7cdd7e30...c415

Virtual Machine Information

Name	win10_64_rs2
Description	-
Architecture	x86 64-bit
Operating System	Windows 10 Redstone 2
Kernel Version	10.0.15063.540 (f6f48955-5489-4b24-b4df-942361f0730d)
Network Scheme Name	Local Gateway
Network Config Name	Local Gateway

Analyzer Information

Dynamic Analyzer Build Date	2019-03-26 18:49 (UTC+1)
Dynamic Analyzer Version	3.0.1
Static Analyzer Version	1.1.0
VTI Ruleset Version	3.2
YARA Built-in Ruleset Version	1.2
Analysis Report Layout Version	4

System Information

Computer Name	NQDPDE
User Domain	NQDPDE
User Name	FD1HVy
User Profile	C:\Users\FD1HVy
Temp Directory	C:\Users\FD1HVy\AppData\Local\Temp
System Root	C:\WINDOWS
Sample Directory	C:\Users\FD1HVy\Desktop

Software Information

Adobe Acrobat Reader Version	18.009.20050
Microsoft Office	2016
Microsoft Office Version	16.0.4266.1003
Internet Explorer Version	11.540.15063.0
Chrome Version	61.0.3163.79
Firefox Version	55.0.3
Flash Version	25.0.0.148
Java Version	8.0.1440.1
Microsoft Project Version	16.0.4266.1003
Microsoft Visio Version	16.0.4266.1003

Randomly Created Artifacts

This section provides information about processes and files that were created before the analysis was started. This is one of many steps designed to make the analysis system look more realistic and prevent evasion by environment aware malware. The number of randomly generated artifacts can be changed in the configuration.

Processes (22)

Filename	PID	GUI
C:\Program Files (x86)\Common Files\ixtelephonyreligion.exe	#1128
C:\Program Files (x86)\Common Files\theta tested housewives.exe	#3532
C:\Program Files (x86)\Microsoft Office\disclosure.exe	#3296
C:\Program Files (x86)\Microsoft Office\empty.exe	#1148
C:\Program Files (x86)\Mozilla Maintenance Service\joke.exe	#724
C:\Program Files (x86)\Mozilla Maintenance Service\trick.exe	#1736
C:\Program Files (x86)\Reference Assemblies\confusion.exe	#1184
C:\Program Files (x86)\Reference Assemblies\scale.exe	#2652
C:\Program Files (x86)\Windows Defender\wage.exe	#3344
C:\Program Files (x86)\Windows NT\member_romania_liberia.exe	#2520
C:\Program Files (x86)\Windows Portable Devices\stuffedbachelordome.exe	#3372
C:\Program Files (x86)\Windows Sidebar\brush-scratch-ball.exe	#1344
C:\Program Files\Internet Explorer\surfacesneilarrived.exe	#2716
C:\Program Files\Java\regard_organization.exe	#2480
C:\Program Files\MSBuild\customize.exe	#3508
C:\Program Files\UNP\keyboard_rebecca_mid.exe	#3352
C:\Program Files\UNP\screensaver.exe	#1180
C:\Program Files\UNP\varieties_cheers.exe	#1904
C:\Program Files\Windows Defender Advanced Threat Protection\neo-quotations.exe	#3400
C:\Program Files\Windows Media Player\davis-phase.exe	#3120
C:\Program Files\Windows Portable Devices\seeks_grab.exe	#3340
C:\Program Files\Windows Security\placing-blade.exe	#3324

Files (291)

Filename
C:\Users\FD1HVy\AppData\Local\Temp\-Ee-ZR5DwWD.jpg
C:\Users\FD1HVy\AppData\Local\Temp\4gyR2KQPVQxQjiu.mp3
C:\Users\FD1HVy\AppData\Local\Temp\5hOIdyBQ42.mp4
C:\Users\FD1HVy\AppData\Local\Temp\7CQEEX69v9 rat5fCi.mp3
C:\Users\FD1HVy\AppData\Local\Temp\CguSindI8NzgMIFmODA.xls
C:\Users\FD1HVy\AppData\Local\Temp\EHFN28k.mp4
C:\Users\FD1HVy\AppData\Local\Temp\MotBv_SGdeXVQYe.mp3
C:\Users\FD1HVy\AppData\Local\Temp\NDMc4iTDEACdDo.pps
C:\Users\FD1HVy\AppData\Local\Temp\NavUHco0Jmab1OBe.avi
C:\Users\FD1HVy\AppData\Local\Temp\RG3_y W1gFUyRCXd.wav
C:\Users\FD1HVy\AppData\Local\Temp\Ut8FhVGE4B LaHr8.mkv
C:\Users\FD1HVy\AppData\Local\Temp\XpdTHLZpTAbZl hHJCb.flv
C:\Users\FD1HVy\AppData\Local\Temp\azJFyWFXn1h9-.avi
C:\Users\FD1HVy\AppData\Local\Temp\bZm5-eGws45QPSSg3Sg8.csv
C:\Users\FD1HVy\AppData\Local\Temp\cxnrMSfu9cOz.m4a
C:\Users\FD1HVy\AppData\Local\Temp\dqpBxjdb6ppCmSOXcAsB.mp3
C:\Users\FD1HVy\AppData\Local\Temp\eqi99cqtNVK.rtf
C:\Users\FD1HVy\AppData\Local\Temp\fUxwNIGpG3kzoltN8G.mp3
C:\Users\FD1HVy\AppData\Local\Temp\g1nFb i0Va5GzT.mkv
C:\Users\FD1HVy\AppData\Local\Temp\iaA_6f4Yi-aRmzr6CQ2.png
C:\Users\FD1HVy\AppData\Local\Temp\k746mjD.flv
C:\Users\FD1HVy\AppData\Local\Temp\kcqf_zRQi4ed.bmp
C:\Users\FD1HVy\AppData\Local\Temp\kl8fE6xtiIOhuc0yKo.wav
C:\Users\FD1HVy\AppData\Local\Temp\krv5o2lEcK3.pptx
C:\Users\FD1HVy\AppData\Local\Temp\ltRlHrYoC-VrSfpTH.m4a
C:\Users\FD1HVy\AppData\Local\Temp\pw_fbIedgb1qd9.gif
C:\Users\FD1HVy\AppData\Local\Temp\py-tiYL.xlsx
C:\Users\FD1HVy\AppData\Local\Temp\sV6Ar0kOkxLatmF0q-o.jpg
C:\Users\FD1HVy\AppData\Local\Temp\vpW3rxr3P.gif
C:\Users\FD1HVy\AppData\Local\Temp\x5Vt.wav
C:\Users\FD1HVy\AppData\Roaming\0fw-VcojrWUWt6a464xZ.swf
C:\Users\FD1HVy\AppData\Roaming\1noI-mmJkUHT2.wav
C:\Users\FD1HVy\AppData\Roaming\8IDc_FTPMJyFEyJG6.xls
C:\Users\FD1HVy\AppData\Roaming\DaeP.mp4
C:\Users\FD1HVy\AppData\Roaming\FAiipXMxTh.pdf
C:\Users\FD1HVy\AppData\Roaming\G7N_rJkm8or7BeQVF.swf
C:\Users\FD1HVy\AppData\Roaming\Gvkh.bmp
C:\Users\FD1HVy\AppData\Roaming\Ioa995A.xls
C:\Users\FD1HVy\AppData\Roaming\LWHtc 7-UlgLuYp9l.jpg
C:\Users\FD1HVy\AppData\Roaming\MCbvvc6-RbmC1.mkv
C:\Users\FD1HVy\AppData\Roaming\Mmv7GPx1I SqZ.bmp
C:\Users\FD1HVy\AppData\Roaming\OrQY-YE_c2TS.png
C:\Users\FD1HVy\AppData\Roaming\PKQNRo9anOTUYoD3.m4a
C:\Users\FD1HVy\AppData\Roaming\R-bgq0ctR8hqw2.swf
C:\Users\FD1HVy\AppData\Roaming\RSuwYoMcVu.mp3
C:\Users\FD1HVy\AppData\Roaming\Tn4x-VFlke5.mp3
C:\Users\FD1HVy\AppData\Roaming\VUfYZSySsD7z7NhKqMW.swf
C:\Users\FD1HVy\AppData\Roaming\X91XJysFVsgl70hEHNIl.ots
C:\Users\FD1HVy\AppData\Roaming\YnElwM1DvRI.jpg
C:\Users\FD1HVy\AppData\Roaming\cilkxR.png
C:\Users\FD1HVy\AppData\Roaming\fUYNk2LbUgk2 3E.png
C:\Users\FD1HVy\AppData\Roaming\hmdCnbOStxNct 2n.png
C:\Users\FD1HVy\AppData\Roaming\iRpos7k5P0QFR5Y1u_ys.jpg
C:\Users\FD1HVy\AppData\Roaming\kKkR6oeV268jseF8 u.mkv
C:\Users\FD1HVy\AppData\Roaming\nGYUO5ZJ.mp3
C:\Users\FD1HVy\AppData\Roaming\p6CDdTG8I8IhuLdlcKe.mp3
C:\Users\FD1HVy\AppData\Roaming\pHGN.wav
C:\Users\FD1HVy\AppData\Roaming\puDK ukaBvCyQV.flv
C:\Users\FD1HVy\AppData\Roaming\qLygAE8g7qY.png
C:\Users\FD1HVy\AppData\Roaming\rqh4u70_OqVYCoWZGSB1.gif
C:\Users\FD1HVy\AppData\Roaming\st-nO4k6.wav
C:\Users\FD1HVy\AppData\Roaming\tazFJzQ6gFu.rtf
C:\Users\FD1HVy\AppData\Roaming\ugeweR4G2_GPlp.xls
C:\Users\FD1HVy\AppData\Roaming\vAuQSB5xI.wav
C:\Users\FD1HVy\AppData\Roaming\xSYTDUj3fOf.bmp
C:\Users\FD1HVy\Desktop\-jxs8ukhlL17lRTN2.m4a
C:\Users\FD1HVy\Desktop\0a5E8VqmTPcLuDMhUzDu.pps
C:\Users\FD1HVy\Desktop\114p.mp4
C:\Users\FD1HVy\Desktop\3Alz.png
C:\Users\FD1HVy\Desktop\5hJaPxF3pP927NA.bmp
C:\Users\FD1HVy\Desktop\6-_KbMcq.mp3
C:\Users\FD1HVy\Desktop\6XCOW2FGFI5L4RrIGW.avi
C:\Users\FD1HVy\Desktop\A1_KT9VZ.jpg
C:\Users\FD1HVy\Desktop\B7SqfoHppWnpYCA0BW.m4a
C:\Users\FD1HVy\Desktop\Deo6-ULUrJ.gif
C:\Users\FD1HVy\Desktop\EPzZp_2ix8.mp3
C:\Users\FD1HVy\Desktop\Fp14znyjLo.swf
C:\Users\FD1HVy\Desktop\GQADin.mp4
C:\Users\FD1HVy\Desktop\LCFIrI.bmp
C:\Users\FD1HVy\Desktop\Lak-gH4cX.avi
C:\Users\FD1HVy\Desktop\MZk0.m4a
C:\Users\FD1HVy\Desktop\Rk0HSSvwECd.png
C:\Users\FD1HVy\Desktop\Sv5MOmXZ4GcbjflYw.mp3
C:\Users\FD1HVy\Desktop\YDHstR4MIW-3pN.doc
C:\Users\FD1HVy\Desktop\YwoU-2L.odp
C:\Users\FD1HVy\Desktop\ZbL-Y5 XKwL_NgtM.wav
C:\Users\FD1HVy\Desktop\ZyG16so2LwLHdHrDfA.ppt
C:\Users\FD1HVy\Desktop\cT2BKpd6CFI.mp3
C:\Users\FD1HVy\Desktop\k2d4w97wspCtXt.flv
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\24XEv0u7d0RdSfwB-0mI.wav
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\9ST-pUPqzJeLkRa.bmp
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\DQ4wUK F0_iPo.avi
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\H9bYIGjjkdTUn.swf
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\LbdQ89.m4a
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\SZbn KAFpCZi.png
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\Trkczy.png
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\c3T5A.jpg
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\k9h1cuCo yC.odt
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\mYGdQJwLC.ppt
C:\Users\FD1HVy\Desktop\kbzW7L4eEuZYo_embyQH\yfzaJ.mkv
C:\Users\FD1HVy\Desktop\lHucz_AFxs.avi
C:\Users\FD1HVy\Desktop\ltUXfNxT5.mkv
C:\Users\FD1HVy\Desktop\r2eIg.odt
C:\Users\FD1HVy\Desktop\vIeFo2rQ-.wav
C:\Users\FD1HVy\Desktop\wAsFCVrWW.m4a
C:\Users\FD1HVy\Desktop\x0 sW.bmp
C:\Users\FD1HVy\Desktop\xZnX3pyCnDnk.avi
C:\Users\FD1HVy\Desktop\zBPMASKDOxJ2iktChDg.xls
C:\Users\FD1HVy\Desktop\zDivV0rt.flv
C:\Users\FD1HVy\Documents\1yAbrZiOn5g 4btS.odp
C:\Users\FD1HVy\Documents\6CfTpQZ-IkHmHlJ.xlsx
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\A 9Iz3vYo6DR-9vy.odt
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\Pg7lc1gQ3.xlsx
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\Zj9t3-A
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\Zj9t3-A\-s4hqiROQd1C_qjK.ods
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\Zj9t3-A\S9hp9.odt
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\Zj9t3-A\vNdtp6n-dOSEF.odp
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\eST84EqNkcxh_QHhN6r
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\eST84EqNkcxh_QHhN6r\IIf-bjyqWTE2z6XCu-b.docx
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\eST84EqNkcxh_QHhN6r\KJuNxs02AWf4HrD
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\eST84EqNkcxh_QHhN6r\KJuNxs02AWf4HrD\EmU 0kgi8CgXbrt7bZ.pdf
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\eST84EqNkcxh_QHhN6r\KJuNxs02AWf4HrD\p1gFB-XnhuPzn.xls
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\eST84EqNkcxh_QHhN6r\bxLcD7fVcgQMNC.pdf
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\eST84EqNkcxh_QHhN6r\ix32Bwi77pp1vzfU.odp
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\eST84EqNkcxh_QHhN6r\qy2O1BTE Eyk.pptx
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\eST84EqNkcxh_QHhN6r\sWPfKeXhR.odt
C:\Users\FD1HVy\Documents\7Y LgVnSbRJVo5KEQ0Q\v7S2Jvh_0KvF.ods
C:\Users\FD1HVy\Documents\AUvkV9TfiYVF6wmVFnf_.xlsx
C:\Users\FD1HVy\Documents\Dlvh.pptx
C:\Users\FD1HVy\Documents\FRxDopCtZiONRLZ.pdf
C:\Users\FD1HVy\Documents\HCwJryT.docx
C:\Users\FD1HVy\Documents\Lw4vlQKQZDQxuBdIqV6G.ots
C:\Users\FD1HVy\Documents\MQ0SeO.pptx
C:\Users\FD1HVy\Documents\PO9dNjfkQ RXEcARh.xlsx
C:\Users\FD1HVy\Documents\SCSMI6dtuWDW0cq.docx
C:\Users\FD1HVy\Documents\YEEkt6fZj.docx
C:\Users\FD1HVy\Documents\bQhdO.docx
C:\Users\FD1HVy\Documents\baWl7U1py.doc
C:\Users\FD1HVy\Documents\bmYGdraeFpDv
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\-lw4atN v351zwS
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\-lw4atN v351zwS\8kz4K3w 5zZ.xls
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\-lw4atN v351zwS\T6YzsYK-KVX.pdf
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\-lw4atN v351zwS\neB2tDpCUjWh7k.pps
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\-lw4atN v351zwS\xtGNMIXgq EF.odt
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\3ebjuM9ItSmYA8
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\3ebjuM9ItSmYA8\eHR61a4s mjVyWv.xls
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\7xWQffD0s v0_TzT.rtf
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\Bj1PvFUjKiOrbp.ods
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\DIpdINpLwp
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\DIpdINpLwp\Hn43J1ByP6VEk.rtf
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\DIpdINpLwp\Ut 0a38CkT7gWs5.rtf
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\DIpdINpLwp\v60EAU3VaPdH.odt
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_\A49HVPM3RaIdN6.ods
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_\JHAs_xCJkm8.pdf
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_\M GbLZti.doc
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_\_8s 4j8yWEzb4LqeS_v-.doc
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_\hHBOSMsKwz3q7.ods
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_\jsWW.xls
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_\vCyY04BJxI9TMl4N.ppt
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_\xd_pWiceNU.ots
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\FGt_\yQbtnTUnvauSiI.ots
C:\Users\FD1HVy\Documents\bmYGdraeFpDv\jt0z_YTJgQYg.rtf
C:\Users\FD1HVy\Documents\chmpXAX-l_XafU.xlsx
C:\Users\FD1HVy\Documents\esP8vTXY4cO.pptx
C:\Users\FD1HVy\Documents\gOG6I.xlsx
C:\Users\FD1HVy\Documents\ltXvE5XrRDBK.pptx
C:\Users\FD1HVy\Documents\mn1d4Ziy0_MAyQUUuA_A.docx
C:\Users\FD1HVy\Documents\qaU97d.pptx
C:\Users\FD1HVy\Documents\tcW8-nC6L.ods
C:\Users\FD1HVy\Music\6yMf0G-YvhO6u.m4a
C:\Users\FD1HVy\Music\Ac 5Y.mp3
C:\Users\FD1HVy\Music\BRLv.wav
C:\Users\FD1HVy\Music\C_Ve3VT Dfx4.m4a
C:\Users\FD1HVy\Music\OqYFpBkft8kCK.wav
C:\Users\FD1HVy\Music\eWEIRMB
C:\Users\FD1HVy\Music\eWEIRMB\1GMJax.wav
C:\Users\FD1HVy\Music\eWEIRMB\9mtZmT obVAejO.mp3
C:\Users\FD1HVy\Music\eWEIRMB\G7ZWbIe
C:\Users\FD1HVy\Music\eWEIRMB\G7ZWbIe\-4krYhJyM5.wav
C:\Users\FD1HVy\Music\eWEIRMB\G7ZWbIe\S23w-sSvttgl2.mp3
C:\Users\FD1HVy\Music\eWEIRMB\G7ZWbIe\j99GAj3ReS8wo7ZMTBO.wav
C:\Users\FD1HVy\Music\eWEIRMB\G7ZWbIe\tGw37FN1uD9jWEI-n0
C:\Users\FD1HVy\Music\eWEIRMB\G7ZWbIe\tGw37FN1uD9jWEI-n0\0urzizk.wav
C:\Users\FD1HVy\Music\eWEIRMB\G7ZWbIe\tGw37FN1uD9jWEI-n0\A8bNSOv7ojFC6pxwZCv.wav
C:\Users\FD1HVy\Music\eWEIRMB\G7ZWbIe\tGw37FN1uD9jWEI-n0\AATzoQcD.m4a
C:\Users\FD1HVy\Music\eWEIRMB\G7ZWbIe\tGw37FN1uD9jWEI-n0\OImH5BG6ZmtFw.wav
C:\Users\FD1HVy\Music\eWEIRMB\LI_OYFZFRSubA.wav
C:\Users\FD1HVy\Music\eWEIRMB\WMwSi3JM.mp3
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\5nzzKCG7xld7HQSdz.wav
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\7ow2oHSjqy
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\7ow2oHSjqy\OJT62b a.mp3
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\7ow2oHSjqy\Re7WmLHz7G_B1PhaFCke.wav
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\7ow2oHSjqy\cfOn4.mp3
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\7ow2oHSjqy\fv_r.mp3
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\FjzIMBMsF.wav
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\ZN0lb923EkVMtcMKie1
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\ZN0lb923EkVMtcMKie1\HvEELGA.m4a
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\ZN0lb923EkVMtcMKie1\yU5tCrdB5.mp3
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\ZN0lb923EkVMtcMKie1\z-_1mrrkxyi.wav
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\lJql0qomTPz6VGNJDN_Z.wav
C:\Users\FD1HVy\Music\eWEIRMB\nSmYPpYCZFT6C7\m3pvm2EQS-SxL
C:\Users\FD1HVy\Music\eWEIRMB\rqU_Exu.wav
C:\Users\FD1HVy\Music\esSa0.mp3
C:\Users\FD1HVy\Music\hRzYd
C:\Users\FD1HVy\Music\hRzYd\HMjf WbLon.mp3
C:\Users\FD1HVy\Music\hRzYd\OCP6a9oZRQU.wav
C:\Users\FD1HVy\Music\hRzYd\v5Rtfu4dw nEoYVz.m4a
C:\Users\FD1HVy\Music\l6j-5pvR382XxSpz-v
C:\Users\FD1HVy\Music\l6j-5pvR382XxSpz-v\9W5HLCCZ 582fug.m4a
C:\Users\FD1HVy\Music\l6j-5pvR382XxSpz-v\AOkOVCLl.m4a
C:\Users\FD1HVy\Music\l6j-5pvR382XxSpz-v\d1mlXpHnQ.mp3
C:\Users\FD1HVy\Music\l6j-5pvR382XxSpz-v\nTScyjUWnHN.mp3
C:\Users\FD1HVy\Music\l6j-5pvR382XxSpz-v\sYdFnaikFxw.wav
C:\Users\FD1HVy\Music\l6j-5pvR382XxSpz-v\xL4sPkYE9AJowl.m4a
C:\Users\FD1HVy\Music\zR7Q1v_tpEK2_.mp3
C:\Users\FD1HVy\Pictures\-HQOP1J B8cBNG.jpg
C:\Users\FD1HVy\Pictures\-Q9YA1uG6 xU5QsxEuJ.gif
C:\Users\FD1HVy\Pictures\-YBpr.gif
C:\Users\FD1HVy\Pictures\-lLUKbCU3kHxBQxId.bmp
C:\Users\FD1HVy\Pictures\1-dO61.bmp
C:\Users\FD1HVy\Pictures\3BiP-KcYlyEwisX_.gif
C:\Users\FD1HVy\Pictures\5vZD9q3loKPP6q.png
C:\Users\FD1HVy\Pictures\67M6EAW4fXjvEk8q_6 O.bmp
C:\Users\FD1HVy\Pictures\C3Nt.jpg
C:\Users\FD1HVy\Pictures\E6NZjKehRQ8HXS.bmp
C:\Users\FD1HVy\Pictures\EKnmZC2M4r3.gif
C:\Users\FD1HVy\Pictures\GYIWDLBS0sDwEVs3.png
C:\Users\FD1HVy\Pictures\Gf4BmO39ItAfTVX7mHF.gif
C:\Users\FD1HVy\Pictures\MyyGSj2pgb.png
C:\Users\FD1HVy\Pictures\NmXwXy.jpg
C:\Users\FD1HVy\Pictures\ObhpkF.png
C:\Users\FD1HVy\Pictures\P9VwvU.bmp
C:\Users\FD1HVy\Pictures\UC8G6.jpg
C:\Users\FD1HVy\Pictures\UD_85IW7HNCM.gif
C:\Users\FD1HVy\Pictures\Up9m1aWPK.gif
C:\Users\FD1HVy\Pictures\VRYDD.jpg
C:\Users\FD1HVy\Pictures\XpSWbJ9tdj0-nggCdl0l.gif
C:\Users\FD1HVy\Pictures\Xswxn8r.png
C:\Users\FD1HVy\Pictures\ZjQyMrscQl.bmp
C:\Users\FD1HVy\Pictures\_8_bsdUIGPQbiNI.png
C:\Users\FD1HVy\Pictures\aJUtmio9ti.jpg
C:\Users\FD1HVy\Pictures\bAjYFn58uS.bmp
C:\Users\FD1HVy\Pictures\g mgkWi_F.gif
C:\Users\FD1HVy\Pictures\gUw5Y6tGMK.bmp
C:\Users\FD1HVy\Pictures\iFjLLssRt5dx19jP3.bmp
C:\Users\FD1HVy\Pictures\jcwUhKuLSA FrJJ.jpg
C:\Users\FD1HVy\Pictures\kE4tsPhl.png
C:\Users\FD1HVy\Pictures\kUnKFS5a3_kxbu1U.jpg
C:\Users\FD1HVy\Pictures\mVxOP.bmp
C:\Users\FD1HVy\Pictures\pFqA3X17QpaPo2DQPbEz.bmp
C:\Users\FD1HVy\Pictures\sA8T.bmp
C:\Users\FD1HVy\Pictures\t-OnPrh5TUNytB2.jpg
C:\Users\FD1HVy\Pictures\uADPgcwCW3cI Db.jpg
C:\Users\FD1HVy\Videos\-sj4Eqj.swf
C:\Users\FD1HVy\Videos\5aOzNx_5pJG.flv
C:\Users\FD1HVy\Videos\ArkZk4pr2pX
C:\Users\FD1HVy\Videos\ArkZk4pr2pX\GU_HJAOUy.mp4
C:\Users\FD1HVy\Videos\ArkZk4pr2pX\drjA.avi
C:\Users\FD1HVy\Videos\ArkZk4pr2pX\r44nzkqCKiXBmgcwm.mp4
C:\Users\FD1HVy\Videos\BFtjGTX.swf
C:\Users\FD1HVy\Videos\CRJCsTY6F0koOi
C:\Users\FD1HVy\Videos\CRJCsTY6F0koOi\MON5plfp3cmJc67.swf
C:\Users\FD1HVy\Videos\CRJCsTY6F0koOi\Q_SZzIUN.mp4
C:\Users\FD1HVy\Videos\CRJCsTY6F0koOi\WggCDhhv ZJ1wI.swf
C:\Users\FD1HVy\Videos\CRJCsTY6F0koOi\gMXasKifI3Tkse40c4mX.mp4
C:\Users\FD1HVy\Videos\CRJCsTY6F0koOi\n6 qiM3_jvzt.flv
C:\Users\FD1HVy\Videos\CRJCsTY6F0koOi\trJlYdDzbEX0IrZn.flv
C:\Users\FD1HVy\Videos\CWKf0.avi
C:\Users\FD1HVy\Videos\UchWlcAT7X8gQS.flv
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\5n7Us-JGSAqKrVrY7I.flv
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\VCSWUhXh
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\VCSWUhXh\BAvrTosSQ-X.swf
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\VCSWUhXh\adhj1KZU.mkv
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\VCSWUhXh\jdF-KbLKorUrpayi0jL
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\VCSWUhXh\jdF-KbLKorUrpayi0jL\BC47bBnH.flv
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\VCSWUhXh\jdF-KbLKorUrpayi0jL\fztRm3gklwMiyy7fcd.flv
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\VCSWUhXh\jdF-KbLKorUrpayi0jL\mR0Uno3NlxTV.avi
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\VCSWUhXh\jdF-KbLKorUrpayi0jL\x_xew8.mkv
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\_5gjEirFAbbiUBmj.swf
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\oZUi.swf
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\v6wfFy
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\v6wfFy\4E3GoUC9Pt7NCs.flv
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\v6wfFy\LuTSAbhg6sofl_h.flv
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\v6wfFy\dFLGqdIpabY.swf
C:\Users\FD1HVy\Videos\iLJ8a7fqBWDbQMDZE8\wDBnGA.mkv
C:\Users\FD1HVy\Videos\wve24t7ocJKIXz3kKMq.swf

Virtual Machine Information

Analyzer Information

System Information

Software Information

Randomly Created Artifacts

Before

After