXdir+2BXAQ
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm 77.27 KB MD5: a4c60e5afffcb69a87b3967619153bbc
SHA1: ea041b3c665b4554973df46fde9197aaad9d331b
SHA256: 926346b02813a7023d243f275fc0a46856f843a70c1ef215f101ab28d8c6fd45
SSDeep: 1536:2fDLBq3IPirANA7i9OGQH4EgTeArGxkIkBGnCZxvJefnO65+BZQHV+ECzaqqSTUl:2MH6CkIQplqydWMej8a
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm 278.12 KB MD5: a966d9e220dc9088d891d1e3f3093407
SHA1: a317056d260161f518fd77e1c105ef7b77110881
SHA256: b35a8639d7689ea5efdcf6d70900cfb3abbb623ad34043356ff4d394a3e91f83
SSDeep: 3072:CGKgeLZN204YMXYgciBztpCgLdjLUF4RFdP/T6qnw78iITV:3nvBztjLpLUqxzGoV
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm 80.97 KB MD5: 6901cff2887f88560101f4766ce75006
SHA1: 29b486e1436e67db9838c6818821a035dc998140
SHA256: 8f5954ff795b32d0e018b61f538671684c5f8c6260215e0f300b98010ebb9f8c
SSDeep: 1536:6AQAVcovLMS1M78hIVPWeFI3lWDWcrLWXZ1axIUt1QBXf7qJ9y7a4n7nU1EHXMGt:1Qg/44BP7N3kbQ5
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm 65.53 KB MD5: c6e0a536cbae4de8465166c8a73052ad
SHA1: 48232e17e255f1de426b78f30520bc4955c70054
SHA256: 9d527f454a409e1559896c9da9ecf601fae46a18f7e4c0618e906cf09b8ffb5e
SSDeep: 1536:hSxhY66qaGlT34yU25bRUg2g5HMXNNWEuIQPWZ9F/dOVlFmRQui4owxn7Qkvg6K9:4xhY6z5sdXPQdfFmH5y1F
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm 74.70 KB MD5: b235546da5be659a1498f85dd5334a6e
SHA1: 302462ecb0efc41f52c350f39bdc1a19cfb9c05f
SHA256: ba86eb0d9a175857576901ba5eb4f2c5537fc489b095f02edc2d42d570742b6c
SSDeep: 1536:K7osEG7LZbpV9L9r6whUOzZb+rhSTDtthELrgnCKr/u0ZEXuw/hBo8CaID1WcNpR:KUq9zIVST3/uNvMkJ7W8i
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm 69.67 KB MD5: 3d0d5b940f8fd26422655dd036475360
SHA1: b1662d8ad6ccc9619789612dcc170b74c6f41a03
SHA256: 2a6b89385516921f09d99c983e47634087f2810e50e01d3937530c448fc3a55b
SSDeep: 1536:6c42b+/QYrr8ZcbCZ7wN91HsNp8zWexC/gOZr4LXKiMW3wRmBFAAUD0t6eHuWcha:6c42iWexC/jr4BWcPJbX
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm 249.11 KB MD5: dfb6c33f38d66db7c032fe5592f69765
SHA1: 46ee8a5e43592dcd80e959faff118fe364f9f084
SHA256: 5460b9a9974c1158262f7f09cc450cb9188f793e7e7dbcf1b813f86773f048d4
SSDeep: 3072:K4c2YpZ6AnrJSBH/16eM1DeK9/URVUQ9/M9A6B5e:w2YpbrJSpNCtpUUwU9A+5e
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm 74.30 KB MD5: 3064ed32636b544755a84d34c3f269b7
SHA1: 8baae2887c8fa9b1d5623f3307121332c2cab6e8
SHA256: 642fd66d0c6ec7b80caa1b072bd1cfef23c162871cc9aef5d901d56a3111b36b
SSDeep: 1536:bkYPB37z9dG7GHrOky8O1XhvMSVve8RapF2rJp7wFN7evMXKOh7AaCb9B0JKRpVu:bkqr587+E9XK7wxQ3KH1FTvpVbvc
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm 261.41 KB MD5: c802e02560dd59ba1393e71409932d09
SHA1: 512a75fc6bfe36e985f665386951c096dd52df66
SHA256: f063712dbba32870b9aad10c2fe7a6233fb6dfee52b088ebddb469426504a1f8
SSDeep: 3072:a3auIGn6w5KZtRaazkUwHcjPpN55a1Y2Lk7by3YPYZqW:huD6UJIAHQPp7QOUmyIPYZqW
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm 124.20 KB MD5: 1b2b442b13e64c5015d61831af946ebc
SHA1: 67484735eb2b8e502bfba1178cc4966d39aae206
SHA256: 29263b7684c84226176672165cf2d75f83b0fd45db87753252681cadc76c7531
SSDeep: 1536:9RvVZlnLwlEXxFWezyEtEvk8EK+9OeKoMF8ythtw1elPMkKrqP165gt/oI3wNUFu:9RvVZl3Wq8EK+9OOJgt/lH2ESEt/mGu
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm 144.61 KB MD5: 5f663df20aff6ecd3b12ffb1311c65c3
SHA1: e3e8b9b38503e3dda85a534f00e17b76d281c832
SHA256: b5693f3a9f84593fe1143647852ad100b872536afddf6e3d90678a1c00d6832e
SSDeep: 1536:7fhh6KriyByVFXQkCVabNpwpT0k7dmIIEDQB56VJ7vkSdlbBVfBFC+L2Ri8LBTrA:7fSlAe4dyiXVJFCQ8jZtsM/APz
False
C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm 144.61 KB MD5: 7902bd89f0fd694bbb65187a7301b070
SHA1: 5e2aeecf37bd56f098ea8ba496f44631bd49539f
SHA256: fb73fb3951baca9e3590008696412d21f99d81a3618d619ff2a1f11366150ed1
SSDeep: 1536:3gnWriyBf2CVabNpwpTNCdpDQBBcITmxvkSdlbMZ96/WFQL2RtgjBTr5RkH6HRg6:3gnxdmc7YD2WX65Dg5CnE4
False
C:\Windows10Upgrade\resources\i386\hwexclude.txt 3.14 KB MD5: e75ad74a4a1479540fdbfc8b7b778fcb
SHA1: d85da2bfbb3dedb88d62a9aa7b985ce68d287720
SHA256: 82c9d3c504be91f4a6469a6026e2c91c6bbcd568aafdec15b87d599afff73f22
SSDeep: 96:3vOXaYHXZBm8dSbCrumjbdnut8q6p3wjWnmKi:3vApsYrumjh4C3MWm5
False
C:\Windows10Upgrade\resources\i386\nxquery.inf 2.39 KB MD5: c969d84918b3a5953e52dbfb443bc51e
SHA1: 9f8637ddb7bfa19399bd6f9a510c0ee48824c025
SHA256: e11bd8bce21bd8f0ffce2a34e187e09e1d788078bbf20ff0470d87c3fc6eaaaa
SSDeep: 48:MsuKhansu6btKE7II5zrO7N4Iw533/L3Fh1YznOw3Sp2Fg4X8qCKGDpBVJKgUW1U:MtKont6Rz7BRrO7Xw5H/Zhd2Fg4X8q6E
False
C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml 92.61 KB MD5: e63d74a8442a0ac46e7133e500ee307c
SHA1: d3efb7f990a8c4c3b1edfcd5767abc6ee806f309
SHA256: afa016864191e321ed1d7c8884032e7303640e734b152982a79f65ea3c6f81a7
SSDeep: 768:HjhtR3cmNVKPAkykaUB/WF5ZFJdWr6ftKynUyVyjfBnSIS0XKMarlHmB7TR:D3BcmfHRZ5ZFWriUVbBSVJjlHmB7d
False
C:\Windows10Upgrade\resources\amd64\hwcompat.txt 72.34 KB MD5: 972fb6765af580c1dad460a7960c3789
SHA1: 0d9a33eb58777a4d135ec8748b6175ddb0f720ea
SHA256: 014b1177d8da5ff7f8676dadcc46e582d7870d73f38f2c51e0bce040723aa26f
SSDeep: 768:GJvgQwkZRQEvp+fQAtmlM/jt0nrdhRczKC4x2gk2aW8n/SbEl3Som6tlyIsRt92p:15kQEvwom2PNxDaWeSb50lyl2Gi/
False
C:\Windows10Upgrade\resources\amd64\NXQuery.sys 21.09 KB MD5: 807006c6a8500b2dfbd4302ebb16b611
SHA1: f957a1435a324f60cf58b4ceda79bf4492d3bedb
SHA256: fc60c73b8ac66456e8da036763326876ab4ee5c5d13b12dba0e0e360caf8b100
SSDeep: 384:g11o3akEa4lRpjXYFcGftpBjczTMwWi0aBsKGStkZpCcZp:g112b4vpbYFci+h9B5ApTp
False
C:\Windows10Upgrade\dll1\wdscore.dll 237.12 KB MD5: e9cccb82f907aa97f4c245bde06d3581
SHA1: ac6a9a819eee6f2400a574fcea0918631d7a22a7
SHA256: 6d9e8002ee09259bf13af7f62e69ecb953a5db97cfd8d4d83848a8451eff4144
SSDeep: 6144:mol4FSPYvdmDF5mriiBnGTPeg/Pi4gfG3V:zlhPFFIfNg/Piul
False
C:\Windows10Upgrade\dll1\webservices.dll 936.62 KB MD5: c2e7cfdfb802864d0de58a8a2721ffe0
SHA1: 1abcf1f36bc185e38c3596d7ad78e5b61669f3f3
SHA256: a3b88889c9e95e7569461f5d6feb65b77221eb4e7e914e6db555c002272d39be
SSDeep: 24576:KkWn28zsANjhsmnsv6IOyIvYFc4cWdv37I6:vv+ddx/JvkcK7z
False
C:\Windows10Upgrade\2052\DWINTL20.DLL 116.62 KB MD5: a162760856531f37b5c3e90f07a0fe4a
SHA1: fae3e5f15f86aae690c392cbd6eb7ba75b64eebf
SHA256: 14bafe4edde2a19ae2d01155929b8b8f737d66c97aa8c3b9677b7899a0f376c0
SSDeep: 1536:Y/MPYlpLbeaEoP1/OvntU190Yc88zQyuGGZQcjL+2DpbgLvnO:Y/MPYlptEoP1kt0kEdX+gpsLvnO
False
C:\Users\desktop.ini 1.09 KB MD5: 7c8ec79aafd67905189f086f85e8b281
SHA1: 53463004d1dbc7f548880c984818c89b1fb21391
SHA256: 8801356d0a0116b4fc9d743c5bf41f018e79670b003101be224fe2669d8eaffa
SSDeep: 24:AJpSyCr5UGQzjqw+vpKSsWyL4Qw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ24:AqyCFlQzj8voSst4d8qCKGDpBVJKgUWT
False
C:\Users\Public\Pictures\desktop.ini 1.30 KB MD5: eb90bff9f1e495bd83f15e6992536aa0
SHA1: 9e03d6a63d6d85afecbc3e39f0daa0881e41f295
SHA256: 8f07a298651eb946389abc533c1da42981ce576b969db998575889d9405772c2
SSDeep: 24:/JfaPtbiuIbzXEPpw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhiLNl4:xfatPSSC8qCKGDpBVJKgUW1EcmQ29INC
False
C:\Users\Public\Libraries\desktop.ini 1.09 KB MD5: 1d92f6b28fa79477511c80277e407c48
SHA1: 96586fc64a1bf90f80429eb2af0bb453043d370f
SHA256: 3b1fdee72b6050123365bd941c4ce9b7f3950e26ebb25f43be6c7b4bc2cc8008
SSDeep: 24:E/W9mXw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dhj:9Z8qCKGDpBVJKgUW1EcmQ29j
False
C:\Users\Public\Libraries\RecordedTV.library-ms 1.86 KB MD5: 989314f4a8945b89e83d25fd26c0f338
SHA1: 09f8410d7101f45a0811059ce093b6d052e72785
SHA256: c52113882279223688f93e5e0e89df1efd7f34520f338218a111eb7b1443f472
SSDeep: 48:WNm5WxoGql85m094cpKY2Tf4gI8qCKGDpBVJKgUW1EcmQ29Ze:svmfT84Yi4gI8q6p3wjWnmY
False
C:\Users\Public\Downloads\desktop.ini 1.09 KB MD5: 2be6caa936e4df02a94c512b72d04ad9
SHA1: faac4160583b2d8fea9cdac965df0aff63ead3b0
SHA256: e3edee6c5fe3a955eee2efaf667d842a026a669b36f6295cf8b8f60678d8cf95
SSDeep: 24:R0bbUQWTCsw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhKU:ubbTWI8qCKGDpBVJKgUW1EcmQ29F
False
C:\Users\Public\Documents\desktop.ini 1.20 KB MD5: 7555f2bd91312e6fbc222a47ce1dccbf
SHA1: 4a2e95aadeb8c067af04905e94e73bdbc329fbad
SHA256: e137404848d97bd4198932e49cde63f59b41624b4bdc2f27e52a2ed5d5de9522
SSDeep: 24:6LagkuAj8Qq0MthXw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh/j:X+AgQq0x8qCKGDpBVJKgUW1EcmQ29r
False
C:\Users\Public\Desktop\desktop.ini 1.09 KB MD5: 73d291eda9d5bf134ae9185c2c3a17ee
SHA1: 1866cdf9f4bd45cb967f2e90b4ef815e98597f5c
SHA256: 6601fffd5746a25b9a2fa9357a5fa1d929381e67dfa95403ed7645110c52b545
SSDeep: 24:mm3w59QvUCsmnhw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhT7y6:h3JS8qCKGDpBVJKgUW1EcmQ29T
False
C:\Users\Public\Desktop\Google Chrome.lnk 3.20 KB MD5: 44e81c463b2dd01f62edb164d98f1195
SHA1: 55f6fa402ef4a131de41f52a6112cb7ffb491927
SHA256: c7dd165385b7007b4fa930732c9eab4529fd1799809fa12ba9760168ddb86123
SSDeep: 48:ZpXWSiNngnOV3nfEV89eP3OS2is+vQWGHZsdfMrje8qCKGDpBVJKgUW1EcmQ297q:ff9nOVY+r+25s+Xe8q6p3wjWnmml
False
C:\Users\Public\Desktop\Mozilla Firefox.lnk 1.91 KB MD5: d42f7557218e2d5b2f9609ccb55485e3
SHA1: ecafb9a6bd8513a7dcb4c8e17f925ebf05046e05
SHA256: 2008f4ae9d9029b32938ff10375d3cebf0929d3824cc5240015962dde57746d8
SSDeep: 48:TaAdNkbuHO10bd6emm0v8qCKGDpBVJKgUW1EcmQ29N:TamNsuu1Kbmm0v8q6p3wjWnmd
False
C:\Users\Public\AccountPictures\desktop.ini 1.12 KB MD5: 9589367e4b59125a5a0d6c9a89bc7ded
SHA1: 81c3aa526531bd38cbe06e180d261d93d526689f
SHA256: 50cf098eae9a5b93bce6179a0f9580f09701b51f68353ffcd2f27849798e272f
SSDeep: 24:z8xM/bqheib7LHw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dhvn:z8xMQC8qCKGDpBVJKgUW1EcmQ29vn
False
C:\Users\FD1HVy\ntuser.ini 976 bytes MD5: cb3ae1f8dd080884cec728da0188ff55
SHA1: 9508f8503fa5ab4be72377d126bdc3e036004ed8
SHA256: cbebd0d0c56315ed3029ace210d5c65a2578aad566ce196fc1ffcab7bfe92aa6
SSDeep: 24:ilFgR5Chw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dhjn:E25L8qCKGDpBVJKgUW1EcmQ29z
False
C:\Users\FD1HVy\Videos\457XRRHEeRC4UfGUI.avi 43.57 KB MD5: e687022e2b3d44876fa6540063e347a4
SHA1: 7826a6cebe0b150d2cc1ba574e1ae3f51a8f2026
SHA256: dfffa0e2f73b01042e2a7d1d90926ede2e1ced1ed09f9a977984e8792d97ad93
SSDeep: 768:lytlsZvvGseGer2SDnpK2kJzCsTowizPT85LUn2e9hqt4CPig9gpOAQarT3:+laesA2WnBXPT8tt4hg2pnQsj
False
C:\Users\FD1HVy\Videos\i_9zyxoZSXHlx.avi 89.09 KB MD5: 7038982dab1ca891a2f8bfd297f49c17
SHA1: 22fc5a1a7ac107f9c007e6d6709af82b1aeea3b6
SHA256: bd2c58cbf5e6bc7c77043f9b0cea2744be358fb8c00d7a9f32a07c6ab6cb358a
SSDeep: 1536:s8Ei5s3PD7eQ5fG9qw5SCsmsQs13lMGvxSP8UzvXjOpirUN0q:fEi5yD7B+VSCFsJlteHLrUN0q
False
C:\Users\FD1HVy\Videos\mP h7Lt-\52HiljouxlX.flv 52.52 KB MD5: b16b75e14b9e8cafb03857f4be6d3e05
SHA1: f2acd8b5e1c9eac9595c89c1d17bee9d818579e7
SHA256: 216a815f916650bb0aa38b9a600521b20348d8a4629a3126c2997aae9f9a8a2b
SSDeep: 1536:t0053l0r68P2rwTwVYoyvccm8nTIMP0w+5hqnE/d:eO3lY2rwTwVYoyUcm8nUinE/d
False
C:\Users\FD1HVy\Videos\mP h7Lt-\FI5N.mkv 34.52 KB MD5: 9e7a4b2f183a307158af7c7c5be5d066
SHA1: d0c789681e23c2fe004f62591b5b4149c9deda0c
SHA256: 1be18c9f3b2640785763d4c27f0edfcd1d6a5eeef95367c4d38ecda95aaca0e1
SSDeep: 768:sSOKL+BKO88SisLV/V3jKR5xkL45hshfGOjJjIY/Ty:sSOKaBKOfSp/FSIL5egu
False
C:\Users\FD1HVy\Videos\mP h7Lt-\Gokf5TGMJc_QsIuaMfW.mp4 56.31 KB MD5: 9d340d30bbb0878ed605a768df6e88a9
SHA1: f23264cc6f8a33872f72762566dc6a15fa5bf4b0
SHA256: 95a6aeefba794fa5d6427706586056be9f1d9c2584bff497167b4ac4ebe5f958
SSDeep: 1536:zBm/sdKY8nFeSxCWXXMz8tvMCTuNrpZniWj/WIPCG5Rb3ltT:z4dXnll8z8tvMCTkV57j/DPbT
False
C:\Users\FD1HVy\Videos\mP h7Lt-\_WK_66PMS1WfZEiv.mkv 33.88 KB MD5: 3b95b58742b55bf82d56e345eb5f4790
SHA1: 7ca2c50b441b3c22e1f229b25c163fa2d6cbb716
SHA256: c0f73e3f3719d366cac9d11be8dc02806829269a7bd599e5992c8212c0934d69
SSDeep: 768:vugfEhPtxBEgRq3PpmWk3XytZRiDA0xRLdjN0IxhPTTb:NqVzVROIWkny2ygbX
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\0_w4.flv 74.65 KB MD5: 4165cfedb8e0e70bebba8398b57d8bd5
SHA1: 3d54ec477370e6badabb2d854270e3464ace0842
SHA256: fcc56039c1f4e985abaddbb7d0831052da3f43f760e90295abb40193f55e251f
SSDeep: 1536:lvAn8Cpztk4LJzWDKIhLjUsbUY+xpStsU8yqFnxtkRC5:g8CHLJCDTjnr+xpwsUgFbKC5
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\3s38Gm.avi 86.30 KB MD5: e673a2421efa514fd54f6eebfc5f1feb
SHA1: bd3aba3d129859f7e1c373429b6f42e4a43ccb31
SHA256: cf68ed79ff903f463a4b7c6650da4661ad2d5b91accbd54c7d8be865d848dbf3
SSDeep: 1536:UCe+2M2UCuGjM3sB37wZQF648STj7pMwavLOs5LnzGZtFVT1pEl55TDi7A:Ua2vXBt04Xj7ijvL9nzGZfVIW7A
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\wqxE4PKLcBhEx_-.swf 26.98 KB MD5: e0d1f022f6a6a021c97e532228a253f0
SHA1: 7656d25b71f32521a8833dd5997ad83e060df539
SHA256: 0729cd1a25ce4133777af0de9ed9b3508330257e5dfc20deefe991ce14a2c881
SSDeep: 768:uFZimBn9/cKcTI+v/3ATSLev6ErkHIRE5zQNsTY:k90rpqkHOEpQNss
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\FQEZGWQS0yL.avi 72.06 KB MD5: bc17d7c795610fe3a1d70736b4da7f81
SHA1: 289a76e2f32ef372531d628ed50e4c981f78006d
SHA256: 24bc5e509b64375f4ff7e21635e7ab23553cec5d937fd433e81c693b25b4381f
SSDeep: 1536:Lkzxql3m7AyOIjHPkoUZOsYPZV0di5taVPwNbm1QwbD8TP:LkVqwcNmHPkfYPZV0sQYbmWwbmP
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\qDMrOHgyW.mkv 27.03 KB MD5: 2233eedc5902ba692b61db97d4f3feb3
SHA1: 8a4ae4ebd01d7144a00e2956844778b15458ad42
SHA256: 9d1d23742f3c2068cd4ca534348964b99d2acc4de97967d57b5b4b1164c13971
SSDeep: 768:qM9licMXDH6HkbJikUyKe9WLfZDt0aOH+4vWT7:qM2cMXDaHMJjBULXh3f
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\yMeSugojL-NDXZ.mkv 94.44 KB MD5: 76aafcd65325ad69762005be602def93
SHA1: 679c2559dc291790fc840da8b283fb2ed87e80cd
SHA256: 36b8ea68c15d3b663d767f81888fc05fb9e1e1853d79eb39c297891dc9f0f6b5
SSDeep: 1536:LBqVGuZQQl8xJPmQH/obxD7Yt+rw0H7ZVdx7Fd2rpWCXYDPvbTHupV7UGbpT+OB2:LBj4llUJOQHQJk4bdBXbTK3Vt/uTVkWd
False
C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\9J5o-K5rlPWB-d.avi 5.44 KB MD5: 77acb9903f9a52f8b0d03bf8f486861f
SHA1: b451f2140e433b594cf364272626d6709ed4bb19
SHA256: 982cb482cee89cda97c01c47242b0bf02615b64629e7d708f866a2702a5e017a
SSDeep: 96:N1jm2ss5zL4hSvQqSe3Ep/U9mBh1dMptXqY5xXyYlChx4hkOBgQWC1g+Mt8q6p32:N1ZdL4hUQOk/U9iya+XyYlChWSOBVWCG
False
C:\Users\FD1HVy\Videos\0Jit\bYsS_YlaY9z2LOgk.avi 28.38 KB MD5: f124cdeca55e184af64e23e0d7796809
SHA1: 932603fe8a447511879a4a50c768b663f84e298a
SHA256: a10ff27f41b76262aad9754bacf5ae2691776fe03c7a75d493d1f40a3daf5cd6
SSDeep: 768:/F0PZxWRIrkvDOYtdeIfWXU9PGlniitkxVDKahTv:90GIMDp9OXU9Qnft0tKahT
False
C:\Users\FD1HVy\Videos\0Jit\ka0XqJkvY.flv 58.35 KB MD5: c91cb6d451484d11e9a21873a39c0c02
SHA1: 4029e8fd04cd875e88f9057b607d1fef7fa09847
SHA256: dc3f47c7864dea35f22a05f48209de254000e53dbfdb33ed6fc0711fce049efe
SSDeep: 1536:DvhrnwXcCZCvNpTiQl4GQFpiPwfvVtxzzfEymuCiFQv:lscfvNpl4Z+P03LBmuf2v
False
C:\Users\FD1HVy\Videos\0Jit\we3h9wVdNt2OG8gH.flv 63.00 KB MD5: d92fa36b962d9c01371bf2ceefb2c5d5
SHA1: 2542357d1811e34340044dc5a577e976d571730a
SHA256: 69e58314ac57a707325ef575347663724e0c9f9aeb7455d2d14ea23d9c428a30
SSDeep: 1536:8UpzleDGbCjVNxscPhiszd9QmTPmo0XXUR8s6cn6l6:8UpzYDQCbisNyoMa8sLn6l6
False
C:\Users\FD1HVy\Searches\desktop.ini 1.44 KB MD5: ee95b645ff5bb29c9c03f43a221b607f
SHA1: 548a0049bf40769d3ab8a5aad4d5979143b75712
SHA256: 30f9a342cd5adbdb303b5d9c3f6a357be8ecb6e0bbd0ef7409f56f7492dd05dd
SSDeep: 24:nWmmhvt97bGmX3FNJsbansuwrtoMWWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dl:9uJb/X3FLsbcsuwtoMWL8qCKGDpBVJK7
False
C:\Users\FD1HVy\Searches\Indexed Locations.search-ms 1.17 KB MD5: 0fac0ea82a3cbec4ed342580b9fdafdd
SHA1: ab795053dfe1a4e1360e11427a95213d33ac1764
SHA256: fd79eb761143b0afd9e1f87d01fe9bb19d0b169b6314865be671fe20dd95b245
SSDeep: 24:s3KdEN2QUJ6ZvQlw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhqkZ:syIekZvD8qCKGDpBVJKgUW1EcmQ29v
False
C:\Users\FD1HVy\Pictures\0eHZ_3WhSTBcCzE8.jpg 96.26 KB MD5: 6e60bc8dbb45b6675bcdcbb9d7407b73
SHA1: 4d811e910c803b6f7024fb4fb319afc1aec034fd
SHA256: c0541e0093268c6502cb5a8058771419c07f42af0c42c93a3563b1cf5b22ceae
SSDeep: 3072:pTn7ic69nvg0ZAGhoYnx8zxZ83Pp66NvsaF:p/MnvrLhpYxCr0aF
False
C:\Users\FD1HVy\Pictures\90TDXbBi_nI bB.bmp 95.73 KB MD5: 0ebb5f7dd7b40790905f4c4b84617124
SHA1: 86dd779de3de2443f078b9eb93a808935beadd5e
SHA256: 9272e6050618ff8757efe2c331e0129e53b2f4487e3142dd05b108f45632a9ce
SSDeep: 1536:Rt2qZiRQk71XZwM7htZc9+KcIRpnwtIrqBs5KcH1hyHV8Wx99IyoLGf6AcxO9+:FRkfZhtCM8ytIsxUSV8WxA7Ly6Acx0+
False
C:\Users\FD1HVy\Pictures\desktop.ini 1.42 KB MD5: 37549bc693b6804657d4c018cd0d0bf2
SHA1: c64a2453c3b5e59c74e5cd8b468f65f67875dd9c
SHA256: 914cb20a561a2606ba5086b805567b31daffdb4aa970cad38eb4ab4f06478c24
SSDeep: 24:RPBcf7uoEi0T+FyAqBhrusuJ2cLx6RtiWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ny:Rpcg//KwDRt+8qCKGDpBVJKgUW1EcmQ0
False
C:\Users\FD1HVy\Pictures\e_rAGl109.bmp 61.16 KB MD5: 95039c00b88f4b1fbe8ec8243bddf62f
SHA1: 2f566950aac8da66e1c672e022fcecd9af2eadd2
SHA256: b5221aebc660a7d4228f86fd2214837b4237ef869cbfc51627e86febaded7abe
SSDeep: 1536:EFzMOvZLHnrYRH902bnlBmYEiwI32bnu2tWGszh+Uy:yMmLwH22DlBm432TWGszkUy
False
C:\Users\FD1HVy\Pictures\JCevQv3sR4zWuvdiroaf.png 44.28 KB MD5: 9d83d946d3bb9ddc4cdd4105d2cddf17
SHA1: 2be8b7b3dc3db3ff4028f14fe229e755edde31c3
SHA256: d0af719df05b00e0f1b2bb11e7d06d879b81aacb88bf0067fbcaa01bffe0d22b
SSDeep: 768:PXQlabERYKhJFcU7u8RHzJmgl4VgjKJetrhU04GCynbROpkmjAmzn4CaO+EbvuTC:PA4mZ7u8t8gygeJvGRnkppAgxD+EDuW
False
C:\Users\FD1HVy\Pictures\JQTgE9tvFrhK2 G1Dls.bmp 62.38 KB MD5: ae807f9e374d425631d4f15f49f79703
SHA1: 8eab2311a57b747684a8a2b7a6e38bfa88afdd50
SHA256: d281c3fcc8ae67fd547ec399c7aa27b52533cfa6187e6b5cd94f328c14cc1759
SSDeep: 1536:SM7w+W5VIEC+DfABqRj7Yga3PXf7C9X2u31N:SpVI7+DYBEjsDff0X2QN
False
C:\Users\FD1HVy\Pictures\jUIAgiN6w3v.gif 29.22 KB MD5: a41c35cfdcdfdc7158d82ed0e340d7b7
SHA1: 91ee434c76ddbb597810b9afa9bf0a32addebe6f
SHA256: 9150e7be5260883db209407b6e86896f57696ec0d3017061131f6488de531e4a
SSDeep: 768:mcRlZWrwFpOKKFaw5c8vJVcJsdf9cbHHskVhOcAKY848cCfQZTzdsTc:mcHIryMnUw2QDcJsdfNkU6utCfuqY
False
C:\Users\FD1HVy\Pictures\l1nWbEX73V5RO.png 30.58 KB MD5: f6595893361f1001385ed618e99cf429
SHA1: 7e79541d56da33d16cd2246e3b9fe35dc46d35e3
SHA256: 1f1294d51058bcd9aee7a88bd8d404d69bdec6d02c0927ccc570e59166c4a1d3
SSDeep: 768:vCvJ04OCbwXi4bJNb6/6BBlyON2v/z8ynLGc2VZm0WiTk:eiSbwXiO6iBBly99LGcIm0WiY
False
C:\Users\FD1HVy\Pictures\MlQJ8yCmxq5jsR.gif 81.22 KB MD5: fdb90b54920e0d50fafd9efd6e36c791
SHA1: 2e2a8d98a4045ddd3a289c3dc7ead52027d5807e
SHA256: ce8364ecdc63bc62bd79d94cc7424195ccc1aed4306a1041cce8863ff5786807
SSDeep: 1536:dbchR6j7jVLCQdCLwRCpCcC84NJqGTFuB3YNg6bCDU8xSs9:tcD1hwRCpC2V+FMY2ovs9
False
C:\Users\FD1HVy\Pictures\n kdsPg6tJT4a99pz.jpg 69.41 KB MD5: 265cb42e1fd90666755e86d699f30250
SHA1: 3349bf9719ce2c6b7c8d8282f3c6b7505e9cdca9
SHA256: 6a22fae3118fa1162267f5a19adb3ff4d2cdd937876a55d329bb85c93fca36cd
SSDeep: 1536:NilEXmCBnlJ+x2344n6Vsih2QQG98OO+kP5GdRCJpC:VJL344n6uicA98OO+NSJpC
False
C:\Users\FD1HVy\Pictures\N8Pzx.png 57.23 KB MD5: 10afa2f57888efb37a3e9af663af093e
SHA1: 9edcfff861c5e3541791deb4aee2ede5e8b669ed
SHA256: e3eedc3d34ad20f5696fee698658a9424e0cb802a7efae08faf027dd3d2099f5
SSDeep: 768:gukAx6Il3XMXzYmWXgsGD/nTaJp3yTeSU3q5hzlRs73Cmo3YyjCqfJMuVxfD1vEl:gpAxR0Wiyn3CzLoyL2uTfDxqpH7Szot
False
C:\Users\FD1HVy\Pictures\p_yVA4jYCd-zL DX.bmp 14.09 KB MD5: 13cf658bf91f5253e03df9964bb50fe3
SHA1: 956fe28cfa4e41b778041d4ad123ab4caf0925e5
SHA256: c493725f5df204a748b3c3c81bc6704184876fb43c6ee30c0208a656f46b3a1a
SSDeep: 384:vGgEz7Oaf7UX9eLED6xNack5MBZDF9af6zCcZD:urj8nMNack5MB5jTD
False
C:\Users\FD1HVy\Pictures\rv8WAxpJ6.png 59.31 KB MD5: 8fbb15564a771ae5ee518e723f870b30
SHA1: c64c0b688452ce22edd175d30e228e76dcd099a0
SHA256: 7301b369c6d0c935486b7ad0f36470961f08486f89c192955af18b05dbab6b14
SSDeep: 1536:2MhDeme1aMsrKZLQGo8gBv32Kct5OQp+fakMq+poSCLkm:RDeme1/ucLZo8g53/ctURaHqAoZkm
False
C:\Users\FD1HVy\Pictures\ucDmOcTieCLOpWpKJX.gif 40.05 KB MD5: 837eacdd2e8441853daeb34afb552046
SHA1: 29ab9442a38c4507a9624bc1ce4f9c0bc9ec173d
SHA256: 5e95ddc354f89bbe1625de9acebeaa025a3a07f871304f3ba4d627dafa46546f
SSDeep: 768:xyFb/LwI3pvuqM3BcU+1wUStAYsgkt7HSwHaX5RyHTCKTK:IeApuV+1zIkRP6eHTCKW
False
C:\Users\FD1HVy\Pictures\uqUo.gif 69.30 KB MD5: 26da6e099bf77cc84b63b25cf5ede17f
SHA1: c993a8d5f9adf3f5fc8785d1a724a89f47ec546c
SHA256: bf9b8e7381985b0788f880572ca6090ef7648591563be0cdd29e97b5e9d8d9ff
SSDeep: 1536:Rp6d1YTV1iYRaofPyqvABjr9hk8cpOXzguFTmg/rU9iRAEpHA4h5X:KvYB1f42hvA9rrxDgUmg/YARAyHAUX
False
C:\Users\FD1HVy\Pictures\WgAe-lk.bmp 65.70 KB MD5: eb31997cde111624645db6e7cd6f3ef8
SHA1: 84e919846f273610313d7974f2996511c764fb51
SHA256: 21dfa9b95b936fa3b39b1b719152fe17ff9376c8e4c11cfb87e003e55a7b057a
SSDeep: 1536:2kB076y2pbNkqLjLAQ0nJ6DIzCUsZLG7whoe8yfjB57Ls:2J7StNkUHDDYL7yv7Ls
False
C:\Users\FD1HVy\Pictures\Xwj8aUsr5KISbCH.gif 96.60 KB MD5: 3f835b2f4650b24e925aef11080998a0
SHA1: 07d7bac945256cdd538520c7345c21609f5adec9
SHA256: 04447198ff6bcd695c111d5b4138c5cc2991b6344eed513095fd884cfd58d105
SSDeep: 1536:qNxBH769PuuLkyxNbdCPK+Govu/YRIhtPswNWsrYtiR3mKvIjK8fi8lIvgr5OzKi:YQHj4fGuPmEMWqhvQjLl3r5OzKpYIVzq
False
C:\Users\FD1HVy\Pictures\YAi 7SSuqQL.gif 63.42 KB MD5: e53cd03e1cbaa3e7e6aebe9ff89919a7
SHA1: c8bda77e5c7ff9e7ff8fb44c570099dd21cc4c28
SHA256: 84cc406e7ef625869ca67d7b8bfad117abca2919ecc95e164431f90721fdd12d
SSDeep: 1536:yMFbAuWIAa/VebdTV4xfcr26QqX0+TV+q/c6mqilFaGsGmPOHU:DARIp/oxx4Vcr26QRo+h6PilEGsMU
False
C:\Users\FD1HVy\Music\desktop.ini 1.42 KB MD5: 1bdab89e9d6cb69ae785f721be5f66f5
SHA1: acfd409f26940d38c6b8e88c4120b5f0af99a395
SHA256: ea6f57fecb9fc46dc38cce06cdc767814300dcf3154ab299d575af91a370b314
SSDeep: 24:bEccRCnPrrUQp/KHg2BjDetSKWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2O:bEchPk80g4jDgZ8qCKGDpBVJKgUW1Ec1
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\F47mcjmxOLj.mp3 44.23 KB MD5: 618fd7f9a764e8ad4bdbc73424f02467
SHA1: 5a22fa8144c013a487ee1ad0578cf9debfde1c86
SHA256: 033654b818bdc5e8dce39d3eea9de454e2262e9fdca13e30e5a0fa6f47c4a398
SSDeep: 768:ygCRngRIMZ3HLWMua7t2qh0YhQxSHel9JxjS69MuYokyKz01ePp5sIPjTx:dCpo/Hbx7t1+SHel9vjd9MVPz01K55j9
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ocv58-qJyi.wav 80.00 KB MD5: d1c53de01c18781e3ab1af7e9e5561d1
SHA1: 92af0d318ed89925b365e0636420dbcdabe0bd9b
SHA256: a68be4db6d5e85df26a54cd1a2762311e791d5ffd81154e73372197b61939bfe
SSDeep: 1536:d+f+NG/sO5xjbsE8BhUa/7jK8lbeilgPaS38r/JBy00rRZZQDIauJQNM:I2N8559bq/Dllg338zJBy00BQ8auMM
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\xoEix01H8r8Gb.mp3 17.47 KB MD5: 033cf98b255041c4cae6bed4fa2c5f27
SHA1: 0930547c18750b6c250c3630021d72c85c3400a2
SHA256: a1ea88095735a4fb9c4bec88c9ee0899ea5a2fd6c1d3695de8fb08a0dc30ae26
SSDeep: 384:zw/aXS3dR9ew9KD9vCEzV+kAzcyLFb+OeJBX7z4cQTjNiCCcZs:VS39ezvCvzcyJqDz4cQ9jTs
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\yGlGNTCmxEmW-X_p.mp3 78.59 KB MD5: 5061d84b089a1aae89e1eca7fdf1de1a
SHA1: 866bf045bda5f611a12f516ffb6464a9c00aa50d
SHA256: 0f66411b9e0cf86c414c01e1fc75a2f5807dbef20a4e9453d5c9abb36c28d5a9
SSDeep: 1536:9wHce5SGyRaltHtcdYQl54Vy0mI5lgxAW/T/h8b5eyPtPLeONc4IsjC64mKQucMC:CH1S9YtHtHw4VyxpAW/FXQ5Ism64Tcbt
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\GIbA_.m4a 61.86 KB MD5: e879a2a37b9cfa43e5434d0786d1f37b
SHA1: 80e56feb4166575e11cf4834534f68a116584ec3
SHA256: fad35afd3db0ec9d6561f0ee48f69d5fd4edf265077a5f850585205e31afb616
SSDeep: 1536:EOJwLWFcCuFQFHN1QGFCYfZJkPR2xGOeIXei/:EOegcCuedT5IhPUTvt/
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\wdaj18HGC2anUg.mp3 55.25 KB MD5: 5d6280e46e1388e9cc7275674df70e6f
SHA1: 8060ef5a973f27e670fbb19f2baa0119aec2bc3d
SHA256: c0d12ecaa8d16e206ef3b8a8ea1ef373d68222b35d5c3c12b97494016ed81564
SSDeep: 1536:VpYUGzlMR9HEh+oO59kIHJXu3x33wOpiplTNo:ElzmHkGa8QBAlTNo
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\3yMQVi4Ib7NBzSV.m4a 86.38 KB MD5: 336906e8ae6cedb43119647fd5b0b326
SHA1: 9dbceddba95e9cfd94f40224f11fc41b76a99725
SHA256: b7bfd6938fea73dd41f09e2bf72ec10802386588a52fa6b6a3439420166997eb
SSDeep: 1536:O62cRvdWc8/UDh+U4TwipGHwb3RZiMcqlA8MH2+2lK2fhpLW8:Ov2vUV/UDPjUGQbeUl5M0zE8
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\M8 ByX8vq.m4a 73.50 KB MD5: e54f266cb32d5d6b8d49ff99afb3a970
SHA1: e1cd12ed12228a0d2ddd203ebe8245257c1464d5
SHA256: dd415b111469734eedf48f76a826ac5d558ca17b6e791507ebad7af5a4cba005
SSDeep: 1536:HS4E6jd6juNAV6gl7QuwBSOMtwZNIEWtP38NGB41LEfaDHKztg:y4fYjH1l7QuwvxnmEs2LELztg
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\QRuixFGCDWAncl5AbmZ.wav 27.28 KB MD5: 93daa17b729049c64452985a38a88650
SHA1: 3c7bf78073d4b737f2840429aea9966b31343f8e
SHA256: 873e36e1ce3492dcaf447e4f5f01eb2d33f2604c366f09d78c3df281192625cf
SSDeep: 768:9G+F046kZyOnI7Qp+T3muBSCm2X3erkt7oTt:97bZV6WuY2XZFop
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\uY5_Z 6FH.wav 96.39 KB MD5: 594c9dbcfc34f64f31bef8563f87f4c2
SHA1: c5b97770ae9766250429900b5f9c3433625cc984
SHA256: da55ad79a034d4a3984b38fdfc8b3eba37ee06b8d87b36409d15c85b7577ce5e
SSDeep: 1536:/qsj5k5Qc+ZQYIhzERlhFfpq9IA/vcKU5w08T45sGqUI78Qmf/jfef44C3gdE:/wOcpV+/5AHB0goaUE8Q0y23AE
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\v9-kpgHfycaPisG2zG.m4a 11.93 KB MD5: 73c74b076969f65e09371b12917e828a
SHA1: e6e9e0be8b2635aa65cfdadca956213f659ded5a
SHA256: b1e7d7f2b566f62581c6fd893fb1ea8e827f504cc1b99fde3bfac3818cc5c623
SSDeep: 192:eM2YEND1AtWbNKAW2FFRoWEdNj0nvSrlaAmbldOtgTbFh0bJL2mkfs8pT88LuUmk:eM9MgWxKA1FFWWGNSWKmtQ8TkfsJUmF6
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Deupb3VmhF.wav 75.39 KB MD5: 3c26b558af2c6ad8858663165ba24175
SHA1: b0dd19dcb12311268a83c08feb8caf012e71369b
SHA256: 96b20188d5d8804149a408f57305673f4079aa8f01371fc58ff42713e5b51c59
SSDeep: 1536:5aan8JWeNO1qU3KY6jeThf797KtLAKsYeiB4Rn62fe/0kYL+f+eW0:AanQIqU3J6STpJKtszWS6GkI+GX0
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\JW0rnE-6Xut0CIcI.wav 74.16 KB MD5: 7488c01421ea16356fdc718a4d3c7cef
SHA1: 17649f7ee7e5b5774717629607932eeab6335d34
SHA256: 000ef3b60ba61e925b90cf317a79deb6e6904ca48ade586e13cbeb929b9af4e1
SSDeep: 1536:iid6rBkQvexSu1ZvYwjIGSSIwSOcTt+O5VXVQ:ii8zWhbZI9R/LXVQ
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\mj8IN.m4a 13.54 KB MD5: ca5879793b5531a2335a0a51a0aa6154
SHA1: bd2b81c30c7e219a207f0bdb56d2be70f21ee8d4
SHA256: 4a214ace761c13518a75c991562c32fa2c73b63c8c67f13702f8d41ef0cfedda
SSDeep: 384:PUpskHehUIc4wSE/lmk9yj8zZ1bP7TCcZs:38e+5X/lmk9yj8zTTs
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\s8HsO.m4a 35.80 KB MD5: 01e4f3858a45b3107568669b53eb7a57
SHA1: 71edfb749a30f5bad3d368a5aa5410c393cc2434
SHA256: 77d87166783968c9dae3926da29e7c5cba3ab15c794852496c1799852280b8d1
SSDeep: 768:XbpkjYl1m5fFan+ndLF67qupB6gm6wR871WfCdmyqb7SINc/mvtTe:S9f7nYwR85Woq7SIC/8t6
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\uznHK8YoJt.m4a 70.94 KB MD5: 948d2213ed2e130e6d10a3ba57577aad
SHA1: e2919b3d445174138612959c0e00303bfa9a6220
SHA256: 2a871363d98d733eef85784a9b3a2449b69ce80e8f7abf4d6619989f8f460fa7
SSDeep: 1536:YBLhvscji4HpSA/SoMWP0Jg3fhhdLTDF2V9mSFL5lYooaLbHxy:+1EcjT1P0Jg3BLPF2HDFll2aRy
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\KmPQcO2v E2UpcJS9.wav 50.48 KB MD5: dd7018b014c7aff5055d45eba388252a
SHA1: 2954206320c1a0a0223491a2ae40c7e0feef1165
SHA256: b2c58c5ca77504232108fb839385bb0b67dc49479b4031471733c244818c184a
SSDeep: 1536:+97rLEjG/GuNCcb2fDIZw4d6E7WYOiv5g1:+SqaEwix81
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\SjE dCES6E76kFP2AXnm.m4a 4.47 KB MD5: e1060cfbd6f280eb51e54ec59678d407
SHA1: dfcc5f4dc0db3d419e03c95dc00f52d19e70a0db
SHA256: 887a5fd7e90438b0565ffbf56be23ef7fca2f9b73d6f03901b38da134bce0052
SSDeep: 96:QRz4DsE5miFfW5+ykC+IxyXM5FPvDadprSZk6kH8q6p3wjWnml:iPE5hw+tC92MrP7aS2HC3MWml
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\w3H2 yJco0KHxo9cfC.m4a 70.06 KB MD5: af28a5bbf90dbe617a633cf1e986ac3f
SHA1: 6cf912abfe0cff573f524fc145b99ff4ec9ba491
SHA256: a6d1cc3bb22eb022d9ab38caf8a29cb6d5b3271f61d0fbfe849240685b2d5f82
SSDeep: 1536:O5P8+E+DXbqx+uUdc8IpRX4yRk7aQ+Tj9lWlSoESvPXw90Jg:wk+FXbS+ucc7pRo573oP7oESvfoog
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\PR3ENDw94r3DF0R.mp3 92.28 KB MD5: 919be814a99935779df46a01fec31770
SHA1: ac1aa8e5581c23cd6601dd71d452f4f0094415f5
SHA256: a0c9f105f6bc90c4912e0ff96a770ffd295fc4a396d0e84f89f4bf18ea46f6a3
SSDeep: 1536:qS4QjHJTEOCEA+KRacRww21EEEy6YDYG68JCCcd/YpdVYlzg7uludB5NKRa:qTQ1CQ8FmZ1236CCi/YpdVgz2dlKRa
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\Z0sB.mp3 10.45 KB MD5: 742cfd2de979a47ae8721c61175d99e2
SHA1: 0207a4bdb8bf8ac4b83ecc89b45873e159382c6e
SHA256: 73541180ebd070726bad303609e6ebba88ac3fca82a5c78fc1c9f292d7ccd90d
SSDeep: 192:E9SJ++Bc9mnzs5UftyC1ikd4BjEhnPom1sBGtmPIEHC3MWmh:E0RBckQC1dOJ0PDsYtmwKCcZh
False
C:\Windows10Upgrade\appraiserxp.dll 450.12 KB MD5: c892cfd45f82b5e743d57655eba752fa
SHA1: 1e9dd747e8a2b395006a99eaf578af5b8aae09be
SHA256: 1f42bae75ef96fcc9359800933adc64de5985cafb45ee366de8450e4ca629c53
SSDeep: 12288:gn0YMonEzfC0FBRnz8NPlV3GD+yJxc+sD:4nETb8ZlV39y4lD
False
C:\Windows10Upgrade\bootsect.exe 116.62 KB MD5: 2daf2266e29dccb04a8342990bc2e67f
SHA1: 4815ee7136053270e42adb53a157235787d2139f
SHA256: c9d15b7eeaf2195f320f050c286093d834b7a73a4b13265eae49768dc13e377a
SSDeep: 1536:PT1NnmQ5v/85tzFW238G50/FV/kqcuYQejeyugJu+5TkBaAebDDe:bjn1ytj38G5zUdYw+5Trpze
False
C:\Windows10Upgrade\Configuration.ini 1.14 KB MD5: fba3d22937c5f7c5342b8bb4f629543b
SHA1: 309ad59d5874ae2be2e3622db59a5c438178c366
SHA256: 21a00c3a4c32117701bb423b19c071bd1c296277a146fef3d71720cbecda67fe
SSDeep: 24:tbQCjWRsxQHZbSTqw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhyI:1j0JCv8qCKGDpBVJKgUW1EcmQ29yI
False
C:\Windows10Upgrade\downloader.dll 202.62 KB MD5: 3e452377da5409ebd7fb25abdd0b7571
SHA1: 7d0d82f636ed02292b2cc0e33d022b09de75bd05
SHA256: 9bc86bff7dac1926488839ff43fdfd6038f8a1012920d8051d2808272d2ee2d4
SSDeep: 6144:YnGy+KzqGxDR479tUrb0m7DdITHBFUsjFaXAwl7L4:Y82i79tTmfq3UgFav6
False
C:\Windows10Upgrade\DW20.EXE 629.62 KB MD5: 69c7a2c5d202debf4aa7a73acb33099b
SHA1: 25fd2c215f9835a4ea08b6412d7de458a6d89a05
SHA256: bf9896e9d773c7fc42f2c476a48f37232293ea13fc3a14a2f9c4755a41387728
SSDeep: 12288:ouPi1dJIB3/F9/XGzxTkqF6t7PNV0SmiqUSHrSzXdccZV+d0Wl8PFe5O/QMVm:tPi1dJIB3t94Yt7XmSySRZZV+d0a8Ps1
False
C:\Windows10Upgrade\ESDHelper.dll 68.12 KB MD5: 66aca133fca1f820272e9c914f632af3
SHA1: b2140ac79dba1f11d0256e52bc6cb47c52230231
SHA256: 9be1891ee5f7ba7e495fb9f372b3773d20e2a2903bafd3b5d569ae31df08e1b5
SSDeep: 1536:rHwqfvXug5lSaI3ighp/FezVv05Zl+WZHbW0K:Liaci0tezOLHHJK
False
C:\Windows10Upgrade\GetCurrentDeploy.dll 528.12 KB MD5: 0f5c582d7eb001ea95678ba69bc0e7ac
SHA1: 344e9407152d49e5d57f697c4cd75f070794e4cb
SHA256: 86a63c714cc780629ed46e4904c08f0be5e07e5f03bcc8993ccdd91895f7ef13
SSDeep: 12288:9ncDbSwkR7RjPLdQjp5v+/SRF+xU5IaFF:RcDeV79hWL+KRF+xUJFF
False
C:\Windows10Upgrade\GetCurrentOOBE.dll 141.62 KB MD5: 570a7d4ba4b11107e264155b28a2841a
SHA1: b050e0513e801d5e8ce45daad0eb0d231be477a6
SHA256: e1844983b2fa1cae2474fcdad5361b4d092249879b3847761316b1c3623a6836
SSDeep: 3072:tsuWjpPR4CJOvjRM4nnkhSEt+jjdQUSArLHdmC2ZrLL:t0Etnk4juW0ZrLL
False
C:\Windows10Upgrade\GetCurrentRollback.EXE 72.62 KB MD5: 2ad3951c513c35c5868d4dd6c43461f8
SHA1: 0ff90e7093bce433c0a3f6110dee3960935faa66
SHA256: 9f1cdcbdc846fdc69f3fb6ba9ab729c2fa38b4a408683ee99883b74a78a2523b
SSDeep: 1536:zL8xabE+F0Zc2AGQg/F8Km/U3f/W7BrPdrH89H:PI+eZc2AW98jU3fu7BUH
False
C:\Windows10Upgrade\PostOOBEScript.cmd 1.50 KB MD5: 36d77d2e5156edce03a37608e060ef87
SHA1: eda70cb3fc2d8b0fcac71d3b137810d8e96311fe
SHA256: 7a9bb33e92dc381c0e4667ed203024ea11f00deef032a9bbfb80586916dde5c0
SSDeep: 24:SpsKpIpWwT1NFZz40M2uIaB17NG63792rWw+7q7OKGE+p2maz2vL1KlGcAGT5k1E:SGpWu1nZM0M2unzRG6UrL8qCKGDpBVJI
False
C:\Windows10Upgrade\upgrader_default.log 245.25 KB MD5: 07bd0b4327d5b0b6a7c5c74cd37574b5
SHA1: 8510b5d111107943dbac1425570ff94f1aa3d220
SHA256: 507bb7c34e6011e3aa858c529195a7ee22045760235af86f97094be50e8a53ca
SSDeep: 3072:BaIkw2nsFw3kwGzaQ5tm6kcLeL2/CKQnueRgmw5NoT1To3vRvYpu:15a3UQueRF+NQ+vlYpu
False
C:\Windows10Upgrade\windlp.dll 895.12 KB MD5: 9ee726b9fe092218c54f59052d50b45a
SHA1: 6b2cf49a6783598eb232f78042a0ed824a2aa15c
SHA256: 6138ed7becfad9c70aa15c6f96c7a70f196cab3356356dbbe6e884cf471741be
SSDeep: 24576:gv4tlOpdxLuXzBbYWhPQlABDys3Tl9wInxsYPh+nW:gv4jOpuXnB+qwIr0W
False
C:\Windows10Upgrade\resources\hwcompatShared.txt 806.95 KB MD5: 49b12d6908c4e533247cf31f10454725
SHA1: 4b24400dc524483cd699f865c773afb93f0663f9
SHA256: 7310d3593a90e5979c24bed45cdcf7d9517bcc9586b47d0a359fd0ff2afec1e9
SSDeep: 12288:NtKt85AkByFVbSbuhrlCqgh8H61H17SQbkq4fH405CLO:NA851By2SrlXmH17So4A05l
False
C:\Windows10Upgrade\resources\ux\default.css 6.56 KB MD5: a8a1df1a8347352fb83593f995de0f12
SHA1: 8106b36bc26789ed7c2ce9a48a75c31c186933f9
SHA256: d6c1cba220e0af92a23544906a991d8b1125279207b5de3ce1a0e28e73048da8
SSDeep: 192:+dCS5U+Q9FVA9zdhvVMEloJ5jpu4Uoqf3gM/yKfRxC3MWmG:+dd5U+Qe9JBVubUpoQfzCcZG
False
C:\Windows10Upgrade\resources\ux\loading.gif 17.92 KB MD5: ce282801de6eafec9cad924604fba035
SHA1: a812fd7bc63ac851fb2cb8bcf56881b82acfaf00
SHA256: 003e81a0575d59b7b65c4330466a208d49279d6f15574004c9a5743d759c8dff
SSDeep: 384:CipR5KNIvA19yHK+T609+7WXg75BWRtH/Wsw/sjgmedGTdCcZ3:ppR5KNIYSK0z9+7WE23wr7qdT3
False
C:\Windows10Upgrade\resources\ux\logo.png 3.48 KB MD5: 7e59468176a54134c6d8895b99a634f3
SHA1: 74d84c49a4b413ced4a2aa6789275f3fb7a2c778
SHA256: 68bab5b79130e799d0264fcd8f07bbf1c28f1286df608286daf734446f6a0f28
SSDeep: 96:XgfgJriUbZUDV3npimsTOxo5Kbi3wZX8q6p3wjWnmz:waFUx3pcTOxo5KbiMXC3MWmz
False
C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht 608.43 KB MD5: 03c182aa6b04ed5823a3db6dc3f7a314
SHA1: 6bae57001faa6163cf805e18d6f6644dcdcb554d
SHA256: 02c907c20ab771a2900d9640469381ca32f7a10274e1aa305445de882f55f087
SSDeep: 6144:t2GT5nF+Rkl/bz0tRNsB7J1NESCtpec3xo6Tbu/rmDEAw1beh6B4Oi0vJTciVa3C:NskxvCMJ1NbcBHuTmxwgaYoKXePka1Z
False
C:\Windows10Upgrade\resources\ux\pass.png 2.70 KB MD5: 744d42d1f70a1a8396b46cf59f995876
SHA1: c9e8f07b439646dadd45819f3f87e7926612646b
SHA256: ea2429690162a4b413b1e3b9b8c63eea825a438be48fb531adc8fa706da8583d
SSDeep: 48:6ICd6zdjayzUpjv02UjZ70btOSJEUL88qCKGDpBVJKgUW1EcmQ298C:665jayzUa2UjZ70btOUL88q6p3wjWnm9
False
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css 40.92 KB MD5: 3d5a275033091b6e2a1ee8d8f3cbd89b
SHA1: f538a5d8cc0324a264c5b476aa51e57b821197db
SHA256: 083e94bf82823907def1977d2cbce8f61623a37412ccf5ecb9c254988feb2e5f
SSDeep: 768:fuhUm+tc1Tsolo/9t7n2eBvgrLapOnR1X41T/:7tAHlsL7vaz1o1L
False
C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css 263.78 KB MD5: 0d64abdcc6e3e726b79708106625617c
SHA1: c45eecf4d41b77e3a663a06ebbf933987fd526f1
SHA256: 1513835b2bb8edd2cff7560e68cb9fdebc15faddc6f6c3e22fcd42e1e4f43062
SSDeep: 6144:s8qxX6vasS7fd4GDLxXFCr1kvLr7HDYjwB6:dasK4ijyR
False
C:\Windows10Upgrade\resources\i386\BiosBlocks.xml 90.42 KB MD5: 050a4cdf97c2b43173342f689aa9a9da
SHA1: 7d752963b78efd2b90561a8ba13ea3aeff35924c
SHA256: 4eae805412221ed5646ef2a204dc198e64b27a5112a96ce558d9945cc9bfc0e6
SSDeep: 1536:wRvAnr1FcD7LzRDhPurpjrpKP1Gt5abdTgLV:wRYnr1efLzOfodrbJgLV
False
C:\Windows10Upgrade\resources\i386\hwcompat.txt 17.05 KB MD5: 264faa97d56b9d2842625a2d6f8d34da
SHA1: 37d9007101e3def6942fc855293520f45aedc0ca
SHA256: 8380e386572a992bcd192bea9170700313bdebbeac6cf40ea80dc3d8d89fe8c3
SSDeep: 384:R0lUgPxgFsW+wRxkS7EWkKT0ukWC+EsRNQW+ClmCcZJ:R0lxSsXwRxkS7bT0uND1N7+CATJ
False
C:\Windows10Upgrade\resources\i386\nxquery.cat 10.55 KB MD5: 50b7c99d32816d8dadb7b5e023903cd6
SHA1: d2344cec061982f9d6ed91cb6821a9c831971c35
SHA256: 40cc9b1666d00ea89d9e548961fa2c0a2b2ca5180ebff994ed61fe03db4c1256
SSDeep: 192:7GnwJNmE7PQyoAxWx+WFm+Uq1GN/R9fmZLo2oB82voCDOwpL7W+Kd0C3MWmN:7GnyMF7x+C4GGj9fEeToQOwpL7mqCcZN
False
C:\Windows10Upgrade\resources\i386\NXQuery.sys 20.59 KB MD5: 91eb3b53e68c548b6e05bab0bce30b76
SHA1: 1c3d6817731bb453bef8027394ef0944b7c7fb51
SHA256: 2fa25de010048c209c91ac69fb1db0e49f12bba231a11c24d6b86c21b88f4a6a
SSDeep: 384:+7venVuCKOzR0/ewWhDSk6nHpBjQ9aFwWEFkEQkTNFoSe4oLI2CcZE:+inVZoYhBWa9BGxTjtLI2TE
False
C:\Windows10Upgrade\resources\amd64\hwexclude.txt 3.19 KB MD5: 676860ef2310c243a0e5c883cdf444d7
SHA1: ada1b1a86f4aa1a531f9cef8ec6a9e3866497118
SHA256: b6d33b4c5a7ce79253f1ade435a5addb878cac5cc8dd2403bed747c5b9e90173
SSDeep: 96:o7bBkrFO8S0/5TZwOAb6JgUHlpx98q6p3wjWnmc:yWrE8X/5anilpx9C3MWmc
False
C:\Windows10Upgrade\resources\amd64\nxquery.cat 10.60 KB MD5: 60a79c7271f6712cf40f1f0390bfaf7d
SHA1: 233feeb9c4875426dec85d470388194f54d1d67d
SHA256: d0e7fea1a94c7651eb6a07f63aba2228dd712dae673b36045ca5540c838dd947
SSDeep: 192:hwJnwSAmHLcS8drHq3O90hR4opsVkfaEI5y4pAmzHRA179eddYC3MWmF:YP3leNlVYaEL4pAmzHRAvfCcZF
False
C:\Windows10Upgrade\resources\amd64\nxquery.inf 2.39 KB MD5: dd252233dbef81447952abe8fe06486c
SHA1: ddb01e09f83a99808e2e7e9fefa0108bf565837d
SHA256: 21ebefc02692c4b4984bc47f49c17ac4ac2aa968602cb323c16f252205597f96
SSDeep: 48:yFYb43fVhFts1cj05QKAoOLYHbec8qCKGDpBVJKgUW1EcmQ29YTJp:yFTflo5+YHqc8q6p3wjWnmgp
False
C:\Windows10Upgrade\dll2\webservices.dll 737.92 KB MD5: c6de998bf7f2372b3e2f7d92672affea
SHA1: 18bba4f2a5a1bc4e5c3b2317c78966a7534eae88
SHA256: 5ef57d769d502d4bdf70ab41257b647464362f86edcd2c50b6b724b2e9508f1c
SSDeep: 12288:NL8+zBqGi+K5q46q1BY/a/bWyojSf4brb:NLX0RqK1G/2WyojSf4bX
False
C:\Windows10Upgrade\dll1\cosqueryxp.dll 130.12 KB MD5: 82006f6b6b0d6609d0341468ed944d0b
SHA1: be1bf2ff4f407af73b3bfa1d1a1b6568c49563ad
SHA256: 2e256329b106950d4e74cc6e0e3071134d21940c9dbce3cc7039ed72b3d2629b
SSDeep: 3072:4P6qUaOE5qmKDjnQqWUHCyISiFyf/slscgjiwjs48pcTP9chlaB8:4P+E8Z/SUiz0f/4sm7ZaB8
False
C:\Users\Public\desktop.ini 1.09 KB MD5: 9165a4b99ecc72f497f53309ae15ab00
SHA1: 48eff256a07c5b6c4c1c973b301235ff300362bb
SHA256: 9c23bc206be0c00f58bf520e7a9e87385673a7fa5207c0e283049e2bafa1f929
SSDeep: 24:2DbFmfBbi/2xTeFNWw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhjsV:0AJbWy6FN8qCKGDpBVJKgUW1EcmQ292
False
C:\Users\Public\Videos\desktop.ini 1.30 KB MD5: 31a2596121040ab07f591e07832af1d8
SHA1: 2f16d5c5d040337c39a5a925a77b65a50d8026ca
SHA256: 72d6e5bc6c0d81dd378008a43742c885ccd65a176cfc15a347846cef8f1343e2
SSDeep: 24:sscLoHXeCPI5mSEw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh2:5cLoHCbB8qCKGDpBVJKgUW1EcmQ292
False
C:\Users\Public\Music\desktop.ini 1.30 KB MD5: 083c0e3e9e1b1a12c66c55aac15eb7f3
SHA1: fae0dc4c1d073df19402c63cb4c72f9ada9fc22c
SHA256: 5007c93e0039e0f40f8aa7a2c180bdbcb1b6806f3ff4367817766e2af3d136f2
SSDeep: 24:VX9L7eI1JHnoP0X/eDJEh9olRnP4UIw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7d6:VXR7eIXnow/EG9oXPPV8qCKGDpBVJKgz
False
C:\Users\Public\Desktop\Acrobat Reader DC.lnk 3.02 KB MD5: 0f51277420e76b337f57297e5e4f7edf
SHA1: 40b3f76cc8143342873e774142c5d5ca604a06ec
SHA256: 32705485cd916c402038c930b338aa7e45b72d49b5a186918d6142c5d517f635
SSDeep: 96:1qzHL/1HwIFZCi1lf+NVsOb8q6p3wjWnmhs:1qzr1HfCWlOVsObC3MWmhs
False
C:\Users\FD1HVy\Videos\desktop.ini 1.42 KB MD5: 097c36eb26c03190b8323a23a34f8c13
SHA1: bd2d6e7cabaf2f93eed93532365d8185627480d5
SHA256: 6ecf067cb23e82f0e6ae9c739a86e07f010ef2cf3bcaef5b4d8ed2f6abaac0fa
SSDeep: 24:Pv5OOf+u9peWyaTMTCHQpmiGqw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DE:EOfFoWyawTyQpRGv8qCKGDpBVJKgUW15
False
C:\Users\FD1HVy\Videos\DH14kRkDJ-8wwl8H.mkv 85.61 KB MD5: 08f520f45e1fb95d13e1951f20d81521
SHA1: 7ade0f0aacbf6789222023cadb59ba55ff2e6085
SHA256: d9e8a3a724d2e66311c9a5a1bec7a67e7da5114ba46a9bdb00797a800fdcc12d
SSDeep: 1536:19seYLPTgQpqkuUC0kXT9SXJwV2LhU1ZroCg89TPN7No0gPBKzQLA3AgD9a3PXgc:Psew7gINPXkZSXJu9lLXrgPBmVzD9a39
False
C:\Users\FD1HVy\Videos\mP h7Lt-\JlYeyYLPwK4Xpyt.mkv 96.66 KB MD5: 7f02ea9e7cc8d39f489abdab8bfd2ea6
SHA1: 9b38ea2f422beb7014031c5e56649d9c676cfc8f
SHA256: 811d11ab76a01a2caa4b90fbeec2a5392bd34504a6af070e1f19a817ec073593
SSDeep: 3072:gQjbyFmn1rl8xFNKYuz3ZT1UnWw/FQRmyxeG7:DHmlKHV1yWw9umlG7
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\YHk1VvX0c.swf 7.25 KB MD5: f52129f5ce350a5668e295e3f685bd10
SHA1: 4b127062644685bb39451f8c1845475d9eed13e4
SHA256: 6bfc71ad256750c4624119c8e64b81c06794683a6d0b5cae38f1e84bdbb45336
SSDeep: 192:/vE2WwrBVJcY8ZxF2FGFj/Pc6H2tO+X/CSasuZ0C3MWmId:U2LrRcYw0Wnce2tO+aHsuqCcZo
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\cZl6rLvj5g7uCc.flv 60.00 KB MD5: e24f02ea279f8cf10bb0a06b6283410a
SHA1: 4be59119ba9606d7be7b1a75d6313b1478f35a88
SHA256: f00dca6112a6dddc40f71748fefee5944ba98a2aa57c6bd9c9aea7e27b99b677
SSDeep: 1536:OO65lqLINvdsAk2eZmG3Osn4hwiwKTYvE88IB6:S5XjsAumGlnKwN+YvEE6
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\smk-WRzZEtvv3zm.swf 91.91 KB MD5: de26fea62db2d0ced8d4d0a94ba89b7f
SHA1: 062105d31359af6f312f7340c0e134340c5c0afb
SHA256: 0a92f09419025d31f62dbe6f235be989537888cb50cb5d9f7f8c4f8b675bfddb
SSDeep: 1536:vERn4j8CGDYRpVpzuX7kNAXfeEIbs9C/Umhhzn44JUGlwlO8G+29oSPeZURK+s58:vERnyG+6Xs9hT7zNJUMwIH9omUMKn5Az
False
C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\Z7WOkahHFEPtvl0hHDd4.mp4 72.47 KB MD5: e2245cf07293bda2b65a35ebf92f1ce6
SHA1: f81d9edd9bfbbc66ba852234b1843b8f7f9c735a
SHA256: cd9cbba0128c0b2174ab30fe29869efaeb461f5d44006a10e11e1dc217e20881
SSDeep: 1536:GIxy0CXoMtkO5IYf3FdvHyjol2q2+zq9GgcKFhEIiRj:pL2H5NFx+RYqUgcYENj
False
C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\zo81.mp4 78.32 KB MD5: 486608e3ba0ae631deef69679051afb3
SHA1: 19eab26fe684a6c39d58fafdebaeeacf443c9312
SHA256: 63b60733a7645f2037fd591fb6e3e0acb9e99007f61feadedcdd89b0e7bc24c4
SSDeep: 1536:8E3H5/JPH+n5d39zmcC1jPaQo5NkU6FqTziqvkFG4PN4://pH+f9mRZef6FYLr4PN4
False
C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\SAxLYmvTaCBnnGJsau.mp4 63.38 KB MD5: 0586715387552d2c01d3cffe6e5b4748
SHA1: 9735f3f112a13604f08c427345907dd881461eae
SHA256: b1403004ba1e35d7afd79de49b0f985202c2fc087005795f13598a6929b5cc33
SSDeep: 1536:9vwK6iCD+xn9wX2y8F7IeoIiCSbL6rL7WaXOkq94DvWHwt:9CFqSrksd/6LWaXXW4D+wt
False
C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\zOgRlt_PaSqS2gBYyJ.avi 12.17 KB MD5: 3fe399796798c60e7bfc9e4b9aeebd5c
SHA1: 13d2a2c75e80ef96ee81a9c5b085a7acac30b936
SHA256: 07aefd68679655a008b9d8bc9d630751f2b33a2673c5bb98d78d7071066b0ae0
SSDeep: 384:aPenNx8Y1ne9e9ytpKHIoYdM3hvQnDfKAVU86MACcZQ:aPox8Y07MUMqn2n84TQ
False
C:\Users\FD1HVy\Videos\0Jit\Kye1.mkv 73.77 KB MD5: 545f66df6f0beedcf2da0947b0764281
SHA1: e29ab9c4f0b4ec913e0b2d1f75c60f10e5cb66ee
SHA256: ee0745e16afc4fa7689b54b13f238d5240e6524aedc59c1ebc774a5c68e2f187
SSDeep: 1536:EubNCXY4xvYS5X5E49l5Vgnqi+u75C0CUG/NjE6+wIETwnmSMZu/IZTLeT:EubyK5MvVGZ+U5C0ns+wIEknmz2IUT
False
C:\Users\FD1HVy\Videos\0Jit\LIMK2KYhSGbY3.avi 48.52 KB MD5: e91b7fe17a90a53397f77bd52cee7cd6
SHA1: 5ce5a16555f62f4dd7022204de18793adfaa9edd
SHA256: 1788d67e65b7632947eff8123f8559285bdf6ba8d50c5845f746ded290648095
SSDeep: 768:lQOd5YhXJPvcQLkMNpN9HrXm7u0wvTKS6enqKdV8EqmqOUTy:lnd5YhZPUiHDHrXmaVpTnqQaEqBOUO
False
C:\Users\FD1HVy\Videos\0Jit\y9ZS.mp4 80.65 KB MD5: 742faebbe13c57f8031f36eeeee29554
SHA1: 0e070e32bc2ab92a1add6830d3504cbe73fe016a
SHA256: 3a40cc7767b16bcbdc0a95a8bf26fda5855e85b090d9007e05780fa0907d64db
SSDeep: 1536:RKZbCf8v0lwxqfQ9QQah+nst6xfvhvxAu4iJ3zHZBv7ngNg3m/Pz+O6JOo8LTvnk:RQbC8TxqfQaQaknCufJ34iJ5Bv7nyzAd
False
C:\Users\FD1HVy\Searches\Everywhere.search-ms 1.17 KB MD5: 6041a0046e0198d71dae017b0c7ba95c
SHA1: f1e97f939b4634410f52d6a8476ff728d3ec03ca
SHA256: 48404e2418cfd95f7008fc2d2010b3ecc33b4df706e4565b51f3ce07857f554e
SSDeep: 24:r6g8FAZCL9yWkVuiMw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhbfOid:r6pCZCL9yWWJ8qCKGDpBVJKgUW1EcmQG
False
C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms 1.77 KB MD5: a9aa913d0099ae87dd34fa6d404de2e4
SHA1: fa8f3873ac2453758c2b0f66026c8604889f5e16
SHA256: 4396328ceb1f2f9f194b3570adc40e4ca21a52371cf013348e390e23f9dd224b
SSDeep: 48:l9P+V6ISllWFp5QYdz1bVHAd8qCKGDpBVJKgUW1EcmQ29Q:l9PgSutRdzJKd8q6p3wjWnmg
False
C:\Users\FD1HVy\Saved Games\desktop.ini 1.20 KB MD5: d55d1c343f46eca279d11a8cb431ced3
SHA1: 9bccfd3a57d28bf286e4238df4cf9e2aa9c78171
SHA256: 3ec6d71815dd52b033d24a9b4f575d109519bd86e1df0567ce1edc1e0def2b1b
SSDeep: 24:YMGrlamPSucyDLR3Aw3w+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dhq1:JENSucyDLdg8qCKGDpBVJKgUW1EcmQ2O
False
C:\Users\FD1HVy\Pictures\1A1pfm.png 3.05 KB MD5: d795a11ae8ba7c6d696723d7fdd7d0f2
SHA1: b487bf293a4f86179fa0a9cefc2686739d0a2be3
SHA256: 50ee79227b1e3e23484efdb0f923d4c135ea35cb3d1619e94873d6d14d1f47ba
SSDeep: 96:ATcMAlE4IixnnuRPXNwhf18q6p3wjWnmBN:ABAlE7ixnMPNa1C3MWmz
False
C:\Users\FD1HVy\Pictures\37R8aHt.bmp 86.31 KB MD5: 186718965b7206442c5e7355d484c01b
SHA1: 00c9a807dd92bcde12eb07d56756941e05ea6654
SHA256: 0f8f2ba8cb5153775825c365b86e941a3772db27f13b4072ee00d83541b27382
SSDeep: 1536:wUQ2j66hP86VxLEMnrQ2+oDY5h0tG2+BBTKxmueIg2cBnRxT5qEGStO:6x/6wOVLDY5hIGU/ebcT0O
False
C:\Users\FD1HVy\Pictures\4yuX.bmp 21.39 KB MD5: 7407caff2e40345d14736bad94f9f8c4
SHA1: 50d4c3ad9963d58dad8d7c47b685679370b8f378
SHA256: a7e466773094d646f953a15a5d3e078eb11ac939b55522b2567c802a0972256f
SSDeep: 384:HB9h41s/gprTkXfPxItpSnvjT1G+fR4HoXdPDXUx9UV1TVphAygJoTUme5O1bDCC:jupprTkXuSdhfDdPDXUx01TVfPcoImI+
False
C:\Users\FD1HVy\Pictures\69rhLdMoVCQ.gif 89.01 KB MD5: e951c59c41b414e455a40864779b4c8d
SHA1: 9f0123d69998605ca2b69aeda032e08ab0ccb7ab
SHA256: 09cac8610b6e1a7ba78ed0a936d4559dffb0ea4fdcd4b15f72208e2a59249a08
SSDeep: 1536:JRg/l03X2YNsxhXw5DBF1FoHl2jPlweVnBYM+j1+Uv47HaXEZ6u7CZ:T92ae25DBiGPNVn2M+j1+MK6u7CZ
False
C:\Users\FD1HVy\Pictures\8J4nPD.png 72.92 KB MD5: 9cd60b62c65ca5a66fca34cb47c4e081
SHA1: f300cb46005a22d7d675f53440faff2591b05a7b
SHA256: 79a745238d9c604674473bf89f2a4438ecd341c4532dff55716d43836b04d3b7
SSDeep: 1536:ibmRow0GhcInUZnhGCgdrrfespZjIzi645CMmG4ja/ojj:ibuoMcInUepDjIW6ngj/ojj
False
C:\Users\FD1HVy\Pictures\a1i3b7A5pHU82I.png 18.62 KB MD5: 80834dc838f6b220a53d5c8a34605e38
SHA1: f1063e137ac113708b5ad44340f54453673449b0
SHA256: b2c9c3cab48524103c7e07e0fd0dd27b0f1f875355441715bfca7aac1ef0e816
SSDeep: 384:3cnEIAGnx3YX25mIcRcPDMIW4FNQI3SlZ1oU20L1zXnWyZ+NxxhqOHmzCcZy:lvXm5icPZW4Lnsmy1zXWya9qhzTy
False
C:\Users\FD1HVy\Pictures\aXeXUP6k-snF.png 17.98 KB MD5: a6e6ad08f01bfd0290a28b3b75ca1a54
SHA1: 86c31026c7b567c5bed39ddbf108728ea5e305f9
SHA256: 8dfa5c624f02ebb91242974450e6eaad8cbf1d06dc22d34416e5bf45a661d62b
SSDeep: 384:QE9Dp42MJ3SBiJMh/HfjC5pduHrnJk+FQMW3WDnkiQCcZB:QE9DWl9jJMhTCMHrnfFzWmz7QTB
False
C:\Users\FD1HVy\Pictures\cDL2gR6a-IbLz3x.jpg 84.05 KB MD5: ced732801d412a1457d1329f1c7b1c1c
SHA1: 8013f2349c392bb19c4618a9acee58e89f283f89
SHA256: e966ba31695f2b8bf0def13f3a83b2de6590387192dd8b94117c1b888c976ead
SSDeep: 1536:jB3EnJWGP0AF8AmhWYg7/ERN1nuGMT+7s5ubdvgEc/ND2QIEE0Qnsomxq:d34W+TnmhW/+7s5nEc1W0usoIq
False
C:\Users\FD1HVy\Pictures\eBfX1Df0J.gif 1.97 KB MD5: 3aa03524a070cb8ca78c307eb521cc28
SHA1: 8b69e4354afd1ff634e87b062fa8f9c9a01783c0
SHA256: b1cd2d18a4d448acdde60a640fa6488f25bc0ae47f5f3a3695012aa1a1aaf541
SSDeep: 48:dnZjmmnW60ZkxdgwjsHMKp8qCKGDpBVJKgUW1EcmQ29FM:dnVmm50ixdtssW8q6p3wjWnm+
False
C:\Users\FD1HVy\Pictures\eyrJY ehH0.gif 21.92 KB MD5: 85207a95105d6f9a132d86c34dfb7b01
SHA1: 8c642f22f5f6a799d75c364435d043e32f82bfb2
SHA256: 0f4d989c2c4065d6626037cd048607f72fe29d3cd36c3d69eeaa55fe03dbd1c5
SSDeep: 384:k43Pqm/SPi1mZgYU/2vwXcZr6t3xr34FYjX07L8IE1cZUdBd+ZCLLDDOoC6zm6VK:k70SkmqYz4lx8FYjE7JEWZB+XOvsm6VK
False
C:\Users\FD1HVy\Pictures\fiznQaqNRLajHUms2A.png 54.61 KB MD5: 2ed0bced3081e6530c8f3ed4017ae6a2
SHA1: 3e32023cadcd28f2e326b705f491cdcc3a671926
SHA256: 7ef757a5d3ecbad7f1122735e46a816552c9bf7987bb4ef21941a238ba8365a4
SSDeep: 1536:Ob02r146PlmaC+eSc6duVuAc/QoQFRTwooA:sVpPlmFwsV9c7QFtMA
False
C:\Users\FD1HVy\Pictures\fvA5IQ_5PavX.png 81.88 KB MD5: 7295d6a6ed138e971a7c8c84e80cc3f5
SHA1: 4a2fc2ac0595551b4a83f72a0f3242001e2db1be
SHA256: 9e2e8c48a605a2aae1569dc78207b0252503cc1b8ac1f798199108cdd052f380
SSDeep: 1536:Ls6mUTjJLNMBKulznm9gNegXLmy3C2j/DHMbLGb68KRxNZY0D/gzXLGvwgg9HGxU:LsnUNyKIznm9g5nCoobAKnvYJz7GIFqU
False
C:\Users\FD1HVy\Pictures\j0tyQmSHBzZT2.bmp 7.05 KB MD5: c71c3468555cd396c280cc28599ce3d3
SHA1: cad663f76b8283a4010194e402929e99e1c76f45
SHA256: 2ba081e0b0f24e70020fb58fe4f6b426a2795271c4e9bbe885d627127a462a54
SSDeep: 192:Wt1I7Kspi2aVjkPhZNjMVP8mlC1rAoGCC3MWmVh:WfIMjjSfmPbEpFTCcZL
False
C:\Users\FD1HVy\Pictures\nM_Byv6DBsnL.png 90.89 KB MD5: b698874f7502af7a324bd3a1b1f3c881
SHA1: 3ef8c9e246f25f59d5c46a68b74c6cd5e120752f
SHA256: a9b1d8e89e8cbec676025897db3526180a3f777ce441ce8a16b147ba29a9f0fa
SSDeep: 1536:MB4qAKED/95etgT7QHPKRJM4NB3rv4irSACFwYxnOY4Oc9DIXempjwzwk0Rj9p00:hqAKa/95Mq+PyjN9b4HFYb9EXeQjwzmX
False
C:\Users\FD1HVy\Pictures\rrF_r4.bmp 38.11 KB MD5: 8aa903041984f791c8cde95c1797fa7c
SHA1: c1eff5c9073cc0bfefae5f1b562941a35fd1e0fd
SHA256: 6a5f52fe63c36a93265da77c82f066762510a43ecda5458a74e97c086b93ac22
SSDeep: 768:0Gk6wEBn7dLH6iVGrbITurxCCmjwV3vQSVDs5y3mSQQTD:I6wGn7dDVGgTu1CCmSZDGZQf
False
C:\Users\FD1HVy\Pictures\Sc6Jajus_ESL5w yG8.gif 99.19 KB MD5: 2991e239c6db8bf4aa918397987c4666
SHA1: cda15bb443392ca653568adc11d49840dfd73833
SHA256: aea059680d08e38855a63d9986c483bdb97b0f66093e2c59d50286820291aaa1
SSDeep: 1536:2DgcbxHrGTf2wUuPKrI6lcwffDsB8LedBpF72hsSzm+jp6qjRY8IFeCNxaus5LEI:tf2w4I6l5D48LeeuSifWRdr8AFaCH
False
C:\Users\FD1HVy\Pictures\tWeSxYdyFHpRSLgu.bmp 82.17 KB MD5: abd2e5d4c2fd42f56bac07d13588f8e3
SHA1: 1aa0eaf198e39b6dca247a9611d7b23674d020fc
SHA256: 3facb9a14efbf559458a5112b1f3c8fdf3a06b0dcc6f248894e298180b643b81
SSDeep: 1536:jNwtcGBys6GbGUx9821zfPtfR6NTNzjzHazgqDTUH1WXx2EkcciJUcgtzEHjmuSA:jNZdz6Gkq21j6NTNz3aztDTUHo4Y2YH3
False
C:\Users\FD1HVy\Pictures\We_HpS54_a0D.gif 20.83 KB MD5: a83a7f6cf32030e03f7069e452c0653b
SHA1: 2d6a109e0fa41fe342a193a7c407fd31cfec5409
SHA256: da7902badb304b2afb567a6a31766008d0f55f501b19116c8bae17a7b390ad12
SSDeep: 384:JpnK7d/Vz8LVjW9xyGeG0rUCL1PInuHd4AlZq+KkZvZ/fBYEPpSFwYmCcZr:Jprg97v0rUyPIuSEE+FZx/fBYmcwYmTr
False
C:\Users\FD1HVy\Pictures\XxaTc-hwy798uwvin.png 65.80 KB MD5: a456c077b87887c617581173acd2dff0
SHA1: 59d7b8b3a48218724ca4a4bd0bb54e52ed458b60
SHA256: e8ebea62090d024bc9e37648c746be23347efb93f45501b3f536ebb7b895376a
SSDeep: 1536:TZYaYWu+5EzUzPnkoR56+TDHjmXMWNbBoY15pLPZ:KBWuozBznHjmXMEdoY15pLPZ
False
C:\Users\FD1HVy\Pictures\zy-huTJy.bmp 88.41 KB MD5: e95613644fb82e043d41ea64cf705bb6
SHA1: fa7738adb49eff5f9d222a64dd40991c9eaff9c4
SHA256: f91763a0f3418b3e5467248b547144c9feaaed8768f8237a8891a97b90faa6b2
SSDeep: 1536:aH1onB1bi6FCUHDv0A/sOVU5TyJdidxGdzyu6rW+WnVKLLSroWbX+niVr6Hv:aHCrtrHDv0klD60NZiqhbUA6Hv
False
C:\Users\FD1HVy\Pictures\_cKcOyWheqI.jpg 24.64 KB MD5: e7db63c70861ff4390b5be4d7ad09819
SHA1: a442a40274bc9b054883841a64eb111a7eb7b798
SHA256: 5581b3167fc8ee98dc74e4a4e66b37d0429b12e3d3efe9bdfc500699d74115c5
SSDeep: 768:2oNRzhHSxzzMpYhEKjmCrMfheYYOePZTe:2oXdHSxzz4YeKjmvfheYCRK
False
C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini 1.11 KB MD5: 85c592fdc00b626e0a08b4486d057ae2
SHA1: d4957acd0c9db4e7c32938045eb97f552417c17c
SHA256: 9037ec4ff0918b930eaee257311d800fe6103bafe0858f7eafbf8b48257e8b60
SSDeep: 24:J8mdXW3xmRHJQcgw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2Dh44q:J8JVg8qCKGDpBVJKgUW1EcmQ29o
False
C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini 1.11 KB MD5: 7479981f97f7121c88235c7d854a352b
SHA1: 612bd4d7df91c66d637cbcd0c0b167a43133b30e
SHA256: 0da90372a630b2e7e40f8957b75c301e6c69ebc376fe0b65a54b45d6dd63ef89
SSDeep: 24:0VeRdyYwS2URAUqyOwGaOyw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhDd:0VAdyzlUfbGj8qCKGDpBVJKgUW1EcmQI
False
C:\Users\FD1HVy\OneDrive\desktop.ini 1.03 KB MD5: 442772dca3adbae66c615928c5f04966
SHA1: d15da409b3f32ec3a78b8aa42ceafc7caf74ac6b
SHA256: 4270ab9f36d32510246ed97b224dfe3ebf72e8ecf81d3e0af604fecbbcd7a2dc
SSDeep: 24:YLLhh3U6bSw+7q7OKGE+p2maz2vL1KlGcAGT5k1ng7dcmQ2DhM:YLLv3U6r8qCKGDpBVJKgUW1EcmQ29M
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\iyC7tW4Ojj7RBRjiv.m4a 13.76 KB MD5: 3a80a755ceabcc9092c2f0abd94fffca
SHA1: 7b8f1aeb0d81b2984c2f545fb6e8bea65c0d14ba
SHA256: ffbd87917bfe43dde0cdc2f30d145a28fecd5980d32202248ced8516c33a92aa
SSDeep: 384:tUoCzcp0wNy1w5PJK713eKHEi+RRMZ6CcZH:tUdzcBBK713UdRq6TH
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\xN4AUbEaCl-f1xZI.mp3 77.07 KB MD5: 344bf385df8ede5de21e7094342111cd
SHA1: 21150cee4f2c656b3278dac86fd2ecab15b910d9
SHA256: 24ea48a2a2d28ae338b638cc749dcd7e8f7a99f1f618e60844c85401bb2c177b
SSDeep: 1536:uN6vSkEaZ3Oul6nPW7OflEQwH0zdZIa3mnSnwl2Whzzxo62VXwFw0J81viq0/j:2biOul6nmOtE7WXIa2nYmp9zxo62Aw0d
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\h3weC1KwwHE.wav 49.22 KB MD5: f0d64a8ba2ce0a6f844a1e880faa046e
SHA1: 1ee062d06626158711d63ec3f05376b4456ef1b7
SHA256: 570c1819e9a013723688ccc664411a41877dea4bbc4eaf711c8e66b8f29d53d4
SSDeep: 768:FjHon8rgSpuciih+aSNShnPpLYfZlq/P1yq/yAayz34Qx+em1Bg1GKT5:GSoi4nyP+u17lakx+em1egK9
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\twKU.mp3 58.45 KB MD5: 9459189a2ce2b1962e46ef6f7f8c24c6
SHA1: fa78c52202ee1ef894938708836cf51053cf6d97
SHA256: 1d02491a9d4517c078cd7c248bbfea00bdbf18fd18ae836c6529715a8ca4bcf1
SSDeep: 768:3nvwUE1lTExyE2oAL8musaiHzvky93r9U/aJ5pfYHoXYSRaDgLE+QDAKAg+wwZEb:oBfo1musay9UkDXYSgD0wyZEOtdI
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\6bZRhWw.mp3 19.42 KB MD5: ddeee3ca489e9ec5652691e83529742a
SHA1: 037c87b10538963141738acd88d834b9720b0f12
SHA256: cf63b4739fbb4574324acc7867f4bfb296ce22562d546e0f640f9f0df5b475a4
SSDeep: 384:f+u7boXG80r8JQKR3zpUkFruQzCLGc/sROA+aQmvSzHUXxwCcZf:fHbzVOFpCTWv5AHYwTf
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\DzJl9qZz.wav 33.19 KB MD5: 7f8b5e4606423d22a76a810c428c6740
SHA1: 0dc2fe0edb5e3a8280c1c61c9c8bde402917c728
SHA256: 368c8d24639e26cfaf46f42e4ec73ff018dd5d5836c389f6c2f3f7e1bee1d02d
SSDeep: 768:l5pW27PR60WmECjSIPn9hzyWh0suwf1H3UAmUJlTn:lvnp6zmECPn9hyWh0Yf5Uelj
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\kuJc FfRcut4b.m4a 81.28 KB MD5: 09d717bc1c2236b53ce5a43d5f83f0d6
SHA1: dc0769f183af0ea7880d0bd814b352e9cdf9185f
SHA256: 427adf84425f1e191747ad09355f63c0345bd3c09bbfc7de445cc4e53829da6b
SSDeep: 1536:qzZkMXh5BlcmF49xK7h4OAR5UaEgf4Hb6jOJNSnRxGPgh6heJA8ZhkWMPm0TMFpx:qzZtlcxzKnAMajf4L+bGYh6n8ZqWkZWD
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\pEpFQi.mp3 77.57 KB MD5: eae9ea809bf772c0eb8be5b734def607
SHA1: e12486a44a080cde27fa7e9c8533811fd25aceed
SHA256: 3f93e0db08649ea5f8338cc3796a419968c6b376fe2db94cd58942f0eb1d8e0b
SSDeep: 1536:fcKclRtZyPdhGBQr1JlkFoV2di+RwehibxzNY0WyHiuq5ERQYHAolpYQdPo:fcKO2lEoQiQJhmxzNYqHir5E+YHAolpa
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Cgdvi2MgC_w.m4a 19.38 KB MD5: 4d4e6a7be4ddc4fe05d7d2eee5efa0c3
SHA1: d4c7d2274f3b81a078e9a42caa80e41c42ab7f0c
SHA256: 4940de97882c21a6967cd61f16c987f9fe02c45977bf8bfedbbf263d8aa99b27
SSDeep: 384:2kpIQkKnphPp1oPjDzrjw4rQDbCcqOodr28nHpU2hVodaaeNOUs84CcZi:2kzkKbp1oPTrA/CJJdScJlodFA9f4Ti
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\OFRJqA4.m4a 29.98 KB MD5: 8c3b4ca9cbd6803c64c31fe6d1ab1371
SHA1: 5e0f88d95c8298567703532b1fb82a10ebffdc17
SHA256: 2de10368e5c763c7bf70d42a1dadb023230e4139d3fa263ebbf51255c69b712b
SSDeep: 768:rnrkGIW/ahECUu8oxId6Nn8FfcD7bZJe1RLCcHOmoTqaIrxliDbivLoT2:rnoFwo06n8eD7bZI1RLZumonBbSoK
False
C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\FOOxWsHmP 33F468ydKn.mp3 78.71 KB MD5: 1c03abf5c97dbd0e0edf0a79310cca1e
SHA1: e5c3622ee104d7d9cb237b580fafe77d117bfe4f
SHA256: 24fe40acbf0761badcc3db8f1a5d7da2d84bf80b75c29f9da1303a8807b5c298
SSDeep: 1536:jNimuDedZHS2R1cMbk5mWKP+A31Ja9BRQAfQUwFrC5StIskD:jV20yq1crd2lr0BeeQUwFgSAD
False
Host Behavior
File (6312)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\Public\2720DE842C148E18C1E0270ABEF877C91C879E2B7AB4070B193C1EFF3F1AC1CA desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\$WINRE_BACKUP_PARTITION.MARKER desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\BOOTNXT desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\BOOTSECT.BAK desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\hiberfil.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\pagefile.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\swapfile.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Windows10Upgrade\appraiserxp.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\bootsect.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\Configuration.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\cosquery.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\DevInv.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\downloader.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\DW20.EXE desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\DWDCW20.DLL desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\DWTRIG20.EXE desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\EnableWiFiTracing.cmd desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\ESDHelper.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\esdstub.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\GatherOSState.EXE desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\GetCurrentDeploy.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\GetCurrentOOBE.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\GetCurrentRollback.EXE desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\HttpHelper.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\PostOOBEScript.cmd desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\upgrader_default.log desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\upgrader_win10.log desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\wimgapi.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\windlp.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\Windows10UpgraderApp.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\WinREBootApp32.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\WinREBootApp64.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\hwcompatShared.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\block.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\bluelogo.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\bullet.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default_eos.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default_eos.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default_oobe.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\default_oobe.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\eula.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\GetStarted.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\loading.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\lock.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\logo.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\marketing.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\pass.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\BiosBlocks.xml desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\i386\hwcompat.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\hwexclude.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\nxquery.cat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\nxquery.inf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\i386\NXQuery.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\hwcompat.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\hwexclude.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\nxquery.cat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\nxquery.inf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\resources\amd64\NXQuery.sys desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\dll2\webservices.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\dll2\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\dll1\cosqueryxp.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\dll1\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Windows10Upgrade\dll1\wdscore.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\dll1\webservices.dll desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\2052\DWINTL20.DLL desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Windows10Upgrade\2052\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Videos\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Videos\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Pictures\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Music\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Music\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Libraries\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Libraries\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Libraries\RecordedTV.library-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Downloads\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Downloads\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Documents\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Documents\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Desktop\Acrobat Reader DC.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Desktop\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\Public\Desktop\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Desktop\Google Chrome.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Desktop\Mozilla Firefox.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\AccountPictures\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\AccountPictures\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\NTUSER.DAT desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\ntuser.dat.LOG1 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\ntuser.dat.LOG2 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TM.blf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000001.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\NTUSER.DAT{fae9930d-933c-11e7-a51d-b808901d6c9b}.TMContainer00000000000000000002.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\FD1HVy\ntuser.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\457XRRHEeRC4UfGUI.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\DH14kRkDJ-8wwl8H.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\i_9zyxoZSXHlx.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\52HiljouxlX.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\FI5N.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\Gokf5TGMJc_QsIuaMfW.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\JlYeyYLPwK4Xpyt.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\_WK_66PMS1WfZEiv.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\0_w4.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\3s38Gm.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\wqxE4PKLcBhEx_-.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\YHk1VvX0c.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\cZl6rLvj5g7uCc.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\FQEZGWQS0yL.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\qDMrOHgyW.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\smk-WRzZEtvv3zm.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\yMeSugojL-NDXZ.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\Z7WOkahHFEPtvl0hHDd4.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\9J5o-K5rlPWB-d.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\zo81.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\SAxLYmvTaCBnnGJsau.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\zOgRlt_PaSqS2gBYyJ.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\0Jit\bYsS_YlaY9z2LOgk.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\0Jit\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Videos\0Jit\ka0XqJkvY.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\0Jit\Kye1.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\0Jit\LIMK2KYhSGbY3.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\0Jit\we3h9wVdNt2OG8gH.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Videos\0Jit\y9ZS.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Searches\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Searches\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Searches\Everywhere.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Searches\Indexed Locations.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Saved Games\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Saved Games\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Pictures\0eHZ_3WhSTBcCzE8.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Pictures\1A1pfm.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\37R8aHt.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\4yuX.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\69rhLdMoVCQ.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\8J4nPD.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\90TDXbBi_nI bB.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\a1i3b7A5pHU82I.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\aXeXUP6k-snF.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\cDL2gR6a-IbLz3x.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\eBfX1Df0J.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\eyrJY ehH0.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\e_rAGl109.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\fiznQaqNRLajHUms2A.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\fvA5IQ_5PavX.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\j0tyQmSHBzZT2.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\JCevQv3sR4zWuvdiroaf.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\JQTgE9tvFrhK2 G1Dls.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\jUIAgiN6w3v.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\l1nWbEX73V5RO.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\MlQJ8yCmxq5jsR.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\n kdsPg6tJT4a99pz.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\N8Pzx.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\nM_Byv6DBsnL.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\p_yVA4jYCd-zL DX.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\rrF_r4.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\rv8WAxpJ6.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Sc6Jajus_ESL5w yG8.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\tWeSxYdyFHpRSLgu.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\ucDmOcTieCLOpWpKJX.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\uqUo.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\We_HpS54_a0D.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\WgAe-lk.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Xwj8aUsr5KISbCH.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\XxaTc-hwy798uwvin.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\YAi 7SSuqQL.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\zy-huTJy.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\_cKcOyWheqI.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Saved Pictures\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Pictures\Camera Roll\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\OneDrive\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\OneDrive\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\F47mcjmxOLj.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\iyC7tW4Ojj7RBRjiv.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ocv58-qJyi.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\xN4AUbEaCl-f1xZI.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\h3weC1KwwHE.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\twKU.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\xoEix01H8r8Gb.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\yGlGNTCmxEmW-X_p.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\6bZRhWw.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\DzJl9qZz.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\GIbA_.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\kuJc FfRcut4b.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\wdaj18HGC2anUg.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\3yMQVi4Ib7NBzSV.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\M8 ByX8vq.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\pEpFQi.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\QRuixFGCDWAncl5AbmZ.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\uY5_Z 6FH.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\v9-kpgHfycaPisG2zG.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Cgdvi2MgC_w.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Deupb3VmhF.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\JW0rnE-6Xut0CIcI.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\mj8IN.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\OFRJqA4.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\s8HsO.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\uznHK8YoJt.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\FOOxWsHmP 33F468ydKn.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\KmPQcO2v E2UpcJS9.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\SjE dCES6E76kFP2AXnm.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\w3H2 yJco0KHxo9cfC.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\PR3ENDw94r3DF0R.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\Z0sB.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\G1ib\61EWjIxHOz1fIKhG.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\G1ib\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\4tQa7lWyp ecdKrj-LF_.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\5Do3BxUwXptyuPqqS.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\cUE Q5HhuF.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\pKDHkb-pNSElIW.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\UQCqvaf.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Links\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Links\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Links\Desktop.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Links\Downloads.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Links\OneDrive.lnk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Favorites\Bing.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Favorites\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Favorites\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Favorites\Links\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Favorites\Links\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Downloads\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Downloads\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\51ytOL5BljtCh7X6H6t.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\7oOrFy9-XzTkyZ2rl.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\9yI_VEibenVF8qdK.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\aT9pzOWsVgr.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\cbaecYlNi7Wyd.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\Database1.accdb desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\kF-7Mq.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\KF3jG.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\knqvhBu38vwGH1qEW5d.xls desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\nbKD3Hf ueRWHf wHXp.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\nRxY.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\Nsz56_avLzRhNtU2.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\PhLs-.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\PW 4s6YSlKIjSAIQL4k1.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\q ROdocsrquPxD8lhq2.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\SzQhK hpaQQbMzUBn.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\Vg2Z-M_RIxmspStMiC.ppt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\xzq4STr9TSu0C5-Un.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\u2fXT-EU0bRZ\6zVcdLeMD.pdf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\u2fXT-EU0bRZ\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\u2fXT-EU0bRZ\WooKSLpvF nOj.ots desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\u2fXT-EU0bRZ\ZpIMu8yk6JQ.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\ThDBa\1Pmz EKz5G.ots desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\ThDBa\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\ThDBa\5l4XPs-X.doc desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\ThDBa\6VZBBt9b4urW.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\ThDBa\b6qPYJyM Z.csv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\ThDBa\I7yc62zg2S.ods desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\ThDBa\OEnSsRvbmJYDHwA_5tpT.xls desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\Outlook Files\kkcie@kdj.kd.pst desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\Outlook Files\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\My Shapes\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\My Shapes\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\My Shapes\Favorites.vssx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\My Shapes\_private\folder.ico desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\My Shapes\_private\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\C0Cz.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LfSRNVTUAR4.doc desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\snzmwtEyn.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\0BcZ8w.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\9JZw2Q4rmxZnPZoq.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\FTBp1rknFQ.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\ORmtPxNSwy.pdf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\RFo9.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\yw3IlRN1POff_i.ppt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\zWMNi.ots desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\2bd2_\hbOl72e57TFVZe1qSTW.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\2bd2_\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\2bd2_\RzeuUoQ4mmTbQAfOTId.odp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\2bd2_\Wr3E1k0Jm4z.odt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\jGScp2s451EmqoC0Y.odp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\vY4D.pdf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\lUAVsDO9-.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\Pw3jkYSsg1.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\ZmeXdgzSLBd0ghTUv.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\ZXuP4R.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Mp-J5ol\TCJH_Abtr MeMshztNiy.doc desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Mp-J5ol\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Mp-J5ol\Z_ckYKBo8.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\c-Qn3oz8tan.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\Dr56uApA5ecLcS.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\psL9JTiqGPkEay.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\QNuCgog.xls desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\YdvneFvANQl2.ods desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\ye-qZ.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\-Hhj7ZIgn_ii0AIFQcQ.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\0 oyr1byk-qjr3BJCK.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\4DXOKUdqH4s5x3lyx.doc desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\6EBDYQwx4TUYKg_UXvaA.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\71HCTQ.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\7ef27LE.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\90zSzC3L6h.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\9Ecvx0-DIFPqym7.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\APDuagV5SKNx4tcX.ods desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\CDM3.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\dlN4n.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\DP__E4p.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\EaS-6wFdrAnBpb6.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\EFOQOoEJXJDidK8hwAP.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\GEgaUis.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\gKzyb.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\GZJPj0k1zQiyL1gmpiVf.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\HhgxC9MI4D9zuLPRoeb.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\LT8phmRSP.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\lx-HVxlTgn4Cdc-AYG7y.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\nlGf0jHzQ69.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\nQFxW1_hVPFHf.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\p57y84p7uF.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\PRFn5_vq27hpmWJ43BW7.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\rCg8zjFU57hXRZ8dk_.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\RG dDwOjRMvXcOhlt.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\rGm2OQrj9APP.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\SQ74itNweHx_jA2mN.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\td3_hbS3LSlsEVxdVZ.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\VhSdqPX.ppt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\wGRbTDTtVTytjYi.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\YOUaenTH_pO.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\Z3j1nCO.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\7N _EMMZ4S9VcztV.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\gLCTTcuZJ.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\HwMQq76Br.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\pdIhw6.odt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\qzTCEi1.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\RVBd8MolG26d.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\v8iKp3k-8B6LJEEuX.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\VdQZEZ1 b35T1a7crz.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\VP _BanzdRW7hJdXM.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\vP6_aQi7U-bwXykpTcO.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Desktop\92ct\_wkOqUn1H924.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Contacts\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\Contacts\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\- RD- zaaq0CUrsNeJ.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\2DyrA WUW1 yB_Qv7CS.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\2kWE_7-.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\3VDEeXKJ.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\4nJ8Gaxak.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\7eChBWbqwO3WkhR.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\CcRb94LzuzE.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\E3D2md.odp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\E63D4v.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\eMPX JwoG.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\FnNHUdFAiTNAzFvQJy.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\G9y AXR_CT9.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\gFM.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\HLkCbRJhol6cW.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\khet9ZxWoyaekkxEn7Q.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\ks5gKkofsFJirmFXzo.ots desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\lnIs.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\LZ-nlZLffPIo.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\m4Fmq.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\N3i6NgdfIS86a0kYGjV6.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\NsPC0H5wkT.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\oM_E44cNPr1d-LSGfR80.ods desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\P8a3em2-u0pe.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\QWC6v5P_PsR-OTul.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\R1SKe.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\rohkp1AV.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\T HiR.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\vdp7x_u3S9anYfI6io.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\w3w98kUAJRo5j.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\wlCPW_4JeVyJN1c.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\xfiyvRt.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Y2S7dpyn-_T84InaQ.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\zeLovCA5ih-XKc.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\ZrZ3ijmXp.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\_6MYp.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Skype\RootTools\roottools.conf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Skype\RootTools\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\profiles.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addons.json desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\Restore-My-Files.txt desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addonStartup.json.lz4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\AlternateServices.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\blocklist.xml desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cert8.db desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\compatibility.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\containers.json desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\content-prefs.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cookies.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\extensions.json desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\favicons.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_WRITE_THROUGH True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Local\rdfg546fgh.exe type = file_attributes False 1
Fn
Get Info C:\$WINRE_BACKUP_PARTITION.MARKER type = size, size_out = 0 True 1
Fn
Get Info C:\BOOTNXT type = size, size_out = 1 True 1
Fn
Get Info C:\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\BOOTSECT.BAK type = size, size_out = 8192 True 1
Fn
Get Info C:\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Windows10Upgrade\appraiserxp.dll type = size, size_out = 459976 True 1
Fn
Get Info C:\Windows10Upgrade\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\bootsect.exe type = size, size_out = 118472 True 1
Fn
Get Info C:\Windows10Upgrade\Restore-My-Files.txt type = file_attributes True 24
Fn
Get Info C:\Windows10Upgrade\Configuration.ini type = size, size_out = 212 True 1
Fn
Get Info C:\Windows10Upgrade\cosquery.dll type = size, size_out = 61640 True 1
Fn
Get Info C:\Windows10Upgrade\DevInv.dll type = size, size_out = 329928 True 1
Fn
Get Info C:\Windows10Upgrade\downloader.dll type = size, size_out = 206536 True 1
Fn
Get Info C:\Windows10Upgrade\DW20.EXE type = size, size_out = 643784 True 1
Fn
Get Info C:\Windows10Upgrade\DWDCW20.DLL type = size, size_out = 49864 True 1
Fn
Get Info C:\Windows10Upgrade\DWTRIG20.EXE type = size, size_out = 45768 True 1
Fn
Get Info C:\Windows10Upgrade\EnableWiFiTracing.cmd type = size, size_out = 9810 True 1
Fn
Get Info C:\Windows10Upgrade\ESDHelper.dll type = size, size_out = 68808 True 1
Fn
Get Info C:\Windows10Upgrade\esdstub.dll type = size, size_out = 40648 True 1
Fn
Get Info C:\Windows10Upgrade\GatherOSState.EXE type = size, size_out = 564936 True 1
Fn
Get Info C:\Windows10Upgrade\GetCurrentDeploy.dll type = size, size_out = 539848 True 1
Fn
Get Info C:\Windows10Upgrade\GetCurrentOOBE.dll type = size, size_out = 144072 True 1
Fn
Get Info C:\Windows10Upgrade\GetCurrentRollback.EXE type = size, size_out = 73416 True 1
Fn
Get Info C:\Windows10Upgrade\HttpHelper.exe type = size, size_out = 27848 True 1
Fn
Get Info C:\Windows10Upgrade\PostOOBEScript.cmd type = size, size_out = 577 True 1
Fn
Get Info C:\Windows10Upgrade\upgrader_default.log type = size, size_out = 250186 True 1
Fn
Get Info C:\Windows10Upgrade\upgrader_win10.log type = size, size_out = 20548 True 1
Fn
Get Info C:\Windows10Upgrade\wimgapi.dll type = size, size_out = 557256 True 1
Fn
Get Info C:\Windows10Upgrade\windlp.dll type = size, size_out = 915656 True 1
Fn
Get Info C:\Windows10Upgrade\Windows10UpgraderApp.exe type = size, size_out = 1415880 True 1
Fn
Get Info C:\Windows10Upgrade\WinREBootApp32.exe type = size, size_out = 25288 True 1
Fn
Get Info C:\Windows10Upgrade\WinREBootApp64.exe type = size, size_out = 25800 True 1
Fn
Get Info C:\Windows10Upgrade\resources\hwcompatShared.txt type = size, size_out = 825371 True 1
Fn
Get Info C:\Windows10Upgrade\resources\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\block.png type = size, size_out = 919 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\bluelogo.png type = size, size_out = 7080 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Restore-My-Files.txt type = file_attributes True 19
Fn
Get Info C:\Windows10Upgrade\resources\ux\bullet.png type = size, size_out = 221 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default.css type = size, size_out = 5767 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default.htm type = size, size_out = 62541 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default_eos.css type = size, size_out = 6700 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default_eos.htm type = size, size_out = 55866 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default_oobe.css type = size, size_out = 5224 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\default_oobe.htm type = size, size_out = 65710 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\eula.css type = size, size_out = 82 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\GetStarted.png type = size, size_out = 3824 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\GetStartedHoverOver.png type = size, size_out = 4067 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\loading.gif type = size, size_out = 17395 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\lock.png type = size, size_out = 3677 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\logo.png type = size, size_out = 2611 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\marketing.png type = size, size_out = 493 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\NetworkIssueFAQ.mht type = size, size_out = 622093 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\NoNetworkConnection.png type = size, size_out = 2165 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\NoNetworkConnectionHoverOver.png type = size, size_out = 2212 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\pass.png type = size, size_out = 1822 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\base.js type = size, size_out = 1283526 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\ui.js type = size, size_out = 3046842 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\js\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\oobe-desktop.css type = size, size_out = 40953 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\ui-dark.css type = size, size_out = 269159 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\Microsoft.WinJS\css\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ar-sa.htm type = size, size_out = 110445 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_bg-bg.htm type = size, size_out = 253453 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\Restore-My-Files.txt type = file_attributes True 38
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_cs-cz.htm type = size, size_out = 83315 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_da-dk.htm type = size, size_out = 65173 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_de-de.htm type = size, size_out = 70461 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_el-gr.htm type = size, size_out = 239446 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_en-gb.htm type = size, size_out = 58549 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_en-us.htm type = size, size_out = 58549 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_es-es.htm type = size, size_out = 69816 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_es-mx.htm type = size, size_out = 69816 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_et-ee.htm type = size, size_out = 63101 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_fi-fi.htm type = size, size_out = 70746 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-ca.htm type = size, size_out = 69386 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_fr-fr.htm type = size, size_out = 69386 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_he-il.htm type = size, size_out = 864647 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_hr-hr.htm type = size, size_out = 64872 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_hu-hu.htm type = size, size_out = 84570 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_it-it.htm type = size, size_out = 69485 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ja-jp.htm type = size, size_out = 210254 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ko-kr.htm type = size, size_out = 634083 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_lt-lt.htm type = size, size_out = 76091 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_lv-lv.htm type = size, size_out = 83909 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_nb-no.htm type = size, size_out = 67188 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_nl-nl.htm type = size, size_out = 67224 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_pl-pl.htm type = size, size_out = 81812 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-br.htm type = size, size_out = 68292 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_pt-pt.htm type = size, size_out = 71054 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ro-ro.htm type = size, size_out = 78176 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_ru-ru.htm type = size, size_out = 283852 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_sk-sk.htm type = size, size_out = 81953 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_sl-si.htm type = size, size_out = 66159 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_sr-latn-cs.htm type = size, size_out = 75552 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_sv-se.htm type = size, size_out = 70391 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_th-th.htm type = size, size_out = 254145 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_tr-tr.htm type = size, size_out = 75137 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_uk-ua.htm type = size, size_out = 266731 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-cn.htm type = size, size_out = 126241 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-hk.htm type = size, size_out = 147140 True 1
Fn
Get Info C:\Windows10Upgrade\resources\ux\EULA\EULA_zh-tw.htm type = size, size_out = 147140 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\BiosBlocks.xml type = size, size_out = 91648 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\hwcompat.txt type = size, size_out = 16497 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\Restore-My-Files.txt type = file_attributes True 5
Fn
Get Info C:\Windows10Upgrade\resources\i386\hwexclude.txt type = size, size_out = 2263 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\nxquery.cat type = size, size_out = 9860 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\nxquery.inf type = size, size_out = 1495 True 1
Fn
Get Info C:\Windows10Upgrade\resources\i386\NXQuery.sys type = size, size_out = 20144 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\BiosBlocks.xml type = size, size_out = 93884 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\hwcompat.txt type = size, size_out = 73135 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\Restore-My-Files.txt type = file_attributes True 5
Fn
Get Info C:\Windows10Upgrade\resources\amd64\hwexclude.txt type = size, size_out = 2317 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\nxquery.cat type = size, size_out = 9910 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\nxquery.inf type = size, size_out = 1495 True 1
Fn
Get Info C:\Windows10Upgrade\resources\amd64\NXQuery.sys type = size, size_out = 20656 True 1
Fn
Get Info C:\Windows10Upgrade\dll2\webservices.dll type = size, size_out = 754688 True 1
Fn
Get Info C:\Windows10Upgrade\dll2\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\dll1\cosqueryxp.dll type = size, size_out = 132296 True 1
Fn
Get Info C:\Windows10Upgrade\dll1\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Windows10Upgrade\dll1\wdscore.dll type = size, size_out = 241864 True 1
Fn
Get Info C:\Windows10Upgrade\dll1\Restore-My-Files.txt type = file_attributes True 2
Fn
Get Info C:\Windows10Upgrade\dll1\webservices.dll type = size, size_out = 958152 True 1
Fn
Get Info C:\Windows10Upgrade\2052\DWINTL20.DLL type = size, size_out = 118472 True 1
Fn
Get Info C:\Windows10Upgrade\2052\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info C:\Users\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\Public\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info C:\Users\Public\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\Public\Videos\desktop.ini type = size, size_out = 380 True 1
Fn
Get Info C:\Users\Public\Videos\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\Public\Pictures\desktop.ini type = size, size_out = 380 True 1
Fn
Get Info C:\Users\Public\Pictures\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\Public\Music\desktop.ini type = size, size_out = 380 True 1
Fn
Get Info C:\Users\Public\Music\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\Public\Libraries\desktop.ini type = size, size_out = 175 True 1
Fn
Get Info C:\Users\Public\Libraries\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\Public\Libraries\RecordedTV.library-ms type = size, size_out = 960 True 1
Fn
Get Info C:\Users\Public\Libraries\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Users\Public\Downloads\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info C:\Users\Public\Downloads\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\Public\Documents\desktop.ini type = size, size_out = 278 True 1
Fn
Get Info C:\Users\Public\Documents\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\Public\Desktop\Acrobat Reader DC.lnk type = size, size_out = 2130 True 1
Fn
Get Info C:\Users\Public\Desktop\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\Public\Desktop\desktop.ini type = size, size_out = 174 True 1
Fn
Get Info C:\Users\Public\Desktop\Restore-My-Files.txt type = file_attributes True 3
Fn
Get Info C:\Users\Public\Desktop\Google Chrome.lnk type = size, size_out = 2330 True 1
Fn
Get Info C:\Users\Public\Desktop\Mozilla Firefox.lnk type = size, size_out = 999 True 1
Fn
Get Info C:\Users\Public\AccountPictures\desktop.ini type = size, size_out = 196 True 1
Fn
Get Info C:\Users\Public\AccountPictures\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\ntuser.ini type = size, size_out = 20 True 1
Fn
Get Info C:\Users\FD1HVy\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\457XRRHEeRC4UfGUI.avi type = size, size_out = 43674 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\desktop.ini type = size, size_out = 504 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\Restore-My-Files.txt type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Videos\DH14kRkDJ-8wwl8H.mkv type = size, size_out = 86705 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\i_9zyxoZSXHlx.avi type = size, size_out = 90280 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\52HiljouxlX.flv type = size, size_out = 52825 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\FI5N.mkv type = size, size_out = 34394 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\Restore-My-Files.txt type = file_attributes True 4
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\Gokf5TGMJc_QsIuaMfW.mp4 type = size, size_out = 56716 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\JlYeyYLPwK4Xpyt.mkv type = size, size_out = 98034 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\_WK_66PMS1WfZEiv.mkv type = size, size_out = 33729 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\0_w4.flv type = size, size_out = 75500 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\3s38Gm.avi type = size, size_out = 87410 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\Restore-My-Files.txt type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\wqxE4PKLcBhEx_-.swf type = size, size_out = 26682 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\YHk1VvX0c.swf type = size, size_out = 6470 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\cZl6rLvj5g7uCc.flv type = size, size_out = 60491 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\FQEZGWQS0yL.avi type = size, size_out = 72843 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\Restore-My-Files.txt type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\qDMrOHgyW.mkv type = size, size_out = 26730 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\smk-WRzZEtvv3zm.swf type = size, size_out = 93175 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\yMeSugojL-NDXZ.mkv type = size, size_out = 95761 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\X9lLwZrlCN5inYE X\j_LpWgAxXhBx7w0\Z7WOkahHFEPtvl0hHDd4.mp4 type = size, size_out = 73250 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\9J5o-K5rlPWB-d.avi type = size, size_out = 4623 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\zo81.mp4 type = size, size_out = 79260 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\V-VrwwulxTZ\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\SAxLYmvTaCBnnGJsau.mp4 type = size, size_out = 63957 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\zOgRlt_PaSqS2gBYyJ.avi type = size, size_out = 11516 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\mP h7Lt-\sd5-6Xz1vb9JNaL\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Users\FD1HVy\Videos\0Jit\bYsS_YlaY9z2LOgk.avi type = size, size_out = 28116 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\0Jit\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Videos\0Jit\ka0XqJkvY.flv type = size, size_out = 58802 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\0Jit\Restore-My-Files.txt type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Videos\0Jit\Kye1.mkv type = size, size_out = 74593 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\0Jit\LIMK2KYhSGbY3.avi type = size, size_out = 48737 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\0Jit\we3h9wVdNt2OG8gH.flv type = size, size_out = 63573 True 1
Fn
Get Info C:\Users\FD1HVy\Videos\0Jit\y9ZS.mp4 type = size, size_out = 81645 True 1
Fn
Get Info C:\Users\FD1HVy\Searches\desktop.ini type = size, size_out = 524 True 1
Fn
Get Info C:\Users\FD1HVy\Searches\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Searches\Everywhere.search-ms type = size, size_out = 248 True 1
Fn
Get Info C:\Users\FD1HVy\Searches\Restore-My-Files.txt type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Searches\Indexed Locations.search-ms type = size, size_out = 248 True 1
Fn
Get Info C:\Users\FD1HVy\Searches\winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms type = size, size_out = 855 True 1
Fn
Get Info C:\Users\FD1HVy\Saved Games\desktop.ini type = size, size_out = 282 True 1
Fn
Get Info C:\Users\FD1HVy\Saved Games\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Pictures\0eHZ_3WhSTBcCzE8.jpg type = size, size_out = 97623 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Pictures\1A1pfm.png type = size, size_out = 2176 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Restore-My-Files.txt type = file_attributes True 38
Fn
Get Info C:\Users\FD1HVy\Pictures\37R8aHt.bmp type = size, size_out = 87440 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\4yuX.bmp type = size, size_out = 20952 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\69rhLdMoVCQ.gif type = size, size_out = 90203 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\8J4nPD.png type = size, size_out = 73725 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\90TDXbBi_nI bB.bmp type = size, size_out = 97083 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\a1i3b7A5pHU82I.png type = size, size_out = 18119 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\aXeXUP6k-snF.png type = size, size_out = 17466 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\cDL2gR6a-IbLz3x.jpg type = size, size_out = 85120 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\desktop.ini type = size, size_out = 504 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\eBfX1Df0J.gif type = size, size_out = 1058 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\eyrJY ehH0.gif type = size, size_out = 21503 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\e_rAGl109.bmp type = size, size_out = 61686 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\fiznQaqNRLajHUms2A.png type = size, size_out = 54969 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\fvA5IQ_5PavX.png type = size, size_out = 82886 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\j0tyQmSHBzZT2.bmp type = size, size_out = 6260 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\JCevQv3sR4zWuvdiroaf.png type = size, size_out = 44399 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\JQTgE9tvFrhK2 G1Dls.bmp type = size, size_out = 62934 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\jUIAgiN6w3v.gif type = size, size_out = 28974 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\l1nWbEX73V5RO.png type = size, size_out = 30373 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\MlQJ8yCmxq5jsR.gif type = size, size_out = 82215 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\n kdsPg6tJT4a99pz.jpg type = size, size_out = 70128 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\N8Pzx.png type = size, size_out = 57660 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\nM_Byv6DBsnL.png type = size, size_out = 92125 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\p_yVA4jYCd-zL DX.bmp type = size, size_out = 13485 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\rrF_r4.bmp type = size, size_out = 38073 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\rv8WAxpJ6.png type = size, size_out = 59791 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Sc6Jajus_ESL5w yG8.gif type = size, size_out = 100615 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\tWeSxYdyFHpRSLgu.bmp type = size, size_out = 83186 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\ucDmOcTieCLOpWpKJX.gif type = size, size_out = 40054 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\uqUo.gif type = size, size_out = 70002 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\We_HpS54_a0D.gif type = size, size_out = 20381 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\WgAe-lk.bmp type = size, size_out = 66332 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Xwj8aUsr5KISbCH.gif type = size, size_out = 97976 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\XxaTc-hwy798uwvin.png type = size, size_out = 66423 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\YAi 7SSuqQL.gif type = size, size_out = 64003 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\zy-huTJy.bmp type = size, size_out = 89570 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\_cKcOyWheqI.jpg type = size, size_out = 24281 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini type = size, size_out = 190 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Saved Pictures\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini type = size, size_out = 190 True 1
Fn
Get Info C:\Users\FD1HVy\Pictures\Camera Roll\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\OneDrive\desktop.ini type = size, size_out = 97 True 1
Fn
Get Info C:\Users\FD1HVy\OneDrive\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\desktop.ini type = size, size_out = 504 True 1
Fn
Get Info C:\Users\FD1HVy\Music\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\F47mcjmxOLj.mp3 type = size, size_out = 44345 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\iyC7tW4Ojj7RBRjiv.m4a type = size, size_out = 13143 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\Restore-My-Files.txt type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ocv58-qJyi.wav type = size, size_out = 80974 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\xN4AUbEaCl-f1xZI.mp3 type = size, size_out = 77978 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\h3weC1KwwHE.wav type = size, size_out = 49449 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\twKU.mp3 type = size, size_out = 58905 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\Restore-My-Files.txt type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\xoEix01H8r8Gb.mp3 type = size, size_out = 16931 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\yGlGNTCmxEmW-X_p.mp3 type = size, size_out = 79535 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\6bZRhWw.mp3 type = size, size_out = 18936 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\DzJl9qZz.wav type = size, size_out = 33033 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\Restore-My-Files.txt type = file_attributes True 4
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\GIbA_.m4a type = size, size_out = 62403 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\kuJc FfRcut4b.m4a type = size, size_out = 82282 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\TtF4\DQ xdKVkdg\wdaj18HGC2anUg.mp3 type = size, size_out = 55622 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\3yMQVi4Ib7NBzSV.m4a type = size, size_out = 87493 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\M8 ByX8vq.m4a type = size, size_out = 74318 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\Restore-My-Files.txt type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\pEpFQi.mp3 type = size, size_out = 78490 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\QRuixFGCDWAncl5AbmZ.wav type = size, size_out = 26990 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\uY5_Z 6FH.wav type = size, size_out = 97763 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\K1UxMX9 J\v9-kpgHfycaPisG2zG.m4a type = size, size_out = 11276 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Cgdvi2MgC_w.m4a type = size, size_out = 18885 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Deupb3VmhF.wav type = size, size_out = 76256 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\Restore-My-Files.txt type = file_attributes True 6
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\JW0rnE-6Xut0CIcI.wav type = size, size_out = 75000 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\mj8IN.m4a type = size, size_out = 12916 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\OFRJqA4.m4a type = size, size_out = 29754 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\s8HsO.m4a type = size, size_out = 35708 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\uznHK8YoJt.m4a type = size, size_out = 71696 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\FOOxWsHmP 33F468ydKn.mp3 type = size, size_out = 79657 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\KmPQcO2v E2UpcJS9.wav type = size, size_out = 50739 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\Restore-My-Files.txt type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\SjE dCES6E76kFP2AXnm.m4a type = size, size_out = 3632 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\w3H2 yJco0KHxo9cfC.m4a type = size, size_out = 70790 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\PR3ENDw94r3DF0R.mp3 type = size, size_out = 93546 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\Z0sB.mp3 type = size, size_out = 9754 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\G1ib\61EWjIxHOz1fIKhG.m4a type = size, size_out = 31582 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\ioqWU\rmY_urTfctd0pcg\u2Wr9h\G1ib\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\4tQa7lWyp ecdKrj-LF_.wav type = size, size_out = 35154 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\5Do3BxUwXptyuPqqS.m4a type = size, size_out = 31572 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\Restore-My-Files.txt type = file_attributes True 4
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\cUE Q5HhuF.mp3 type = size, size_out = 97212 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\pKDHkb-pNSElIW.wav type = size, size_out = 84788 True 1
Fn
Get Info C:\Users\FD1HVy\Music\qgSTwfc7nusgEEgz\hnYmUoDo NkGMMv_MDbJ\UQCqvaf.m4a type = size, size_out = 43411 True 1
Fn
Get Info C:\Users\FD1HVy\Links\desktop.ini type = size, size_out = 504 True 1
Fn
Get Info C:\Users\FD1HVy\Links\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Links\Desktop.lnk type = size, size_out = 501 True 1
Fn
Get Info C:\Users\FD1HVy\Links\Restore-My-Files.txt type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Links\Downloads.lnk type = size, size_out = 942 True 1
Fn
Get Info C:\Users\FD1HVy\Links\OneDrive.lnk type = size, size_out = 1338 True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\Bing.url type = size, size_out = 208 True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Favorites\desktop.ini type = size, size_out = 402 True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\Links\desktop.ini type = size, size_out = 80 True 1
Fn
Get Info C:\Users\FD1HVy\Favorites\Links\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Downloads\desktop.ini type = size, size_out = 282 True 1
Fn
Get Info C:\Users\FD1HVy\Downloads\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\51ytOL5BljtCh7X6H6t.docx type = size, size_out = 60909 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\7oOrFy9-XzTkyZ2rl.pptx type = size, size_out = 67205 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\Restore-My-Files.txt type = file_attributes True 18
Fn
Get Info C:\Users\FD1HVy\Documents\9yI_VEibenVF8qdK.xlsx type = size, size_out = 24197 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\aT9pzOWsVgr.xlsx type = size, size_out = 13003 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\cbaecYlNi7Wyd.pptx type = size, size_out = 43796 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\Database1.accdb type = size, size_out = 348160 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\desktop.ini type = size, size_out = 402 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\kF-7Mq.pptx type = size, size_out = 93820 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\KF3jG.pptx type = size, size_out = 63834 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\knqvhBu38vwGH1qEW5d.xls type = size, size_out = 100277 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\nbKD3Hf ueRWHf wHXp.pptx type = size, size_out = 5798 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\nRxY.docx type = size, size_out = 89060 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\Nsz56_avLzRhNtU2.xlsx type = size, size_out = 100634 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\PhLs-.docx type = size, size_out = 79785 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\PW 4s6YSlKIjSAIQL4k1.docx type = size, size_out = 15448 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\q ROdocsrquPxD8lhq2.xlsx type = size, size_out = 69032 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\SzQhK hpaQQbMzUBn.docx type = size, size_out = 98030 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\Vg2Z-M_RIxmspStMiC.ppt type = size, size_out = 37029 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\xzq4STr9TSu0C5-Un.xlsx type = size, size_out = 92193 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\u2fXT-EU0bRZ\6zVcdLeMD.pdf type = size, size_out = 30599 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\u2fXT-EU0bRZ\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\u2fXT-EU0bRZ\WooKSLpvF nOj.ots type = size, size_out = 89739 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\u2fXT-EU0bRZ\Restore-My-Files.txt type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Documents\u2fXT-EU0bRZ\ZpIMu8yk6JQ.pps type = size, size_out = 57134 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\ThDBa\1Pmz EKz5G.ots type = size, size_out = 61838 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\ThDBa\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\ThDBa\5l4XPs-X.doc type = size, size_out = 7674 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\ThDBa\Restore-My-Files.txt type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Documents\ThDBa\6VZBBt9b4urW.rtf type = size, size_out = 73435 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\ThDBa\b6qPYJyM Z.csv type = size, size_out = 73733 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\ThDBa\I7yc62zg2S.ods type = size, size_out = 39047 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\ThDBa\OEnSsRvbmJYDHwA_5tpT.xls type = size, size_out = 46431 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\Outlook Files\kkcie@kdj.kd.pst type = size, size_out = 271360 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\Outlook Files\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\My Shapes\desktop.ini type = size, size_out = 216 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\My Shapes\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\My Shapes\Favorites.vssx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\My Shapes\_private\folder.ico type = size, size_out = 29926 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\My Shapes\_private\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\C0Cz.rtf type = size, size_out = 28958 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LfSRNVTUAR4.doc type = size, size_out = 23327 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Restore-My-Files.txt type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\snzmwtEyn.pps type = size, size_out = 32590 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\0BcZ8w.pptx type = size, size_out = 59170 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\9JZw2Q4rmxZnPZoq.pps type = size, size_out = 53555 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\Restore-My-Files.txt type = file_attributes True 6
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\FTBp1rknFQ.pps type = size, size_out = 44978 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\ORmtPxNSwy.pdf type = size, size_out = 101493 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\RFo9.pptx type = size, size_out = 63723 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\yw3IlRN1POff_i.ppt type = size, size_out = 98297 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\zWMNi.ots type = size, size_out = 13704 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\2bd2_\hbOl72e57TFVZe1qSTW.rtf type = size, size_out = 79246 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\2bd2_\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\2bd2_\RzeuUoQ4mmTbQAfOTId.odp type = size, size_out = 16521 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\2bd2_\Restore-My-Files.txt type = file_attributes True 2
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\2bd2_\Wr3E1k0Jm4z.odt type = size, size_out = 28793 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\jGScp2s451EmqoC0Y.odp type = size, size_out = 49833 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\vY4D.pdf type = size, size_out = 39432 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\lUAVsDO9-.rtf type = size, size_out = 37416 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\Pw3jkYSsg1.rtf type = size, size_out = 27429 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\Restore-My-Files.txt type = file_attributes True 3
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\ZmeXdgzSLBd0ghTUv.rtf type = size, size_out = 89776 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\SqFt6xLU3RHDD\ZXuP4R.docx type = size, size_out = 3289 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Mp-J5ol\TCJH_Abtr MeMshztNiy.doc type = size, size_out = 45991 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Mp-J5ol\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Mp-J5ol\Z_ckYKBo8.rtf type = size, size_out = 20663 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\Mp-J5ol\Restore-My-Files.txt type = file_attributes True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\c-Qn3oz8tan.rtf type = size, size_out = 7217 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\Dr56uApA5ecLcS.rtf type = size, size_out = 17692 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\Restore-My-Files.txt type = file_attributes True 5
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\psL9JTiqGPkEay.pptx type = size, size_out = 34921 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\QNuCgog.xls type = size, size_out = 95124 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\YdvneFvANQl2.ods type = size, size_out = 32698 True 1
Fn
Get Info C:\Users\FD1HVy\Documents\D83vNUif\Cr4v4INnT\C9BBnxd\ye-qZ.docx type = size, size_out = 37760 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\-Hhj7ZIgn_ii0AIFQcQ.pps type = size, size_out = 90788 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Desktop\0 oyr1byk-qjr3BJCK.wav type = size, size_out = 35089 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\Restore-My-Files.txt type = file_attributes True 33
Fn
Get Info C:\Users\FD1HVy\Desktop\4DXOKUdqH4s5x3lyx.doc type = size, size_out = 69600 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\6EBDYQwx4TUYKg_UXvaA.png type = size, size_out = 21574 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\71HCTQ.gif type = size, size_out = 54544 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\7ef27LE.jpg type = size, size_out = 101394 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\90zSzC3L6h.mp3 type = size, size_out = 92548 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\9Ecvx0-DIFPqym7.avi type = size, size_out = 34922 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\APDuagV5SKNx4tcX.ods type = size, size_out = 86623 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\CDM3.mkv type = size, size_out = 88335 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\desktop.ini type = size, size_out = 282 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\dlN4n.swf type = size, size_out = 63866 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\DP__E4p.swf type = size, size_out = 79362 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\EaS-6wFdrAnBpb6.png type = size, size_out = 76127 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\EFOQOoEJXJDidK8hwAP.swf type = size, size_out = 36879 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\GEgaUis.flv type = size, size_out = 29850 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\gKzyb.mkv type = size, size_out = 18899 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\GZJPj0k1zQiyL1gmpiVf.mp3 type = size, size_out = 101239 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\HhgxC9MI4D9zuLPRoeb.jpg type = size, size_out = 64402 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\LT8phmRSP.jpg type = size, size_out = 13397 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\lx-HVxlTgn4Cdc-AYG7y.wav type = size, size_out = 61226 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\nlGf0jHzQ69.gif type = size, size_out = 39612 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\nQFxW1_hVPFHf.bmp type = size, size_out = 101546 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\p57y84p7uF.avi type = size, size_out = 36446 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\PRFn5_vq27hpmWJ43BW7.jpg type = size, size_out = 28141 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\rCg8zjFU57hXRZ8dk_.wav type = size, size_out = 58664 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\RG dDwOjRMvXcOhlt.gif type = size, size_out = 15116 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\rGm2OQrj9APP.swf type = size, size_out = 68567 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\SQ74itNweHx_jA2mN.png type = size, size_out = 76609 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\td3_hbS3LSlsEVxdVZ.swf type = size, size_out = 4988 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\VhSdqPX.ppt type = size, size_out = 33871 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\wGRbTDTtVTytjYi.mp4 type = size, size_out = 27287 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\YOUaenTH_pO.png type = size, size_out = 4741 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\Z3j1nCO.mp3 type = size, size_out = 52185 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\7N _EMMZ4S9VcztV.jpg type = size, size_out = 43143 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\gLCTTcuZJ.gif type = size, size_out = 48040 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\Restore-My-Files.txt type = file_attributes True 10
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\HwMQq76Br.gif type = size, size_out = 95206 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\pdIhw6.odt type = size, size_out = 6916 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\qzTCEi1.bmp type = size, size_out = 51633 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\RVBd8MolG26d.mkv type = size, size_out = 29696 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\v8iKp3k-8B6LJEEuX.pps type = size, size_out = 89160 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\VdQZEZ1 b35T1a7crz.bmp type = size, size_out = 100814 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\VP _BanzdRW7hJdXM.png type = size, size_out = 71448 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\vP6_aQi7U-bwXykpTcO.avi type = size, size_out = 41708 True 1
Fn
Get Info C:\Users\FD1HVy\Desktop\92ct\_wkOqUn1H924.swf type = size, size_out = 44957 True 1
Fn
Get Info C:\Users\FD1HVy\Contacts\desktop.ini type = size, size_out = 412 True 1
Fn
Get Info C:\Users\FD1HVy\Contacts\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\- RD- zaaq0CUrsNeJ.m4a type = size, size_out = 96487 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\2DyrA WUW1 yB_Qv7CS.flv type = size, size_out = 74776 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Restore-My-Files.txt type = file_attributes True 34
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\2kWE_7-.jpg type = size, size_out = 63111 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\3VDEeXKJ.avi type = size, size_out = 15607 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\4nJ8Gaxak.mp4 type = size, size_out = 44192 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\7eChBWbqwO3WkhR.flv type = size, size_out = 99880 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\CcRb94LzuzE.gif type = size, size_out = 37248 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\E3D2md.odp type = size, size_out = 73913 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\E63D4v.m4a type = size, size_out = 60713 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\eMPX JwoG.bmp type = size, size_out = 73694 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\FnNHUdFAiTNAzFvQJy.mp4 type = size, size_out = 52068 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\G9y AXR_CT9.mp4 type = size, size_out = 19575 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\gFM.png type = size, size_out = 3391 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\HLkCbRJhol6cW.bmp type = size, size_out = 55743 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\khet9ZxWoyaekkxEn7Q.m4a type = size, size_out = 82018 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\ks5gKkofsFJirmFXzo.ots type = size, size_out = 58594 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\lnIs.wav type = size, size_out = 39857 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\LZ-nlZLffPIo.bmp type = size, size_out = 84355 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\m4Fmq.mkv type = size, size_out = 46900 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\N3i6NgdfIS86a0kYGjV6.m4a type = size, size_out = 76489 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\NsPC0H5wkT.flv type = size, size_out = 97344 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\oM_E44cNPr1d-LSGfR80.ods type = size, size_out = 56636 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\P8a3em2-u0pe.rtf type = size, size_out = 65592 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\QWC6v5P_PsR-OTul.avi type = size, size_out = 57237 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\R1SKe.swf type = size, size_out = 21154 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\rohkp1AV.mp4 type = size, size_out = 84388 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\T HiR.m4a type = size, size_out = 96277 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\vdp7x_u3S9anYfI6io.png type = size, size_out = 67957 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\w3w98kUAJRo5j.m4a type = size, size_out = 56807 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\wlCPW_4JeVyJN1c.swf type = size, size_out = 63260 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\xfiyvRt.swf type = size, size_out = 68183 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Y2S7dpyn-_T84InaQ.m4a type = size, size_out = 15404 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\zeLovCA5ih-XKc.mp3 type = size, size_out = 51039 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\ZrZ3ijmXp.jpg type = size, size_out = 69698 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\_6MYp.png type = size, size_out = 101169 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Skype\RootTools\roottools.conf type = size, size_out = 76 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Skype\RootTools\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\profiles.ini type = size, size_out = 122 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addons.json type = size, size_out = 24 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\Restore-My-Files.txt type = file_attributes False 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addonStartup.json.lz4 type = size, size_out = 657 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\Restore-My-Files.txt type = file_attributes True 8
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\AlternateServices.txt type = size, size_out = 0 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\blocklist.xml type = size, size_out = 280169 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cert8.db type = size, size_out = 65536 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\compatibility.ini type = size, size_out = 199 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\containers.json type = size, size_out = 809 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\content-prefs.sqlite type = size, size_out = 229376 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cookies.sqlite type = size, size_out = 524288 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\extensions.json type = size, size_out = 10542 True 1
Fn
Get Info C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\favicons.sqlite type = size, size_out = 5242880 True 1
Fn
Copy C:\Users\FD1HVy\AppData\Local\rdfg546fgh.exe source_filename = C:\Users\FD1HVy\Desktop\rdfg546fgh.exe True 1
Fn
Move C:\BOOTNXT.DOCM source_filename = C:\BOOTNXT, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\BOOTSECT.BAK.DOCM source_filename = C:\BOOTSECT.BAK, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Windows10Upgrade\appraiserxp.dll.DOCM source_filename = C:\Windows10Upgrade\appraiserxp.dll, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Videos\mP h7Lt-\_WK_66PMS1WfZEiv.mkv.DOCM source_filename = C:\Users\FD1HVy\Videos\mP h7Lt-\_WK_66PMS1WfZEiv.mkv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\0BcZ8w.pptx.DOCM source_filename = C:\Users\FD1HVy\Documents\D83vNUif\LRygDDx6BB BrCaFNG6\0BcZ8w.pptx, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Skype\RootTools\roottools.conf.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Skype\RootTools\roottools.conf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\profiles.ini.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\profiles.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addons.json.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addons.json, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addonStartup.json.lz4.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\addonStartup.json.lz4, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\blocklist.xml.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\blocklist.xml, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cert8.db.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cert8.db, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\compatibility.ini.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\compatibility.ini, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\containers.json.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\containers.json, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\content-prefs.sqlite.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\content-prefs.sqlite, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cookies.sqlite.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cookies.sqlite, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\extensions.json.DOCM source_filename = C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\extensions.json, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Read C:\Users\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\Videos\desktop.ini size = 384, size_out = 384 True 1
Fn
Data
Read C:\Users\Public\Pictures\desktop.ini size = 384, size_out = 384 True 1
Fn
Data
Read C:\Users\Public\Music\desktop.ini size = 384, size_out = 384 True 1
Fn
Data
Read C:\Users\Public\Libraries\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\Downloads\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\Documents\desktop.ini size = 288, size_out = 288 True 1
Fn
Data
Read C:\Users\Public\Desktop\desktop.ini size = 176, size_out = 176 True 1
Fn
Data
Read C:\Users\Public\AccountPictures\desktop.ini size = 208, size_out = 208 True 1
Fn
Data
Read C:\Users\FD1HVy\Videos\desktop.ini size = 512, size_out = 512 True 1
Fn
Data
Read C:\Users\FD1HVy\Searches\desktop.ini size = 528, size_out = 528 True 1
Fn
Data
Read C:\Users\FD1HVy\Saved Games\desktop.ini size = 288, size_out = 288 True 1
Fn
Data
Read C:\Users\FD1HVy\Pictures\desktop.ini size = 512, size_out = 512 True 1
Fn
Data
Read C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini size = 192, size_out = 192 True 1
Fn
Data
Read C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini size = 192, size_out = 192 True 1
Fn
Data
Read C:\Users\FD1HVy\OneDrive\desktop.ini size = 112, size_out = 112 True 1
Fn
Data
Read C:\Users\FD1HVy\Music\desktop.ini size = 512, size_out = 512 True 1
Fn
Data
Read C:\Users\FD1HVy\Links\desktop.ini size = 512, size_out = 512 True 1
Fn
Data
Read C:\Users\FD1HVy\Favorites\desktop.ini size = 416, size_out = 416 True 1
Fn
Data
Read C:\Users\FD1HVy\Favorites\Links\desktop.ini size = 80, size_out = 80 True 1
Fn
Data
Read C:\Users\FD1HVy\Downloads\desktop.ini size = 288, size_out = 288 True 1
Fn
Data
Read C:\Users\FD1HVy\Documents\desktop.ini size = 416, size_out = 416 True 1
Fn
Data
Read C:\Users\FD1HVy\Documents\My Shapes\desktop.ini size = 224, size_out = 224 True 1
Fn
Data
Read C:\Users\FD1HVy\Desktop\desktop.ini size = 288, size_out = 288 True 1
Fn
Data
Read C:\Users\FD1HVy\Contacts\desktop.ini size = 416, size_out = 416 True 1
Fn
Data
Write C:\Users\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\Public\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\Public\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Videos\desktop.ini size = 900 True 1
Fn
Data
Write C:\Users\Public\Videos\desktop.ini size = 384 True 1
Fn
Data
Write C:\Users\Public\Videos\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Pictures\desktop.ini size = 900 True 1
Fn
Data
Write C:\Users\Public\Pictures\desktop.ini size = 384 True 1
Fn
Data
Write C:\Users\Public\Pictures\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Music\desktop.ini size = 900 True 1
Fn
Data
Write C:\Users\Public\Music\desktop.ini size = 384 True 1
Fn
Data
Write C:\Users\Public\Music\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Libraries\desktop.ini size = 897 True 1
Fn
Data
Write C:\Users\Public\Libraries\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\Public\Libraries\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Downloads\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\Public\Downloads\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\Public\Downloads\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Documents\desktop.ini size = 906 True 1
Fn
Data
Write C:\Users\Public\Documents\desktop.ini size = 288 True 1
Fn
Data
Write C:\Users\Public\Documents\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\Desktop\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\Public\Desktop\desktop.ini size = 176 True 1
Fn
Data
Write C:\Users\Public\Desktop\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\Public\AccountPictures\desktop.ini size = 908 True 1
Fn
Data
Write C:\Users\Public\AccountPictures\desktop.ini size = 208 True 1
Fn
Data
Write C:\Users\Public\AccountPictures\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Videos\desktop.ini size = 904 True 1
Fn
Data
Write C:\Users\FD1HVy\Videos\desktop.ini size = 512 True 1
Fn
Data
Write C:\Users\FD1HVy\Videos\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Searches\desktop.ini size = 900 True 1
Fn
Data
Write C:\Users\FD1HVy\Searches\desktop.ini size = 528 True 1
Fn
Data
Write C:\Users\FD1HVy\Searches\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Saved Games\desktop.ini size = 902 True 1
Fn
Data
Write C:\Users\FD1HVy\Saved Games\desktop.ini size = 288 True 1
Fn
Data
Write C:\Users\FD1HVy\Saved Games\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\desktop.ini size = 904 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\desktop.ini size = 512 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini size = 192 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Saved Pictures\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini size = 898 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini size = 192 True 1
Fn
Data
Write C:\Users\FD1HVy\Pictures\Camera Roll\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\OneDrive\desktop.ini size = 911 True 1
Fn
Data
Write C:\Users\FD1HVy\OneDrive\desktop.ini size = 112 True 1
Fn
Data
Write C:\Users\FD1HVy\OneDrive\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Music\desktop.ini size = 904 True 1
Fn
Data
Write C:\Users\FD1HVy\Music\desktop.ini size = 512 True 1
Fn
Data
Write C:\Users\FD1HVy\Music\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Links\desktop.ini size = 904 True 1
Fn
Data
Write C:\Users\FD1HVy\Links\desktop.ini size = 512 True 1
Fn
Data
Write C:\Users\FD1HVy\Links\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\desktop.ini size = 910 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\desktop.ini size = 416 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\Links\desktop.ini size = 896 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\Links\desktop.ini size = 80 True 1
Fn
Data
Write C:\Users\FD1HVy\Favorites\Links\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Downloads\desktop.ini size = 902 True 1
Fn
Data
Write C:\Users\FD1HVy\Downloads\desktop.ini size = 288 True 1
Fn
Data
Write C:\Users\FD1HVy\Downloads\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Documents\desktop.ini size = 910 True 1
Fn
Data
Write C:\Users\FD1HVy\Documents\desktop.ini size = 416 True 1
Fn
Data
Write C:\Users\FD1HVy\Documents\desktop.ini size = 48 True 1
Fn
Data
Write C:\Users\FD1HVy\Documents\My Shapes\desktop.ini size = 904 True 1
Fn
Data
Write C:\Users\FD1HVy\Documents\My Shapes\desktop.ini size = 224 True 1
Fn
Data
Write C:\Users\FD1HVy\Documents\My Shapes\desktop.ini size = 48 True 1
Fn
Data
For performance reasons, the remaining 1790 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (4)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce - True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce value_name = BrowserUpdateCheck, data = 0 False 1
Fn
Write Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce value_name = BrowserUpdateCheck, data = C:\Users\FD1HVy\AppData\Local\rdfg546fgh.exe, size = 88, type = REG_SZ True 1
Fn
Module (1)
»
Operation Module Additional Information Success Count Logfile
Get Filename - process_name = c:\users\fd1hvy\desktop\rdfg546fgh.exe, file_name_orig = C:\Users\FD1HVy\Desktop\rdfg546fgh.exe, size = 2048 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Sleep duration = -1 (infinite) False 1
Fn
Environment (2)
»
Operation Additional Information Success Count Logfile
Get Environment String name = LOCALAPPDATA, result_out = C:\Users\FD1HVy\AppData\Local True 1
Fn
Get Environment String name = public, result_out = C:\Users\Public True 1
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image