7f3f9eed...4841

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0x414	Analysis Target	High (Elevated)	370e.tmp.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe"	-
#3	0x130	Child Process	High (Elevated)	icacls.exe	icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401" /deny *S-1-1-0:(OI)(CI)(DE,DC)	#1
#4	0x50c	Created Scheduled Job	High (Elevated)	taskeng.exe	taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]	#1
#5	0x204	Child Process	High (Elevated)	370e.tmp.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe" --Admin IsNotAutoStart IsNotTask	#1
#6	0x714	Created Scheduled Job	Medium	taskeng.exe	taskeng.exe {6D8B2882-1230-420E-9307-11BBC8B69057} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:LUA[1]	#1
#7	0x618	Child Process	Medium	370e.tmp.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe" --Task	#6
#10	0x56c	Autostart	Medium	370e.tmp.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe" --AutoStart	-

Behavior Information - Grouped by Category

Process #1: 370e.tmp.exe

920

Information	Value
ID	#1
File Name	c:\users\5p5nrgjn0js halpmcxz\desktop\370e.tmp.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe"
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:24, Reason: Analysis Target
Unmonitor	End Time: 00:00:44, Reason: Self Terminated
Monitor Duration	00:00:19

OS Process Information

Information	Value
PID	0x414
Parent PID	0x45c (c:\windows\explorer.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 618 0x 714 0x 78C 0x 648 0x 328 0x 6E4 0x 2AC 0x 660 0x 248 0x 590 0x 39C 0x 41C

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
370e.tmp.exe	0x00400000	0x00498FFF	Relevant Image	-	32-bit	-	... Region Actions Download Dump
buffer	0x002BA8E8	0x003011F3	Marked Executable	-	32-bit	-	... Region Actions Download Dump
buffer	0x002BA8E8	0x003011F3	Content Changed	-	32-bit	0x002BC724, 0x002BB83B	... Region Actions Download Dump
buffer	0x002BA8E8	0x003011F3	Content Changed	-	32-bit	0x002BD0E2	... Region Actions Download Dump
buffer	0x002BA8E8	0x003011F3	Content Changed	-	32-bit	0x002BD025, 0x002BCCAD	... Region Actions Download Dump
buffer	0x002BA8E8	0x003011F3	Content Changed	-	32-bit	0x002BD0D7	... Region Actions Download Dump
370e.tmp.exe	0x00400000	0x00498FFF	Process Termination	-	32-bit	-	... Region Actions Download Dump Go to AV Match

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x0000000000260000:+0x5d494	3. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetNativeSystemInfo+0x0 now points to private_0x000000007fff0000:+0x8000ff4d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	5. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetProfileIntW+0x0 now points to private_0x000000007fff0000:+0x7ff60385	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	8. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WaitForSingleObject+0x0 now points to user32.dll:__NLG_Return2+0x39d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	9. entry of 370e.tmp.exe	4 bytes	kernel32.dll:MoveFileWithProgressA+0x0 now points to private_0x000000007fff0000:+0x5ca3316	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	10. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetTickCount+0x0 now points to private_0x000000007fff0000:+0x41a00fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	11. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WaitNamedPipeW+0x0 now points to private_0x000000007fff0000:+0x7f4e0c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	12. entry of 370e.tmp.exe	4 bytes	kernel32.dll:EnumTimeFormatsA+0x0 now points to private_0x000000007fff0000:+0x600ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	13. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetSystemDirectoryW+0x0 now points to private_0x000000007fff0000:+0x61860fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	20. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ReplaceFileA+0x0 now points to private_0x000000007fff0000:+0x8000ff4d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	22. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetLongPathNameW+0x0 now points to private_0x000000007fff0000:+0x7ff5bf85	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	25. entry of 370e.tmp.exe	4 bytes	kernel32.dll:LocalAlloc+0x0 now points to cryptbase.dll:SystemFunction036+0x1904	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	26. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WritePrivateProfileStringA+0x0 now points to private_0x000000007fff0000:+0x5c13312	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	27. entry of 370e.tmp.exe	4 bytes	kernel32.dll:MoveFileA+0x0 now points to private_0x000000007fff0000:+0x40a00fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	28. entry of 370e.tmp.exe	4 bytes	kernel32.dll:OpenEventA+0x0 now points to private_0x000000007fff0000:+0x7f460c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	29. entry of 370e.tmp.exe	4 bytes	kernel32.dll:HeapLock+0x0 now points to private_0x000000007fff0000:+0x6c00ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	30. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetTapeParameters+0x0 now points to private_0x000000007fff0000:+0x5ca3302	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	31. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WaitForMultipleObjects+0x0 now points to private_0x000000007fff0000:+0x19860fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	32. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetVolumePathNamesForVolumeNameA+0x0 now points to private_0x000000007fff0000:+0xc00fff4	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	34. entry of 370e.tmp.exe	4 bytes	kernel32.dll:FindFirstVolumeMountPointA+0x0 now points to private_0x000000007fff0000:+0x1850ff5	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	36. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleHandleA+0x0 now points to private_0x000000007fff0000:+0x3610f8b6	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	37. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ContinueDebugEvent+0x0 now points to private_0x000000007fff0000:+0x782cf542	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	38. entry of 370e.tmp.exe	4 bytes	kernel32.dll:EraseTape+0x0 now points to private_0x000000007fff0000:+0x49341674	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	39. entry of 370e.tmp.exe	4 bytes	kernel32.dll:CreateMailslotA+0x0 now points to private_0x000000007fff0000:+0x1f10ff85	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	41. entry of 370e.tmp.exe	4 bytes	kernel32.dll:EnumSystemLocalesW+0x0 now points to private_0x000000007fff0000:+0x8000ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	42. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ExpandEnvironmentStringsW+0x0 now points to private_0x000000007fff0000:+0x510c985	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	43. entry of 370e.tmp.exe	4 bytes	kernel32.dll:CreateFileW+0x0 now points to private_0x000000007fff0000:+0x8000f46c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	44. entry of 370e.tmp.exe	4 bytes	kernel32.dll:FlushFileBuffers+0x0 now points to private_0x000000007fff0000:+0x767fb60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	45. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WriteConsoleW+0x0 now points to private_0x000000007fff0000:+0x7643b60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	47. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlEncodePointer+0x0 now points to private_0x000000007fff0000:+0x7f86c933	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	48. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlDecodePointer+0x0 now points to private_0x000000007fff0000:+0xdc29f0f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	49. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetLastError+0x0 now points to private_0x000000007fff0000:+0x80004d0c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	50. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ExitProcess+0x0 now points to private_0x000000007fff0000:+0x4986ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	51. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleHandleExW+0x0 now points to private_0x000000007fff0000:+0x744b850f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	52. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetProcAddress+0x0 now points to private_0x000000007fff0000:+0x3610ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	53. entry of 370e.tmp.exe	4 bytes	kernel32.dll:AreFileApisANSI+0x0 now points to private_0x000000007fff0000:+0x3610f77e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	54. entry of 370e.tmp.exe	4 bytes	kernel32.dll:MultiByteToWideChar+0x0 now points to private_0x000000007fff0000:+0x782cf742	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	55. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WideCharToMultiByte+0x0 now points to private_0x000000007fff0000:+0x49341674	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	56. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCommandLineA+0x0 now points to private_0x000000007fff0000:+0x1f10ff85	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	58. entry of 370e.tmp.exe	4 bytes	kernel32.dll:RtlUnwind+0x0 now points to private_0x000000007fff0000:+0x8000ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	59. entry of 370e.tmp.exe	4 bytes	kernel32.dll:IsDebuggerPresent+0x0 now points to private_0x000000007fff0000:+0x510c985	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	60. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlSizeHeap+0x0 now points to private_0x000000007fff0000:+0x8000f428	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	61. entry of 370e.tmp.exe	4 bytes	kernel32.dll:HeapFree+0x0 now points to private_0x000000007fff0000:+0x784fb60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	62. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlEnterCriticalSection+0x0 now points to private_0x000000007fff0000:+0x7843b60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	64. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlDeleteCriticalSection+0x0 now points to private_0x000000007fff0000:+0x4986c033	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	65. entry of 370e.tmp.exe	4 bytes	kernel32.dll:FatalAppExitA+0x0 now points to private_0x000000007fff0000:+0xdc19f0f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	66. entry of 370e.tmp.exe	4 bytes	kernel32.dll:UnhandledExceptionFilter+0x0 now points to private_0x000000007fff0000:+0x8000450c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	68. entry of 370e.tmp.exe	4 bytes	kernel32.dll:SetLastError+0x0 now points to private_0x000000007fff0000:+0x4986c933	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	69. entry of 370e.tmp.exe	4 bytes	kernel32.dll:InitializeCriticalSectionAndSpinCount+0x0 now points to private_0x000000007fff0000:+0x7403850f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	71. entry of 370e.tmp.exe	4 bytes	kernel32.dll:Sleep+0x0 now points to private_0x000000007fff0000:+0x79433bf9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	72. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCurrentProcess+0x0 now points to pagefile_0x00000000007e0000:+0x3840f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	73. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TerminateProcess+0x0 now points to private_0x000000007fff0000:+0x36100000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	75. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TlsGetValue+0x0 now points to user32.dll:__NLG_Return2+0x3a4	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	76. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TlsSetValue+0x0 now points to private_0x000000007fff0000:+0x5ca3316	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	77. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TlsFree+0x0 now points to private_0x000000007fff0000:+0x41a00fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	78. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetStartupInfoW+0x0 now points to private_0x000000007fff0000:+0x7f4e0c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	79. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleHandleW+0x0 now points to private_0x000000007fff0000:+0x600ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	80. entry of 370e.tmp.exe	4 bytes	kernel32.dll:CreateSemaphoreW+0x0 now points to private_0x000000007fff0000:+0x55860fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	87. entry of 370e.tmp.exe	4 bytes	kernel32.dll:IsValidCodePage+0x0 now points to private_0x000000007fff0000:+0x8000ff4d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	89. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetOEMCP+0x0 now points to private_0x000000007fff0000:+0x7ff4b385	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	92. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCurrentThread+0x0 now points to user32.dll:__NLG_Return2+0x3a6	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	93. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCurrentThreadId+0x0 now points to private_0x000000007fff0000:+0x5ca3316	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	94. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetProcessHeap+0x0 now points to private_0x000000007fff0000:+0x41a00fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	95. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetFileType+0x0 now points to private_0x000000007fff0000:+0x7f4e0c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	96. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleFileNameA+0x0 now points to private_0x000000007fff0000:+0x600ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x0000000000260000:+0x5d494	97. entry of 370e.tmp.exe	4 bytes	kernel32.dll:QueryPerformanceCounter+0x0 now points to pagefile_0x00000000007e0000:+0x70fc9	... Actions Go to Installer Region Go to Target Region

Dropped Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	525.50 KB	MD5: 0ac0905c5f2e529a64543cd366c1ad08 SHA1: 2beace9cc3f075676384b29daf10f517ae4e062e SHA256: 7f3f9eedfbaa1807390b1659ebc5e9d8ff9a54d7c5ece5974e2fe382d5fe4841 SSDeep: 12288:FCiK9sBBnKJRQEJezCNhAIx5APfZKLaZxwW:FCP9s7YOE4+hJEPyaZCW	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\geo[1].json	465 bytes	MD5: d6727470681ecc2ca56bbd0486b4fa97 SHA1: 693756ab251ef2d82a91d94a2e5b78a9604d8bac SHA256: 8b37ae3083eb3bb497d0de9aa0f48e4fa2b893726e2a9787e6dad0ecd40d9613 SSDeep: 12:YCJcjmdVQVCRbwXhCdEVQVPB8yPt0fRbIRAJdxFQVyrhmXoB2SH4:YODQVCRbwxCCQVvV0fRbI2JdxFQVyNm5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	525.58 KB	MD5: 2b2e3071fca666caf73d409b1336f620 SHA1: 167a2b1fe374a0d271f8ccd169fe1f3b185f15e1 SHA256: 9bce6ddfcbc4feb52e0e0cf1b0821b002e88c81920f3b2c8901cd7558a4fcd85 SSDeep: 12288:cejQneCxPMhSlywgWvQe1/JRQEJezCNhAIx5APfZKLaZxwW6:p5SpfhOE4+hJEPyaZCW6	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	525.58 KB	MD5: 2b2e3071fca666caf73d409b1336f620 SHA1: 167a2b1fe374a0d271f8ccd169fe1f3b185f15e1 SHA256: 9bce6ddfcbc4feb52e0e0cf1b0821b002e88c81920f3b2c8901cd7558a4fcd85 SSDeep: 12288:cejQneCxPMhSlywgWvQe1/JRQEJezCNhAIx5APfZKLaZxwW6:p5SpfhOE4+hJEPyaZCW6	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\index.dat	32.00 KB	MD5: 74d69403f4a938faa28298c110bc71c3 SHA1: c016f27979d48a90bb341ccf7ffef41a3955f4d5 SHA256: 8b9d3a6a22778e368c9e81397e2b1af64b9739f7ade535966708f34bcf6eada9 SSDeep: 48:qMhaLouhzppiksLSLWFM+AWi3QTGnbYbQWy58V4l9:qO7appiksLSLaH0QCnMbQ5ll9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat	64.00 KB	MD5: 2db89fb48fd886b621627751f2ae15ed SHA1: e2f78c6a535f4ba230a4470402b6f905f0b4c066 SHA256: dfc9aeb2ad6900a7b836db92a36a9d2162c84551134c0291757cc352206a3166 SSDeep: 384:gnjyLKYBfFVZJptKF2KTFZTCzXTtX+Yih9aX5Jqiq+AN:6OLKYBdVZJptKF2KTFZTCzp++8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\history\history.ie5\index.dat	64.00 KB	MD5: f5d914f63df0e2643c196b14391e803a SHA1: ff9216d7d728405af80d2eddf8d3c51864e9a10b SHA256: d6d8e9c99dab1feacc1b1829749e186bf137e8eac78364bdb42f9039acbfbc2c SSDeep: 768:Yz2IqkmjNFD9K1cbwK3UP1lImZ52OdeK2zh:YaIqkmjNUcbJ3UP1lImZ52OdeKuh	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\ietldcache\index.dat	256.00 KB	MD5: 6852149628dae385c68c7a9db7028560 SHA1: c6e02c929ec99f984b04876816024c3a39b88ccb SHA256: 53ae38a5bdbd72f76bf578f6c36e0b54a994003f535dbc1b469c12f3a169e3a4 SSDeep: 384:p8JEJH45Y0z6hKO59HqXRIhHPQ3NGjt3hAJnNH0kHf9QV9wRULzArvCCjgnF5TRy:pTHcEt8jdjFQg2cEbcaaoQARz40LG	... File Actions Show Properties Download

Host Behavior

COM (8)

Operation	Class	Interface	Additional Information	Count	Logfile
Create	TaskScheduler	ITaskService	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Execute	TaskScheduler	ITaskService	method_name = Connect, server_name = 95, domain = 95, password = 4289035	1	Fn
Execute	TaskScheduler	ITaskService	method_name = GetFolder, path = \, new_interface = ITaskFolder	1	Fn
Execute	TaskScheduler	ITaskService	method_name = NewTask, new_interface = ITaskDefinition	1	Fn
Execute	TaskScheduler	ITaskDefinition	method_name = get_Triggers, new_interface = ITriggerCollection	1	Fn
Execute	TaskScheduler	ITriggerCollection	method_name = Create, type = TASK_TRIGGER_TIME, new_interface = IDailyTrigger	1	Fn
Execute	TaskScheduler	IDailyTrigger	method_name = put_StartBoundary, start_boundary = 2019-06-25T03:40:11	1	Fn
Execute	TaskScheduler	ITaskDefinition	method_name = get_Actions, new_interface = IActionCollection	1	Fn

File (9)

Operation	Filename	Additional Information	Count	Logfile
Create Directory	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401	-	1	Fn
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn
Copy	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	1	Fn
Delete	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe	-	1	Fn

Registry (4)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = 0, type = REG_NONE	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe" --AutoStart, size = 214, type = REG_EXPAND_SZ	1	Fn

Process (46)

Operation	Process	Additional Information	Count	Logfile
Create	icacls	os_pid = 0x130, creation_flags = CREATE_DETACHED_PROCESS, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	show_window = SW_SHOW	1	Fn
Enumerate Processes	-	-	1	Fn
Open	System	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\smss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wininit.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\winlogon.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\services.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsass.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\audiodg.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dwm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\explorer.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\spoolsv.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskeng.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\microsoft analysis services\generating_ex.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows portable devices\certificateillustrations.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\internet explorer\vb-circuits.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\internet explorer\edgesbudget.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows defender\easily.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\adobe\aggressive_experiences.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\internet explorer\souls prot personality.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\msbuild\image.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\reference assemblies\damage-phases.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows portable devices\nashville-notices.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\internet explorer\introducing_array_afternoon.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\windows portable devices\sodium.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\microsoft visual studio 8\volunteer-senators-eight.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft office\telecommunications-stream-justify.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\rundll32.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\conhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\common files\mariabridal.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wbem\wmiprvse.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\mobsync.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn

Module (324)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	3	Fn
Load	RPCRT4.dll	base_address = 0x75ee0000	1	Fn
Load	MPR.dll	base_address = 0x74b50000	1	Fn
Load	WININET.dll	base_address = 0x753d0000	1	Fn
Load	WINMM.dll	base_address = 0x74b10000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	USER32.dll	base_address = 0x74f40000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	ole32.dll	base_address = 0x755e0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x75220000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x74af0000	1	Fn
Load	WS2_32.dll	base_address = 0x75bc0000	1	Fn
Load	DNSAPI.dll	base_address = 0x74a90000	1	Fn
Load	CRYPT32.dll	base_address = 0x759b0000	1	Fn
Load	msvcr100.dll	base_address = 0x749d0000	1	Fn
Load	Psapi.dll	base_address = 0x75140000	1	Fn
Load	Shell32.dll	base_address = 0x75fd0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	2	Fn
Get Handle	mscoree.dll	-	1	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\370e.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe, size = 260	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\370e.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe, size = 1024	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x76cb410b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76cb4195	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x76c3d31f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x76c4ee7e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x7717441c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x7719c381	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x76c4f088	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x771805d7	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x7719ca24	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77150b8c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x771a1e1d	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76cb4761	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x76cacd11	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x76cb424f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x76cb46b1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76cc6676	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76cb4751	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x76cc65f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x76cb47c1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x76cb47e1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x76c4eee0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x76c3588e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x76c310ff	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Module32First, address_out = 0x76cb5cd9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x76c349d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x75f01635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x75f21ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x75f5d918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x75f23fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x75eff48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74b52dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74b52f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74b53058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x753eab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x7544be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x753eb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x754130f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x753f5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x753ff18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x753f9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x74b126e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7535a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7535bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x753545bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x7534d65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x76c3110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x76c34435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x76c317d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x76c34259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x76c35371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x76c4ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76c31986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x76c35063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x76c3492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x76c5830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x76c34620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x76c5d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76c33ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x76c35929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x76c31700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x76c359e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x76c49af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76c58baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x76c3168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x76c3183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x76c5896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x76c5828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76c34c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x76cb4691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x76c389b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x76c32d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x76c4cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x76c3dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x76c4174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x76c35558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x76c34467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x76c5d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x76c334d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x76c3465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x76c33c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x76c4ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76c33da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x76cb425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x76c534d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x76c4f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76c33bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x76c4ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x76cd739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x76c5d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x76c38a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x76cb40d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x76c317ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x76c3e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x76c4ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x74f588f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x74f57809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x74f5b17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x74f60dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x74f57136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x74f58a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x74f63559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x771625dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x74f605ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x74f58bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x74fafd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x74f5787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x74f59abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x74f59a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x74f59679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x74f578e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x74d4df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74d4df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x74d4ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x74d4ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x74d4e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x74d5157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x74d4df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x74d4df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x74d67144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x74d4df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x74d6779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x74d4c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x74d52a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x74d546ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x74d5369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x760617bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7605e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x76217078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x755fb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75607259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x756286d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75629d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x7522fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x75224642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x75223eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x75223ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x75223e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x75223f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x75225dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x75224af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x74af9263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x75bcb131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x75bc311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x75bd7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x74aa572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x74a9436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x759e5d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x749ec544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcesses, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcessModules, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleBaseNameW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcesses, address_out = 0x75141544	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcessModules, address_out = 0x75141408	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = GetModuleBaseNameW, address_out = 0x7514152c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathW, address_out = 0x76055708	1	Fn

System (505)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-24 17:39:34 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 14709566272	1	Fn
Get Time	type = Ticks, time = 98233	13	Fn
Get Time	type = Ticks, time = 98249	76	Fn
Get Time	type = Ticks, time = 98265	75	Fn
Get Time	type = Ticks, time = 98280	77	Fn
Get Time	type = Ticks, time = 98296	8	Fn
Get Time	type = System Time, time = 2019-06-24 17:39:37 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 15476895605	1	Fn
Get Time	type = System Time, time = 2019-06-24 17:39:41 (UTC)	1	Fn
Get Info	type = Hardware Information	249	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Network Behavior

HTTP Sessions (1)

Information	Value
Total Data Sent	467 bytes
Total Data Received	7.12 KB
Contacted Host Count	1
Contacted Hosts	77.123.139.189

HTTP Session #1

Information	Value
Server Name	api.2ip.ua
Server Port	443
Username	-
Password	-
Data Sent	467 bytes
Data Received	7.12 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = https, server_name = api.2ip.ua, server_port = 443	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json	1	Fn
Read Response	size = 10240, size_out = 465	1	Fn Data
Close Session	-	1	Fn

Process #3: icacls.exe

Information	Value
ID	#3
File Name	c:\windows\syswow64\icacls.exe
Command Line	icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:42, Reason: Child Process
Unmonitor	End Time: 00:00:44, Reason: Self Terminated
Monitor Duration	00:00:01
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x130
Parent PID	0x414 (c:\users\5p5nrgjn0js halpmcxz\desktop\370e.tmp.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 6D0 0x 644

Process #4: taskeng.exe

Information	Value
ID	#4
File Name	c:\windows\system32\taskeng.exe
Command Line	taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:00:42, Reason: Created Scheduled Job
Unmonitor	End Time: 00:01:05, Reason: Self Terminated
Monitor Duration	00:00:23
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x50c
Parent PID	0x36c (Unknown)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 7C8 0x 7E0 0x 578 0x 574 0x 520 0x 514 0x 510

Process #5: 370e.tmp.exe

826

Information	Value
ID	#5
File Name	c:\users\5p5nrgjn0js halpmcxz\desktop\370e.tmp.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe" --Admin IsNotAutoStart IsNotTask
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:43, Reason: Child Process
Unmonitor	End Time: 00:01:05, Reason: Self Terminated
Monitor Duration	00:00:22

OS Process Information

Information	Value
PID	0x204
Parent PID	0x414 (c:\users\5p5nrgjn0js halpmcxz\desktop\370e.tmp.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 40C 0x 644 0x 32C 0x 248 0x 590 0x 41C 0x 660

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
buffer	0x0060A900	0x0063F7C8	Marked Executable	-	32-bit	-	... Region Actions Download Dump
buffer	0x0060A900	0x0063F7C8	Content Changed	-	32-bit	0x0060C73C, 0x0060B853	... Region Actions Download Dump
buffer	0x0060A900	0x0063F7C8	Content Changed	-	32-bit	0x0060D0FA	... Region Actions Download Dump

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x00000000005b0000:+0x5d4ac	3. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetNativeSystemInfo+0x0 now points to private_0x000000007fff0000:+0x8000ff4d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	5. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetProfileIntW+0x0 now points to private_0x000000007fff0000:+0x7ff60385	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	8. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WaitForSingleObject+0x0 now points to user32.dll:__NLG_Return2+0x39d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	9. entry of 370e.tmp.exe	4 bytes	kernel32.dll:MoveFileWithProgressA+0x0 now points to private_0x000000007fff0000:+0x5ca3316	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	10. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetTickCount+0x0 now points to private_0x000000007fff0000:+0x41a00fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	11. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WaitNamedPipeW+0x0 now points to private_0x000000007fff0000:+0x7f4e0c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	12. entry of 370e.tmp.exe	4 bytes	kernel32.dll:EnumTimeFormatsA+0x0 now points to private_0x000000007fff0000:+0x600ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	13. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetSystemDirectoryW+0x0 now points to private_0x000000007fff0000:+0x61860fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	20. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ReplaceFileA+0x0 now points to private_0x000000007fff0000:+0x8000ff4d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	22. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetLongPathNameW+0x0 now points to private_0x000000007fff0000:+0x7ff5bf85	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	25. entry of 370e.tmp.exe	4 bytes	kernel32.dll:LocalAlloc+0x0 now points to cryptbase.dll:SystemFunction036+0x1904	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	26. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WritePrivateProfileStringA+0x0 now points to private_0x000000007fff0000:+0x5c13312	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	27. entry of 370e.tmp.exe	4 bytes	kernel32.dll:MoveFileA+0x0 now points to private_0x000000007fff0000:+0x40a00fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	28. entry of 370e.tmp.exe	4 bytes	kernel32.dll:OpenEventA+0x0 now points to private_0x000000007fff0000:+0x7f460c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	29. entry of 370e.tmp.exe	4 bytes	kernel32.dll:HeapLock+0x0 now points to private_0x000000007fff0000:+0x6c00ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	30. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetTapeParameters+0x0 now points to private_0x000000007fff0000:+0x5ca3302	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	31. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WaitForMultipleObjects+0x0 now points to private_0x000000007fff0000:+0x19860fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	32. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetVolumePathNamesForVolumeNameA+0x0 now points to private_0x000000007fff0000:+0xc00fff4	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	34. entry of 370e.tmp.exe	4 bytes	kernel32.dll:FindFirstVolumeMountPointA+0x0 now points to private_0x000000007fff0000:+0x1850ff5	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	36. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleHandleA+0x0 now points to private_0x000000007fff0000:+0x3610f8b6	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	37. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ContinueDebugEvent+0x0 now points to private_0x000000007fff0000:+0x782cf542	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	38. entry of 370e.tmp.exe	4 bytes	kernel32.dll:EraseTape+0x0 now points to private_0x000000007fff0000:+0x49341674	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	39. entry of 370e.tmp.exe	4 bytes	kernel32.dll:CreateMailslotA+0x0 now points to private_0x000000007fff0000:+0x1f10ff85	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	41. entry of 370e.tmp.exe	4 bytes	kernel32.dll:EnumSystemLocalesW+0x0 now points to private_0x000000007fff0000:+0x8000ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	42. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ExpandEnvironmentStringsW+0x0 now points to private_0x000000007fff0000:+0x510c985	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	43. entry of 370e.tmp.exe	4 bytes	kernel32.dll:CreateFileW+0x0 now points to private_0x000000007fff0000:+0x8000f46c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	44. entry of 370e.tmp.exe	4 bytes	kernel32.dll:FlushFileBuffers+0x0 now points to private_0x000000007fff0000:+0x767fb60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	45. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WriteConsoleW+0x0 now points to private_0x000000007fff0000:+0x7643b60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	47. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlEncodePointer+0x0 now points to private_0x000000007fff0000:+0x7f86c933	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	48. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlDecodePointer+0x0 now points to private_0x000000007fff0000:+0xdc29f0f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	49. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetLastError+0x0 now points to private_0x000000007fff0000:+0x80004d0c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	50. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ExitProcess+0x0 now points to private_0x000000007fff0000:+0x4986ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	51. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleHandleExW+0x0 now points to private_0x000000007fff0000:+0x744b850f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	52. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetProcAddress+0x0 now points to private_0x000000007fff0000:+0x3610ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	53. entry of 370e.tmp.exe	4 bytes	kernel32.dll:AreFileApisANSI+0x0 now points to private_0x000000007fff0000:+0x3610f77e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	54. entry of 370e.tmp.exe	4 bytes	kernel32.dll:MultiByteToWideChar+0x0 now points to private_0x000000007fff0000:+0x782cf742	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	55. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WideCharToMultiByte+0x0 now points to private_0x000000007fff0000:+0x49341674	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	56. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCommandLineA+0x0 now points to private_0x000000007fff0000:+0x1f10ff85	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	58. entry of 370e.tmp.exe	4 bytes	kernel32.dll:RtlUnwind+0x0 now points to private_0x000000007fff0000:+0x8000ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	59. entry of 370e.tmp.exe	4 bytes	kernel32.dll:IsDebuggerPresent+0x0 now points to private_0x000000007fff0000:+0x510c985	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	60. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlSizeHeap+0x0 now points to private_0x000000007fff0000:+0x8000f428	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	61. entry of 370e.tmp.exe	4 bytes	kernel32.dll:HeapFree+0x0 now points to private_0x000000007fff0000:+0x784fb60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	62. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlEnterCriticalSection+0x0 now points to private_0x000000007fff0000:+0x7843b60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	64. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlDeleteCriticalSection+0x0 now points to private_0x000000007fff0000:+0x4986c033	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	65. entry of 370e.tmp.exe	4 bytes	kernel32.dll:FatalAppExitA+0x0 now points to private_0x000000007fff0000:+0xdc19f0f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	66. entry of 370e.tmp.exe	4 bytes	kernel32.dll:UnhandledExceptionFilter+0x0 now points to private_0x000000007fff0000:+0x8000450c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	68. entry of 370e.tmp.exe	4 bytes	kernel32.dll:SetLastError+0x0 now points to private_0x000000007fff0000:+0x4986c933	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	69. entry of 370e.tmp.exe	4 bytes	kernel32.dll:InitializeCriticalSectionAndSpinCount+0x0 now points to private_0x000000007fff0000:+0x7403850f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	71. entry of 370e.tmp.exe	4 bytes	kernel32.dll:Sleep+0x0 now points to private_0x000000007fff0000:+0x79433bf9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	72. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCurrentProcess+0x0 now points to pagefile_0x00000000006b0000:+0x16840f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	73. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TerminateProcess+0x0 now points to private_0x000000007fff0000:+0x36100000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	75. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TlsGetValue+0x0 now points to user32.dll:__NLG_Return2+0x3a4	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	76. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TlsSetValue+0x0 now points to private_0x000000007fff0000:+0x5ca3316	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	77. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TlsFree+0x0 now points to private_0x000000007fff0000:+0x41a00fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	78. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetStartupInfoW+0x0 now points to private_0x000000007fff0000:+0x7f4e0c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	79. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleHandleW+0x0 now points to private_0x000000007fff0000:+0x600ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	80. entry of 370e.tmp.exe	4 bytes	kernel32.dll:CreateSemaphoreW+0x0 now points to private_0x000000007fff0000:+0x55860fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	87. entry of 370e.tmp.exe	4 bytes	kernel32.dll:IsValidCodePage+0x0 now points to private_0x000000007fff0000:+0x8000ff4d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	89. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetOEMCP+0x0 now points to private_0x000000007fff0000:+0x7ff4b385	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	92. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCurrentThread+0x0 now points to user32.dll:__NLG_Return2+0x3a6	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	93. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCurrentThreadId+0x0 now points to private_0x000000007fff0000:+0x5ca3316	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	94. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetProcessHeap+0x0 now points to private_0x000000007fff0000:+0x41a00fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	95. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetFileType+0x0 now points to private_0x000000007fff0000:+0x7f4e0c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	96. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleFileNameA+0x0 now points to private_0x000000007fff0000:+0x600ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005b0000:+0x5d4ac	97. entry of 370e.tmp.exe	4 bytes	kernel32.dll:QueryPerformanceCounter+0x0 now points to pagefile_0x0000000000840000:+0x10fc9	... Actions Go to Installer Region Go to Target Region

Host Behavior

File (6)

Operation	Filename	Additional Information	Count	Logfile
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn

Module (312)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	2	Fn
Load	RPCRT4.dll	base_address = 0x75ee0000	1	Fn
Load	MPR.dll	base_address = 0x74b30000	1	Fn
Load	WININET.dll	base_address = 0x753d0000	1	Fn
Load	WINMM.dll	base_address = 0x74af0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	USER32.dll	base_address = 0x74f40000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	ole32.dll	base_address = 0x755e0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x75220000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x74b50000	1	Fn
Load	WS2_32.dll	base_address = 0x75bc0000	1	Fn
Load	DNSAPI.dll	base_address = 0x74a80000	1	Fn
Load	CRYPT32.dll	base_address = 0x759b0000	1	Fn
Load	msvcr100.dll	base_address = 0x749c0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\370e.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe, size = 260	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x76cb410b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76cb4195	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x76c3d31f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x76c4ee7e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x7717441c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x7719c381	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x76c4f088	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x771805d7	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x7719ca24	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77150b8c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x771a1e1d	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76cb4761	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x76cacd11	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x76cb424f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x76cb46b1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76cc6676	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76cb4751	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x76cc65f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x76cb47c1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x76cb47e1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x76c4eee0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x76c3588e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x76c310ff	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Module32First, address_out = 0x76cb5cd9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x76c349d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x75f01635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x75f21ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x75f5d918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x75f23fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x75eff48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74b32dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74b32f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74b33058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x753eab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x7544be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x753eb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x754130f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x753f5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x753ff18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x753f9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x74af26e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7535a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7535bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x753545bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x7534d65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x76c3110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x76c34435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x76c317d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x76c34259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x76c35371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x76c4ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76c31986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x76c35063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x76c3492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x76c5830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x76c34620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x76c5d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76c33ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x76c35929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x76c31700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x76c359e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x76c49af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76c58baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x76c3168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x76c3183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x76c5896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x76c5828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76c34c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x76cb4691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x76c389b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x76c32d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x76c4cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x76c3dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x76c4174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x76c35558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x76c34467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x76c5d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x76c334d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x76c3465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x76c33c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x76c4ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76c33da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x76cb425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x76c534d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x76c4f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76c33bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x76c4ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x76cd739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x76c5d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x76c38a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x76cb40d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x76c317ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x76c3e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x76c4ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x74f588f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x74f57809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x74f5b17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x74f60dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x74f57136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x74f58a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x74f63559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x771625dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x74f605ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x74f58bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x74fafd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x74f5787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x74f59abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x74f59a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x74f59679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x74f578e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x74d4df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74d4df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x74d4ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x74d4ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x74d4e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x74d5157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x74d4df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x74d4df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x74d67144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x74d4df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x74d6779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x74d4c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x74d52a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x74d546ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x74d5369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x760617bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7605e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x76217078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x755fb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75607259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x756286d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75629d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x7522fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x75224642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x75223eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x75223ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x75223e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x75223f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x75225dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x75224af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x74b59263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x75bcb131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x75bc311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x75bd7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x74a9572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x74a8436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x759e5d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x749dc544	1	Fn

System (503)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-24 17:39:42 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 16349196236	1	Fn
Get Time	type = Ticks, time = 106283	63	Fn
Get Time	type = Ticks, time = 106299	76	Fn
Get Time	type = Ticks, time = 106314	75	Fn
Get Time	type = Ticks, time = 106330	35	Fn
Get Time	type = System Time, time = 2019-06-24 17:39:44 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 16575718515	1	Fn
Get Info	type = Hardware Information	249	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Process #6: taskeng.exe

Information	Value
ID	#6
File Name	c:\windows\system32\taskeng.exe
Command Line	taskeng.exe {6D8B2882-1230-420E-9307-11BBC8B69057} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:LUA[1]
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:00:52, Reason: Created Scheduled Job
Unmonitor	End Time: 00:01:05, Reason: Self Terminated
Monitor Duration	00:00:13
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x714
Parent PID	0x36c (Unknown)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 78C 0x 648 0x 328 0x 2AC 0x 6E4 0x 6D0 0x 130

Process #7: 370e.tmp.exe

825

Information	Value
ID	#7
File Name	c:\users\5p5nrgjn0js halpmcxz\appdata\local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370e.tmp.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe" --Task
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:00:52, Reason: Child Process
Unmonitor	End Time: 00:01:05, Reason: Self Terminated
Monitor Duration	00:00:13

OS Process Information

Information	Value
PID	0x618
Parent PID	0x714 (c:\windows\system32\taskeng.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 5CC 0x 414 0x 7A4 0x 2C8 0x 39C 0x 128 0x 7B0

Host Behavior

File (6)

Operation	Filename	Additional Information	Count	Logfile
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn

Module (312)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	2	Fn
Load	RPCRT4.dll	base_address = 0x75ee0000	1	Fn
Load	MPR.dll	base_address = 0x74b30000	1	Fn
Load	WININET.dll	base_address = 0x753d0000	1	Fn
Load	WINMM.dll	base_address = 0x74af0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	USER32.dll	base_address = 0x74f40000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	ole32.dll	base_address = 0x755e0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x75220000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x74b50000	1	Fn
Load	WS2_32.dll	base_address = 0x75bc0000	1	Fn
Load	DNSAPI.dll	base_address = 0x74a80000	1	Fn
Load	CRYPT32.dll	base_address = 0x759b0000	1	Fn
Load	msvcr100.dll	base_address = 0x749c0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370e.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe, size = 260	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x76cb410b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76cb4195	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x76c3d31f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x76c4ee7e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x7717441c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x7719c381	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x76c4f088	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x771805d7	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x7719ca24	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77150b8c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x771a1e1d	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76cb4761	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x76cacd11	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x76cb424f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x76cb46b1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76cc6676	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76cb4751	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x76cc65f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x76cb47c1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x76cb47e1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x76c4eee0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x76c3588e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x76c310ff	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Module32First, address_out = 0x76cb5cd9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x76c349d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x75f01635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x75f21ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x75f5d918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x75f23fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x75eff48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74b32dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74b32f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74b33058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x753eab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x7544be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x753eb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x754130f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x753f5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x753ff18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x753f9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x74af26e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7535a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7535bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x753545bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x7534d65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x76c3110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x76c34435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x76c317d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x76c34259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x76c35371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x76c4ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76c31986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x76c35063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x76c3492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x76c5830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x76c34620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x76c5d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76c33ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x76c35929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x76c31700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x76c359e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x76c49af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76c58baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x76c3168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x76c3183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x76c5896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x76c5828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76c34c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x76cb4691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x76c389b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x76c32d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x76c4cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x76c3dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x76c4174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x76c35558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x76c34467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x76c5d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x76c334d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x76c3465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x76c33c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x76c4ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76c33da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x76cb425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x76c534d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x76c4f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76c33bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x76c4ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x76cd739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x76c5d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x76c38a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x76cb40d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x76c317ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x76c3e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x76c4ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x74f588f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x74f57809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x74f5b17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x74f60dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x74f57136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x74f58a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x74f63559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x771625dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x74f605ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x74f58bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x74fafd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x74f5787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x74f59abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x74f59a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x74f59679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x74f578e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x74d4df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74d4df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x74d4ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x74d4ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x74d4e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x74d5157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x74d4df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x74d4df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x74d67144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x74d4df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x74d6779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x74d4c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x74d52a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x74d546ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x74d5369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x760617bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7605e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x76217078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x755fb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75607259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x756286d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75629d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x7522fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x75224642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x75223eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x75223ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x75223e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x75223f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x75225dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x75224af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x74b59263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x75bcb131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x75bc311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x75bd7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x74a9572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x74a8436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x759e5d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x749dc544	1	Fn

System (503)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-06-24 17:39:51 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 17393451388	1	Fn
Get Time	type = Ticks, time = 115471	29	Fn
Get Time	type = Ticks, time = 115487	84	Fn
Get Time	type = Ticks, time = 115503	69	Fn
Get Time	type = Ticks, time = 115518	67	Fn
Get Time	type = System Time, time = 2019-06-24 17:39:53 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 17611140995	1	Fn
Get Info	type = Hardware Information	249	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Process #10: 370e.tmp.exe

3524

Information	Value
ID	#10
File Name	c:\users\5p5nrgjn0js halpmcxz\appdata\local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370e.tmp.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe" --AutoStart
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:01:31, Reason: Autostart
Unmonitor	End Time: 00:04:25, Reason: Terminated by Timeout
Monitor Duration	00:02:53

OS Process Information

Information	Value
PID	0x56c
Parent PID	0x37c (Unknown)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 570 0x 6D8 0x 6DC 0x 6E0 0x 6E4 0x 6E8 0x 6F0 0x 348 0x 34C 0x 350 0x 5D0 0x 318 0x 640 0x 7EC

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
370e.tmp.exe	0x00400000	0x00498FFF	Relevant Image	-	32-bit	-			... Region Actions Download Dump

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x00000000005e0000:+0x5d8dc	3. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetNativeSystemInfo+0x0 now points to private_0x000000007fff0000:+0x8000ff4d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	5. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetProfileIntW+0x0 now points to private_0x000000007fff0000:+0x7ff60385	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	9. entry of 370e.tmp.exe	4 bytes	kernel32.dll:MoveFileWithProgressA+0x0 now points to private_0x000000007fff0000:+0x5ca3316	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	10. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetTickCount+0x0 now points to private_0x000000007fff0000:+0x41a00fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	11. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WaitNamedPipeW+0x0 now points to private_0x000000007fff0000:+0x7f4e0c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	12. entry of 370e.tmp.exe	4 bytes	kernel32.dll:EnumTimeFormatsA+0x0 now points to private_0x000000007fff0000:+0x600ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	13. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetSystemDirectoryW+0x0 now points to private_0x000000007fff0000:+0x61860fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	20. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ReplaceFileA+0x0 now points to private_0x000000007fff0000:+0x8000ff4d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	22. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetLongPathNameW+0x0 now points to private_0x000000007fff0000:+0x7ff5bf85	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	26. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WritePrivateProfileStringA+0x0 now points to private_0x000000007fff0000:+0x5c13312	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	27. entry of 370e.tmp.exe	4 bytes	kernel32.dll:MoveFileA+0x0 now points to private_0x000000007fff0000:+0x40a00fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	28. entry of 370e.tmp.exe	4 bytes	kernel32.dll:OpenEventA+0x0 now points to private_0x000000007fff0000:+0x7f460c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	29. entry of 370e.tmp.exe	4 bytes	kernel32.dll:HeapLock+0x0 now points to private_0x000000007fff0000:+0x6c00ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	30. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetTapeParameters+0x0 now points to private_0x000000007fff0000:+0x5ca3302	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	31. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WaitForMultipleObjects+0x0 now points to private_0x000000007fff0000:+0x19860fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	32. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetVolumePathNamesForVolumeNameA+0x0 now points to private_0x000000007fff0000:+0xc00fff4	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	34. entry of 370e.tmp.exe	4 bytes	kernel32.dll:FindFirstVolumeMountPointA+0x0 now points to private_0x000000007fff0000:+0x1850ff5	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	36. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleHandleA+0x0 now points to private_0x000000007fff0000:+0x3610f8b6	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	37. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ContinueDebugEvent+0x0 now points to private_0x000000007fff0000:+0x782cf542	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	38. entry of 370e.tmp.exe	4 bytes	kernel32.dll:EraseTape+0x0 now points to private_0x000000007fff0000:+0x49341674	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	39. entry of 370e.tmp.exe	4 bytes	kernel32.dll:CreateMailslotA+0x0 now points to private_0x000000007fff0000:+0x1f10ff85	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	41. entry of 370e.tmp.exe	4 bytes	kernel32.dll:EnumSystemLocalesW+0x0 now points to private_0x000000007fff0000:+0x8000ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	42. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ExpandEnvironmentStringsW+0x0 now points to private_0x000000007fff0000:+0x510c985	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	43. entry of 370e.tmp.exe	4 bytes	kernel32.dll:CreateFileW+0x0 now points to private_0x000000007fff0000:+0x8000f46c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	44. entry of 370e.tmp.exe	4 bytes	kernel32.dll:FlushFileBuffers+0x0 now points to private_0x000000007fff0000:+0x767fb60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	45. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WriteConsoleW+0x0 now points to private_0x000000007fff0000:+0x7643b60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	47. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlEncodePointer+0x0 now points to private_0x000000007fff0000:+0x7f86c933	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	48. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlDecodePointer+0x0 now points to private_0x000000007fff0000:+0xdc29f0f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	49. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetLastError+0x0 now points to private_0x000000007fff0000:+0x80004d0c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	50. entry of 370e.tmp.exe	4 bytes	kernel32.dll:ExitProcess+0x0 now points to private_0x000000007fff0000:+0x4986ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	51. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleHandleExW+0x0 now points to private_0x000000007fff0000:+0x744b850f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	52. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetProcAddress+0x0 now points to private_0x000000007fff0000:+0x3610ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	53. entry of 370e.tmp.exe	4 bytes	kernel32.dll:AreFileApisANSI+0x0 now points to private_0x000000007fff0000:+0x3610f77e	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	54. entry of 370e.tmp.exe	4 bytes	kernel32.dll:MultiByteToWideChar+0x0 now points to private_0x000000007fff0000:+0x782cf742	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	55. entry of 370e.tmp.exe	4 bytes	kernel32.dll:WideCharToMultiByte+0x0 now points to private_0x000000007fff0000:+0x49341674	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	56. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCommandLineA+0x0 now points to private_0x000000007fff0000:+0x1f10ff85	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	58. entry of 370e.tmp.exe	4 bytes	kernel32.dll:RtlUnwind+0x0 now points to private_0x000000007fff0000:+0x8000ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	59. entry of 370e.tmp.exe	4 bytes	kernel32.dll:IsDebuggerPresent+0x0 now points to private_0x000000007fff0000:+0x510c985	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	60. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlSizeHeap+0x0 now points to private_0x000000007fff0000:+0x8000f428	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	61. entry of 370e.tmp.exe	4 bytes	kernel32.dll:HeapFree+0x0 now points to private_0x000000007fff0000:+0x784fb60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	62. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlEnterCriticalSection+0x0 now points to private_0x000000007fff0000:+0x7843b60f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	64. entry of 370e.tmp.exe	4 bytes	ntdll.dll:RtlDeleteCriticalSection+0x0 now points to private_0x000000007fff0000:+0x4986c033	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	65. entry of 370e.tmp.exe	4 bytes	kernel32.dll:FatalAppExitA+0x0 now points to private_0x000000007fff0000:+0xdc19f0f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	66. entry of 370e.tmp.exe	4 bytes	kernel32.dll:UnhandledExceptionFilter+0x0 now points to private_0x000000007fff0000:+0x8000450c	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	68. entry of 370e.tmp.exe	4 bytes	kernel32.dll:SetLastError+0x0 now points to private_0x000000007fff0000:+0x4986c933	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	69. entry of 370e.tmp.exe	4 bytes	kernel32.dll:InitializeCriticalSectionAndSpinCount+0x0 now points to private_0x000000007fff0000:+0x7403850f	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	71. entry of 370e.tmp.exe	4 bytes	kernel32.dll:Sleep+0x0 now points to private_0x000000007fff0000:+0x79433bf9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	73. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TerminateProcess+0x0 now points to private_0x000000007fff0000:+0x36100000	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	76. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TlsSetValue+0x0 now points to private_0x000000007fff0000:+0x5ca3316	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	77. entry of 370e.tmp.exe	4 bytes	kernel32.dll:TlsFree+0x0 now points to private_0x000000007fff0000:+0x41a00fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	78. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetStartupInfoW+0x0 now points to private_0x000000007fff0000:+0x7f4e0c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	79. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleHandleW+0x0 now points to private_0x000000007fff0000:+0x600ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	80. entry of 370e.tmp.exe	4 bytes	kernel32.dll:CreateSemaphoreW+0x0 now points to private_0x000000007fff0000:+0x55860fc9	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	87. entry of 370e.tmp.exe	4 bytes	kernel32.dll:IsValidCodePage+0x0 now points to private_0x000000007fff0000:+0x8000ff4d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	89. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetOEMCP+0x0 now points to private_0x000000007fff0000:+0x7ff4b385	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	93. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetCurrentThreadId+0x0 now points to private_0x000000007fff0000:+0x5ca3316	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	94. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetProcessHeap+0x0 now points to private_0x000000007fff0000:+0x41a00fff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	95. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetFileType+0x0 now points to private_0x000000007fff0000:+0x7f4e0c8d	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	96. entry of 370e.tmp.exe	4 bytes	kernel32.dll:GetModuleFileNameA+0x0 now points to private_0x000000007fff0000:+0x600ffff	... Actions Go to Installer Region Go to Target Region
IAT	private_0x00000000005e0000:+0x5d8dc	97. entry of 370e.tmp.exe	4 bytes	kernel32.dll:QueryPerformanceCounter+0x0 now points to pagefile_0x0000000000850000:+0xfc9	... Actions Go to Installer Region Go to Target Region

Dropped Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	66.86 KB	MD5: ab61ff512f9ab4b3ca027b70d61a0021 SHA1: 0cc8ad777c982b24435ae04adb6c590393d0375e SHA256: 38a6e7af32f1aa1dd7f4da50a9e58658f3f6d8518f872e37dd5de9ceb6232d27 SSDeep: 1536:ou/yd4+4RrZ04sf+Gss4K9cEhfegQUEaeF/xiWyYbz:ou44+4RoR4K9c4WJUtAnbz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	1.22 KB	MD5: 831182028c185cc2ed0ea207a0f1b3cc SHA1: 26d516bd57825da54988b1f412603e5125169bb7 SHA256: de425134b652b16eb875eb00c9ea20ebcf631374b2291b2407a23001e1ce67cf SSDeep: 24:wDtHvZDqDnxANgzm2gz/izFsscxcAqsQNFifZCCutBb6posvXK1iJqINX2TctbD:wDtPhDNMgzesbZY6fuP6pxJqRcND	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	1.22 KB	MD5: 6cff37b32d21e6141841b71e2ba8f0c4 SHA1: 201cb02ccfc07cbb83089407f6c05227a01b76fa SHA256: 52f7d6dbb68983a29a15f9e384c0558c60943da3367ffd62df1eac9c7963e816 SSDeep: 24:wDtHvZDqDnxANgpLsw0mTT6zFsscnqN6jAgdMvM6qGo+Enn5oi7NefbtbD:wDtPhDNkD01sbn5jjMkQo+EnKiZefbND	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	1.22 KB	MD5: 2db3154c0df65616a67febfe8fa8a9e2 SHA1: 6bcfc633bbae737a0c62db0175d799a799d9bd9d SHA256: 4a660635712157d037e998a7be1f0ab66296294268aa279fa5f9d1b98462aa10 SSDeep: 24:wDtHvZDqDnxANgW2xCYzFssc1wYBWqIgvEXvTtRxaLOwkjS3DXg2tbD:wDtPhDNL2xJsb1NBWvgvOTxmmEDLND	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2-_K6lTtjSYNHLM8.doc	70.65 KB	MD5: b8da0e52b93f2dea751eb2a9dbf7f16b SHA1: 7423c7d0c0c20fda000fde6def464583f94d0a33 SHA256: 45af26b1ea8b1dc88d63818f297d25c6d9651cb6cfb3c99addd88d85208ac564 SSDeep: 1536:gilsTz+PwphI5v23F1OlQNk5bynQJarQns4hSVND47qx4h7PfE+h6NDIhNhXs:gYs9ph08DOlXbynQJaUs4sVWqxU7HE+I	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	525.58 KB	MD5: 2b2e3071fca666caf73d409b1336f620 SHA1: 167a2b1fe374a0d271f8ccd169fe1f3b185f15e1 SHA256: 9bce6ddfcbc4feb52e0e0cf1b0821b002e88c81920f3b2c8901cd7558a4fcd85 SSDeep: 12288:cejQneCxPMhSlywgWvQe1/JRQEJezCNhAIx5APfZKLaZxwW6:p5SpfhOE4+hJEPyaZCW6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7i-hclJt.ppt	67.75 KB	MD5: 11c23216562b0dfa26279f49d3c66148 SHA1: ef375a77576cc1d6d60d3a23f0b840aa11307403 SHA256: 21192b322927285360180c7ba9fd0dfb2d9bba38543c125515370393d51657b5 SSDeep: 1536:CuXUsagr1GYg4FYSvFz/algXy0XfNVj6WFMn0sygDsTq:HPuYgMYS1/alv0NJ6Fn0rLW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7o_dfQXVcSB.bmp	26.55 KB	MD5: 65ec64179c18797642440c433d4a98b8 SHA1: ef8f66ad54ee41b4d4c33eba999434f1ee61f481 SHA256: 680b5c889e8ffbe7a84121e26d3440df0c47dcc7d60c37e79c17c5b7d218e981 SSDeep: 768:Isv+D3k9EeFdmjV6w5AQs/UHdvlqhVP29PPz3t:IsvquEM7gdw7e9p	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Emq6vD0ivZ4XdEfJ.swf	63.54 KB	MD5: a9a279e6ea328e9c882487d16df2e862 SHA1: 7df66ec60d8fa866e3433c14e59806bd40f03398 SHA256: 8db9fee9fa1e5f39e3c06320461fed7049a51f7bbcddf1cd3516dc8ed5f86c2d SSDeep: 1536:nVKpgoV67ven+hX0WDFVFpB/MulhIbWjuU:VOzs7ve+hX0QBFlk2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eX-YvFXQkLn0gu2V.jpg	93.41 KB	MD5: 25004dd5a87e0412f753e092716243ed SHA1: 8f656c9f3e478506eebf989c261176ce934b1ff9 SHA256: 7a2db1777af4049b1d291c59581067a5043bcd6cba42e8b50525078187168ff1 SSDeep: 1536:hiRV3ijTEYF40BFxzGLCF787YXhiEs5WwGFcTejDJV8mdwrOe4eHerbouxS:hQVSMQTcLuI7YW5Wr78mdGOA+v2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS00PnIq2P8Kp.gif	17.01 KB	MD5: 3f04821f5f838387e34125db0a2618cf SHA1: 558aff75ed6c092a2b22a52193080f4e2a8cfcb3 SHA256: 0aa0631a60173427ad80b08889a18644b802a61625149b94a7d56884ead0e55a SSDeep: 384:xsO+X/R4EjVLFr7ZS0Tt7tnoelfXqUfNkfBdoJlDGifVl:xsTX/XVLh7g0TtRntlfa3/cQm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HZMv21_uk.jpg	76.92 KB	MD5: 6b843c02c9b8690e3f2e7b53443eeda9 SHA1: a032e9090df9b561594ad1227344584d39ec9448 SHA256: c7e6ed830a8b1e973f1fd0deca7c05ea2e810c50470c1a15da2d347d37f103c3 SSDeep: 1536:Xff6gWXt9VFHd5+tlLP1yPTgT7Zl6ndHcbpyTmjWiUllaUABdz+f7kB6:XffQnVF9MLIPMT7f6xOim+rsr+f7kw	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN mvP_WadxDj6.m4a	71.48 KB	MD5: 6fe0f49c600f6ebc2b091b7365281bc2 SHA1: 81c4617f1b912a5ecb5adf9872e8dd2446520b78 SHA256: 8f9c1905767b8025c292529f943d64586053027320d3000756cee8a3f69a825f SSDeep: 1536:zKoSHEkDqLQ5BxCdG3OJNONpYKL3Q9e0Fv3OOHA22RyrnxpeaI:J1MHR3BNpZwee35HBxptI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iqS7xw7P.ots	65.75 KB	MD5: facedb4da55f9e6988954fc75a9a9023 SHA1: d83e833c8489a01a5f516b78c36d82ca42a231d7 SHA256: 975c596109d9a025bb8fc694c29c3f960dda7ee6ee4c9fa59b6a4da5266b6b4f SSDeep: 1536:n301irE2ZAhVtPyVsTSVltRSxzBgQYsIY4CE8eTuZTvv:n30112ZAhPSseVlyzBgDJJKJv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pknw9.bmp	59.99 KB	MD5: 8f767d572d19a59ef049c068b4481839 SHA1: 7bae64681c826aee5e28a7036a8a7d7dcad10118 SHA256: 36fd8b045611aede3ed1d3888f1bbbb21a56243b0b143426292c2691bc015d56 SSDeep: 768:TAZmSgmlwkpjesZjvi7JhLvtTy1jgcbGjnyYsOCQZ1blKMtuG+cr4J5xwsa9mJ8h:ixDlorJTyFFq9snQ1KMMa+p8mWIE+21	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Sw0t6XcCq_-sZjnOduKn.jpg	90.44 KB	MD5: ffd94874de2952ee43c5b65024ac99da SHA1: 908507de29867a1a6b25465c243f79273c3beaf6 SHA256: 1c0536f629146994a411c47e3463ea4c117372cca9c0b82821f8c5a99baa0c82 SSDeep: 1536:cCIzvyNsGzKYI6sZPPBxjWagBcv1zymv+Q2KjciCPIheb9uWHNh+jlFmUcQrLZii:jILyxzKYIRZhxjPgBcvcmWQ2pf5+pFrJ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tx70s-VsAQSc.wav	51.05 KB	MD5: 8cef9e6bf7c8fb143e36343ff887face SHA1: 467b5c0dba91dcecfbd05c42ef7b0b68a66d43ac SHA256: feb259a512259b4aef89c121d6a0486f9bf81cc0b94c6c5d86b694a623191f10 SSDeep: 1536:mlxnC2gW0Lm0gh6BytR18XFcxv3Y6ab0ssdPc:4n50+6Kvnc0sMU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEGeQkzsNxB9WeTM.m4a	21.18 KB	MD5: 1851ab1d2ebf84b3f88223e7623830b2 SHA1: 4ea24094e9873f2b1b1e539b871d55c31ae61fb4 SHA256: b5e0cef2cf5502a968aec1d045a37d0364c793ecdc64446e37f5d6c595c56226 SSDeep: 384:jz0jaZa2fJF94YsHw4pg4un/9/w5qEN+KtfFWx5vkIfeX/nc169dBqu2bAYFKYX:jz0jSaeJWHPq4uF/wkEgKt4x5vkIfgnK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VRP-Z6.png	1.85 KB	MD5: 3ec283ff4d2247f9e144c5a6d76e597a SHA1: 57db24161b7c272b920ca545589127d9ad136199 SHA256: b96be5a62625bb64b5aa9538f998f7ad87cdc1469579685931c05f560b24176b SSDeep: 48:AIA0ObT9kDGfh99XIsT+19yVsQ9Du9HX0IvND:AIA0O/yCh9qsTKySHXP1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wY8i S_.flv	52.69 KB	MD5: cf5c2ee7c6185af43af4582aa644a39c SHA1: 952a174184d054812c15d651a7b556a2f3d76e86 SHA256: 646ace2ee6059b230b0e1238731a4320e48b33937ce928773a45bd83a98afcc5 SSDeep: 768:TwbhOQ8P+q+lXDMoeU9Gc2y6rI12rScBIPXm6VnGl1fqgFS0v:TwF+2zMw23WrP2CnGlFFb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5hGto9u9m313.docx	94.31 KB	MD5: 43581324208319b30dd87ba9347795a9 SHA1: 8a1ffe5ada2698da2a41c101652170dccfed9b3a SHA256: eb52ba201c62604f88e56228e48628f7580c177f084bc788a5b71ca433773634 SSDeep: 1536:3tUs6/715nVNXhYr4F3eiTdeCRoK143/GTo2jztpkhm+B7O2mtEsUDlEGzpjzs+z:36s6zHVNthpeC/cPstcm+BPmNUdpjRvR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ACBE_lrqSEFAf.pptx	43.79 KB	MD5: 42d8b86494d2fc5620bd7445d4c7a5ae SHA1: 0c3ca9736a3790a6e7c852feb5a206a832f24cd9 SHA256: 34593986b4ee5116e007f8a16af6382cc033f4a97cecc8e3b583551fb28a5839 SSDeep: 768:udHwipqR4eAVkRJIBF8thogGR8kF4OaInTKm9OgQmZyRL:uOmvmJ0Erg8s4OaIuntRL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BNK6dBch57n5aoP0t.xlsx	58.19 KB	MD5: 5fc92aea14f8955965f35cc271d1b367 SHA1: f5c9f13cc507ff0bdc6fde8c8dff71393e1b27ce SHA256: 008c68b7d4646055434ad51b3a16af66e06a6ce13b3d4713f906929699e7eacd SSDeep: 1536:lcduDnkLmGE2EwsfatV+YuZaclUBjIE37z46:lcYSmo7+farr/z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GkId5.pdf	57.78 KB	MD5: 4d44116e4c78881732b91889b5f3868f SHA1: ffe0e2f3292c0d8f2d57dbb5af3477b5174072f3 SHA256: e6740fd4e1c683d5255218d2f2dfc27a72e282073d54d6781e852b519eb406e6 SSDeep: 1536:MXSMqKVGvVjXBgiE5Q1isMKI11rWv/zT5mQ6dnSvL:MXbtYvxXOid11HI1BK3qnSj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HXfImV4Qtfg1Ex.odp	71.93 KB	MD5: 739ec9b3fcfbf6a826248403240975f5 SHA1: 0c8926e5cb0f6dc7bcfd33a6a1c217365ced8bb0 SHA256: 071ac27fb374b1df224be8e0405517cc73f1d1d8151b3b0226dd85800dc8f590 SSDeep: 1536:RkihLYJ3qCX2SiFBL75Krrynkgahbbcn++om75MGbp4sdiDgd:zlCqC4Iakg8r+7eqNim	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\iDsL9dCjo_LaXt.pptx	52.73 KB	MD5: 51b113cc6fa8a25165cad483f2561779 SHA1: 43b825a40fc1b02a3c4a61a852a07d298b5eff22 SHA256: 71b17a7e23b9e6aecb29c6ea17eb1976fae09f99ff0b58ee4b870050e103148b SSDeep: 1536:se9kKGGNCb1ES6TzSbYwEXEumFvrCjuOacVZTt:se9kt1PYnwEXEumhrCjuOacLt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\m3fpL4NiO_tDUBU.xlsx	71.11 KB	MD5: 12b1b2ae90aa0a4f093dda632ed4e0d2 SHA1: a2e2c4cf4ae9ab782518640a053a859f33f30eb5 SHA256: 5231ea708e3a5b8819927273ecf598332734fcd283bd2fe29009e4d3c2f1f628 SSDeep: 1536:Oks1miqJac2bkCwjCT7qAp6l7q4lll6B1H9942cLJoVNeBe4Ez2oJ:BcmXJacmkCwG3bI5H0BF9W2Gy9zp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PSaER.xlsx	81.14 KB	MD5: 9a03bd0472ad133aa529ede59b42ae74 SHA1: 8837a28dd4e03e93db2fdafaab0fc4becffb1a6d SHA256: 88176205dd65df03488b39b19dd9aa53cc28751be0d2598e60d3b72b0a1257f9 SSDeep: 1536:dtR4yHElrrpLs48ySvogcJOFbC30Hxj17bWcqB35/37gDI9GR8S4I/3vNBX54lV:dsOGhs48BHGgpRjpbHwt37gDI908S4IK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tosXZeBkp.docx	86.12 KB	MD5: 7ac87366ade7934d37422dc41aa77f5a SHA1: 1c559ebe170d3dda425685378398859e3428d996 SHA256: 2092e33c286bc55246f9f467746e587f1c4ef2d985358f85892d4e909b067900 SSDeep: 1536:PbwVfjLBMK2Gf/OOwimj7Hx4gr2Yt/FelqSSoyKWid37q19Al9wNZ0:TGW3Gf/rwXHxHr2CFelq3jidm1A9a0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vqFDMq0vDJBGr2hc.docx	13.51 KB	MD5: 872819bc642c0a22e47d947e746bdb63 SHA1: b0cf6a998aef50eb8c3b186c082a7fe78530f296 SHA256: 411ebe41e11d91585f670341cfffec488cfae88f09df3256690675f5f3d434a5 SSDeep: 384:rPX3xPI0zyFgMrvts6KDJVBq9tQzXYCJpw1:rRI0ogMztFKoYPw1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ydHK_AJbvu6-wWm.pptx	69.62 KB	MD5: 379bcf582bd85acde119c5c2138dcb81 SHA1: c664e4b6614db03eeee0f5397d65463849e56331 SHA256: aefa56516c545a594219fc234dbd15a2edb6abbff75337844502a19937395c9d SSDeep: 1536:QQLjrYqkPFHcxdRM4ugi1w/tmA1yGF8fs:BfrYTPFC/yukmGU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YuznX2-DO1aKAcy18.xlsx	75.81 KB	MD5: 9e3f65233bf0fcd5660f1771ce40c92b SHA1: bab4c4aed2ac41163a65e9da4882a352faaf9a95 SHA256: b1a7ce5c275d8ad2f41bfc9ab312ca2deac93a33261e092b209f95304cb54602 SSDeep: 1536:H+qHMD5UZ7z8L42GP5Evk+fJ/h0hBI6NleS048CvPN5NHfqmDcV4vdQTa:e1Gp8c2YMB/OhBzYGXLwwUa	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\1LH ai8TTh YEvyGD.m4a	85.70 KB	MD5: 8d278f7c5ce9897dfcf92a0f2a463b9b SHA1: a53ace18575740c449f09e9352bbc7648f5d2db8 SHA256: d632816d41c83c1a663313fa9eed778b81951eb85c12dbd5cbc82df55fe1d033 SSDeep: 1536:TUqRaWLLJCdtVwCmwF/TOj6chNwg57NyIuXxKYZaBN8Yqo2gafhIWxPEfoz:oq0CJCHOCmw1ahNZWR30Brqo2ZtpEk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\1m-pL.m4a	42.34 KB	MD5: 2817dc68b112be3bea4f4ebf4ee172d5 SHA1: e1830db2472209b18061769955b81cb537528d1d SHA256: fb26ad0ffc7f6032f44403ced82601deb7da159877c7c8616c32418f56286bea SSDeep: 768:iAvTQFOrp9kdQqphUVQfe4laFouXezNZqXk2QlwNdXyarxqHk47JI:iFFOrp9kQaqVQLgWuXmZqUSdXyAxmVI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OENLvsSvA_3B3xAhQM.wav	46.57 KB	MD5: 5120cd29b4299fd0cb72e8853809b9fa SHA1: a683316720890355d2859325e995069b99eb9929 SHA256: c521488199cc356c8255bf69b12f9e4fe347ca38aa4ef5eb3a9fc66ba57b526f SSDeep: 768:0UHzn2BGAyC56ltVVB8nQ2McqMK6iEWO7sw69LjYxgRzVGyFMs+eYGrBLvX3Mkhb:0Yr2BGVC56Bz8nQ2HqciJ0sn84FMh7iL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\5NnU5R.mp3	6.00 KB	MD5: 3724bfb412faed2603cd25506162355b SHA1: 9a179fba3d7176979a6f771a83f60a9ea25a51d4 SHA256: 8c5fb6a029ef8cdf3ee390226ce9e63f879e33dca6722f5e06a09fae6016eea6 SSDeep: 192:66R+ZbSLH1yxU7FGbxZlggPRkScdAgnknw1:6kSGH1yxU7FGygpdcdAGknE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7wK8zcb6fytX2DCx65.m4a	76.83 KB	MD5: 448a4dffe1a36ae2585b419816db8c11 SHA1: 900cdaa33534c005c79f528c29d44c5c9846b785 SHA256: 0db64410f6a4cc338a6b66036148388d1cd44ee96df05f44763fddb792ccac2b SSDeep: 1536:YlaMwPRfF051Jv6Y2gCCbL1AFN2Wlqzm9lByWwaHqqiI9Ln0XmYX8/F3IS3:WSRfKtv6Y2gCoON2WocQaHqqioAXs4S3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\AfS4W9T-vl.m4a	20.78 KB	MD5: f242df54a7633dea407e7d85c6edbbe4 SHA1: f9a0c1016d7bd048fb57171c5dcfc2394d3dcd00 SHA256: 52b4596e445c2156b37760ebea236425f3f141bd22d8613f85c28674e03ee6e5 SSDeep: 384:/WjtgvF2WPXESTxiMlIBAjydHTwaRPzqRI9JIOIgxH+jZJXl+pey8w4+:/UgvUWPXESsTA2dHTfPzqRGB1kk0r9+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\eVkUqXz.mp3	48.43 KB	MD5: cdfec8400755ed97e0f74b242fc03148 SHA1: 8c322bf6779bf13cd0b40482fadc723256db6628 SHA256: 017e1673290c46907d9ff91cdfbc19da39f8620e02f51b6ddcafc8d55d449753 SSDeep: 768:3sXTkDSI65rAJxONYjBypEGFxxYfsbG7BQ6RYikiiIFpVll1TCWVRzHv8aj:32IDoAnUYVYjFxxYf4MQ6pt1TFcWVl02	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\fBS7mSNK6.m4a	81.48 KB	MD5: 6d04e57a5d01e055955d048c94b85d5d SHA1: b6617dfe64d4937c4bb7ef006604319040a6a4f2 SHA256: 29bd2c489c34b2a68ec943cddca58457d57da3273e427b72a1a202c095285ef8 SSDeep: 1536:M5sQH/PHclsrfPsDYX307jRfChbF7YPk17/WJLdeISaRUKMrnDk8gD6kPjQxSC:SsQfPmsDPvX3ajRarEPk17/cdeISaRnk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\FIVz Pn-IkWrJfBV.m4a	16.04 KB	MD5: f501e05219e0e37f87f2beae34300182 SHA1: 796cdc20efb193c3cdbf04062a6d2a5dca114f8a SHA256: ac67ec86bc83c94bf26528a17b5deb1a60b99dc9d4fa532549719639f2fe52c3 SSDeep: 384:B3TTT4fmcNcLVVbJj7g25WjkBdorP/qp9C2dogyLe4t9lC:9AfR4d7Oj+dSiyLi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\GuF8APTZ9unXBfPE-UL_.mp3	88.25 KB	MD5: 57a9739069ed733ab2e37610ff980a84 SHA1: 32e37ddc077909cc8daf713a794b803edd6b8f10 SHA256: f75b9021592c954018192d853fccad9f732dc0200bacc0c99fdb1851d91e1fc6 SSDeep: 1536:Z0AdREuxt/9TMHD5I5XnCZ3FQxEelRSyQdJAkQXYtExcukgmhwCFndZxTR1n5yD:6AdCuxV5+D5InCZ3OVQldJJbS2SetTbk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\L6arSbkZ7.wav	52.06 KB	MD5: 7c425dcb8e41724280ab3cfa604e7298 SHA1: 615be79433cb40cbd6b3eebe41f4826660dc5b25 SHA256: 1ddac1f7a2661fe65e6df337236e14bbbffee27377d649ea773f6e95de0614a3 SSDeep: 768:qNUSDF7bPyYuNQxeQ1zBnYISM0VLbt7/sANijMoRPAzbLt2olJHw41t6RJSMS5aj:MN6rSz1zBPPGbt7/RiBAzAmJPwJpS5aj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\m5E4cMfxi NqFn.wav	41.82 KB	MD5: c07d1b2ac3b0b8c4aa33493ec26cb525 SHA1: 13bde9b61197d63cba01f5118457eb20ff8394d0 SHA256: 18b8ab8c635e15aea0dd912d943398ea7253136c2ac4513d9f814515d9269d48 SSDeep: 768:BOiSyV8IvsSFy1zWQyS843EvN62XHTtkEAnHUzQJz2Mo8JPfG2R+3iyNpR:UiSyKIy1zY43El6WtkEAnHQ6cl3icR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\OHu_s.m4a	93.70 KB	MD5: dd5075d681fa5934447c3f2cb255f678 SHA1: 6a9be41d598df93a10fbd6cb2003c834ad6f753b SHA256: 66c416321e8fa6361b887fb11cddf8adf58ef6ad357ac2640f7dafb02854a221 SSDeep: 1536:2skudN5gH3SFyIGOzI1IV6FMXZ1osqCo5NlGRI6uasB9yQAQwc2I5UBtdA4/m+iQ:RN5+X8iIoGZ1+CoxeMFAQindAYK0F/Tv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\QjxSgCh.mp3	30.67 KB	MD5: 5d1249b72e922cedae345e1f32d918f0 SHA1: e0bb6a71fa67cb0d841b23ad8e70dcd78bbcceb2 SHA256: bbe3ef3b35ed46437cc549888f19a749d199c3579ba24b9894db216cc310b2ad SSDeep: 768:pkX4QhHEYEYepXoFz03ueGm8fVdZkn2DiE/uji3/X43Wb0bP2Fz:iXrS1YepXo238m8f62eoX4t2Fz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\uYJ6-T5.mp3	63.09 KB	MD5: 516164f3e261acac2db0382aabcef6e6 SHA1: 344f1ffe1e2f2d7766e5b01010246d00129d49c9 SHA256: a4200511262f59d148a189ae9c4339d501af828f9d47e978a623676f54adf95a SSDeep: 1536:1mgonLTMxpaiW0MRHacY2GWmYU3OyVL08xuoZFEhb59HQEc5W79ViH:1ILYDbWxFac9GfFVi8gcEJPHQ95W7Hs	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\X CNm1ePx68ob.wav	25.71 KB	MD5: 10ef662394fa48c0b40c8805155ac54f SHA1: d3fd299a287ad7e4f73cfc491861abdd33e41613 SHA256: da580102bc3fa8d8c5ab90e246a7db9d31e08ad6ced0e492e6e2e1d25479e482 SSDeep: 768:e8hQM5ap/q/fMYEeEittzFxZ2DgeqF8gp2Qlm9s:xhXEkfMZ3GzADgF8gT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\XDsCW7KhypcISoT.mp3	17.58 KB	MD5: 64a9861b05a3a5aaa2ddce779cc51d58 SHA1: ae75c8f5fa7feed38f91714fc825dd35f0595c7e SHA256: 52ba7bc04c10498c380c11ca88434d257b20964c346a6e37027f967e909ee901 SSDeep: 384:6GfY+QoRoftD0beDFLumpZv0El8B3sCtvbhQqw:2+NRop0iDFSmpZzKbvbhQB	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\xhJyMD-UA.mp3	41.04 KB	MD5: fd6e8564657da8fe1e82e821d14de069 SHA1: 777bebfc8e9e4a2949bf1a1d6a3fb94a96aef44a SHA256: ea59e8fe7184631f07153e57806b60113fbeb05c95659189b73706c52784802a SSDeep: 768:UI4sRCQcjSju8pPyVK3FF3O8YzdEZOpTpKBXy/MeMPBy1:UhqCQcV8pPl3rwCOpTv5MZy1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\XUycEgivdCqOtq.wav	2.11 KB	MD5: 71915a6d834b06c6aa7df3e207c03043 SHA1: 76ef9c6c79dabd5f0857eef021738fef54afdfbe SHA256: 3ec54d2e5c556d1282503171096bbfcae423a66974d976e18bb7ac551192de54 SSDeep: 48:hpJzFwNVvNS9Mibhy3MjbXxDBtNsu8oKDJpjPK+/l6AFOP9V+vtIKYOlND:JzSNvuMiag/XMnZ96gQ9V+vBYOl1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ym45zlaZS.m4a	3.14 KB	MD5: c8749a724071db1db45e1ec7017f3e80 SHA1: 94bcfb672c13fed29bed221b51e26566f18897d2 SHA256: 5139ae0b108a72a87ee79b5c22652c5f31685b43ad09fe952c794fe3cc2b84e0 SSDeep: 48:LTScWe0YNEDhPMOhfifzXX5dtrJsMCO/dEcUH/pr8iN8/og0fEVfnU4iovPu7Wds:LG3aMh0OmPtrfpEtPN8hfE241	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0XXhnuQwlnRW 1zNP6.png	17.50 KB	MD5: 5283ab6fa2245e611d41146119b8db12 SHA1: 91f1022e1d572e0d6cf29ee2d6f0b888f68035c5 SHA256: e071532b3ab0efa8eab7b870e9e7c91a6905710fd793a54823e397f317bd9355 SSDeep: 384:Qu/IlgOacp7eZzgS+V2NQDUitHuiewJdcL2uHEzkZOPAMf:hgLacp7eZ0n4gUitHuaDcgkO1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1FtUuIqrnmvC9b.bmp	16.79 KB	MD5: 18e449d6d2f9405c77512735826a252c SHA1: 92a528ce2a0e8fafba9cb728d93cc2457ed7d946 SHA256: db6529a4c0116fb040d946724ab70eb234e07c6440bed29f9002db5651fe2118 SSDeep: 384:TicYSBHJdvnWqE/6lny32VNtc88w8dlUh5qN0+/kdzaJ:+ebdvWqE/6Zy32VPCZUh85/kdze	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2HrWHjA4PKJeRGV.bmp	38.60 KB	MD5: 0f5c63613cc7a67327f624809093456a SHA1: dd40d1ad416a12ca9dfeeec8644223fedb649d49 SHA256: 360e4398a452875c3b209be385e0d96caf8d23764a39960f3b96289cab8eb99e SSDeep: 768:q0g1wRDIT9TpkzpIT4rXIdQyARkC4LCOKeVwouUubDGeIsnU:q0g1V1kVVrXIdQPRd4LNKeSorvsnU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BjAZB51qWZoAHkE5.bmp	77.87 KB	MD5: 5f088ca9ed00b32b21413644b465a4bd SHA1: 0f8b717d3faab0cb0da64ac847716a74b359132c SHA256: 42c7572041cbf7bc4d2da40a10ed750edfda7af90691a3582a6a4759769e34f3 SSDeep: 1536:2ee16K5wyCMSG0upxz7SCSBxjqonxmyHnpz6xRZtQfRSqsp9:RM5wyhHZSB5qQlHnsxs8h	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\CWSnMwdRRtXA.png	97.52 KB	MD5: 6d08e30313f854ae14be4e94674735a2 SHA1: 9bc556a3de23412f64c5f2e56d92d447cb9631f7 SHA256: 8140095737e15d047374a45e1e4d7c2d5507b91f1b3f5d2e26ac9a4c287725a2 SSDeep: 3072:Ngufqj12FIe0icyBAdJj+VQOMRNo5p/b5S:NguSIFIencyBAz6vD1S	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fQe1ychsju.png	89.83 KB	MD5: 1ad84e32530a5240e738a7361d77d2eb SHA1: 432c217aa43ab37bfbf0d0c8a3653441323e09c0 SHA256: ea0bc1bb131054c29a7cd86ab9e342d96a73c3075410b3664af116010d0055ab SSDeep: 1536:P2LO1Vh1dfP8tkQiXh98/WRcc3NbS+g43KRH5UayeAmenG38FIsx4a/Kk6IpI00Z:7jdfEtm9CWfbg75vye18fFD6J00AaqO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GZFXJ5sPjVz.png	77.57 KB	MD5: 73fd68ecb654c9402e80e5390e200f79 SHA1: ce4d1e786524645a93b35c1a5d42860b7290d51e SHA256: 420d0a59c2323f56cbbaeae5e595cb1bae01a9bcb45bc2e5ce5272c8411681c8 SSDeep: 1536:0lOHffeMbep/Ik+pssEYXr+5jN7fDntE2HCTxTFcVdV1GzLFvw61+6N4R7h:3ew4QHpsA7+RFDnaJuxAFvwLp7h	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\heN4k.jpg	7.02 KB	MD5: a17faa7d38887fe1af56d1d739372cfb SHA1: 6c12b0ae33dccc3714512ca2f134314f0ad5cb27 SHA256: 8b9df80be989769fa5dce84aab5f6b99637b27df7269d06a0141b00f91da420e SSDeep: 192:zGq7Qapc4BGDzXiTN69tO4PXwNz6ywRqBTLF0RS8X21:KgQoHQyTuwFmqBF0HX6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hs-cQ G F8kD3.jpg	52.42 KB	MD5: 10b8182a5fdd8122e6a0cb671b1631e2 SHA1: b55ce6b98b4b4a27f8368568e9c1dce4aa1c6e32 SHA256: 4ab5d6eb052a277e44ba9d63c5bb2a08531de95ba5bd1853c4dfee152c11ec90 SSDeep: 1536:vnXcJkv168bp/RAi1PwPRpHKTEox0GrJiknN4rIFl/KOt:fZUODY4xPrJznOUx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LtV7_Xi9cOpTXz1QsNs.jpg	50.45 KB	MD5: 731e81c5bb29775647fa3070e2991f9c SHA1: 96f2b19ac0664a52e36c5205f797f13b41da6be1 SHA256: e7f7ad468c861548afe2d56f1eaa25d6bfd5f601d5002f05caa750d050965f7c SSDeep: 768:VXaEBZQkp+rnMsoqH/9Tr/pKSZrYSMr4u7A3mOD+sbT9GgaRnPXDEcdS/ov:VLAr/Br8SZrYSMr4RmpmanPXQySgv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\lvjoq7Ac0y5wIsBJa.png	42.80 KB	MD5: 6881ad93e9e7683f0b6442bf640852c6 SHA1: ff8c6963dd1c1bcfd94c5b8fbafc82b75f2af59b SHA256: 3281efb457cee6f018b68b23ecc33a549bf1b9894e94a19938db139c12e7ef83 SSDeep: 768:7s7tOqCMQfzZJjfdPd9E8Sm1HpS0ovGG9Kgdx7LtEkq0DXyLedhku7ITlA1fSQ:7CCnfzzhA8SUHpNqG+Kgdx7LtpnSed+4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\MhWRB9plYFucf8hAPu.bmp	99.27 KB	MD5: ebea4cd1861c2f781167993d379a3a3f SHA1: f6e85afaf1b95a95a6d9bebe05c02172c0f9d8f6 SHA256: 360151153af938f60445ec138f13d721e8d5c3e2ae39e0359e4d3ed7163dac8c SSDeep: 1536:72sZS94DEpUdArcveHqxIShiSFU/ZTjSPFnoMRLJ6ihUnk5j:iUSiXdrveKxi5/0NoUJDhUnWj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nqOPg0wxa3Z.bmp	61.34 KB	MD5: 831231f22935393986026d6e48ed400e SHA1: f66f9682c75513cb53c6071adbed49e8458ef3f5 SHA256: 3f0160b21eda6e5b60c5ed2f3c8d56d895279ca1039df919adf594bd6b3f897b SSDeep: 1536:gdNG6qb1YpDM46nyDfsh0k79432xkpvh7xa94dW8Xie4Ge9V1N:L6VpfvDfsh0km32ap57x04dYb9V1N	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oIFGYUZwA9gCm l_aOn.gif	53.29 KB	MD5: 796ffad2a3260e20ba5e11a1a843f44c SHA1: 1c4b49279bba49a98f7fa33f72ff2b9d586d14c0 SHA256: 951deec19aaef62640245da2158f4abd8a1443736c5ed5a4b1f6adcf1e8f061a SSDeep: 1536:7UXWxDx2Cbz3A8iSeePJEVqvxIwaKVNmb:76Wz2Kw8neePuUvxo6Nmb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PE ApnfO.bmp	3.83 KB	MD5: e099b5aba5a672637ed9fc2e2d6b6b21 SHA1: c58f10a14d1e347414ff82422d99a4efc7457a06 SHA256: 39dc311afde50f6b456cface7794e26ca7efd5a57fc6132172e3c85c28d8590c SSDeep: 96:NSYi4bc2BL+lg3urrdPjQmba+q5lHeB72v2Y4mmtG8HKIv1:NS8aa3uxjQp0t214mqFHKO1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QU_VRdUt NRyuxhaK.gif	69.23 KB	MD5: b64d80cd9954e9459429fd92588be674 SHA1: 38ddb43e2426219075cffa97101cde0f02b6b470 SHA256: dc57c62b095bfc8f4be17d260448334da1ca18ad6d2939420a50d64bcc52fd15 SSDeep: 1536:0VLKysI8ujZ4aAR8CIldBr3L7esCIlrKm0IlTmpTZoRU0aEf:CLk5udTARopzL7JCIMmbSpTZoRUi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\riH elLcs.png	18.16 KB	MD5: 8b56293fb33f5b3dc95029f44c6701eb SHA1: bd97d234307989fc95782f7f0cbaa9ec39e1f585 SHA256: b984a5d2f76e27254a904593f060526fb1d558a8a28544338b1deee2619e6c6c SSDeep: 384:ARWhHL9ostlvMFMVBlttq6rlbfZQdoqDOSJsZGPN7ksAXq5MNq8qcm:AYhH/tlvMKBXU6xrXp76uvo8Vm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Rk9GCNO.png	57.47 KB	MD5: 73bff31101765cf1b2d5a48aadad069c SHA1: 5bc5d12bc8dc733d554f54fe2bfeacc04dc9f2f3 SHA256: f5c9f7babbf38fc374694e5f9a1c463c4fad77d86d944589f909fc933c7912c9 SSDeep: 1536:w+D6f3bpt0QUuDLRrAOLGj3BOSQazbsM2BocxVwMEc/x8:wm6f3bw9uDLRcSmESjbs5mAdry	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S--e.jpg	60.23 KB	MD5: 3dc4d2cfeb233df19bc84ca865ca1db3 SHA1: d9e2f7aa98427b2e21d604068fef3c109a3e17c3 SHA256: b8c618798d6c4d68f91dacdbdc760c71dc8088cd5ea56ed370819281331356c3 SSDeep: 768:r2BaJsqOOK3+T/U7IOL17KaRqZnTXxNYZvd2FmijYkWhRoKzOrKbKNR/jYVHYyPU:aCztUPR0TXXYZsEik792iKNipE9JqMr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\SbXik3LvTBfT.jpg	97.11 KB	MD5: b5bd3d4ae9c55de43b8fdc31ab66c1ef SHA1: 9227378ac43573c9040fd9261dbb2c9d7eb82d16 SHA256: 3e61e85b9b844121ad62af40a71a44713662c395d03fa599b47b4d6fee0bf1e9 SSDeep: 1536:6dTa9WYy0ELuQp/vfpq4q8/tZHPeoozW64fJG4LAJBix0I9FqhpxZFgxg+d2m:QToRJOnQ4bcB45rvaP0xg+5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uA3602jdk4LLtIeK.png	26.31 KB	MD5: 6e96102782451848c688a48c99f9cbaf SHA1: d1a6fa0d6e0b1b88150b3a70d70f615dab1ce496 SHA256: 5a3d2a740216c3a3a117d5a61ae7dc8a9c0dc332551c8cf6b054388f48f476c0 SSDeep: 768:6TFvlG3mnA67U5tjwAFeDHC47iBG/UNMsal:6TF4aU51peDHC4m2UNMsa	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UJnG.jpg	70.55 KB	MD5: 963f3d711435b86655bc45084c2cb795 SHA1: 2ee5f36478940c6cdba8dea5907fe97778449cb5 SHA256: 8f39d4dc5d4487f1da79cef01f3f0557f35392dda93b7e27146b42eee2403f9b SSDeep: 1536:G2liaFXQ7QvuFphZwMg3eLQ3FVlnAS7jsXmse2qbDC:rliaFXZuzhuMuz397eqbDC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\watBxpzRgOgaq m-.bmp	60.09 KB	MD5: 1a02e58945a25dfcd321660d6fc06d5f SHA1: fa866770a489045643be6f93fa7c943996488667 SHA256: a12ece066335a3cd9ca00d59c19b38d22faf1b246ae73a8a7e94b66123292afe SSDeep: 1536:jIu/IuslRT+wgur0jrubG93FirFW3Ttkb:jhilcwDG93qatkb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YdHbKfRnKrxhFcKFQ.png	79.84 KB	MD5: 917e1b06a47f62d43c4eb8d84d0f38fc SHA1: 9a2f3d6e89dcf9ac13661dd44d6f650d1d4bcf4a SHA256: edb0ec2f7f782f4dfdb87158acface98fc0846bc6c61b24b34ae70ad01b76d8f SSDeep: 1536:7PCGF8oQhIvJiFCbpPAEzfyfEpnoKoL3SJ90fr4U9Tuzhav5X7:7PCGFIKx3bpPAyfyyn6L3wU4E+u5X7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zJRA8eKdBctBG.png	35.53 KB	MD5: e9663708f94187df838456b4262b3860 SHA1: 1635451f35da4da1495ad48ac1d161e3214c272e SHA256: 987721d1e7e24182c66c518fb59654a48c9f74a8c040450e78ec625e17b357da SSDeep: 768:UKshgzUFu3K30pYxnfo4abAGObQ5oaUP9tiDtrlypSv8B2udqE:U7g3KkpYt9GObQvuiDfuX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0g5wGPdK.flv	70.18 KB	MD5: d1868f4008f96ee41b09831640356cfb SHA1: d8232fb88a5f0646d7624b0287fb083dd979f585 SHA256: 3c8dbf747e34771c253db16d5ee7863bbd61660bfb6283fdbc8a03035f99fb2a SSDeep: 1536:ADIpR0Wt68wn384pWzUPfSzMgT3Yds3+Ck62Wyn2PyVa4WoR:AKiWt68NwnSQgDYdsuVU+Ww	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\81m98bb.mp4	55.15 KB	MD5: febd95bb72b60b08f7909288ccc460ec SHA1: c84652769913aec64d7ef1ce5a1fe153d429fb74 SHA256: e623246fd246cb7a7f7a0bea99f59c630b8207511aae893639721e27520a3a8e SSDeep: 1536:j/7McZQBpyegeHSq63WkERAMo+0F74Fb6EVBGCEBf:jTMcZSye1MJpJRF72HLA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\bewfSQ65DCd3I.mkv	3.43 KB	MD5: 7c784f1ca79bd09ab71a73a12318bca0 SHA1: c2d53dbc0267a11e54441619c70c739a82f992e1 SHA256: 702e14bfd6eb95aeba1e78dc09210d21852343e73f7b563a24742670cfba4070 SSDeep: 96:JklfiWjhDAe7frzsJynX6NfIcrudr4uzI3PcU1:+lD9AeT0JyncYBIkU1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\BgXRSx7UFqKOmFFcD3.avi	92.38 KB	MD5: 57e44fe085093f8fcf934d1003c8df48 SHA1: 8f0fb3c2fd5942a8533f9f011a46ae0e9a9d838b SHA256: 593686bc3a77b77e8279786163647080207484d142b026bac08a2034da0f0b86 SSDeep: 1536:6kG43hO1L2fsTHZaKZ/coG3FS2q82bicMnk3FZb9bjkXqMpe:3G43hsL2f6/DGVp2izkVZdA0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\E6tpFg5YUih.mkv	51.43 KB	MD5: 9bca98e005a2211a280e4e33781a3fc8 SHA1: 635366e895825331a7dcf412c2a47053c51fd20f SHA256: 757b1776fbabd5a5cb39f4f67be9d23dc9e2424902b53894161764335ddc61bc SSDeep: 1536:Id5UZW/uPu4oLI/78EO3morPn3WCEOJ3Z3fUa/:E5UZIj4oUwEyzdJpR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\nUY4nxCO FfN6j.gif	84.79 KB	MD5: 93547afc37641dcc5302688ccbc1bccf SHA1: 646e259123a0080b5faba00360472feae308133b SHA256: ab58a2e08380d39c93bb3ce74cc474335880e315d9a045d1e0ea70f18c7fd8e8 SSDeep: 1536:LcsVlE2HkH9Sx5S2SVunTBgNqNTj0wGBQ9SDU+GHOep/Q0cX7vLnd1Y6O+5h4U:LpAI5S2sun2cJvUJU+GHOetQLLvh1Y6f	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\f9wy.ppt	90.22 KB	MD5: cd9c32316e204ade5ac304d757ef79e4 SHA1: 323cc95f404b26ac4fe3ff4fb811e8094ce63357 SHA256: 4a5ebf46ec095554d243a93d6617bce132e0121c70cb3e459792fd364134fc9a SSDeep: 1536:4+VpUGzQm+QEpQVpecxFMPiB+wsOSgLFZt65SILQ2Vsv3TBOA3Q3xu:jVpw24QO+uP4/oSILQLv3Tlg3o	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	265.08 KB	MD5: 20df168e333fdfaf44094eb50744972d SHA1: 836ea90d9798129db37b21152fd638a32f381444 SHA256: ddfec1f654b66d3ec455d5e7a009eef0e140a8e4c003255c987f5bb1ba6434fa SSDeep: 6144:Hh7iZOmKxi9i5BZWYgxQTiWbX9JSfLEhv:Hh7iZOHIOBZWYjTiWbSzEhv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	314 bytes	MD5: 5158c729e0e316225e0c84fdd073dd7a SHA1: be666006fc7939debe2352c70ad81fb781f3c419 SHA256: 5899b9eab898fb136b2d1f2458585e1911ae7d621224eabafa1784d99da1cf6a SSDeep: 6:Jw+XeDR0ooRnDdByOZCnbwQr+jDit7nf5MALrq0ri0n53Ri8iEcii96Z:bXeDR9o97/ZCn5+jDix9LTrtn53xTciD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	304 bytes	MD5: 131f15ef23e14a1ca61bfc33ea2dd9f6 SHA1: db1655435a4f1f1e0e415fd4d4939569b45c4aee SHA256: 8de49e267bfbda924608ed0d93c7eededc410d04c8c72426d9ce5e710b6737c3 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4wsGWCqvHT5uUFRi8iEcii96Z:bXeDRQ/wk/vHT5uqxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	211 bytes	MD5: 3830325334781f568d7f2c77346612da SHA1: f404de0a829e1c33b3fbc8e60c61e35fc66668ab SHA256: ba5dd9c92b68598f37c8012badfa2544e9a630a6678e2aec6a19e189ad3ead53 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4wQp0lRi8iEcii96Z:bXeDRQ/wk4xTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	211 bytes	MD5: 255627415485b279f557e305d6af2a67 SHA1: 46273ab012d2d939c1496a3127e80cad688bdaa6 SHA256: 2a3af18294eff3146f9e1275eb213696961112265b50015400c7d96cb12d2309 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4QWrFf0lRi8iEcii96Z:bXeDRQ/wkLFKxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	211 bytes	MD5: 7458b8de8fbc427e9976b07d8591d6b9 SHA1: 3fc47a139729dc9da02a0907dcbd5528be98123c SHA256: cf40f54e54b28b674b0ecb33b0d282d08b371415bab07cb30d0bb05c01471e05 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4QUBB0lRi8iEcii96Z:bXeDRQ/wkFBoxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	211 bytes	MD5: 56583df0d34dea5e840ee65d579c6673 SHA1: 9f2f3af931d4fe1416e2bc3d1922798957c1a559 SHA256: 3aed8948db5eac9061b8a7559059a78128d8f2f36747262f0d3cad3504968e4e SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w8BW0lRi8iEcii96Z:bXeDRQ/wkRxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	211 bytes	MD5: d9f98745dccf639e717e9b8033e8c82d SHA1: 4297236339f3c9f1a3470356fa4b8adc60c987de SHA256: a92f993f77a798e1f53f3d948487389bd9da8e14ee73e6207ea78049f1c211fb SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0BPW0lRi8iEcii96Z:bXeDRQ/wkFBHxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	211 bytes	MD5: 4c16a4a5f30f0ce4ce3b5495ae9e770d SHA1: 26bdb0d8860387148e19518842ab1d82ea7ab9dd SHA256: 1cf6ad787a44227ef269951d33a3e9a92ed41405ca6ac29f41c5123de21ad72a SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0BVW0lRi8iEcii96Z:bXeDRQ/wkFBpxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	211 bytes	MD5: dd3bb0127c7c5f8ae00e504d103eb4b8 SHA1: 578d9f557950b43de4c7b6fab4add2252e146032 SHA256: f38d2fdea6efa4e0fbd6a6d673f269a2f094d6b14cca3b001fc67450012b7dc2 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4wrvvop0lRi8iEcii96Z:bXeDRQ/wkkxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	211 bytes	MD5: baeed34c1b29cb8e489a5ef37f66aa56 SHA1: fde3c9c2c8af8acb3eec543ffd0890d7b0b20baa SHA256: 5773e63170357bcd6c41da54385942959de9c785884566bba0ae009d4842cf4d SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0Bk80lRi8iEcii96Z:bXeDRQ/wkFBuxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	211 bytes	MD5: c376eaae483dee8bda6b25a053abe1ca SHA1: 281b854d462bafbde887e8fe57191ee5de66cdb6 SHA256: 284f6e25c36ea1575c14bb537675704afd26afd81ee5804e48016abf1ef2a4c4 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0kZyf0lRi8iEcii96Z:bXeDRQ/wkFkZxxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	211 bytes	MD5: d0cf9d563dfbfa3d39c75f402cb9b3fe SHA1: 2d6fec956de948e297d4af4aea5013209ac1e772 SHA256: bd9f5142d4c6cbd3bc57e8680b82a41fbf6bc6bf09da5105c6952590274a9f07 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4wP0lRi8iEcii96Z:bXeDRQ/wkXxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	211 bytes	MD5: 146e7e07ab393dbaaaa26018dcc4702f SHA1: df2866f7c86cd4fc91a23d4ef620f5edf9d501da SHA256: d404e659ae31ea759aa8fbd690700b1d0bd0ab9206f8a470c7a607812327770b SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0Brlyp0lRi8iEcii96Z:bXeDRQ/wkFBr5xTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	211 bytes	MD5: f9110f6d8f8108f09c3ce2a2bc2bcffa SHA1: 8d7fb695951b760e77c9787774b3e9b9638a1bca SHA256: d4996f8bf23b0aebe08e0163a69325ecc805c7e2eaa98414884b4742483dbb25 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0B7W0lRi8iEcii96Z:bXeDRQ/wkFBTxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\91os8u99hZG.avi	25.99 KB	MD5: aa7a999579e8aad1774388dbd2e3911e SHA1: ffb18572fc155d19f254c2da02a1607eedc67065 SHA256: 3557fde44a1c80f1f7459a81eed81f4a02512301ca6c1da611e443255f7fd50c SSDeep: 384:G9kvj8cv69oUkYffFJxLqN8f+on61Rl4fbMDZqO51/dpJT6gVeynSZp09bjuIUSH:A6d69xvL82+FblHZqkvOZcjuIUI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\NKvRPhAYf4Ra.swf	50.53 KB	MD5: 7b6c33f4bc5dd1995abba5c520da9365 SHA1: 26bb7e47d40b200b657fc21997a8f825bd08a411 SHA256: d09f9ba818f1b876360f4b4d2af1d806f2db3e27d7a20ee7d19142befab785e9 SSDeep: 768:TpMrco5LKxN/mIPa5oaFub0oyVQEfBcHqPrytqeGAgzh1SlwIxTf98SqRpHybHLD:TOJKnlGzoPEfBcHwry8LAgNEDqRMr2C	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\ZZI5JtzTKrmNM.avi	85.73 KB	MD5: 76d32690cfeb0f91102a3ae1246c542a SHA1: 740f84d1a4af071c0d4d290039dd789171fe56bd SHA256: 18e916eaadb8a7c0b610339f68292a720fa7b3eaef922c25ba91dc50f3a5eab8 SSDeep: 1536:/GsclDeAIAxj/7QpKLus9dO3Q1y2k+FFE/ez3w/HU4OojfAnVf0GO06zMQW:9cJeUxj/7QpNsDOA1yyOq3y04OojYVff	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\eknZ1ElyFLFFe.swf	2.02 KB	MD5: 3acd5da20b2414f6f6251a042f52e3ae SHA1: e73e6f3a23c990083a0b4b345df56a9dcb0563f0 SHA256: 13c9953565593fbf582a2d613452c2dbf18d1c236844fe7148df6d23144ae09f SSDeep: 48:JHovh1SuilJ3pTChu85lvWkHPvmKB1KYZiGqwM3uND:JYSLTDYvLHPeS1JlJM3u1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\JljeDE FbKXuiY1.swf	62.70 KB	MD5: bcfe107942aadf1825dc141c3810b377 SHA1: c424c43f140f5ebf336d157a939f84950c7b7bd9 SHA256: 3fbbba5b197227babad4bf7da0ee5505ef26d9ce54424a5691d845f8fe7ae897 SSDeep: 1536:TfnjbKvudOWsjGj+krk/iGI7liY2i6YGmVB4YotU0+e:Tfn9dRsXGGIZPKYXsYotd+e	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\iZgdpj28McGBvZ.flv	27.98 KB	MD5: f5460be931b8f1408758166250c0b7a9 SHA1: 2bb80cd52eb65f5a7304e12076ced51c0dd7d1c9 SHA256: ab41e5dfa6b9762bb6513d1c02004f1173f18bf05176ec654707b4866188a315 SSDeep: 768:jx3gTfKqPLKFvxiYMxePTqorWU3pxm2AfnhGPSa6YpcN:lpqjsAbx2TqU3puhFDik	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\k GCuA4o1c5KGh.avi	28.20 KB	MD5: bc52212d400a63a79101078b88e22e10 SHA1: 11ffe59ab5444226b6502e2db986a5c58dff26b7 SHA256: 6f0750b8cfbe10948fd10499b1ac8811d7e551bbc1065d8077d77042a247498a SSDeep: 768:mglsMgDluX3sU13qVel/52+xlMgAN/dELrjn:VsLDQX3sq3jN52+EN0jn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\OQ3V ylmHyu5rZMlP.avi	6.71 KB	MD5: 968ef7474d6e46ea4f248b98eb14f46a SHA1: 1716dec7b56e94ed309a776a1fe0773b4c7e16a6 SHA256: 9e7f6dacbe015836957549b9653212a7c2de5985da30d0f9007cbe25b20a5c59 SSDeep: 96:GA9yRFm0qr+DIFUCU2K0KUFZOK9lTugOCV4ObtZtZvnA7IErt/Los66Y318h1:mFmd7F3YUFZzfN4i9vA7b/Ub7qh1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\pUMjEQU7g4.mkv	82.23 KB	MD5: 32562ac6c4a5fa55709460fc177fefd6 SHA1: c6420c3178b12e8c7a48987c53d6c93d12b9b7c9 SHA256: b7fb4a329776ea025fd0b8b79874188a8e1007518f2e25c2bbd4e352fbb59566 SSDeep: 1536:crvvEI4BbNa68+g9FgyIOBO7rEb8Hce5KWVLr1bSLfMoxLTW:mHR4B5ax+4DI6QEfqlxbMUiTW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\b6wh.swf	48.28 KB	MD5: 53029b205085bc90a47767d4b60e4bcb SHA1: 89f9399c7064846062d813ebe648bd158cd4e8aa SHA256: 19324ff98ad0a7fe0c251c98aa97c669eba8fee153fb6b856ca118a6ec487949 SSDeep: 768:8mmfA47sx0YySeFJaJOTyr/3p4iLvvj6uTMiCrJMDu/b7HfP4qxUV7e0K84G85v3:aOTP+mr/zvOiC1MC/A4784X	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\wpWUhevKBRfd9lm.swf	25.76 KB	MD5: 8935e5aed866624e07220d70eca8cbac SHA1: bba3f290bb01e3b6e121fe2beafd68ad06966eda SHA256: 4d9f6c303e0fd95c1b9ac7d3464abf3c48f0ef85a6d7e805cd0e9af653113917 SSDeep: 384:p4gyf5XWYKfqaoVGx61ffvj8YH9jc23xT4OmW8MNzH80YKrS4AdCqS/VOcu5A2Zt:4thVmuoYHNnxTmLkzcEcb4Ru26G//L0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\hkYdWviKftqSOmoU.mp4	35.42 KB	MD5: a3b7a0be8f51eb6ee6b40e905c8ec470 SHA1: 4292a9c06582fe49dcc19836aa0c41be28659b28 SHA256: d04998bf1944ec1c32f8b555786b863a93ffb0b41b7727aa37eea06fbe96ff3b SSDeep: 768:c3A1sHlqsvv9e7Gctq0hUrru4OcbLhSwvgV1/HP602W6Ep:cIs4eE77q0mumS5FS02W3p	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\q1mFKd_YNe1ZXJ.swf	21.90 KB	MD5: 09c97dfc3d40ad2fdcb500447f523488 SHA1: 27c03acd239738dbd0eb53344679511628c1e6a9 SHA256: fe0e560bf6c5696f01f4e2537fea8200b78334657f5e620f30730ab28b55b39a SSDeep: 384:X4CzaaKL41QrNBRqz9PgNLCVrb3ju64vj9h7MIGClUdcFxkAZFUUWvMWimz773:I6aFhBRqz2Q3jupN36qhW+mz773	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\827UvCxR.ods	87.87 KB	MD5: d5ba5055e66fa9d5566477cf6c35668a SHA1: b4baf39408f5c8443295f2f695d7949da1c03a02 SHA256: 6482402d3a6299dd1c0e3fc1b3d7cfe36cd8e4c27bb421eea6bb16f7b838a6f5 SSDeep: 1536:qHBy7zHSClsoI/ZUYLSRbXVumkGpv0actP4Dd8c/+O5W9g8c+wSkBA1sQqGRCUPE:oGDSClxiZHSRblFkBbP4Kc/aS0w9BMsZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\ev5fZtMbXU-mo.xls	19.37 KB	MD5: a54c2c5c64d346f5a0af85f82dc2e5cb SHA1: 8b9a30ed093fa0e5c5137041934763928af1f101 SHA256: 82fc6325b8cc939c275f8c70ed109493e8162684906471356b7a794315605166 SSDeep: 384:thuL+T5F04sk1vkDvIYNpHMoKW2DNyF+VjXNSrOiAeHqEqHnj9tIZPTbZ:tis5DsQkDQ8pso2O+VD2OiRKbj9a1Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\h1LjxbbEaGY.odp	3.83 KB	MD5: 36d1e80056b6a56c4ede9d89de41d70d SHA1: 6f5c156257fe60d40630892356a2edd0cfc5ba18 SHA256: f3b74a2fe10f00478e3f9a41bcfa29b2f0da93eb1750cc9071e3b0756f54b65a SSDeep: 96:RW50YwsbQ2o3vz7Bf85K16IovHqZFXA+o1:RW/wsbc3vZfT1Ndo1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\JB9Crr4gSM_9- n.ods	52.34 KB	MD5: b0d6e19f8d641d6f0825751321cc169d SHA1: 90172aefe4261bc952d934382c3ebe63f3001130 SHA256: cd7ef420e99ae5ffc4d1f9b8274e86d0c61a1608773a6ebe9a0b3442f713e1ac SSDeep: 1536:Sf78xyx6iHguCwlI2JR5mgvcjyq07fjdJxjSpJp:kY6Fld/Gy17xJdk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\mEnZGaCx-HF41kNT.pdf	34.72 KB	MD5: 9b32b077305b7f2a70772ed7fa193ba7 SHA1: 49c95a33bede3d987d51066eb2d0127b41dcfe6d SHA256: 72e6f6c18b4398086b60ac3bb2cce9ff73f7bdcc7d790639871c018707ec45f8 SSDeep: 768:eq5G818ASGZhjwh8zQ5aN3mnTuorM4aooba5JKCBXGkFVqRKm+qbDc:eq5G8ZZZhDeam64SoKg2Y4wyDc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	29.30 KB	MD5: 9841b556e414da03bcd4c75a2513e5bf SHA1: 4fd4a5b0aaeb93371fb49e68bd5bd309c7706d93 SHA256: 81cab0da557b53500a8d01a19c606e1917caf2bca017d1fb353c7694f5e344a7 SSDeep: 768:m1zJ+GH3vZ9bwtKKHcLzF2s4iHcRcDxDLkaM7F:m1UmvrwIKczF2BqcOtLq5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\5WOBU.doc	80.47 KB	MD5: 40345b11af79a7bd76a8e5037fc556a2 SHA1: 0928a5612a73c5800f16afbc7e70a6b8c26040d0 SHA256: 7f13c82f014560ba52dc2d2aaeebc4d1c01f62383bf693610ddad19e6570b2e6 SSDeep: 1536:lET7YkoaMlru0AU5Gh/uf6s6xoQUus+VrcyMplTyGm9Fe99oKVvUV:lyroaMW2Gh2Cjon+lcfl+GKS976V	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\VOFBy.ppt	39.64 KB	MD5: 7117507ad80268ca23355b00bcc283a1 SHA1: b5efc32d539fbcb86214e4482c6a129635f3d542 SHA256: b6b9e4e0f4034a33f8198723e2a5b52312e66ca5091140364a274fcc0620095b SSDeep: 768:t8cFh+h35jxkKrALRIhrn3DCRm/YV61ZDNY6/q71Nh/0cmoZzouZU5:Fh+h35jxkIFF3OEk4ZY6/Gh/0Los5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\vwwPCJ.csv	59.75 KB	MD5: fc7ddf0ac207bf0e63e259c1ba9db8bc SHA1: 3ec0dbc182543b9843d83792e2d279b4fd540d83 SHA256: 4aefb38d2e58fc703bcebdc923916c5e346f997fe3de18e7ee33edc6d5fb4ddc SSDeep: 1536:Mjj4hotRpf81LtfmhqmYS5iTFIjb8GrNJ9rJe:MjjN3EZfmhN1iesM9s	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\i aQpW6c954.odt	98.82 KB	MD5: 4c5822383c0b44e48ff542622f80664b SHA1: 889345f39c6109452cb4dccbd9b3b40e211ea715 SHA256: 4467932d54d1cb58e67cfc6e41ec7bec7c9572dd8afe373530bdd24625c2f7c7 SSDeep: 3072:j+BY2AhSRnDsOWpTUy9awhiD2NII5Ee578Y8nmf:jK/RnYfppDhiDKfFWmf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\OM-0BNFr0vxP9yGlxp.rtf	96.91 KB	MD5: 83320dd13599a26bd809c42a88ce3372 SHA1: bf13ecc5ba6e9622a5d74a0e2fdc9802679b77ea SHA256: 1ab94e1d35ba92560568de958ccefedf4d190a1c7141daea92ca6c751a060148 SSDeep: 1536:FLSbB8plgHvSDNZrfzHZ9t9pZlLfqZGqH+6fm6j8L54aIcJYgDrF7Lsn7Im4aCA:FLLHgsVLZR1CGYfX8L543cKmrF7yTrR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\xRZA5bTbxl.xlsx	54.84 KB	MD5: 04928b6a462d66cf07e8d27d2cec9808 SHA1: 91d41224e7361fe53f7cf06d217e22c3023b3be1 SHA256: 77f6f511406ba1f1c9b6ddb225d93ccbbb155a12df79dc5e0f9527f3ec60448b SSDeep: 1536:cec/atNi3ZJAVPW531EjBuh7Jp9mKtw6fhq76/:e/aOpSy+jBy9BS65//	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\75RcH8me-e.mp4	47.61 KB	MD5: e5d24b49fe37cc375e39781f12e60f40 SHA1: 98a1011749896a2b38ccdb91d60fd86108245c3e SHA256: e78f1b8dbbe2996e19e1851aae30c00680728fc671487f1f35b45e43c5dca853 SSDeep: 768:qxserEC1MoTNqHOQdogXCFCrcsJ2Wyq3jt1SlH0KhvSoU7Oy/E8cHAFz69k4Ixjr:6MOkPdeFnsJB+zhaD/Jzecxjr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\tAptBCu.swf	46.30 KB	MD5: 6e566471a2f5f4c44d3d902f7228a28d SHA1: 5104d3976ed5d45edfe72415008f2d4e220bfc84 SHA256: 422c678b2268a9153e5ad765bb8c10e802896bf3605e6f3ea600a2cefefe6513 SSDeep: 768:nDzRfDptNnuu3AE6XQ7d/V8XLAnogIdePRu5tJ5/8uS8let9zQTmwgtK/S:nDzh9jnhAESQ7Nlog+aGJh9HlS9sThVS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\zr0w9NBOX\uHy6bk3SudEl.avi	23.88 KB	MD5: 5ea453033a649cfdef8338de17939810 SHA1: a637dda4d1877e387d4aa83881a5a9d1df88ba27 SHA256: 772453907b3e9292065a0e2df46ecb5836af2f65b329aa65d8b2e02af4ad127f SSDeep: 384:k9ORvZ879JIWJf+6xudQqFVBzjpgrRdaNvU6ZpSmwmfogAwdzmnFeQ77Bs/VKj:ksf8rIVjaV06eJg1CAeQXBtj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\651znms2s4dj.ots	23.59 KB	MD5: 2df5be458b4f8debe644c2e0fc1f0a21 SHA1: 9163e768907dc5a9633fbf9fb5417ad7fcbd88c1 SHA256: 4a6f3c89da5fd1c02ac19a38bea6b06cc8d32d4aa2610c5b39da717dcb4bfedd SSDeep: 384:8+VqVJGb10JP5+KyKxHzShCat/OsrCqQSbyITAknl4IN40oGGi9KAMTRAvtX:8+EqBQCiehz/Os225aIDoGGi9KArX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\Sw-G7SU7kk.pdf	35.53 KB	MD5: 46a5dd27ec67932b53c189b04e3e57e2 SHA1: b8b9e8731e54594031306b2f33d70c608c8e02c4 SHA256: 2a2836b3e1caef2d7d41f6322f839f6e9fe76fe727c90acf8d55889eba5cc18e SSDeep: 768:IOzEAXKZpigwidctMHoCTQu/4gy30rYhASsnO9OSq9+LC+Zt7PJ:I6KjNwimtMHoCfwgykEhKuzT1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\q9ql_Ez22le8gAau.flv	56.19 KB	MD5: e1d0babbdb74a857807624a1f7b7f86f SHA1: e8b5642723a59faa8c5aa3f4b36c02c682956776 SHA256: d6474d383f3f72d12ec355e0fa6beb5b826d8f597f0b9b1889256e0c4bc92e8b SSDeep: 1536:AyFKbmlKhW+XD8NPCXX7pSSDemYrUhSFJbalH:AyFKboKtWWXdlDemzhKJbk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	41.58 KB	MD5: b923cc5f0b2348e1ca82c816d67f5227 SHA1: 3681e4fe9b712e2c4872d23f4006eea53f533838 SHA256: a253263ebbd63827afab999e0afeedd0a46970f47bac37cc625350d2f800065e SSDeep: 768:zAX9FZZmEb4QSAvyUj6D/FS/GvWcC/3LNo/QkNg7tKU8a0XTfDek:zAX9FZPkQxvT+l+/3LNo/fgZKU8a0XbD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	32.08 KB	MD5: 18973f917db97fbf4af67c4d787544cf SHA1: 6c4cd37be69c7130606da2c5e7f1526a5bd1d792 SHA256: b44d126132a6f499ccb7b24586b88ed7b84afb3838d9dce9ab070c193692abc7 SSDeep: 768:K4hdU2ygqFN4K4/cjCyguh5VbjVajeBTcGafUovW1i3zg8NK9:K4jUGqf4CMuhjbxaj8cGe+I3zg8NK9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	181.08 KB	MD5: 795879509196c3c34952e27e7f11098d SHA1: 1102060b67512bf1e73757a93b3eb1a32c9e4adf SHA256: 9954972e98eb71abd592d8bb430ebb2ef8f513b43a9f692cc6493c90d3ebc7d1 SSDeep: 3072:NUM6yZbHwjq6OLw5Nr+juJlg4bAUagK4QvXNDq/p8NzLwmqcv1KRzi6+qGg:NV/1HwuLw5N66J24UUZK1vXNeSlCW3g	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	24.17 MB	MD5: e99a629809c55cfc473468314ce72f1a SHA1: ed5fef65c34fffcbb3a04abf9d2529ac1d752d56 SHA256: 6852e8d41e2f33fe416fff586980d076be9ee9e71f8429125368f12a01ef9a01 SSDeep: 196608:KWWdNm7l//upum9uxpfp4uZ8q7zEqaZswqLhQTcvlj9/z2H7DLKH8:KAl//upum9QtEqaeqc3/iH3mH8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	885.58 KB	MD5: 358b64b30780c6a23930ada3ee318e51 SHA1: b15b21e4be1a66580512fb91798b84b92f21d4e9 SHA256: 4245c77c30abb4a69d00d0f955b521dc953ff2341f9c334f688b438fd2d2c008 SSDeep: 6144:uLITQ8TY5HdpT5Ic8e0XGj2QELvMYI2q3ksedyPs3ETGpyIQEkmt3PNXMRiWRa:QITQGAdpTT8e0XnikseAPsJpfjt3PE4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\8SXrSbpJ3InRj4z.ppt	17.05 KB	MD5: ff0a73317b19ebe349cccc12269bfc15 SHA1: 7fb9da1581f9ae6b12640cdaf95d496aad20ee8d SHA256: 7c34e0d0d53b6879b157607d02b70bbbd42c7be66ed813747c6d26de6e3ac50c SSDeep: 384:tYEmHvp0/KcrLAxUX7g8ONKMf+NnXfE6ojbJwGYTHEz6MH:tGfxOONKu+N86ofajTHEz6g	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Fz vkQH.xlsx	56.76 KB	MD5: 8f9345da7be9703970d65c6464839e60 SHA1: 3bbd9092bb1f50ac8f6314828258f56d8e669a86 SHA256: 217cc9e647f366809c49417f488acdaa6404eaac93853813067f0f18e5e25b5e SSDeep: 1536:pfQIdek/1eKb4JFVrMQ7iXaVTwvAofiKRi:iIMkdeK0KQb8FiMi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\HIQxU.ppt	89.82 KB	MD5: 3f6d8e1fd39d5f4dcbc7fbf16d04a920 SHA1: bba11ff8e8f083175d6931cae43698ba2551f074 SHA256: 0ea079fce4f938489de9378a5e45d8670e60fe0c1ac392b39d1af0e4055c0701 SSDeep: 1536:+tj8asGO9nvsE4dlQ1GpQ5Cxq3Pxf72zhDef3iBPst0xBup4xVAtYDky1ov:+t9s5n5al8xJ+DefSBPu0Hesky1ov	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\I72HRyADAN.pptx	6.60 KB	MD5: deb7832e290c1a773f88c9214b87798d SHA1: febe88af0b9a169fec07f68e83049117318bf930 SHA256: a07c27194f77dc2ca84d29a79ce80d31cf5da908a04798307d4b72ad0e251f6f SSDeep: 192:uCeHlvmUHkBS4aomVTexA61d4++CWi9hNs1ArW9wg+1:uRvFHixtmsxA61J+CWi35gC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\NvxdP_f.pdf	81.46 KB	MD5: 4239e82052bcf56255a11278b0f0b0b6 SHA1: 59c4a12f88868437d9e069079d77fee210822fd2 SHA256: 91ddf8e2007fa411428614da26fd3bd31eda5fdb920b30aacfb8583cd4ff978e SSDeep: 1536:EYqFX03f1+FG8yfgJrJgFe0hZCQRmE837TEw1pQSrhD5te/R79W4Z:EYMk3fwZ4t7hZPmr/ZIE9mTZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\RB_VbiG YqKM.csv	78.41 KB	MD5: e953208ae653315e7857a415929b38cd SHA1: 9dce5ba691468fe1fd03f8f3a1bbf6ce15d3bb02 SHA256: a9dc3635d492c5a1322b9becdadcf7ea730aa189be62013511d140e67f3aa3de SSDeep: 1536:wugy0euVzTcANFCwCaAKe1XbcVyVBe6kbsOKsD9ypEDpT7Gdeb5Lpzt2Ceg2hNXS:cp8Ge9YwVpVs9y2Gdeb5dtX36brq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\ZAwkWcabdoc-gK4i7YW.rtf	63.54 KB	MD5: 7b4a9ffdfeb9aaa7d69d05451dee937b SHA1: a427d7199e5df6ed0bed3f5193ca4a020daeed1b SHA256: 67f0bf2b53bb6566197ed11b8e3c4256320366bff3f63298cfec4b46414f2611 SSDeep: 1536:v4FFHK8a9XbBxmUuThX/lRBgYmnuk6/e6eN2aFe:269LB0UkX/bBgYmnWrjac	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Zj1qqssvFW_0nIQh.ots	90.87 KB	MD5: 907bdc3ddd2c7dc96abae589a22ddc55 SHA1: d16b21946623750315cc1573569c714f8c464264 SHA256: 0e7cd74af4da189cadf60838c770d209938f303f8285eddbc47ce63a85dae2f2 SSDeep: 1536:TvqSbRLdKBSNaCRBV0Su9Bw2LU90EwIVqijkq7mS6dK1mVJMUNfEDJ0abVUu+e8l:DqSbPoMjBmjwB90EVq63mS6Q1m5EGOUD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\6WrvXBq4WxmL.odt	42.19 KB	MD5: 8099fcd77aea3fbb62b4fc3d9f4f9a25 SHA1: 6f13459b428bce7e42bbe630b435e568bd8218ca SHA256: 4d537418665806f14eadbbcb5a2e18de0450d78ded1e666204b4e805ab8269a3 SSDeep: 768:W0Pb34bWAQYBnFPsajaTmrJ/ke8bTvHa3yFXePtvi/HKKf6:WYTdmt3ayrJ/InCCFXePtviyq6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\lhiTt9 LMR2EF6hN.odp	61.03 KB	MD5: 0ee9b114efce486680cdb25ad73017b9 SHA1: b02881d9c644feddd27880ebd303fe876f797b31 SHA256: e8bc76274e48d0b452c85ab31b3da943e2873309e6a84e0f50b0133fd8ad01cf SSDeep: 1536:R0BFkyZjMomN0QDO+xD1PMjw3lOkbmvhh1qGo0tuasKiVVb:a0SjjmbbD1PMj5ImvBVcVPb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	91 bytes	MD5: dfbc5e896336a740cd94d668aff0ff65 SHA1: e5021eeb384046860f75799ad85777b7b9be993c SHA256: 4abf738b02b2376271a82de90582df2b87a970515c369639f64c4ba69f441ac9 SSDeep: 3:DmOxLAVyWL+k88ErTRSncIFiRHIgHaRT:9dARi8iEcii96Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	914 bytes	MD5: 4380d7ef5eac0f19116886e7e241e7f2 SHA1: 8c6b0cf174f67996d94983173588004f760ed97c SHA256: f9afd80ecc3d35dd3339fc6ddde2634e09f582e3df093e6b0052336c6f1e3d9b SSDeep: 24:cvFubUS2nbcEVzRfrRCwla4HuUgFm1tbD:cvF/ZAEVzhkwlakhcwND	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt	1.12 KB	MD5: edece69a759f2712680aac1724ebecca SHA1: 633f81404a9ede01b984015e69bbbc64639b7f38 SHA256: 4aa2ae996856cf4bfda874e550d8c6d47f6170ace97bfc56f502b3cdb2db8918 SSDeep: 24:FSimHPnIekFQjhRe9bgnYLuW8mFRqrl3W4kA+GT/kF5M2/kDg5WWRJQoh:NmHfv0p6W8PFWrDGT0f/k8Rh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	1.23 KB	MD5: 4ee6fdffeba8db35ce1718df8d221f30 SHA1: af13a365ddfedac6ca9f499ddd4fec45b2078ad4 SHA256: f298d3ff0b7b56ea3b1b8ba9856e79aefb1f12de005d053848d0ee290123a8be SSDeep: 24:wDtHvZDqDnxANgzAD3RIzCpTwzFsscZZ+qrBJHjAgdMvMB7CseyNPs3QJGYX6vb7:wDtPhDNEq3uzDsbZ0yJHjjMkB7CkPlIb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	1.23 KB	MD5: 7a2edbfae79f71ec5397352ea62ce185 SHA1: a0bc2234dd75665f024472fe0549180a3677f1d5 SHA256: 4ae2653ce58649d209657b50dd38ae8e9d148393a4f68db15e177625de2f0c80 SSDeep: 24:wDtHvZDqDnxANgbRwucYzFsscknAqGN+i5Y46zBWBqEmZQ/usz/TxECMbVtbD:wDtPhDNVucwsbEAc461WBgQGszVExbV1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CPqgEkvnaFdq_y.gif	38.96 KB	MD5: d2c26e78d2fcee384eb60ef9692dec51 SHA1: 771d86b5bd60cc8fb63dc3777a454bd496b3df05 SHA256: bfe76086aab4617070aca678acf36fdd9fe081449ca7fc2351f6e8d33599f660 SSDeep: 768:XpGFc0gDqynqhSeV2eAYZFUajjeuvlJeE+EN6iSDV:XP0SqCMJ2vYZFUMnlJaLiSx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_F4Y77Iv__EabK.m4a	38.63 KB	MD5: 77f66cfbda9be82eb909f41f0007375e SHA1: edc17939cfc4433c0adf0373a288c02929448100 SHA256: b5b8aa9d7ee805cb8266ca625c3f9a1953e3a9bd925e3b30bb8967437676f116 SSDeep: 768:0VhP78RSDEPO+SKX/XDJ0r/G7dX2YuYYT/x5w+/BgCDlwRYDfo:0H8RqEmBKPXV0r/MX25Hx5w5CDlw+c	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ffTf6.gif	3.07 KB	MD5: 991b279624b881bac5750500a7932a2a SHA1: c2154151139998d03efaf9a934d38e677a01728c SHA256: ad6363ec93514a52e23b703dedb78eb82a0172fc15fbc1ece2e7bf8e0be6976f SSDeep: 48:F3DkStjSY4kl0SAs+gXQ5tgdtLmlNAsQKAIfjQ3jiGVpToo9QVOLNsCHHeNND:xtjOrB5Wd0/ZRGbMi6+sCW1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivu v64ETcPV9Avp.jpg	53.54 KB	MD5: e09e09ca62cfbae4e0dc869ef80217c6 SHA1: 026d0d308d055250b1884d91fd6a8003b6e8654a SHA256: 920e28fd34e85d73f2da9577721ae22005b53dfcf29be01824ebe31dfcc7a59d SSDeep: 1536:SzfDZXDDVBaFSIUhwcXSBkpIppZHlFT7y+6Vua80q36Co:sLZZBaFhIwcyVlFT7y+6ka80H	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O5-QxOkuS7l.odt	34.26 KB	MD5: 7971b78b29fbedac25e61f32c1a2fc67 SHA1: 4e048be264ae854702eebbd56ac66247ccfc9132 SHA256: 58a4203f870beaaa637ca0f09b85ab2dfb9350a38fef775f214f958ef031fac5 SSDeep: 768:YJG81skGQWEVxllE0lunilgnGhGZtma6tJ/H1x/dz9V:YTskGjELyii6tJ/HZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePm7UfV1NMKY4Pl.bmp	72.21 KB	MD5: 234b58466887e5b4c97ba710e63327c8 SHA1: aed84fef01e6e6b26e205bed85f31796822cd0f4 SHA256: 12b8da5af1406826beefc7a2c06c5b8f630540fae06752d9a32838851779746e SSDeep: 1536:rQgjYktumMg99g1seyvSu5L2WBi+fqWtMawQZHghr3E:ZjYktumMOuqexu5SEfqWt9woQ3E	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Qrw8cI.bmp	39.77 KB	MD5: 120bc9dfff53875b21251b4e4994e471 SHA1: 45d1227dcc560f29e210e42a958b5939f65b2b6e SHA256: 3bcf27c26a2d9e12eac18ee1d591af5e083042d16335b33fb9b0e7573cfa66a5 SSDeep: 768:hAegaMpTUjQflj2d2lZlRKe18urQ09T7VeP0Nllc4t++WrnEQJZj74:hFwG42uKO8ulAPSla4ETrnEv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\suJChr7SBbY4qJ.mkv	29.71 KB	MD5: 61ba45f38d68c6d85f46deb275327615 SHA1: a40ae7df20190d40e4477f48247602971337c710 SHA256: ae4c492d3c42aefecb18d23fd3796427afb0e41cf863c10aaf0d1ecc988a3b6a SSDeep: 768:1WCvllJMnFPe4cMJmkpbXzGuk3Vb98o0h5Y6:M0FMFPe4V8ciuk3Ao8u6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xj-o.png	40.17 KB	MD5: 2e58c36960cba52cfa0f37e5d052d97c SHA1: 5e5a0c35d1822d8a7e37ebdeaa52117ea685c715 SHA256: 984a7b051d84ef5e3539a55102b7d8a151a5f784ac5df26ede0e80cb0f016eae SSDeep: 768:A+70oBKZ6wv+CD0Hwlub8vrmyY1xutWgnKdJndWgiVancU2YsR5yu:AGKn+CD0HwlkLf1xUF8J0hacc4D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2CT69ygJXeQqr8Q.docx	17.85 KB	MD5: 1946fab908380cd2ae897e4d03d2d7fe SHA1: ee53a91e4f37ac0d69374d36c214bb3a9f70ec72 SHA256: 148c2219fbf209369f65ee3f055cc103e9a4399c51591a9dcab69044529b9925 SSDeep: 384:Ej4DgdwwtdLvaYuMyD3P7NtzwClmwBAp9QMsyGlC:QSwt1fuMW3zNRwCvBAPf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rHxPXYmZyC.xlsx	70.19 KB	MD5: 60e448ca4c6a4ea559ed1509d96c63c4 SHA1: 363476e703291ddf2482991280eed1921379f246 SHA256: a5186d1c7ee1c7c3e8f5fc64ce5a8e0d5cc70f4f0a51c118f0ae1bfb345ba4be SSDeep: 1536:ETeCbU+NjXqWHgm73pU3yWIoNnIxhnmV+tl34SbAmy4gY:ET7A+NdVrpUPIw5V+v3XD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TUDp84ZZaxYWbhN0.pptx	53.98 KB	MD5: 601e35589bb670b5941b1a4b6652b2f2 SHA1: 3043b1b7838e147f67624594b48bb71dd64bf4df SHA256: e4e705b01d9c4bd1a95d56ac552669ac3436d577e28112c629c9074aa18f7537 SSDeep: 1536:D4u4cKNf6OAZR0l4+0lOdZejb6LnR8WDbz9cI6:D4iOjJw0gYi8bzmI6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TvZ1bKJ tiq.pptx	55.75 KB	MD5: 3b4019dcd49bf64dc81bb133c7875c07 SHA1: 7bbcbfb0712b061ce9bfd883235818419ad42644 SHA256: 6651ac65376b99a0a3e3cbcccffe8d8ef4c0d19c0450a5b65b99dad172c96c15 SSDeep: 1536:YOzCdXKEIQUj7+OSUInMorULFTkZah6smSeh:jzuaXjRynaxCfxh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YbrQBo2.docx	57.01 KB	MD5: d93d64295a79c9cb755b8c05f1e2bae7 SHA1: df7dfc5da134dbccb71180d1eac0b2862bc9e343 SHA256: 7a0a90873af352b9757053eec079af8826f399c55c33723a66de40c90e58cc83 SSDeep: 1536:ISasvFELIWmMzH8IgMe54tB+1DE4wfv0WYH1R:KAP/Mzc0htBODEGH	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\8Wt-fr78MDaMolHBnA.mp3	24.87 KB	MD5: 113a112fbdef4852eb84ba1b669f65f3 SHA1: ea7567ce4e3eaca7d9be644e70b2db34e5fbb744 SHA256: ef0439e90596f6491a2beb010b67a4e7d730c0148a510f3ba6f51346e297b253 SSDeep: 768:Wa3rQR9QkBBGe+pbsDEcRqgrLlwwYFiP7JW6Un:frQDQSBXSwtRxwJFisn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\f0KzGkVddjxFrhVbLx4y.m4a	94.08 KB	MD5: fc290a5d1f16009e18832412bafe39e4 SHA1: 9f713591865d1ac5cc7ac6a26b0169ac806525c6 SHA256: 2df3bec8a2fb87e563bbf049f6164f311794daccaf3435db2ef2528bb884417f SSDeep: 1536:G430mR2Hrs7Bf5UmMkMOcbVm5kMR/f8co2ylxRLaxfP5faPhCJPqYTO:Z0nLy5FvNkMRf8cf+psn2XYS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\FUHOLzUUk7aWGniPbKU.m4a	49.22 KB	MD5: 5244273f24c5025b0d2867ecad9e1a9a SHA1: 73d9623e96371b881d3f695695970e060f5deeac SHA256: 16439992894dba5777ff00a78ae9ec1d511430122f385dc29ad15ddedb580f5e SSDeep: 1536:lKwgkUgSSDVozfWhNXEDCADQNi2NjEV2D:lGlgSHYBECADQNiejEsD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\j9WBFDemL.mp3	74.09 KB	MD5: 70af6ab8352bd49b31622f66674867cd SHA1: 7141420c14c7be0ad2fcdae87715a40ea77732a6 SHA256: 4b05d30a09674f3f9c4ac3e7164f12ab1884a3bb6d0417171859faace8b00194 SSDeep: 1536:ielZfHuK6P3Upv+h9WjGUS6Cojj0LdG3c6uDBCEfSFNAk5hd1Vuu:iel8K6PPojG4d0LQcLCEaH1Vuu	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\tjl_cEIieo_pVMS7Kw.m4a	12.17 KB	MD5: 3c2c28a5bf042ecc0774afde435abbe3 SHA1: 27daabfea91228f9c3cadbd0c248bbb009ba4c61 SHA256: 6b2748a28a1959102b88d69e56267074d808b0e25f7dd1e0f56e270c5dc36b3f SSDeep: 384:n+Q28aNushvoGgTX/A0KGpcQ+cBAzWfDsDmnGy:n+Q28kuogG6X/ARlQ3Bc+4DI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\W7FUqTq.mp3	82.88 KB	MD5: 965a0588e1a6e11917e71a0a73524631 SHA1: c3f994102c3b63c6e3944d9172b8f278be857f4c SHA256: 2a257a4467e385e42694afa602678513cb03a00f73b400a71f5d222dbc3ff562 SSDeep: 1536:iwegNn9/jlFKzDwbJ4F2QYrAGDNG9Xz4eAyXRW2AjLBF8Qqlk3O:ihgmicqNDNGBQy5A38o3O	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0PKxTObiZ.gif	74.44 KB	MD5: 23c4e7c2e3e8ae2fa1b5bd0368f3d0b1 SHA1: cd8be271bf2bda1a0e6f6efabff6f161a8302f1d SHA256: 869b5b5d913c22d41215608c9efd36a9a9ba001f26f3551519628e6aadac3657 SSDeep: 1536:DY4Rk8gH74Rtkh4bAQ9WBBDACDYG7TLiozC9PpGMbKBBbJ:DYlYRtkhGAQm3x/WoW9geKB7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8EmMRvazI4x9KWTUm.png	25.78 KB	MD5: 605316ee6587caf166b8d3b8b241bcbf SHA1: 26af5f96f954d9dd3d75c5a2f58dc329ff942df1 SHA256: 205de5e10d9cc9378160288d263f14a65cd57e85d5cf501d8d5008d24d362a7f SSDeep: 384:btfMFWGKwjWWaSSg5tcrh9sNLgkjuQ3BjjCSpjJyHjY9y/xq8LFWK37LkT:bBMcGtlSkLhuQ3xGS+HjprAT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AV3bVnC.png	40.01 KB	MD5: f6dd81037d17f0d40b6b3d2a00de0b14 SHA1: 27ef3682975a01e8e62c55d5d963567afc48cc0d SHA256: 040e3704312aa97553e2f870e333b0a7379bf97454fd0311b0a6dfdbf32bd172 SSDeep: 768:UCxaSxYjzvHPplbHzty9ZVTwmeEAmAur7VzeEeU9xkrUPXSUtDulKp:UC72zvHPvbHp+X97AGrRSHU94aPDule	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D131k21I.jpg	31.77 KB	MD5: 8c60c620c4c7e452626c0c11be13886f SHA1: 5c654dd7751ba1c7a9c72731d259af9ab5636c81 SHA256: 4c1b8bb8ece0c079b6e724d3c309cf1f1164d6f63f0db50b8d439a09532f2f1d SSDeep: 768:aWbb6Cay1AbHhEFild4Pj8wKmbnHmftFjCqEsr5RIoHNdkD2/nj:xeCAbmvAwKmbYRCqEsr5RIDDSnj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dLald8SOrzsBDSo38L.gif	31.83 KB	MD5: 7bdbf9e198f9fcbf388bc753cf2f7df7 SHA1: 5fa0125edabd8bc1f60f835d5f3a6b0841fc5716 SHA256: c677887179b2456da58ab9c9ac9a64e2eb164922e214b7515c4f0819fc046f51 SSDeep: 768:uIh7gzk3bsuM77Zbhu1YyW5L0G6Cw//uEaPhfg:JcgbspNb81vC0hCw//ZOo	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GFnV27F7zcqX6l.jpg	24.45 KB	MD5: c08eaf48d2a0b6bce8b573df608b136d SHA1: 3c19d87e338ec5d831b98e8a900b269a7cb46a43 SHA256: 59e449ef1deb68a46ee1753eea6580f56b60207f6906e1e97bc4938aa067c26f SSDeep: 384:x24+LjyUShWA5m3+W/KEo/r8HI4lIDDXmGu3y+ZHJcHfyjvV7CE4bMH1nLFoG9jF:MjyUS143+W9ogo4CDDX8i+wYJmiZPT1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hFp26ULLEeCgRocq.jpg	79.08 KB	MD5: b91a94baabc19b023e3800a09be6c09f SHA1: a721bed4a95a4002599ab6f1df2b7eace156e758 SHA256: e4966ae30d05537e539d593a8e96a8ae6bad01cf4010ab4d34dad1b6ae9cb9c6 SSDeep: 1536:DhegRfJEz8k/770AVUMqlIISm/Yf784I4mzYneK1C2ce8iD7O:wgRhEz3BVUMaIoEU4mca2vxe	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hOVtKO.png	70.58 KB	MD5: 78bb14daf7b51a0b18b088901375550a SHA1: 7c34827cd81d3a1b78852cb255d6fcb19d083714 SHA256: a0c1bcac56171c8a30afea8c9cde6fdf78aef214f1b02a24e527e49a46623cd5 SSDeep: 1536:nbwM1v0ay5NmunZ/89MvqY7Gak4Y3vOqRtcjpfFWG:nb3v0ayn/89XhXvOgtEFWG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j6nzOT.png	40.09 KB	MD5: fb87b02c6bb7b0fe061976b744a62acb SHA1: a36abcfa04c68e20c56f75c89f3ace3a4693bd68 SHA256: 50613c285031ef8bfc8d4d9670d864db368cf743e0ac502e6d078826b09477ec SSDeep: 768:CEIkp116si/QNH1ANP0Qj5I1mS4AAmFuHdVvcGIT8f+9g+S4kqpGYz7x:CdkX1EYHCNP50mS4ARFu9V0GWK4kqEYh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jppO8iseUv.bmp	47.13 KB	MD5: 798de9e97b48d30b136e33fa3dcecd01 SHA1: 502e21686550ff76d3caad4940114a8dfbba4fda SHA256: da03e4efccc4eb674aa515b69f11bbe16141b150fe8b08533d2c1954832ce8c9 SSDeep: 768:WTHcAbB+r/xc9gmDb/u9SciaDpOJZP12ZLrD2XFbKktk0XDmFyM5c5zIbEP9Fvj:mcAOpfq/u9TzkPP12BP217W8mFyOcS0h	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Oj9EUJHKpsOfq.jpg	23.18 KB	MD5: e6018247207872de876f6683d9f1cad6 SHA1: 1a39462354f2b95d77915bf741577030daea8bd8 SHA256: 24c95394d4bd75d676f3f8fc5bca359b0a877c6a69ed7ac4e2e461e18787ff90 SSDeep: 384:dS6zeHqK127RP5DYs45TvtSCYeW9zMZSYKSnCtD7UrRP1DAwLgJg8xNQooUMfi:dS6zEqK6R5n4htxaq5KSC1mhWOi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\REDKpPryBoCE3SWLx1.png	12.64 KB	MD5: a9e9e1f72a292640a8f3d4e1f828b0ea SHA1: 67b2e994223030b61b40b7362080f52ad8e6b94c SHA256: 2eacc5ef9a5e37bca431a874535b9aad24b345002712d2d0d2afef97bf035a9d SSDeep: 192:txeYLYRimmBpPFKYF9mPWWbkSa5lJCQuiPktdygZJm49R/F94/PbDI9C+svTHyMv:tnYAzKYGPWHSGJCD51mKRN98Z+s20	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\skWySyu.bmp	16.11 KB	MD5: b14cc3d98ee65962a8f5029f6e2dc4af SHA1: b8e1e534653282d568a735985013c178975b6c1e SHA256: aeaa953535f6b41a8efc1e937719aca8d1d60fd0a6ad00c6ddfcfbbf94375fea SSDeep: 384:E7UGusb8Rc/en23QH2X1lHFTHJz1u3U4ME+OpwtNGOaOSL+Sd:IW+3/82dX1lHFTpz1uk4ME+OpwtNlaVd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y_z1 i4Ltt8.jpg	74.17 KB	MD5: ac3c8b5d619007415ce297ca81c73ffb SHA1: 78bcdef429d26e69af48d61395602f7e95bd055c SHA256: b51035a7917475755ec769ad77ea6bdb533de8bf593cbe8eb119211a62247c81 SSDeep: 1536:SDcSBvASWzcXNzY1LHErdZ485rStAoiHwHaiAXNMm6mu/TQXhMbngg:ecVjzcXNzqZA/wFqNMPFTAg	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\znNdKX_AXzU74PLmUWg.bmp	20.68 KB	MD5: 36e1e6aa923e43de34363594d1821e91 SHA1: 3353b1536e8f25c8ec1ce47448f59d26b9332d55 SHA256: 88d437499dc18571e53edaf2e6d25afcc86cac061b76b7d2e433e53995754981 SSDeep: 384:aB7y6+bVAY3ZCrbStcftcnI8DVLtw0qsQbVkChj2OjyA0RgdDjP259f8JpHKbjj:a4FbRSbSw8DVLq0Wbfs2c59EJpqj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\uU1kKYvSH0B.flv	7.37 KB	MD5: 9898d73614a60c261dfcba65f8a5a0d1 SHA1: 6655745193411146bcdc37760c5b91cefd12dcba SHA256: 3d669c03b00adc2048016a965a5e8d3df254ef2af94bff7186ee6f5afdc06f02 SSDeep: 192:oaFnCrL3k9BCL2L0058RW97m4vPVik+PedmU956IFpil31zfkd6X1:pnwLUmRJZ41ik+Pedm5kpiV1kdQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\X SffuOAF0TL.avi	64.13 KB	MD5: 5fb038bf5d627898a89891cb1bd339b8 SHA1: 967e9d80c936a537c43347451b23b8aaae8c05c6 SHA256: 8f0d74d3fe28f28a5c78e2925e8031d4b9e81f5087aaf561d6aecc70ecfe7fd4 SSDeep: 1536:VZHCpzSDjVrg4TL7y6+kXZCGmGOUFqzi6gZNGae2iSopeJWZhCBLkRx:HHwsV8437yaZPmGOUF/pEJ9uWZMez	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\2ZMRkOD2Lz_.xls	90.75 KB	MD5: 95c99558b6f4df1d670914ef1f6985db SHA1: 0d713c209b1729a5df123e34e765e4fdd30ae36d SHA256: fe2dff3e9edd2c4c9e38ebb0223fbc7ab018371df9cedcdc49e5e535e5b6a5de SSDeep: 1536:pv6O3So8fQ4GkrtKdxyX555nsbdFxa1OJzk17ioOvX4sNXPZD/Gftbj51xBPd:pv6WSP447rtKg555sbfxFklio+XJRDa3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\9hdqtzw Z.xlsx	75.04 KB	MD5: e080074650a0909bf2fd3815e5b490c2 SHA1: 02c05b1b80cd36ed91b563f9d5a4f8ef49213eb1 SHA256: 9a0651888bfbef9568e85827dd9b5f9621dbc611a16bf0956fd961d4023c4a1d SSDeep: 1536:32eHHdXtDZjphepbUEkCvnLk9V892Xqd/JgZVtbHDOtSPG0JctnWIGt9cGa7sDBe:GeHHdRZjvepbUEkCLk6d/Y2N0JcBWINZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\eJ7XqPBACiw50mT5S.ppt	35.06 KB	MD5: c8b5efcbe371640d1a5b092858608a1a SHA1: d3832d99b92e33941bc92bc6d7075ad9e0924ba4 SHA256: 7852a543edb6afa3ceb579246fe37bd7cd2f43888e55f4c78866d5bafd0976b9 SSDeep: 768:tQFZgxnKl3apHOdS2Wbcl1R1fB9+lYEmMIkc+D5pgIjpVB4G3LXbTmqDYtaP0k:aFZgxng36mHfn+lYEm3+D5pVlTXbTmw7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	211 bytes	MD5: 292847eb247b6e9e2180eebf75636481 SHA1: 80181d6d51e9245f247920b18dc0a6a777612cc6 SHA256: 3e06c8c774df9789cefd673430f9e0a1bfd0c4255e8b9185c8984d13c7928308 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4QcPk0lRi8iEcii96Z:bXeDRQ/wk1xTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	212 bytes	MD5: 27a2885f9e54ed390841d0bfe8524729 SHA1: ef4d7d102e8fb6c9904677531e82ee732a00f23e SHA256: d7f7579eb2d1078d92dc158b29fe96e2a204165235e936097d07f2f139ee4fc6 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4QVNRi8iEcii96Z:bXeDRQ/wkINxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	211 bytes	MD5: f3aac0620e280de9564a0e5fb4ad626f SHA1: dc1dc873ed48e9f05c388274d71071901060b42b SHA256: 52638a54888ab528133f6e8e91de8ca9d7e3a491e05aa26aca0bbe57cc82f00e SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0BMk0lRi8iEcii96Z:bXeDRQ/wkFBMxxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\1x2x9-0Xwg-1EWE.mp4	67.05 KB	MD5: 2d553bd1a5afed205da97f9cb8d0299a SHA1: 00fed6c35da7c8051d593d6056cdaff3a3dbfed1 SHA256: 99e4f11cf25f64c4f8bc419ff86b4bb9e5be6267f48790bfdb5b5d88698c945e SSDeep: 1536:vcaQQznNVjmNrFmk5/LO2C38Z4mqa0N5UmH6gHe8wRwgsluF:vNQiarYi/LGsRGUNg+jzd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\8i3DCjvaGbZD0.mkv	98.92 KB	MD5: 6304f7bc34fd3d0477f70aca7b63c5de SHA1: 1e9388fcb0da15719837fe4e1fab0dedb4cf8ac2 SHA256: a45bcf8a5c0aa88888c879f17e928560641b7006795e11cd1adb6ca6633344e1 SSDeep: 1536:hygQJ1YxfJQMdobymlfX/74nB8e9nj//daYL6r1MhWCrBwI7Obvp5zI:hyR3YxfJJdUymlfX/0n79jl6+hFN7GvY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\79si7ZeLhYFP.flv	88.11 KB	MD5: 3a3124841d17292f63b24ed725b1ef47 SHA1: 5adc4d2effa39546f14b3ac95c13f73b3e5ed38b SHA256: 0886833e11fc15c59438859731d3340dd7ffecf59e7b3d6306ca6ba124e74ddf SSDeep: 1536:zum+EGoy3f7n7+LdfWV8Ra+OWvIn3FzFF9cyhK8fCVbX2P+vwqRnIY1k1hb:zb8PWLUV8Ra+yn3FzuyYbX2P+lnI1F	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\mJouaT8GLVkAGNwL.mp4	51.39 KB	MD5: 573bb3a014dd26b9b784d789889bc4db SHA1: c348f87ad610bc1d897bfb87f187179cd08e2cd0 SHA256: 81a7bfe4f73a97ba1793ab615daba9b9bc249a6b159defd72603ca4093810116 SSDeep: 768:ze8PwPu9PovWhI1a4GDetw/IRhPqEjvXDDoAhWC+QnYuT/ZFXJv30Z6eLYLgREA3:zv99Po+61DHCEjvzDLaQftFx3010yw+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\-ef3Wc3uX6CMMun91g7o.avi	75.29 KB	MD5: 59920efed709d4064e2be95893434f0a SHA1: 2991e8b73cb3b71a0abffaf5239619812c5c532c SHA256: 4536558be9b9cc169fd8fdf544961ec731f7b09135f0e7b964c5dbbdacbabe42 SSDeep: 1536:Kwz0VFeXBGj6WJEaCxQacOpFW9KJKlUFmaM5/DXMfp7Zew4IDfW1nap3aXNjLAAs:Zz0HeXdzaCxQvgCKKlUFVW/YBZewpDf1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\06x3ed5rZHiwke9E.flv	24.86 KB	MD5: 9d5254d6070701bc3fd9c7395ae63563 SHA1: 5c65d56e8b7cc99d1b6871f52ea385f119901a7d SHA256: f5b74a7df486c6228df15d2e31addc060a095e6d48ee1cbca53b12d96c49b199 SSDeep: 768:yimO3rYH2fBcF0I3qoaUbG5GCE/FRPJIvF:csrYWW0ImUnCELhIvF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\Ca1cHda7JPJatHi.ods	78.19 KB	MD5: 44174c6386dc21c4161e51dc9a6d190a SHA1: b4a13c4a9a4e19405fa74178cb2beaa2fb035c81 SHA256: 5761e59d9bfef4a9edc5b24bd961796fc3199fde41151c83daf414080569c030 SSDeep: 1536:op9AFn6ZwzucYlSzHvpMhftv2bhqhKv2oP7NNNybYxwuFKz4FdkqO5/QGblU4jf:op/2XYl+xBZP7FC8whzEO5/Xa47	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\GybORRS.doc	22.11 KB	MD5: 26957e4dd02a1cfa985543c1f3546a10 SHA1: 3a0e27b423ea727616c4bc3855927bd7b1062640 SHA256: 0a0f2472e1c3575a5bb5d870c519ff8f25f8dca356ad15a61b82d920d651d900 SSDeep: 384:t+BIgDrIwI4hmqMd7c4hS8ZY2PcphKja4bZt19dcKIzGr8xv3xHpuTmYiZwYCYe2:t+/Q8TM+n8GVhB4bZNxuPfuTmPwKGQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\rHF1mal.ots	61.60 KB	MD5: eb22e884221c158f7bd319dc4eec11b2 SHA1: c469df44d09a2e971f1bc050a8017b0ce7b6887c SHA256: efd63642d3eef8b3da185eb22b6015f236b7676865ce7803cd23259e79484252 SSDeep: 1536:zFQn8LTJHbntWHd7tPdXe5qkU0qNqpGITeLsrsFIvABLY:Gn8RHLtWjDX0q4p2Lsw+voE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\yySnK GxBcD.pps	43.18 KB	MD5: 6867e7ea5dd6b600fceb0ff794d73111 SHA1: b617a6a9efbacacd5a268f02c88e7664e69964ac SHA256: cd6f19edf4a7fc247ebbd07d04c37389e6ce53283954702cdbce7de85f5f6017 SSDeep: 768:tT9qjFYULUo/A88x4D+czIRjB4dF2mQP8TAx0Yec7a4mZ2nwRNtRn0TMO3U/3SWS:2jkI38x0clB4doJ8UxNec7LlYNtR0VY+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\9M5mfpNiu.avi	24.26 KB	MD5: 87ccb7c302199ebb5e5a99a2d6bc9a4b SHA1: 4aec576d5d147962404d4f08dd25b97618e654d0 SHA256: f2195aa28cbf5fe605d84cdda31d7ebed3b99a1641852e3b2fa90b9608442955 SSDeep: 768:yWdNbvuFHqNBpx+ZTlveC7+GdeNHtiCvpTn/:yWdNb2FICLgNHZF/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\NnrUk7lhXvK.avi	11.33 KB	MD5: ea978376ecad4b68a348575842f56f70 SHA1: 3c4078477f14388efb06a3aa68901f4e9e1b1aa5 SHA256: 77257fc543e293728e8c87e55871bdf9aca81d8c9895a73fcb1791114b3f4af8 SSDeep: 192:DPipZFtjuaNqcreN/2Y1MdNFY+FupDKs0LWCZgRzWn8bMB0b4tFsolzKeO1:DAFUaEcs/X4Y+Fuks0LWfRzWn8bMB0yk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	568.17 KB	MD5: d4389e3521ee674d4fbe97af24f3faf2 SHA1: 626216fea94e9544052eba445f32f3b981fd7142 SHA256: 1fa072ba2db32b69a30cf2d41325165dba0ef8a9e33956c345be768902b2645b SSDeep: 12288:5gBlQ4S3l6ZIdmY4hyMPezVNK9TcS5RyjDUI6Eh/MOhTw:SlQ4SZxMPgyTx6jDUbE2Ik	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	797 bytes	MD5: 6d90cc0072703e14011cd609cfceec2b SHA1: 207aa5b8a2bbe060dfaf60d091c8378b83123bf4 SHA256: dacfa202a5597a4631237516428c2cc8438583315f57b55a6c440224bc765ab1 SSDeep: 12:HaZi9HTHTa2HB9TZ1RagEtffa05Udrqw2hiRSdyn3OnYBNPZNExTcii9a:6QHTzp9HIgEtffaldrqwoibenQBNEtbD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\5D72zjcGaxP.docx	9.03 KB	MD5: 0c2a4a9bd344931ba19f74c1f405b63a SHA1: f82f459dfeee882c77933d4d858dc7f3bd7cf9e4 SHA256: 4e2de764f650750cd8c91df02d314dbc7bd155cd02cbc34526e385bdabde5c3c SSDeep: 192:l5P6Cbe9Qc2rUEtTk/q9kHsqBzDSJPhW/aJ4i9k4aSdT1:lRrUEtj9csk+JPUU4iS87	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\QPk6.doc	91.79 KB	MD5: b7ba450d2f7c8410b61a2d88eef80593 SHA1: 411863b97c0873308e6f47c374fec289c7e39570 SHA256: d98e555edf6339aae0071e62c8630ad9ccdcce0f72d6b3d1572b3f27471cc2b9 SSDeep: 1536:uwJoJjv7V9/fT2Hh+Gw+1BhxDgXBGFNik2ucFIisOqyomw99YA0SajphVE1RHS8U:uwJOvspf32JrFIiP1oj9X0J/E1RHS7i6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\Zk1KEVdjg.csv	49.88 KB	MD5: 6f85ed5d4f4efdf391ab72e7bd701faf SHA1: 873272e3872c2e44a66b926ee8056fd64cdfecb7 SHA256: 7bd5496849238915b1b449101b684f09ea5ffafbd88219e1d16b5c318de3f666 SSDeep: 1536:v72jQzjmRziacGz0aQEfjmO1antrSK26ZxLWTgzDx:v7GQ/K7IPEfCO16S6Zxv9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\zMnh8m1qSffqOBU79Ql.ods	76.13 KB	MD5: 307c6a5fce57801e73a98cb7e19b8476 SHA1: 711d52160e2007c32f576c69ba46f2ccf259e69a SHA256: 088e1339915ef37279c939dddfa26a5e82c54b6d2173040498594d34d95f554a SSDeep: 1536:jtb3FlIZwJo40bK/tmSLPdrUYwEgTPv9xtvv/Xg+tUpmnrZyFV44Tb:BL7o4GSDz6H9xtvv/w+amtyn3n	... File Actions Show Properties Download
C:\SystemID\PersonalID.txt	42 bytes	MD5: b245815bdc937d6f1c7b91fd87c066be SHA1: e78f6377b395d0e2ee10991275f77b9c2048fa10 SHA256: 481d091551c414cc26cb0edbf5ab81b1c2645c6e8c788576db3b64f923347887 SSDeep: 3:UFVyWL+k88ErTR1v:UFRi8iHv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss.dalle	0 bytes	MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3::	... File Actions Show Properties

Downloaded Files

Filename	File Size	Hash Values	YARA Match	Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\get[1].php	103 bytes	MD5: 63911cfcf2aa80d4739af2998942411d SHA1: e8f4aad2bf1bf28b12410ac8a2341b06a1491871 SHA256: 5fdc6c62f0e98ead61f0983eb8d55f35d20fd7edd56c2868b126fdc36f8d7f69 SSDeep: 3:YJMLAAirGVk3fLXnTEmgUW38JbPRUVyWL+k88ErTRTn:YIduvLXTES/9CRi8iFn		... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	66.86 KB	MD5: ab61ff512f9ab4b3ca027b70d61a0021 SHA1: 0cc8ad777c982b24435ae04adb6c590393d0375e SHA256: 38a6e7af32f1aa1dd7f4da50a9e58658f3f6d8518f872e37dd5de9ceb6232d27 SSDeep: 1536:ou/yd4+4RrZ04sf+Gss4K9cEhfegQUEaeF/xiWyYbz:ou44+4RoR4K9c4WJUtAnbz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	1.22 KB	MD5: 831182028c185cc2ed0ea207a0f1b3cc SHA1: 26d516bd57825da54988b1f412603e5125169bb7 SHA256: de425134b652b16eb875eb00c9ea20ebcf631374b2291b2407a23001e1ce67cf SSDeep: 24:wDtHvZDqDnxANgzm2gz/izFsscxcAqsQNFifZCCutBb6posvXK1iJqINX2TctbD:wDtPhDNMgzesbZY6fuP6pxJqRcND	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	1.22 KB	MD5: 6cff37b32d21e6141841b71e2ba8f0c4 SHA1: 201cb02ccfc07cbb83089407f6c05227a01b76fa SHA256: 52f7d6dbb68983a29a15f9e384c0558c60943da3367ffd62df1eac9c7963e816 SSDeep: 24:wDtHvZDqDnxANgpLsw0mTT6zFsscnqN6jAgdMvM6qGo+Enn5oi7NefbtbD:wDtPhDNkD01sbn5jjMkQo+EnKiZefbND	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	1.22 KB	MD5: 2db3154c0df65616a67febfe8fa8a9e2 SHA1: 6bcfc633bbae737a0c62db0175d799a799d9bd9d SHA256: 4a660635712157d037e998a7be1f0ab66296294268aa279fa5f9d1b98462aa10 SSDeep: 24:wDtHvZDqDnxANgW2xCYzFssc1wYBWqIgvEXvTtRxaLOwkjS3DXg2tbD:wDtPhDNL2xJsb1NBWvgvOTxmmEDLND	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2-_K6lTtjSYNHLM8.doc	70.65 KB	MD5: b8da0e52b93f2dea751eb2a9dbf7f16b SHA1: 7423c7d0c0c20fda000fde6def464583f94d0a33 SHA256: 45af26b1ea8b1dc88d63818f297d25c6d9651cb6cfb3c99addd88d85208ac564 SSDeep: 1536:gilsTz+PwphI5v23F1OlQNk5bynQJarQns4hSVND47qx4h7PfE+h6NDIhNhXs:gYs9ph08DOlXbynQJaUs4sVWqxU7HE+I	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	525.58 KB	MD5: 2b2e3071fca666caf73d409b1336f620 SHA1: 167a2b1fe374a0d271f8ccd169fe1f3b185f15e1 SHA256: 9bce6ddfcbc4feb52e0e0cf1b0821b002e88c81920f3b2c8901cd7558a4fcd85 SSDeep: 12288:cejQneCxPMhSlywgWvQe1/JRQEJezCNhAIx5APfZKLaZxwW6:p5SpfhOE4+hJEPyaZCW6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7i-hclJt.ppt	67.75 KB	MD5: 11c23216562b0dfa26279f49d3c66148 SHA1: ef375a77576cc1d6d60d3a23f0b840aa11307403 SHA256: 21192b322927285360180c7ba9fd0dfb2d9bba38543c125515370393d51657b5 SSDeep: 1536:CuXUsagr1GYg4FYSvFz/algXy0XfNVj6WFMn0sygDsTq:HPuYgMYS1/alv0NJ6Fn0rLW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7o_dfQXVcSB.bmp	26.55 KB	MD5: 65ec64179c18797642440c433d4a98b8 SHA1: ef8f66ad54ee41b4d4c33eba999434f1ee61f481 SHA256: 680b5c889e8ffbe7a84121e26d3440df0c47dcc7d60c37e79c17c5b7d218e981 SSDeep: 768:Isv+D3k9EeFdmjV6w5AQs/UHdvlqhVP29PPz3t:IsvquEM7gdw7e9p	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Emq6vD0ivZ4XdEfJ.swf	63.54 KB	MD5: a9a279e6ea328e9c882487d16df2e862 SHA1: 7df66ec60d8fa866e3433c14e59806bd40f03398 SHA256: 8db9fee9fa1e5f39e3c06320461fed7049a51f7bbcddf1cd3516dc8ed5f86c2d SSDeep: 1536:nVKpgoV67ven+hX0WDFVFpB/MulhIbWjuU:VOzs7ve+hX0QBFlk2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eX-YvFXQkLn0gu2V.jpg	93.41 KB	MD5: 25004dd5a87e0412f753e092716243ed SHA1: 8f656c9f3e478506eebf989c261176ce934b1ff9 SHA256: 7a2db1777af4049b1d291c59581067a5043bcd6cba42e8b50525078187168ff1 SSDeep: 1536:hiRV3ijTEYF40BFxzGLCF787YXhiEs5WwGFcTejDJV8mdwrOe4eHerbouxS:hQVSMQTcLuI7YW5Wr78mdGOA+v2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS00PnIq2P8Kp.gif	17.01 KB	MD5: 3f04821f5f838387e34125db0a2618cf SHA1: 558aff75ed6c092a2b22a52193080f4e2a8cfcb3 SHA256: 0aa0631a60173427ad80b08889a18644b802a61625149b94a7d56884ead0e55a SSDeep: 384:xsO+X/R4EjVLFr7ZS0Tt7tnoelfXqUfNkfBdoJlDGifVl:xsTX/XVLh7g0TtRntlfa3/cQm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HZMv21_uk.jpg	76.92 KB	MD5: 6b843c02c9b8690e3f2e7b53443eeda9 SHA1: a032e9090df9b561594ad1227344584d39ec9448 SHA256: c7e6ed830a8b1e973f1fd0deca7c05ea2e810c50470c1a15da2d347d37f103c3 SSDeep: 1536:Xff6gWXt9VFHd5+tlLP1yPTgT7Zl6ndHcbpyTmjWiUllaUABdz+f7kB6:XffQnVF9MLIPMT7f6xOim+rsr+f7kw	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN mvP_WadxDj6.m4a	71.48 KB	MD5: 6fe0f49c600f6ebc2b091b7365281bc2 SHA1: 81c4617f1b912a5ecb5adf9872e8dd2446520b78 SHA256: 8f9c1905767b8025c292529f943d64586053027320d3000756cee8a3f69a825f SSDeep: 1536:zKoSHEkDqLQ5BxCdG3OJNONpYKL3Q9e0Fv3OOHA22RyrnxpeaI:J1MHR3BNpZwee35HBxptI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iqS7xw7P.ots	65.75 KB	MD5: facedb4da55f9e6988954fc75a9a9023 SHA1: d83e833c8489a01a5f516b78c36d82ca42a231d7 SHA256: 975c596109d9a025bb8fc694c29c3f960dda7ee6ee4c9fa59b6a4da5266b6b4f SSDeep: 1536:n301irE2ZAhVtPyVsTSVltRSxzBgQYsIY4CE8eTuZTvv:n30112ZAhPSseVlyzBgDJJKJv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pknw9.bmp	59.99 KB	MD5: 8f767d572d19a59ef049c068b4481839 SHA1: 7bae64681c826aee5e28a7036a8a7d7dcad10118 SHA256: 36fd8b045611aede3ed1d3888f1bbbb21a56243b0b143426292c2691bc015d56 SSDeep: 768:TAZmSgmlwkpjesZjvi7JhLvtTy1jgcbGjnyYsOCQZ1blKMtuG+cr4J5xwsa9mJ8h:ixDlorJTyFFq9snQ1KMMa+p8mWIE+21	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Sw0t6XcCq_-sZjnOduKn.jpg	90.44 KB	MD5: ffd94874de2952ee43c5b65024ac99da SHA1: 908507de29867a1a6b25465c243f79273c3beaf6 SHA256: 1c0536f629146994a411c47e3463ea4c117372cca9c0b82821f8c5a99baa0c82 SSDeep: 1536:cCIzvyNsGzKYI6sZPPBxjWagBcv1zymv+Q2KjciCPIheb9uWHNh+jlFmUcQrLZii:jILyxzKYIRZhxjPgBcvcmWQ2pf5+pFrJ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tx70s-VsAQSc.wav	51.05 KB	MD5: 8cef9e6bf7c8fb143e36343ff887face SHA1: 467b5c0dba91dcecfbd05c42ef7b0b68a66d43ac SHA256: feb259a512259b4aef89c121d6a0486f9bf81cc0b94c6c5d86b694a623191f10 SSDeep: 1536:mlxnC2gW0Lm0gh6BytR18XFcxv3Y6ab0ssdPc:4n50+6Kvnc0sMU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEGeQkzsNxB9WeTM.m4a	21.18 KB	MD5: 1851ab1d2ebf84b3f88223e7623830b2 SHA1: 4ea24094e9873f2b1b1e539b871d55c31ae61fb4 SHA256: b5e0cef2cf5502a968aec1d045a37d0364c793ecdc64446e37f5d6c595c56226 SSDeep: 384:jz0jaZa2fJF94YsHw4pg4un/9/w5qEN+KtfFWx5vkIfeX/nc169dBqu2bAYFKYX:jz0jSaeJWHPq4uF/wkEgKt4x5vkIfgnK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VRP-Z6.png	1.85 KB	MD5: 3ec283ff4d2247f9e144c5a6d76e597a SHA1: 57db24161b7c272b920ca545589127d9ad136199 SHA256: b96be5a62625bb64b5aa9538f998f7ad87cdc1469579685931c05f560b24176b SSDeep: 48:AIA0ObT9kDGfh99XIsT+19yVsQ9Du9HX0IvND:AIA0O/yCh9qsTKySHXP1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wY8i S_.flv	52.69 KB	MD5: cf5c2ee7c6185af43af4582aa644a39c SHA1: 952a174184d054812c15d651a7b556a2f3d76e86 SHA256: 646ace2ee6059b230b0e1238731a4320e48b33937ce928773a45bd83a98afcc5 SSDeep: 768:TwbhOQ8P+q+lXDMoeU9Gc2y6rI12rScBIPXm6VnGl1fqgFS0v:TwF+2zMw23WrP2CnGlFFb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5hGto9u9m313.docx	94.31 KB	MD5: 43581324208319b30dd87ba9347795a9 SHA1: 8a1ffe5ada2698da2a41c101652170dccfed9b3a SHA256: eb52ba201c62604f88e56228e48628f7580c177f084bc788a5b71ca433773634 SSDeep: 1536:3tUs6/715nVNXhYr4F3eiTdeCRoK143/GTo2jztpkhm+B7O2mtEsUDlEGzpjzs+z:36s6zHVNthpeC/cPstcm+BPmNUdpjRvR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ACBE_lrqSEFAf.pptx	43.79 KB	MD5: 42d8b86494d2fc5620bd7445d4c7a5ae SHA1: 0c3ca9736a3790a6e7c852feb5a206a832f24cd9 SHA256: 34593986b4ee5116e007f8a16af6382cc033f4a97cecc8e3b583551fb28a5839 SSDeep: 768:udHwipqR4eAVkRJIBF8thogGR8kF4OaInTKm9OgQmZyRL:uOmvmJ0Erg8s4OaIuntRL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BNK6dBch57n5aoP0t.xlsx	58.19 KB	MD5: 5fc92aea14f8955965f35cc271d1b367 SHA1: f5c9f13cc507ff0bdc6fde8c8dff71393e1b27ce SHA256: 008c68b7d4646055434ad51b3a16af66e06a6ce13b3d4713f906929699e7eacd SSDeep: 1536:lcduDnkLmGE2EwsfatV+YuZaclUBjIE37z46:lcYSmo7+farr/z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GkId5.pdf	57.78 KB	MD5: 4d44116e4c78881732b91889b5f3868f SHA1: ffe0e2f3292c0d8f2d57dbb5af3477b5174072f3 SHA256: e6740fd4e1c683d5255218d2f2dfc27a72e282073d54d6781e852b519eb406e6 SSDeep: 1536:MXSMqKVGvVjXBgiE5Q1isMKI11rWv/zT5mQ6dnSvL:MXbtYvxXOid11HI1BK3qnSj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HXfImV4Qtfg1Ex.odp	71.93 KB	MD5: 739ec9b3fcfbf6a826248403240975f5 SHA1: 0c8926e5cb0f6dc7bcfd33a6a1c217365ced8bb0 SHA256: 071ac27fb374b1df224be8e0405517cc73f1d1d8151b3b0226dd85800dc8f590 SSDeep: 1536:RkihLYJ3qCX2SiFBL75Krrynkgahbbcn++om75MGbp4sdiDgd:zlCqC4Iakg8r+7eqNim	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\iDsL9dCjo_LaXt.pptx	52.73 KB	MD5: 51b113cc6fa8a25165cad483f2561779 SHA1: 43b825a40fc1b02a3c4a61a852a07d298b5eff22 SHA256: 71b17a7e23b9e6aecb29c6ea17eb1976fae09f99ff0b58ee4b870050e103148b SSDeep: 1536:se9kKGGNCb1ES6TzSbYwEXEumFvrCjuOacVZTt:se9kt1PYnwEXEumhrCjuOacLt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\m3fpL4NiO_tDUBU.xlsx	71.11 KB	MD5: 12b1b2ae90aa0a4f093dda632ed4e0d2 SHA1: a2e2c4cf4ae9ab782518640a053a859f33f30eb5 SHA256: 5231ea708e3a5b8819927273ecf598332734fcd283bd2fe29009e4d3c2f1f628 SSDeep: 1536:Oks1miqJac2bkCwjCT7qAp6l7q4lll6B1H9942cLJoVNeBe4Ez2oJ:BcmXJacmkCwG3bI5H0BF9W2Gy9zp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PSaER.xlsx	81.14 KB	MD5: 9a03bd0472ad133aa529ede59b42ae74 SHA1: 8837a28dd4e03e93db2fdafaab0fc4becffb1a6d SHA256: 88176205dd65df03488b39b19dd9aa53cc28751be0d2598e60d3b72b0a1257f9 SSDeep: 1536:dtR4yHElrrpLs48ySvogcJOFbC30Hxj17bWcqB35/37gDI9GR8S4I/3vNBX54lV:dsOGhs48BHGgpRjpbHwt37gDI908S4IK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tosXZeBkp.docx	86.12 KB	MD5: 7ac87366ade7934d37422dc41aa77f5a SHA1: 1c559ebe170d3dda425685378398859e3428d996 SHA256: 2092e33c286bc55246f9f467746e587f1c4ef2d985358f85892d4e909b067900 SSDeep: 1536:PbwVfjLBMK2Gf/OOwimj7Hx4gr2Yt/FelqSSoyKWid37q19Al9wNZ0:TGW3Gf/rwXHxHr2CFelq3jidm1A9a0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vqFDMq0vDJBGr2hc.docx	13.51 KB	MD5: 872819bc642c0a22e47d947e746bdb63 SHA1: b0cf6a998aef50eb8c3b186c082a7fe78530f296 SHA256: 411ebe41e11d91585f670341cfffec488cfae88f09df3256690675f5f3d434a5 SSDeep: 384:rPX3xPI0zyFgMrvts6KDJVBq9tQzXYCJpw1:rRI0ogMztFKoYPw1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ydHK_AJbvu6-wWm.pptx	69.62 KB	MD5: 379bcf582bd85acde119c5c2138dcb81 SHA1: c664e4b6614db03eeee0f5397d65463849e56331 SHA256: aefa56516c545a594219fc234dbd15a2edb6abbff75337844502a19937395c9d SSDeep: 1536:QQLjrYqkPFHcxdRM4ugi1w/tmA1yGF8fs:BfrYTPFC/yukmGU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YuznX2-DO1aKAcy18.xlsx	75.81 KB	MD5: 9e3f65233bf0fcd5660f1771ce40c92b SHA1: bab4c4aed2ac41163a65e9da4882a352faaf9a95 SHA256: b1a7ce5c275d8ad2f41bfc9ab312ca2deac93a33261e092b209f95304cb54602 SSDeep: 1536:H+qHMD5UZ7z8L42GP5Evk+fJ/h0hBI6NleS048CvPN5NHfqmDcV4vdQTa:e1Gp8c2YMB/OhBzYGXLwwUa	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\1LH ai8TTh YEvyGD.m4a	85.70 KB	MD5: 8d278f7c5ce9897dfcf92a0f2a463b9b SHA1: a53ace18575740c449f09e9352bbc7648f5d2db8 SHA256: d632816d41c83c1a663313fa9eed778b81951eb85c12dbd5cbc82df55fe1d033 SSDeep: 1536:TUqRaWLLJCdtVwCmwF/TOj6chNwg57NyIuXxKYZaBN8Yqo2gafhIWxPEfoz:oq0CJCHOCmw1ahNZWR30Brqo2ZtpEk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\1m-pL.m4a	42.34 KB	MD5: 2817dc68b112be3bea4f4ebf4ee172d5 SHA1: e1830db2472209b18061769955b81cb537528d1d SHA256: fb26ad0ffc7f6032f44403ced82601deb7da159877c7c8616c32418f56286bea SSDeep: 768:iAvTQFOrp9kdQqphUVQfe4laFouXezNZqXk2QlwNdXyarxqHk47JI:iFFOrp9kQaqVQLgWuXmZqUSdXyAxmVI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OENLvsSvA_3B3xAhQM.wav	46.57 KB	MD5: 5120cd29b4299fd0cb72e8853809b9fa SHA1: a683316720890355d2859325e995069b99eb9929 SHA256: c521488199cc356c8255bf69b12f9e4fe347ca38aa4ef5eb3a9fc66ba57b526f SSDeep: 768:0UHzn2BGAyC56ltVVB8nQ2McqMK6iEWO7sw69LjYxgRzVGyFMs+eYGrBLvX3Mkhb:0Yr2BGVC56Bz8nQ2HqciJ0sn84FMh7iL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\5NnU5R.mp3	6.00 KB	MD5: 3724bfb412faed2603cd25506162355b SHA1: 9a179fba3d7176979a6f771a83f60a9ea25a51d4 SHA256: 8c5fb6a029ef8cdf3ee390226ce9e63f879e33dca6722f5e06a09fae6016eea6 SSDeep: 192:66R+ZbSLH1yxU7FGbxZlggPRkScdAgnknw1:6kSGH1yxU7FGygpdcdAGknE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7wK8zcb6fytX2DCx65.m4a	76.83 KB	MD5: 448a4dffe1a36ae2585b419816db8c11 SHA1: 900cdaa33534c005c79f528c29d44c5c9846b785 SHA256: 0db64410f6a4cc338a6b66036148388d1cd44ee96df05f44763fddb792ccac2b SSDeep: 1536:YlaMwPRfF051Jv6Y2gCCbL1AFN2Wlqzm9lByWwaHqqiI9Ln0XmYX8/F3IS3:WSRfKtv6Y2gCoON2WocQaHqqioAXs4S3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\AfS4W9T-vl.m4a	20.78 KB	MD5: f242df54a7633dea407e7d85c6edbbe4 SHA1: f9a0c1016d7bd048fb57171c5dcfc2394d3dcd00 SHA256: 52b4596e445c2156b37760ebea236425f3f141bd22d8613f85c28674e03ee6e5 SSDeep: 384:/WjtgvF2WPXESTxiMlIBAjydHTwaRPzqRI9JIOIgxH+jZJXl+pey8w4+:/UgvUWPXESsTA2dHTfPzqRGB1kk0r9+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\eVkUqXz.mp3	48.43 KB	MD5: cdfec8400755ed97e0f74b242fc03148 SHA1: 8c322bf6779bf13cd0b40482fadc723256db6628 SHA256: 017e1673290c46907d9ff91cdfbc19da39f8620e02f51b6ddcafc8d55d449753 SSDeep: 768:3sXTkDSI65rAJxONYjBypEGFxxYfsbG7BQ6RYikiiIFpVll1TCWVRzHv8aj:32IDoAnUYVYjFxxYf4MQ6pt1TFcWVl02	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\fBS7mSNK6.m4a	81.48 KB	MD5: 6d04e57a5d01e055955d048c94b85d5d SHA1: b6617dfe64d4937c4bb7ef006604319040a6a4f2 SHA256: 29bd2c489c34b2a68ec943cddca58457d57da3273e427b72a1a202c095285ef8 SSDeep: 1536:M5sQH/PHclsrfPsDYX307jRfChbF7YPk17/WJLdeISaRUKMrnDk8gD6kPjQxSC:SsQfPmsDPvX3ajRarEPk17/cdeISaRnk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\FIVz Pn-IkWrJfBV.m4a	16.04 KB	MD5: f501e05219e0e37f87f2beae34300182 SHA1: 796cdc20efb193c3cdbf04062a6d2a5dca114f8a SHA256: ac67ec86bc83c94bf26528a17b5deb1a60b99dc9d4fa532549719639f2fe52c3 SSDeep: 384:B3TTT4fmcNcLVVbJj7g25WjkBdorP/qp9C2dogyLe4t9lC:9AfR4d7Oj+dSiyLi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\GuF8APTZ9unXBfPE-UL_.mp3	88.25 KB	MD5: 57a9739069ed733ab2e37610ff980a84 SHA1: 32e37ddc077909cc8daf713a794b803edd6b8f10 SHA256: f75b9021592c954018192d853fccad9f732dc0200bacc0c99fdb1851d91e1fc6 SSDeep: 1536:Z0AdREuxt/9TMHD5I5XnCZ3FQxEelRSyQdJAkQXYtExcukgmhwCFndZxTR1n5yD:6AdCuxV5+D5InCZ3OVQldJJbS2SetTbk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\L6arSbkZ7.wav	52.06 KB	MD5: 7c425dcb8e41724280ab3cfa604e7298 SHA1: 615be79433cb40cbd6b3eebe41f4826660dc5b25 SHA256: 1ddac1f7a2661fe65e6df337236e14bbbffee27377d649ea773f6e95de0614a3 SSDeep: 768:qNUSDF7bPyYuNQxeQ1zBnYISM0VLbt7/sANijMoRPAzbLt2olJHw41t6RJSMS5aj:MN6rSz1zBPPGbt7/RiBAzAmJPwJpS5aj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\m5E4cMfxi NqFn.wav	41.82 KB	MD5: c07d1b2ac3b0b8c4aa33493ec26cb525 SHA1: 13bde9b61197d63cba01f5118457eb20ff8394d0 SHA256: 18b8ab8c635e15aea0dd912d943398ea7253136c2ac4513d9f814515d9269d48 SSDeep: 768:BOiSyV8IvsSFy1zWQyS843EvN62XHTtkEAnHUzQJz2Mo8JPfG2R+3iyNpR:UiSyKIy1zY43El6WtkEAnHQ6cl3icR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\OHu_s.m4a	93.70 KB	MD5: dd5075d681fa5934447c3f2cb255f678 SHA1: 6a9be41d598df93a10fbd6cb2003c834ad6f753b SHA256: 66c416321e8fa6361b887fb11cddf8adf58ef6ad357ac2640f7dafb02854a221 SSDeep: 1536:2skudN5gH3SFyIGOzI1IV6FMXZ1osqCo5NlGRI6uasB9yQAQwc2I5UBtdA4/m+iQ:RN5+X8iIoGZ1+CoxeMFAQindAYK0F/Tv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\QjxSgCh.mp3	30.67 KB	MD5: 5d1249b72e922cedae345e1f32d918f0 SHA1: e0bb6a71fa67cb0d841b23ad8e70dcd78bbcceb2 SHA256: bbe3ef3b35ed46437cc549888f19a749d199c3579ba24b9894db216cc310b2ad SSDeep: 768:pkX4QhHEYEYepXoFz03ueGm8fVdZkn2DiE/uji3/X43Wb0bP2Fz:iXrS1YepXo238m8f62eoX4t2Fz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\uYJ6-T5.mp3	63.09 KB	MD5: 516164f3e261acac2db0382aabcef6e6 SHA1: 344f1ffe1e2f2d7766e5b01010246d00129d49c9 SHA256: a4200511262f59d148a189ae9c4339d501af828f9d47e978a623676f54adf95a SSDeep: 1536:1mgonLTMxpaiW0MRHacY2GWmYU3OyVL08xuoZFEhb59HQEc5W79ViH:1ILYDbWxFac9GfFVi8gcEJPHQ95W7Hs	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\X CNm1ePx68ob.wav	25.71 KB	MD5: 10ef662394fa48c0b40c8805155ac54f SHA1: d3fd299a287ad7e4f73cfc491861abdd33e41613 SHA256: da580102bc3fa8d8c5ab90e246a7db9d31e08ad6ced0e492e6e2e1d25479e482 SSDeep: 768:e8hQM5ap/q/fMYEeEittzFxZ2DgeqF8gp2Qlm9s:xhXEkfMZ3GzADgF8gT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\XDsCW7KhypcISoT.mp3	17.58 KB	MD5: 64a9861b05a3a5aaa2ddce779cc51d58 SHA1: ae75c8f5fa7feed38f91714fc825dd35f0595c7e SHA256: 52ba7bc04c10498c380c11ca88434d257b20964c346a6e37027f967e909ee901 SSDeep: 384:6GfY+QoRoftD0beDFLumpZv0El8B3sCtvbhQqw:2+NRop0iDFSmpZzKbvbhQB	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\xhJyMD-UA.mp3	41.04 KB	MD5: fd6e8564657da8fe1e82e821d14de069 SHA1: 777bebfc8e9e4a2949bf1a1d6a3fb94a96aef44a SHA256: ea59e8fe7184631f07153e57806b60113fbeb05c95659189b73706c52784802a SSDeep: 768:UI4sRCQcjSju8pPyVK3FF3O8YzdEZOpTpKBXy/MeMPBy1:UhqCQcV8pPl3rwCOpTv5MZy1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\XUycEgivdCqOtq.wav	2.11 KB	MD5: 71915a6d834b06c6aa7df3e207c03043 SHA1: 76ef9c6c79dabd5f0857eef021738fef54afdfbe SHA256: 3ec54d2e5c556d1282503171096bbfcae423a66974d976e18bb7ac551192de54 SSDeep: 48:hpJzFwNVvNS9Mibhy3MjbXxDBtNsu8oKDJpjPK+/l6AFOP9V+vtIKYOlND:JzSNvuMiag/XMnZ96gQ9V+vBYOl1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ym45zlaZS.m4a	3.14 KB	MD5: c8749a724071db1db45e1ec7017f3e80 SHA1: 94bcfb672c13fed29bed221b51e26566f18897d2 SHA256: 5139ae0b108a72a87ee79b5c22652c5f31685b43ad09fe952c794fe3cc2b84e0 SSDeep: 48:LTScWe0YNEDhPMOhfifzXX5dtrJsMCO/dEcUH/pr8iN8/og0fEVfnU4iovPu7Wds:LG3aMh0OmPtrfpEtPN8hfE241	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0XXhnuQwlnRW 1zNP6.png	17.50 KB	MD5: 5283ab6fa2245e611d41146119b8db12 SHA1: 91f1022e1d572e0d6cf29ee2d6f0b888f68035c5 SHA256: e071532b3ab0efa8eab7b870e9e7c91a6905710fd793a54823e397f317bd9355 SSDeep: 384:Qu/IlgOacp7eZzgS+V2NQDUitHuiewJdcL2uHEzkZOPAMf:hgLacp7eZ0n4gUitHuaDcgkO1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1FtUuIqrnmvC9b.bmp	16.79 KB	MD5: 18e449d6d2f9405c77512735826a252c SHA1: 92a528ce2a0e8fafba9cb728d93cc2457ed7d946 SHA256: db6529a4c0116fb040d946724ab70eb234e07c6440bed29f9002db5651fe2118 SSDeep: 384:TicYSBHJdvnWqE/6lny32VNtc88w8dlUh5qN0+/kdzaJ:+ebdvWqE/6Zy32VPCZUh85/kdze	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2HrWHjA4PKJeRGV.bmp	38.60 KB	MD5: 0f5c63613cc7a67327f624809093456a SHA1: dd40d1ad416a12ca9dfeeec8644223fedb649d49 SHA256: 360e4398a452875c3b209be385e0d96caf8d23764a39960f3b96289cab8eb99e SSDeep: 768:q0g1wRDIT9TpkzpIT4rXIdQyARkC4LCOKeVwouUubDGeIsnU:q0g1V1kVVrXIdQPRd4LNKeSorvsnU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BjAZB51qWZoAHkE5.bmp	77.87 KB	MD5: 5f088ca9ed00b32b21413644b465a4bd SHA1: 0f8b717d3faab0cb0da64ac847716a74b359132c SHA256: 42c7572041cbf7bc4d2da40a10ed750edfda7af90691a3582a6a4759769e34f3 SSDeep: 1536:2ee16K5wyCMSG0upxz7SCSBxjqonxmyHnpz6xRZtQfRSqsp9:RM5wyhHZSB5qQlHnsxs8h	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\CWSnMwdRRtXA.png	97.52 KB	MD5: 6d08e30313f854ae14be4e94674735a2 SHA1: 9bc556a3de23412f64c5f2e56d92d447cb9631f7 SHA256: 8140095737e15d047374a45e1e4d7c2d5507b91f1b3f5d2e26ac9a4c287725a2 SSDeep: 3072:Ngufqj12FIe0icyBAdJj+VQOMRNo5p/b5S:NguSIFIencyBAz6vD1S	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fQe1ychsju.png	89.83 KB	MD5: 1ad84e32530a5240e738a7361d77d2eb SHA1: 432c217aa43ab37bfbf0d0c8a3653441323e09c0 SHA256: ea0bc1bb131054c29a7cd86ab9e342d96a73c3075410b3664af116010d0055ab SSDeep: 1536:P2LO1Vh1dfP8tkQiXh98/WRcc3NbS+g43KRH5UayeAmenG38FIsx4a/Kk6IpI00Z:7jdfEtm9CWfbg75vye18fFD6J00AaqO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GZFXJ5sPjVz.png	77.57 KB	MD5: 73fd68ecb654c9402e80e5390e200f79 SHA1: ce4d1e786524645a93b35c1a5d42860b7290d51e SHA256: 420d0a59c2323f56cbbaeae5e595cb1bae01a9bcb45bc2e5ce5272c8411681c8 SSDeep: 1536:0lOHffeMbep/Ik+pssEYXr+5jN7fDntE2HCTxTFcVdV1GzLFvw61+6N4R7h:3ew4QHpsA7+RFDnaJuxAFvwLp7h	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\heN4k.jpg	7.02 KB	MD5: a17faa7d38887fe1af56d1d739372cfb SHA1: 6c12b0ae33dccc3714512ca2f134314f0ad5cb27 SHA256: 8b9df80be989769fa5dce84aab5f6b99637b27df7269d06a0141b00f91da420e SSDeep: 192:zGq7Qapc4BGDzXiTN69tO4PXwNz6ywRqBTLF0RS8X21:KgQoHQyTuwFmqBF0HX6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hs-cQ G F8kD3.jpg	52.42 KB	MD5: 10b8182a5fdd8122e6a0cb671b1631e2 SHA1: b55ce6b98b4b4a27f8368568e9c1dce4aa1c6e32 SHA256: 4ab5d6eb052a277e44ba9d63c5bb2a08531de95ba5bd1853c4dfee152c11ec90 SSDeep: 1536:vnXcJkv168bp/RAi1PwPRpHKTEox0GrJiknN4rIFl/KOt:fZUODY4xPrJznOUx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LtV7_Xi9cOpTXz1QsNs.jpg	50.45 KB	MD5: 731e81c5bb29775647fa3070e2991f9c SHA1: 96f2b19ac0664a52e36c5205f797f13b41da6be1 SHA256: e7f7ad468c861548afe2d56f1eaa25d6bfd5f601d5002f05caa750d050965f7c SSDeep: 768:VXaEBZQkp+rnMsoqH/9Tr/pKSZrYSMr4u7A3mOD+sbT9GgaRnPXDEcdS/ov:VLAr/Br8SZrYSMr4RmpmanPXQySgv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\lvjoq7Ac0y5wIsBJa.png	42.80 KB	MD5: 6881ad93e9e7683f0b6442bf640852c6 SHA1: ff8c6963dd1c1bcfd94c5b8fbafc82b75f2af59b SHA256: 3281efb457cee6f018b68b23ecc33a549bf1b9894e94a19938db139c12e7ef83 SSDeep: 768:7s7tOqCMQfzZJjfdPd9E8Sm1HpS0ovGG9Kgdx7LtEkq0DXyLedhku7ITlA1fSQ:7CCnfzzhA8SUHpNqG+Kgdx7LtpnSed+4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\MhWRB9plYFucf8hAPu.bmp	99.27 KB	MD5: ebea4cd1861c2f781167993d379a3a3f SHA1: f6e85afaf1b95a95a6d9bebe05c02172c0f9d8f6 SHA256: 360151153af938f60445ec138f13d721e8d5c3e2ae39e0359e4d3ed7163dac8c SSDeep: 1536:72sZS94DEpUdArcveHqxIShiSFU/ZTjSPFnoMRLJ6ihUnk5j:iUSiXdrveKxi5/0NoUJDhUnWj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nqOPg0wxa3Z.bmp	61.34 KB	MD5: 831231f22935393986026d6e48ed400e SHA1: f66f9682c75513cb53c6071adbed49e8458ef3f5 SHA256: 3f0160b21eda6e5b60c5ed2f3c8d56d895279ca1039df919adf594bd6b3f897b SSDeep: 1536:gdNG6qb1YpDM46nyDfsh0k79432xkpvh7xa94dW8Xie4Ge9V1N:L6VpfvDfsh0km32ap57x04dYb9V1N	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oIFGYUZwA9gCm l_aOn.gif	53.29 KB	MD5: 796ffad2a3260e20ba5e11a1a843f44c SHA1: 1c4b49279bba49a98f7fa33f72ff2b9d586d14c0 SHA256: 951deec19aaef62640245da2158f4abd8a1443736c5ed5a4b1f6adcf1e8f061a SSDeep: 1536:7UXWxDx2Cbz3A8iSeePJEVqvxIwaKVNmb:76Wz2Kw8neePuUvxo6Nmb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PE ApnfO.bmp	3.83 KB	MD5: e099b5aba5a672637ed9fc2e2d6b6b21 SHA1: c58f10a14d1e347414ff82422d99a4efc7457a06 SHA256: 39dc311afde50f6b456cface7794e26ca7efd5a57fc6132172e3c85c28d8590c SSDeep: 96:NSYi4bc2BL+lg3urrdPjQmba+q5lHeB72v2Y4mmtG8HKIv1:NS8aa3uxjQp0t214mqFHKO1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QU_VRdUt NRyuxhaK.gif	69.23 KB	MD5: b64d80cd9954e9459429fd92588be674 SHA1: 38ddb43e2426219075cffa97101cde0f02b6b470 SHA256: dc57c62b095bfc8f4be17d260448334da1ca18ad6d2939420a50d64bcc52fd15 SSDeep: 1536:0VLKysI8ujZ4aAR8CIldBr3L7esCIlrKm0IlTmpTZoRU0aEf:CLk5udTARopzL7JCIMmbSpTZoRUi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\riH elLcs.png	18.16 KB	MD5: 8b56293fb33f5b3dc95029f44c6701eb SHA1: bd97d234307989fc95782f7f0cbaa9ec39e1f585 SHA256: b984a5d2f76e27254a904593f060526fb1d558a8a28544338b1deee2619e6c6c SSDeep: 384:ARWhHL9ostlvMFMVBlttq6rlbfZQdoqDOSJsZGPN7ksAXq5MNq8qcm:AYhH/tlvMKBXU6xrXp76uvo8Vm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Rk9GCNO.png	57.47 KB	MD5: 73bff31101765cf1b2d5a48aadad069c SHA1: 5bc5d12bc8dc733d554f54fe2bfeacc04dc9f2f3 SHA256: f5c9f7babbf38fc374694e5f9a1c463c4fad77d86d944589f909fc933c7912c9 SSDeep: 1536:w+D6f3bpt0QUuDLRrAOLGj3BOSQazbsM2BocxVwMEc/x8:wm6f3bw9uDLRcSmESjbs5mAdry	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S--e.jpg	60.23 KB	MD5: 3dc4d2cfeb233df19bc84ca865ca1db3 SHA1: d9e2f7aa98427b2e21d604068fef3c109a3e17c3 SHA256: b8c618798d6c4d68f91dacdbdc760c71dc8088cd5ea56ed370819281331356c3 SSDeep: 768:r2BaJsqOOK3+T/U7IOL17KaRqZnTXxNYZvd2FmijYkWhRoKzOrKbKNR/jYVHYyPU:aCztUPR0TXXYZsEik792iKNipE9JqMr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\SbXik3LvTBfT.jpg	97.11 KB	MD5: b5bd3d4ae9c55de43b8fdc31ab66c1ef SHA1: 9227378ac43573c9040fd9261dbb2c9d7eb82d16 SHA256: 3e61e85b9b844121ad62af40a71a44713662c395d03fa599b47b4d6fee0bf1e9 SSDeep: 1536:6dTa9WYy0ELuQp/vfpq4q8/tZHPeoozW64fJG4LAJBix0I9FqhpxZFgxg+d2m:QToRJOnQ4bcB45rvaP0xg+5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uA3602jdk4LLtIeK.png	26.31 KB	MD5: 6e96102782451848c688a48c99f9cbaf SHA1: d1a6fa0d6e0b1b88150b3a70d70f615dab1ce496 SHA256: 5a3d2a740216c3a3a117d5a61ae7dc8a9c0dc332551c8cf6b054388f48f476c0 SSDeep: 768:6TFvlG3mnA67U5tjwAFeDHC47iBG/UNMsal:6TF4aU51peDHC4m2UNMsa	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UJnG.jpg	70.55 KB	MD5: 963f3d711435b86655bc45084c2cb795 SHA1: 2ee5f36478940c6cdba8dea5907fe97778449cb5 SHA256: 8f39d4dc5d4487f1da79cef01f3f0557f35392dda93b7e27146b42eee2403f9b SSDeep: 1536:G2liaFXQ7QvuFphZwMg3eLQ3FVlnAS7jsXmse2qbDC:rliaFXZuzhuMuz397eqbDC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\watBxpzRgOgaq m-.bmp	60.09 KB	MD5: 1a02e58945a25dfcd321660d6fc06d5f SHA1: fa866770a489045643be6f93fa7c943996488667 SHA256: a12ece066335a3cd9ca00d59c19b38d22faf1b246ae73a8a7e94b66123292afe SSDeep: 1536:jIu/IuslRT+wgur0jrubG93FirFW3Ttkb:jhilcwDG93qatkb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YdHbKfRnKrxhFcKFQ.png	79.84 KB	MD5: 917e1b06a47f62d43c4eb8d84d0f38fc SHA1: 9a2f3d6e89dcf9ac13661dd44d6f650d1d4bcf4a SHA256: edb0ec2f7f782f4dfdb87158acface98fc0846bc6c61b24b34ae70ad01b76d8f SSDeep: 1536:7PCGF8oQhIvJiFCbpPAEzfyfEpnoKoL3SJ90fr4U9Tuzhav5X7:7PCGFIKx3bpPAyfyyn6L3wU4E+u5X7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zJRA8eKdBctBG.png	35.53 KB	MD5: e9663708f94187df838456b4262b3860 SHA1: 1635451f35da4da1495ad48ac1d161e3214c272e SHA256: 987721d1e7e24182c66c518fb59654a48c9f74a8c040450e78ec625e17b357da SSDeep: 768:UKshgzUFu3K30pYxnfo4abAGObQ5oaUP9tiDtrlypSv8B2udqE:U7g3KkpYt9GObQvuiDfuX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0g5wGPdK.flv	70.18 KB	MD5: d1868f4008f96ee41b09831640356cfb SHA1: d8232fb88a5f0646d7624b0287fb083dd979f585 SHA256: 3c8dbf747e34771c253db16d5ee7863bbd61660bfb6283fdbc8a03035f99fb2a SSDeep: 1536:ADIpR0Wt68wn384pWzUPfSzMgT3Yds3+Ck62Wyn2PyVa4WoR:AKiWt68NwnSQgDYdsuVU+Ww	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\81m98bb.mp4	55.15 KB	MD5: febd95bb72b60b08f7909288ccc460ec SHA1: c84652769913aec64d7ef1ce5a1fe153d429fb74 SHA256: e623246fd246cb7a7f7a0bea99f59c630b8207511aae893639721e27520a3a8e SSDeep: 1536:j/7McZQBpyegeHSq63WkERAMo+0F74Fb6EVBGCEBf:jTMcZSye1MJpJRF72HLA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\bewfSQ65DCd3I.mkv	3.43 KB	MD5: 7c784f1ca79bd09ab71a73a12318bca0 SHA1: c2d53dbc0267a11e54441619c70c739a82f992e1 SHA256: 702e14bfd6eb95aeba1e78dc09210d21852343e73f7b563a24742670cfba4070 SSDeep: 96:JklfiWjhDAe7frzsJynX6NfIcrudr4uzI3PcU1:+lD9AeT0JyncYBIkU1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\BgXRSx7UFqKOmFFcD3.avi	92.38 KB	MD5: 57e44fe085093f8fcf934d1003c8df48 SHA1: 8f0fb3c2fd5942a8533f9f011a46ae0e9a9d838b SHA256: 593686bc3a77b77e8279786163647080207484d142b026bac08a2034da0f0b86 SSDeep: 1536:6kG43hO1L2fsTHZaKZ/coG3FS2q82bicMnk3FZb9bjkXqMpe:3G43hsL2f6/DGVp2izkVZdA0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\E6tpFg5YUih.mkv	51.43 KB	MD5: 9bca98e005a2211a280e4e33781a3fc8 SHA1: 635366e895825331a7dcf412c2a47053c51fd20f SHA256: 757b1776fbabd5a5cb39f4f67be9d23dc9e2424902b53894161764335ddc61bc SSDeep: 1536:Id5UZW/uPu4oLI/78EO3morPn3WCEOJ3Z3fUa/:E5UZIj4oUwEyzdJpR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\nUY4nxCO FfN6j.gif	84.79 KB	MD5: 93547afc37641dcc5302688ccbc1bccf SHA1: 646e259123a0080b5faba00360472feae308133b SHA256: ab58a2e08380d39c93bb3ce74cc474335880e315d9a045d1e0ea70f18c7fd8e8 SSDeep: 1536:LcsVlE2HkH9Sx5S2SVunTBgNqNTj0wGBQ9SDU+GHOep/Q0cX7vLnd1Y6O+5h4U:LpAI5S2sun2cJvUJU+GHOetQLLvh1Y6f	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\f9wy.ppt	90.22 KB	MD5: cd9c32316e204ade5ac304d757ef79e4 SHA1: 323cc95f404b26ac4fe3ff4fb811e8094ce63357 SHA256: 4a5ebf46ec095554d243a93d6617bce132e0121c70cb3e459792fd364134fc9a SSDeep: 1536:4+VpUGzQm+QEpQVpecxFMPiB+wsOSgLFZt65SILQ2Vsv3TBOA3Q3xu:jVpw24QO+uP4/oSILQLv3Tlg3o	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	265.08 KB	MD5: 20df168e333fdfaf44094eb50744972d SHA1: 836ea90d9798129db37b21152fd638a32f381444 SHA256: ddfec1f654b66d3ec455d5e7a009eef0e140a8e4c003255c987f5bb1ba6434fa SSDeep: 6144:Hh7iZOmKxi9i5BZWYgxQTiWbX9JSfLEhv:Hh7iZOHIOBZWYjTiWbSzEhv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	314 bytes	MD5: 5158c729e0e316225e0c84fdd073dd7a SHA1: be666006fc7939debe2352c70ad81fb781f3c419 SHA256: 5899b9eab898fb136b2d1f2458585e1911ae7d621224eabafa1784d99da1cf6a SSDeep: 6:Jw+XeDR0ooRnDdByOZCnbwQr+jDit7nf5MALrq0ri0n53Ri8iEcii96Z:bXeDR9o97/ZCn5+jDix9LTrtn53xTciD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	304 bytes	MD5: 131f15ef23e14a1ca61bfc33ea2dd9f6 SHA1: db1655435a4f1f1e0e415fd4d4939569b45c4aee SHA256: 8de49e267bfbda924608ed0d93c7eededc410d04c8c72426d9ce5e710b6737c3 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4wsGWCqvHT5uUFRi8iEcii96Z:bXeDRQ/wk/vHT5uqxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	211 bytes	MD5: 3830325334781f568d7f2c77346612da SHA1: f404de0a829e1c33b3fbc8e60c61e35fc66668ab SHA256: ba5dd9c92b68598f37c8012badfa2544e9a630a6678e2aec6a19e189ad3ead53 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4wQp0lRi8iEcii96Z:bXeDRQ/wk4xTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	211 bytes	MD5: 255627415485b279f557e305d6af2a67 SHA1: 46273ab012d2d939c1496a3127e80cad688bdaa6 SHA256: 2a3af18294eff3146f9e1275eb213696961112265b50015400c7d96cb12d2309 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4QWrFf0lRi8iEcii96Z:bXeDRQ/wkLFKxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	211 bytes	MD5: 7458b8de8fbc427e9976b07d8591d6b9 SHA1: 3fc47a139729dc9da02a0907dcbd5528be98123c SHA256: cf40f54e54b28b674b0ecb33b0d282d08b371415bab07cb30d0bb05c01471e05 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4QUBB0lRi8iEcii96Z:bXeDRQ/wkFBoxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	211 bytes	MD5: 56583df0d34dea5e840ee65d579c6673 SHA1: 9f2f3af931d4fe1416e2bc3d1922798957c1a559 SHA256: 3aed8948db5eac9061b8a7559059a78128d8f2f36747262f0d3cad3504968e4e SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w8BW0lRi8iEcii96Z:bXeDRQ/wkRxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	211 bytes	MD5: d9f98745dccf639e717e9b8033e8c82d SHA1: 4297236339f3c9f1a3470356fa4b8adc60c987de SHA256: a92f993f77a798e1f53f3d948487389bd9da8e14ee73e6207ea78049f1c211fb SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0BPW0lRi8iEcii96Z:bXeDRQ/wkFBHxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	211 bytes	MD5: 4c16a4a5f30f0ce4ce3b5495ae9e770d SHA1: 26bdb0d8860387148e19518842ab1d82ea7ab9dd SHA256: 1cf6ad787a44227ef269951d33a3e9a92ed41405ca6ac29f41c5123de21ad72a SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0BVW0lRi8iEcii96Z:bXeDRQ/wkFBpxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	211 bytes	MD5: dd3bb0127c7c5f8ae00e504d103eb4b8 SHA1: 578d9f557950b43de4c7b6fab4add2252e146032 SHA256: f38d2fdea6efa4e0fbd6a6d673f269a2f094d6b14cca3b001fc67450012b7dc2 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4wrvvop0lRi8iEcii96Z:bXeDRQ/wkkxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	211 bytes	MD5: baeed34c1b29cb8e489a5ef37f66aa56 SHA1: fde3c9c2c8af8acb3eec543ffd0890d7b0b20baa SHA256: 5773e63170357bcd6c41da54385942959de9c785884566bba0ae009d4842cf4d SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0Bk80lRi8iEcii96Z:bXeDRQ/wkFBuxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	211 bytes	MD5: c376eaae483dee8bda6b25a053abe1ca SHA1: 281b854d462bafbde887e8fe57191ee5de66cdb6 SHA256: 284f6e25c36ea1575c14bb537675704afd26afd81ee5804e48016abf1ef2a4c4 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0kZyf0lRi8iEcii96Z:bXeDRQ/wkFkZxxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	211 bytes	MD5: d0cf9d563dfbfa3d39c75f402cb9b3fe SHA1: 2d6fec956de948e297d4af4aea5013209ac1e772 SHA256: bd9f5142d4c6cbd3bc57e8680b82a41fbf6bc6bf09da5105c6952590274a9f07 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4wP0lRi8iEcii96Z:bXeDRQ/wkXxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	211 bytes	MD5: 146e7e07ab393dbaaaa26018dcc4702f SHA1: df2866f7c86cd4fc91a23d4ef620f5edf9d501da SHA256: d404e659ae31ea759aa8fbd690700b1d0bd0ab9206f8a470c7a607812327770b SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0Brlyp0lRi8iEcii96Z:bXeDRQ/wkFBr5xTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	211 bytes	MD5: f9110f6d8f8108f09c3ce2a2bc2bcffa SHA1: 8d7fb695951b760e77c9787774b3e9b9638a1bca SHA256: d4996f8bf23b0aebe08e0163a69325ecc805c7e2eaa98414884b4742483dbb25 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0B7W0lRi8iEcii96Z:bXeDRQ/wkFBTxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\91os8u99hZG.avi	25.99 KB	MD5: aa7a999579e8aad1774388dbd2e3911e SHA1: ffb18572fc155d19f254c2da02a1607eedc67065 SHA256: 3557fde44a1c80f1f7459a81eed81f4a02512301ca6c1da611e443255f7fd50c SSDeep: 384:G9kvj8cv69oUkYffFJxLqN8f+on61Rl4fbMDZqO51/dpJT6gVeynSZp09bjuIUSH:A6d69xvL82+FblHZqkvOZcjuIUI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\NKvRPhAYf4Ra.swf	50.53 KB	MD5: 7b6c33f4bc5dd1995abba5c520da9365 SHA1: 26bb7e47d40b200b657fc21997a8f825bd08a411 SHA256: d09f9ba818f1b876360f4b4d2af1d806f2db3e27d7a20ee7d19142befab785e9 SSDeep: 768:TpMrco5LKxN/mIPa5oaFub0oyVQEfBcHqPrytqeGAgzh1SlwIxTf98SqRpHybHLD:TOJKnlGzoPEfBcHwry8LAgNEDqRMr2C	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\ZZI5JtzTKrmNM.avi	85.73 KB	MD5: 76d32690cfeb0f91102a3ae1246c542a SHA1: 740f84d1a4af071c0d4d290039dd789171fe56bd SHA256: 18e916eaadb8a7c0b610339f68292a720fa7b3eaef922c25ba91dc50f3a5eab8 SSDeep: 1536:/GsclDeAIAxj/7QpKLus9dO3Q1y2k+FFE/ez3w/HU4OojfAnVf0GO06zMQW:9cJeUxj/7QpNsDOA1yyOq3y04OojYVff	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\eknZ1ElyFLFFe.swf	2.02 KB	MD5: 3acd5da20b2414f6f6251a042f52e3ae SHA1: e73e6f3a23c990083a0b4b345df56a9dcb0563f0 SHA256: 13c9953565593fbf582a2d613452c2dbf18d1c236844fe7148df6d23144ae09f SSDeep: 48:JHovh1SuilJ3pTChu85lvWkHPvmKB1KYZiGqwM3uND:JYSLTDYvLHPeS1JlJM3u1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\JljeDE FbKXuiY1.swf	62.70 KB	MD5: bcfe107942aadf1825dc141c3810b377 SHA1: c424c43f140f5ebf336d157a939f84950c7b7bd9 SHA256: 3fbbba5b197227babad4bf7da0ee5505ef26d9ce54424a5691d845f8fe7ae897 SSDeep: 1536:TfnjbKvudOWsjGj+krk/iGI7liY2i6YGmVB4YotU0+e:Tfn9dRsXGGIZPKYXsYotd+e	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\iZgdpj28McGBvZ.flv	27.98 KB	MD5: f5460be931b8f1408758166250c0b7a9 SHA1: 2bb80cd52eb65f5a7304e12076ced51c0dd7d1c9 SHA256: ab41e5dfa6b9762bb6513d1c02004f1173f18bf05176ec654707b4866188a315 SSDeep: 768:jx3gTfKqPLKFvxiYMxePTqorWU3pxm2AfnhGPSa6YpcN:lpqjsAbx2TqU3puhFDik	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\k GCuA4o1c5KGh.avi	28.20 KB	MD5: bc52212d400a63a79101078b88e22e10 SHA1: 11ffe59ab5444226b6502e2db986a5c58dff26b7 SHA256: 6f0750b8cfbe10948fd10499b1ac8811d7e551bbc1065d8077d77042a247498a SSDeep: 768:mglsMgDluX3sU13qVel/52+xlMgAN/dELrjn:VsLDQX3sq3jN52+EN0jn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\OQ3V ylmHyu5rZMlP.avi	6.71 KB	MD5: 968ef7474d6e46ea4f248b98eb14f46a SHA1: 1716dec7b56e94ed309a776a1fe0773b4c7e16a6 SHA256: 9e7f6dacbe015836957549b9653212a7c2de5985da30d0f9007cbe25b20a5c59 SSDeep: 96:GA9yRFm0qr+DIFUCU2K0KUFZOK9lTugOCV4ObtZtZvnA7IErt/Los66Y318h1:mFmd7F3YUFZzfN4i9vA7b/Ub7qh1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\pUMjEQU7g4.mkv	82.23 KB	MD5: 32562ac6c4a5fa55709460fc177fefd6 SHA1: c6420c3178b12e8c7a48987c53d6c93d12b9b7c9 SHA256: b7fb4a329776ea025fd0b8b79874188a8e1007518f2e25c2bbd4e352fbb59566 SSDeep: 1536:crvvEI4BbNa68+g9FgyIOBO7rEb8Hce5KWVLr1bSLfMoxLTW:mHR4B5ax+4DI6QEfqlxbMUiTW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\b6wh.swf	48.28 KB	MD5: 53029b205085bc90a47767d4b60e4bcb SHA1: 89f9399c7064846062d813ebe648bd158cd4e8aa SHA256: 19324ff98ad0a7fe0c251c98aa97c669eba8fee153fb6b856ca118a6ec487949 SSDeep: 768:8mmfA47sx0YySeFJaJOTyr/3p4iLvvj6uTMiCrJMDu/b7HfP4qxUV7e0K84G85v3:aOTP+mr/zvOiC1MC/A4784X	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\wpWUhevKBRfd9lm.swf	25.76 KB	MD5: 8935e5aed866624e07220d70eca8cbac SHA1: bba3f290bb01e3b6e121fe2beafd68ad06966eda SHA256: 4d9f6c303e0fd95c1b9ac7d3464abf3c48f0ef85a6d7e805cd0e9af653113917 SSDeep: 384:p4gyf5XWYKfqaoVGx61ffvj8YH9jc23xT4OmW8MNzH80YKrS4AdCqS/VOcu5A2Zt:4thVmuoYHNnxTmLkzcEcb4Ru26G//L0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\hkYdWviKftqSOmoU.mp4	35.42 KB	MD5: a3b7a0be8f51eb6ee6b40e905c8ec470 SHA1: 4292a9c06582fe49dcc19836aa0c41be28659b28 SHA256: d04998bf1944ec1c32f8b555786b863a93ffb0b41b7727aa37eea06fbe96ff3b SSDeep: 768:c3A1sHlqsvv9e7Gctq0hUrru4OcbLhSwvgV1/HP602W6Ep:cIs4eE77q0mumS5FS02W3p	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\q1mFKd_YNe1ZXJ.swf	21.90 KB	MD5: 09c97dfc3d40ad2fdcb500447f523488 SHA1: 27c03acd239738dbd0eb53344679511628c1e6a9 SHA256: fe0e560bf6c5696f01f4e2537fea8200b78334657f5e620f30730ab28b55b39a SSDeep: 384:X4CzaaKL41QrNBRqz9PgNLCVrb3ju64vj9h7MIGClUdcFxkAZFUUWvMWimz773:I6aFhBRqz2Q3jupN36qhW+mz773	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\827UvCxR.ods	87.87 KB	MD5: d5ba5055e66fa9d5566477cf6c35668a SHA1: b4baf39408f5c8443295f2f695d7949da1c03a02 SHA256: 6482402d3a6299dd1c0e3fc1b3d7cfe36cd8e4c27bb421eea6bb16f7b838a6f5 SSDeep: 1536:qHBy7zHSClsoI/ZUYLSRbXVumkGpv0actP4Dd8c/+O5W9g8c+wSkBA1sQqGRCUPE:oGDSClxiZHSRblFkBbP4Kc/aS0w9BMsZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\ev5fZtMbXU-mo.xls	19.37 KB	MD5: a54c2c5c64d346f5a0af85f82dc2e5cb SHA1: 8b9a30ed093fa0e5c5137041934763928af1f101 SHA256: 82fc6325b8cc939c275f8c70ed109493e8162684906471356b7a794315605166 SSDeep: 384:thuL+T5F04sk1vkDvIYNpHMoKW2DNyF+VjXNSrOiAeHqEqHnj9tIZPTbZ:tis5DsQkDQ8pso2O+VD2OiRKbj9a1Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\h1LjxbbEaGY.odp	3.83 KB	MD5: 36d1e80056b6a56c4ede9d89de41d70d SHA1: 6f5c156257fe60d40630892356a2edd0cfc5ba18 SHA256: f3b74a2fe10f00478e3f9a41bcfa29b2f0da93eb1750cc9071e3b0756f54b65a SSDeep: 96:RW50YwsbQ2o3vz7Bf85K16IovHqZFXA+o1:RW/wsbc3vZfT1Ndo1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\JB9Crr4gSM_9- n.ods	52.34 KB	MD5: b0d6e19f8d641d6f0825751321cc169d SHA1: 90172aefe4261bc952d934382c3ebe63f3001130 SHA256: cd7ef420e99ae5ffc4d1f9b8274e86d0c61a1608773a6ebe9a0b3442f713e1ac SSDeep: 1536:Sf78xyx6iHguCwlI2JR5mgvcjyq07fjdJxjSpJp:kY6Fld/Gy17xJdk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\mEnZGaCx-HF41kNT.pdf	34.72 KB	MD5: 9b32b077305b7f2a70772ed7fa193ba7 SHA1: 49c95a33bede3d987d51066eb2d0127b41dcfe6d SHA256: 72e6f6c18b4398086b60ac3bb2cce9ff73f7bdcc7d790639871c018707ec45f8 SSDeep: 768:eq5G818ASGZhjwh8zQ5aN3mnTuorM4aooba5JKCBXGkFVqRKm+qbDc:eq5G8ZZZhDeam64SoKg2Y4wyDc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	29.30 KB	MD5: 9841b556e414da03bcd4c75a2513e5bf SHA1: 4fd4a5b0aaeb93371fb49e68bd5bd309c7706d93 SHA256: 81cab0da557b53500a8d01a19c606e1917caf2bca017d1fb353c7694f5e344a7 SSDeep: 768:m1zJ+GH3vZ9bwtKKHcLzF2s4iHcRcDxDLkaM7F:m1UmvrwIKczF2BqcOtLq5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\5WOBU.doc	80.47 KB	MD5: 40345b11af79a7bd76a8e5037fc556a2 SHA1: 0928a5612a73c5800f16afbc7e70a6b8c26040d0 SHA256: 7f13c82f014560ba52dc2d2aaeebc4d1c01f62383bf693610ddad19e6570b2e6 SSDeep: 1536:lET7YkoaMlru0AU5Gh/uf6s6xoQUus+VrcyMplTyGm9Fe99oKVvUV:lyroaMW2Gh2Cjon+lcfl+GKS976V	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\VOFBy.ppt	39.64 KB	MD5: 7117507ad80268ca23355b00bcc283a1 SHA1: b5efc32d539fbcb86214e4482c6a129635f3d542 SHA256: b6b9e4e0f4034a33f8198723e2a5b52312e66ca5091140364a274fcc0620095b SSDeep: 768:t8cFh+h35jxkKrALRIhrn3DCRm/YV61ZDNY6/q71Nh/0cmoZzouZU5:Fh+h35jxkIFF3OEk4ZY6/Gh/0Los5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\vwwPCJ.csv	59.75 KB	MD5: fc7ddf0ac207bf0e63e259c1ba9db8bc SHA1: 3ec0dbc182543b9843d83792e2d279b4fd540d83 SHA256: 4aefb38d2e58fc703bcebdc923916c5e346f997fe3de18e7ee33edc6d5fb4ddc SSDeep: 1536:Mjj4hotRpf81LtfmhqmYS5iTFIjb8GrNJ9rJe:MjjN3EZfmhN1iesM9s	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\i aQpW6c954.odt	98.82 KB	MD5: 4c5822383c0b44e48ff542622f80664b SHA1: 889345f39c6109452cb4dccbd9b3b40e211ea715 SHA256: 4467932d54d1cb58e67cfc6e41ec7bec7c9572dd8afe373530bdd24625c2f7c7 SSDeep: 3072:j+BY2AhSRnDsOWpTUy9awhiD2NII5Ee578Y8nmf:jK/RnYfppDhiDKfFWmf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\OM-0BNFr0vxP9yGlxp.rtf	96.91 KB	MD5: 83320dd13599a26bd809c42a88ce3372 SHA1: bf13ecc5ba6e9622a5d74a0e2fdc9802679b77ea SHA256: 1ab94e1d35ba92560568de958ccefedf4d190a1c7141daea92ca6c751a060148 SSDeep: 1536:FLSbB8plgHvSDNZrfzHZ9t9pZlLfqZGqH+6fm6j8L54aIcJYgDrF7Lsn7Im4aCA:FLLHgsVLZR1CGYfX8L543cKmrF7yTrR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\xRZA5bTbxl.xlsx	54.84 KB	MD5: 04928b6a462d66cf07e8d27d2cec9808 SHA1: 91d41224e7361fe53f7cf06d217e22c3023b3be1 SHA256: 77f6f511406ba1f1c9b6ddb225d93ccbbb155a12df79dc5e0f9527f3ec60448b SSDeep: 1536:cec/atNi3ZJAVPW531EjBuh7Jp9mKtw6fhq76/:e/aOpSy+jBy9BS65//	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\75RcH8me-e.mp4	47.61 KB	MD5: e5d24b49fe37cc375e39781f12e60f40 SHA1: 98a1011749896a2b38ccdb91d60fd86108245c3e SHA256: e78f1b8dbbe2996e19e1851aae30c00680728fc671487f1f35b45e43c5dca853 SSDeep: 768:qxserEC1MoTNqHOQdogXCFCrcsJ2Wyq3jt1SlH0KhvSoU7Oy/E8cHAFz69k4Ixjr:6MOkPdeFnsJB+zhaD/Jzecxjr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\tAptBCu.swf	46.30 KB	MD5: 6e566471a2f5f4c44d3d902f7228a28d SHA1: 5104d3976ed5d45edfe72415008f2d4e220bfc84 SHA256: 422c678b2268a9153e5ad765bb8c10e802896bf3605e6f3ea600a2cefefe6513 SSDeep: 768:nDzRfDptNnuu3AE6XQ7d/V8XLAnogIdePRu5tJ5/8uS8let9zQTmwgtK/S:nDzh9jnhAESQ7Nlog+aGJh9HlS9sThVS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\zr0w9NBOX\uHy6bk3SudEl.avi	23.88 KB	MD5: 5ea453033a649cfdef8338de17939810 SHA1: a637dda4d1877e387d4aa83881a5a9d1df88ba27 SHA256: 772453907b3e9292065a0e2df46ecb5836af2f65b329aa65d8b2e02af4ad127f SSDeep: 384:k9ORvZ879JIWJf+6xudQqFVBzjpgrRdaNvU6ZpSmwmfogAwdzmnFeQ77Bs/VKj:ksf8rIVjaV06eJg1CAeQXBtj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\651znms2s4dj.ots	23.59 KB	MD5: 2df5be458b4f8debe644c2e0fc1f0a21 SHA1: 9163e768907dc5a9633fbf9fb5417ad7fcbd88c1 SHA256: 4a6f3c89da5fd1c02ac19a38bea6b06cc8d32d4aa2610c5b39da717dcb4bfedd SSDeep: 384:8+VqVJGb10JP5+KyKxHzShCat/OsrCqQSbyITAknl4IN40oGGi9KAMTRAvtX:8+EqBQCiehz/Os225aIDoGGi9KArX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\Sw-G7SU7kk.pdf	35.53 KB	MD5: 46a5dd27ec67932b53c189b04e3e57e2 SHA1: b8b9e8731e54594031306b2f33d70c608c8e02c4 SHA256: 2a2836b3e1caef2d7d41f6322f839f6e9fe76fe727c90acf8d55889eba5cc18e SSDeep: 768:IOzEAXKZpigwidctMHoCTQu/4gy30rYhASsnO9OSq9+LC+Zt7PJ:I6KjNwimtMHoCfwgykEhKuzT1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\q9ql_Ez22le8gAau.flv	56.19 KB	MD5: e1d0babbdb74a857807624a1f7b7f86f SHA1: e8b5642723a59faa8c5aa3f4b36c02c682956776 SHA256: d6474d383f3f72d12ec355e0fa6beb5b826d8f597f0b9b1889256e0c4bc92e8b SSDeep: 1536:AyFKbmlKhW+XD8NPCXX7pSSDemYrUhSFJbalH:AyFKboKtWWXdlDemzhKJbk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	41.58 KB	MD5: b923cc5f0b2348e1ca82c816d67f5227 SHA1: 3681e4fe9b712e2c4872d23f4006eea53f533838 SHA256: a253263ebbd63827afab999e0afeedd0a46970f47bac37cc625350d2f800065e SSDeep: 768:zAX9FZZmEb4QSAvyUj6D/FS/GvWcC/3LNo/QkNg7tKU8a0XTfDek:zAX9FZPkQxvT+l+/3LNo/fgZKU8a0XbD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	32.08 KB	MD5: 18973f917db97fbf4af67c4d787544cf SHA1: 6c4cd37be69c7130606da2c5e7f1526a5bd1d792 SHA256: b44d126132a6f499ccb7b24586b88ed7b84afb3838d9dce9ab070c193692abc7 SSDeep: 768:K4hdU2ygqFN4K4/cjCyguh5VbjVajeBTcGafUovW1i3zg8NK9:K4jUGqf4CMuhjbxaj8cGe+I3zg8NK9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	181.08 KB	MD5: 795879509196c3c34952e27e7f11098d SHA1: 1102060b67512bf1e73757a93b3eb1a32c9e4adf SHA256: 9954972e98eb71abd592d8bb430ebb2ef8f513b43a9f692cc6493c90d3ebc7d1 SSDeep: 3072:NUM6yZbHwjq6OLw5Nr+juJlg4bAUagK4QvXNDq/p8NzLwmqcv1KRzi6+qGg:NV/1HwuLw5N66J24UUZK1vXNeSlCW3g	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	24.17 MB	MD5: e99a629809c55cfc473468314ce72f1a SHA1: ed5fef65c34fffcbb3a04abf9d2529ac1d752d56 SHA256: 6852e8d41e2f33fe416fff586980d076be9ee9e71f8429125368f12a01ef9a01 SSDeep: 196608:KWWdNm7l//upum9uxpfp4uZ8q7zEqaZswqLhQTcvlj9/z2H7DLKH8:KAl//upum9QtEqaeqc3/iH3mH8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	885.58 KB	MD5: 358b64b30780c6a23930ada3ee318e51 SHA1: b15b21e4be1a66580512fb91798b84b92f21d4e9 SHA256: 4245c77c30abb4a69d00d0f955b521dc953ff2341f9c334f688b438fd2d2c008 SSDeep: 6144:uLITQ8TY5HdpT5Ic8e0XGj2QELvMYI2q3ksedyPs3ETGpyIQEkmt3PNXMRiWRa:QITQGAdpTT8e0XnikseAPsJpfjt3PE4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\8SXrSbpJ3InRj4z.ppt	17.05 KB	MD5: ff0a73317b19ebe349cccc12269bfc15 SHA1: 7fb9da1581f9ae6b12640cdaf95d496aad20ee8d SHA256: 7c34e0d0d53b6879b157607d02b70bbbd42c7be66ed813747c6d26de6e3ac50c SSDeep: 384:tYEmHvp0/KcrLAxUX7g8ONKMf+NnXfE6ojbJwGYTHEz6MH:tGfxOONKu+N86ofajTHEz6g	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Fz vkQH.xlsx	56.76 KB	MD5: 8f9345da7be9703970d65c6464839e60 SHA1: 3bbd9092bb1f50ac8f6314828258f56d8e669a86 SHA256: 217cc9e647f366809c49417f488acdaa6404eaac93853813067f0f18e5e25b5e SSDeep: 1536:pfQIdek/1eKb4JFVrMQ7iXaVTwvAofiKRi:iIMkdeK0KQb8FiMi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\HIQxU.ppt	89.82 KB	MD5: 3f6d8e1fd39d5f4dcbc7fbf16d04a920 SHA1: bba11ff8e8f083175d6931cae43698ba2551f074 SHA256: 0ea079fce4f938489de9378a5e45d8670e60fe0c1ac392b39d1af0e4055c0701 SSDeep: 1536:+tj8asGO9nvsE4dlQ1GpQ5Cxq3Pxf72zhDef3iBPst0xBup4xVAtYDky1ov:+t9s5n5al8xJ+DefSBPu0Hesky1ov	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\I72HRyADAN.pptx	6.60 KB	MD5: deb7832e290c1a773f88c9214b87798d SHA1: febe88af0b9a169fec07f68e83049117318bf930 SHA256: a07c27194f77dc2ca84d29a79ce80d31cf5da908a04798307d4b72ad0e251f6f SSDeep: 192:uCeHlvmUHkBS4aomVTexA61d4++CWi9hNs1ArW9wg+1:uRvFHixtmsxA61J+CWi35gC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\NvxdP_f.pdf	81.46 KB	MD5: 4239e82052bcf56255a11278b0f0b0b6 SHA1: 59c4a12f88868437d9e069079d77fee210822fd2 SHA256: 91ddf8e2007fa411428614da26fd3bd31eda5fdb920b30aacfb8583cd4ff978e SSDeep: 1536:EYqFX03f1+FG8yfgJrJgFe0hZCQRmE837TEw1pQSrhD5te/R79W4Z:EYMk3fwZ4t7hZPmr/ZIE9mTZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\RB_VbiG YqKM.csv	78.41 KB	MD5: e953208ae653315e7857a415929b38cd SHA1: 9dce5ba691468fe1fd03f8f3a1bbf6ce15d3bb02 SHA256: a9dc3635d492c5a1322b9becdadcf7ea730aa189be62013511d140e67f3aa3de SSDeep: 1536:wugy0euVzTcANFCwCaAKe1XbcVyVBe6kbsOKsD9ypEDpT7Gdeb5Lpzt2Ceg2hNXS:cp8Ge9YwVpVs9y2Gdeb5dtX36brq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\ZAwkWcabdoc-gK4i7YW.rtf	63.54 KB	MD5: 7b4a9ffdfeb9aaa7d69d05451dee937b SHA1: a427d7199e5df6ed0bed3f5193ca4a020daeed1b SHA256: 67f0bf2b53bb6566197ed11b8e3c4256320366bff3f63298cfec4b46414f2611 SSDeep: 1536:v4FFHK8a9XbBxmUuThX/lRBgYmnuk6/e6eN2aFe:269LB0UkX/bBgYmnWrjac	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Zj1qqssvFW_0nIQh.ots	90.87 KB	MD5: 907bdc3ddd2c7dc96abae589a22ddc55 SHA1: d16b21946623750315cc1573569c714f8c464264 SHA256: 0e7cd74af4da189cadf60838c770d209938f303f8285eddbc47ce63a85dae2f2 SSDeep: 1536:TvqSbRLdKBSNaCRBV0Su9Bw2LU90EwIVqijkq7mS6dK1mVJMUNfEDJ0abVUu+e8l:DqSbPoMjBmjwB90EVq63mS6Q1m5EGOUD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\6WrvXBq4WxmL.odt	42.19 KB	MD5: 8099fcd77aea3fbb62b4fc3d9f4f9a25 SHA1: 6f13459b428bce7e42bbe630b435e568bd8218ca SHA256: 4d537418665806f14eadbbcb5a2e18de0450d78ded1e666204b4e805ab8269a3 SSDeep: 768:W0Pb34bWAQYBnFPsajaTmrJ/ke8bTvHa3yFXePtvi/HKKf6:WYTdmt3ayrJ/InCCFXePtviyq6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\lhiTt9 LMR2EF6hN.odp	61.03 KB	MD5: 0ee9b114efce486680cdb25ad73017b9 SHA1: b02881d9c644feddd27880ebd303fe876f797b31 SHA256: e8bc76274e48d0b452c85ab31b3da943e2873309e6a84e0f50b0133fd8ad01cf SSDeep: 1536:R0BFkyZjMomN0QDO+xD1PMjw3lOkbmvhh1qGo0tuasKiVVb:a0SjjmbbD1PMj5ImvBVcVPb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	91 bytes	MD5: dfbc5e896336a740cd94d668aff0ff65 SHA1: e5021eeb384046860f75799ad85777b7b9be993c SHA256: 4abf738b02b2376271a82de90582df2b87a970515c369639f64c4ba69f441ac9 SSDeep: 3:DmOxLAVyWL+k88ErTRSncIFiRHIgHaRT:9dARi8iEcii96Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	914 bytes	MD5: 4380d7ef5eac0f19116886e7e241e7f2 SHA1: 8c6b0cf174f67996d94983173588004f760ed97c SHA256: f9afd80ecc3d35dd3339fc6ddde2634e09f582e3df093e6b0052336c6f1e3d9b SSDeep: 24:cvFubUS2nbcEVzRfrRCwla4HuUgFm1tbD:cvF/ZAEVzhkwlakhcwND	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	1.23 KB	MD5: 4ee6fdffeba8db35ce1718df8d221f30 SHA1: af13a365ddfedac6ca9f499ddd4fec45b2078ad4 SHA256: f298d3ff0b7b56ea3b1b8ba9856e79aefb1f12de005d053848d0ee290123a8be SSDeep: 24:wDtHvZDqDnxANgzAD3RIzCpTwzFsscZZ+qrBJHjAgdMvMB7CseyNPs3QJGYX6vb7:wDtPhDNEq3uzDsbZ0yJHjjMkB7CkPlIb	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	1.23 KB	MD5: 7a2edbfae79f71ec5397352ea62ce185 SHA1: a0bc2234dd75665f024472fe0549180a3677f1d5 SHA256: 4ae2653ce58649d209657b50dd38ae8e9d148393a4f68db15e177625de2f0c80 SSDeep: 24:wDtHvZDqDnxANgbRwucYzFsscknAqGN+i5Y46zBWBqEmZQ/usz/TxECMbVtbD:wDtPhDNVucwsbEAc461WBgQGszVExbV1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CPqgEkvnaFdq_y.gif	38.96 KB	MD5: d2c26e78d2fcee384eb60ef9692dec51 SHA1: 771d86b5bd60cc8fb63dc3777a454bd496b3df05 SHA256: bfe76086aab4617070aca678acf36fdd9fe081449ca7fc2351f6e8d33599f660 SSDeep: 768:XpGFc0gDqynqhSeV2eAYZFUajjeuvlJeE+EN6iSDV:XP0SqCMJ2vYZFUMnlJaLiSx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_F4Y77Iv__EabK.m4a	38.63 KB	MD5: 77f66cfbda9be82eb909f41f0007375e SHA1: edc17939cfc4433c0adf0373a288c02929448100 SHA256: b5b8aa9d7ee805cb8266ca625c3f9a1953e3a9bd925e3b30bb8967437676f116 SSDeep: 768:0VhP78RSDEPO+SKX/XDJ0r/G7dX2YuYYT/x5w+/BgCDlwRYDfo:0H8RqEmBKPXV0r/MX25Hx5w5CDlw+c	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ffTf6.gif	3.07 KB	MD5: 991b279624b881bac5750500a7932a2a SHA1: c2154151139998d03efaf9a934d38e677a01728c SHA256: ad6363ec93514a52e23b703dedb78eb82a0172fc15fbc1ece2e7bf8e0be6976f SSDeep: 48:F3DkStjSY4kl0SAs+gXQ5tgdtLmlNAsQKAIfjQ3jiGVpToo9QVOLNsCHHeNND:xtjOrB5Wd0/ZRGbMi6+sCW1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivu v64ETcPV9Avp.jpg	53.54 KB	MD5: e09e09ca62cfbae4e0dc869ef80217c6 SHA1: 026d0d308d055250b1884d91fd6a8003b6e8654a SHA256: 920e28fd34e85d73f2da9577721ae22005b53dfcf29be01824ebe31dfcc7a59d SSDeep: 1536:SzfDZXDDVBaFSIUhwcXSBkpIppZHlFT7y+6Vua80q36Co:sLZZBaFhIwcyVlFT7y+6ka80H	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O5-QxOkuS7l.odt	34.26 KB	MD5: 7971b78b29fbedac25e61f32c1a2fc67 SHA1: 4e048be264ae854702eebbd56ac66247ccfc9132 SHA256: 58a4203f870beaaa637ca0f09b85ab2dfb9350a38fef775f214f958ef031fac5 SSDeep: 768:YJG81skGQWEVxllE0lunilgnGhGZtma6tJ/H1x/dz9V:YTskGjELyii6tJ/HZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePm7UfV1NMKY4Pl.bmp	72.21 KB	MD5: 234b58466887e5b4c97ba710e63327c8 SHA1: aed84fef01e6e6b26e205bed85f31796822cd0f4 SHA256: 12b8da5af1406826beefc7a2c06c5b8f630540fae06752d9a32838851779746e SSDeep: 1536:rQgjYktumMg99g1seyvSu5L2WBi+fqWtMawQZHghr3E:ZjYktumMOuqexu5SEfqWt9woQ3E	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Qrw8cI.bmp	39.77 KB	MD5: 120bc9dfff53875b21251b4e4994e471 SHA1: 45d1227dcc560f29e210e42a958b5939f65b2b6e SHA256: 3bcf27c26a2d9e12eac18ee1d591af5e083042d16335b33fb9b0e7573cfa66a5 SSDeep: 768:hAegaMpTUjQflj2d2lZlRKe18urQ09T7VeP0Nllc4t++WrnEQJZj74:hFwG42uKO8ulAPSla4ETrnEv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\suJChr7SBbY4qJ.mkv	29.71 KB	MD5: 61ba45f38d68c6d85f46deb275327615 SHA1: a40ae7df20190d40e4477f48247602971337c710 SHA256: ae4c492d3c42aefecb18d23fd3796427afb0e41cf863c10aaf0d1ecc988a3b6a SSDeep: 768:1WCvllJMnFPe4cMJmkpbXzGuk3Vb98o0h5Y6:M0FMFPe4V8ciuk3Ao8u6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xj-o.png	40.17 KB	MD5: 2e58c36960cba52cfa0f37e5d052d97c SHA1: 5e5a0c35d1822d8a7e37ebdeaa52117ea685c715 SHA256: 984a7b051d84ef5e3539a55102b7d8a151a5f784ac5df26ede0e80cb0f016eae SSDeep: 768:A+70oBKZ6wv+CD0Hwlub8vrmyY1xutWgnKdJndWgiVancU2YsR5yu:AGKn+CD0HwlkLf1xUF8J0hacc4D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2CT69ygJXeQqr8Q.docx	17.85 KB	MD5: 1946fab908380cd2ae897e4d03d2d7fe SHA1: ee53a91e4f37ac0d69374d36c214bb3a9f70ec72 SHA256: 148c2219fbf209369f65ee3f055cc103e9a4399c51591a9dcab69044529b9925 SSDeep: 384:Ej4DgdwwtdLvaYuMyD3P7NtzwClmwBAp9QMsyGlC:QSwt1fuMW3zNRwCvBAPf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rHxPXYmZyC.xlsx	70.19 KB	MD5: 60e448ca4c6a4ea559ed1509d96c63c4 SHA1: 363476e703291ddf2482991280eed1921379f246 SHA256: a5186d1c7ee1c7c3e8f5fc64ce5a8e0d5cc70f4f0a51c118f0ae1bfb345ba4be SSDeep: 1536:ETeCbU+NjXqWHgm73pU3yWIoNnIxhnmV+tl34SbAmy4gY:ET7A+NdVrpUPIw5V+v3XD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TUDp84ZZaxYWbhN0.pptx	53.98 KB	MD5: 601e35589bb670b5941b1a4b6652b2f2 SHA1: 3043b1b7838e147f67624594b48bb71dd64bf4df SHA256: e4e705b01d9c4bd1a95d56ac552669ac3436d577e28112c629c9074aa18f7537 SSDeep: 1536:D4u4cKNf6OAZR0l4+0lOdZejb6LnR8WDbz9cI6:D4iOjJw0gYi8bzmI6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TvZ1bKJ tiq.pptx	55.75 KB	MD5: 3b4019dcd49bf64dc81bb133c7875c07 SHA1: 7bbcbfb0712b061ce9bfd883235818419ad42644 SHA256: 6651ac65376b99a0a3e3cbcccffe8d8ef4c0d19c0450a5b65b99dad172c96c15 SSDeep: 1536:YOzCdXKEIQUj7+OSUInMorULFTkZah6smSeh:jzuaXjRynaxCfxh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YbrQBo2.docx	57.01 KB	MD5: d93d64295a79c9cb755b8c05f1e2bae7 SHA1: df7dfc5da134dbccb71180d1eac0b2862bc9e343 SHA256: 7a0a90873af352b9757053eec079af8826f399c55c33723a66de40c90e58cc83 SSDeep: 1536:ISasvFELIWmMzH8IgMe54tB+1DE4wfv0WYH1R:KAP/Mzc0htBODEGH	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\8Wt-fr78MDaMolHBnA.mp3	24.87 KB	MD5: 113a112fbdef4852eb84ba1b669f65f3 SHA1: ea7567ce4e3eaca7d9be644e70b2db34e5fbb744 SHA256: ef0439e90596f6491a2beb010b67a4e7d730c0148a510f3ba6f51346e297b253 SSDeep: 768:Wa3rQR9QkBBGe+pbsDEcRqgrLlwwYFiP7JW6Un:frQDQSBXSwtRxwJFisn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\f0KzGkVddjxFrhVbLx4y.m4a	94.08 KB	MD5: fc290a5d1f16009e18832412bafe39e4 SHA1: 9f713591865d1ac5cc7ac6a26b0169ac806525c6 SHA256: 2df3bec8a2fb87e563bbf049f6164f311794daccaf3435db2ef2528bb884417f SSDeep: 1536:G430mR2Hrs7Bf5UmMkMOcbVm5kMR/f8co2ylxRLaxfP5faPhCJPqYTO:Z0nLy5FvNkMRf8cf+psn2XYS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\FUHOLzUUk7aWGniPbKU.m4a	49.22 KB	MD5: 5244273f24c5025b0d2867ecad9e1a9a SHA1: 73d9623e96371b881d3f695695970e060f5deeac SHA256: 16439992894dba5777ff00a78ae9ec1d511430122f385dc29ad15ddedb580f5e SSDeep: 1536:lKwgkUgSSDVozfWhNXEDCADQNi2NjEV2D:lGlgSHYBECADQNiejEsD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\j9WBFDemL.mp3	74.09 KB	MD5: 70af6ab8352bd49b31622f66674867cd SHA1: 7141420c14c7be0ad2fcdae87715a40ea77732a6 SHA256: 4b05d30a09674f3f9c4ac3e7164f12ab1884a3bb6d0417171859faace8b00194 SSDeep: 1536:ielZfHuK6P3Upv+h9WjGUS6Cojj0LdG3c6uDBCEfSFNAk5hd1Vuu:iel8K6PPojG4d0LQcLCEaH1Vuu	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\tjl_cEIieo_pVMS7Kw.m4a	12.17 KB	MD5: 3c2c28a5bf042ecc0774afde435abbe3 SHA1: 27daabfea91228f9c3cadbd0c248bbb009ba4c61 SHA256: 6b2748a28a1959102b88d69e56267074d808b0e25f7dd1e0f56e270c5dc36b3f SSDeep: 384:n+Q28aNushvoGgTX/A0KGpcQ+cBAzWfDsDmnGy:n+Q28kuogG6X/ARlQ3Bc+4DI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\W7FUqTq.mp3	82.88 KB	MD5: 965a0588e1a6e11917e71a0a73524631 SHA1: c3f994102c3b63c6e3944d9172b8f278be857f4c SHA256: 2a257a4467e385e42694afa602678513cb03a00f73b400a71f5d222dbc3ff562 SSDeep: 1536:iwegNn9/jlFKzDwbJ4F2QYrAGDNG9Xz4eAyXRW2AjLBF8Qqlk3O:ihgmicqNDNGBQy5A38o3O	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0PKxTObiZ.gif	74.44 KB	MD5: 23c4e7c2e3e8ae2fa1b5bd0368f3d0b1 SHA1: cd8be271bf2bda1a0e6f6efabff6f161a8302f1d SHA256: 869b5b5d913c22d41215608c9efd36a9a9ba001f26f3551519628e6aadac3657 SSDeep: 1536:DY4Rk8gH74Rtkh4bAQ9WBBDACDYG7TLiozC9PpGMbKBBbJ:DYlYRtkhGAQm3x/WoW9geKB7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8EmMRvazI4x9KWTUm.png	25.78 KB	MD5: 605316ee6587caf166b8d3b8b241bcbf SHA1: 26af5f96f954d9dd3d75c5a2f58dc329ff942df1 SHA256: 205de5e10d9cc9378160288d263f14a65cd57e85d5cf501d8d5008d24d362a7f SSDeep: 384:btfMFWGKwjWWaSSg5tcrh9sNLgkjuQ3BjjCSpjJyHjY9y/xq8LFWK37LkT:bBMcGtlSkLhuQ3xGS+HjprAT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AV3bVnC.png	40.01 KB	MD5: f6dd81037d17f0d40b6b3d2a00de0b14 SHA1: 27ef3682975a01e8e62c55d5d963567afc48cc0d SHA256: 040e3704312aa97553e2f870e333b0a7379bf97454fd0311b0a6dfdbf32bd172 SSDeep: 768:UCxaSxYjzvHPplbHzty9ZVTwmeEAmAur7VzeEeU9xkrUPXSUtDulKp:UC72zvHPvbHp+X97AGrRSHU94aPDule	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D131k21I.jpg	31.77 KB	MD5: 8c60c620c4c7e452626c0c11be13886f SHA1: 5c654dd7751ba1c7a9c72731d259af9ab5636c81 SHA256: 4c1b8bb8ece0c079b6e724d3c309cf1f1164d6f63f0db50b8d439a09532f2f1d SSDeep: 768:aWbb6Cay1AbHhEFild4Pj8wKmbnHmftFjCqEsr5RIoHNdkD2/nj:xeCAbmvAwKmbYRCqEsr5RIDDSnj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dLald8SOrzsBDSo38L.gif	31.83 KB	MD5: 7bdbf9e198f9fcbf388bc753cf2f7df7 SHA1: 5fa0125edabd8bc1f60f835d5f3a6b0841fc5716 SHA256: c677887179b2456da58ab9c9ac9a64e2eb164922e214b7515c4f0819fc046f51 SSDeep: 768:uIh7gzk3bsuM77Zbhu1YyW5L0G6Cw//uEaPhfg:JcgbspNb81vC0hCw//ZOo	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GFnV27F7zcqX6l.jpg	24.45 KB	MD5: c08eaf48d2a0b6bce8b573df608b136d SHA1: 3c19d87e338ec5d831b98e8a900b269a7cb46a43 SHA256: 59e449ef1deb68a46ee1753eea6580f56b60207f6906e1e97bc4938aa067c26f SSDeep: 384:x24+LjyUShWA5m3+W/KEo/r8HI4lIDDXmGu3y+ZHJcHfyjvV7CE4bMH1nLFoG9jF:MjyUS143+W9ogo4CDDX8i+wYJmiZPT1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hFp26ULLEeCgRocq.jpg	79.08 KB	MD5: b91a94baabc19b023e3800a09be6c09f SHA1: a721bed4a95a4002599ab6f1df2b7eace156e758 SHA256: e4966ae30d05537e539d593a8e96a8ae6bad01cf4010ab4d34dad1b6ae9cb9c6 SSDeep: 1536:DhegRfJEz8k/770AVUMqlIISm/Yf784I4mzYneK1C2ce8iD7O:wgRhEz3BVUMaIoEU4mca2vxe	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hOVtKO.png	70.58 KB	MD5: 78bb14daf7b51a0b18b088901375550a SHA1: 7c34827cd81d3a1b78852cb255d6fcb19d083714 SHA256: a0c1bcac56171c8a30afea8c9cde6fdf78aef214f1b02a24e527e49a46623cd5 SSDeep: 1536:nbwM1v0ay5NmunZ/89MvqY7Gak4Y3vOqRtcjpfFWG:nb3v0ayn/89XhXvOgtEFWG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j6nzOT.png	40.09 KB	MD5: fb87b02c6bb7b0fe061976b744a62acb SHA1: a36abcfa04c68e20c56f75c89f3ace3a4693bd68 SHA256: 50613c285031ef8bfc8d4d9670d864db368cf743e0ac502e6d078826b09477ec SSDeep: 768:CEIkp116si/QNH1ANP0Qj5I1mS4AAmFuHdVvcGIT8f+9g+S4kqpGYz7x:CdkX1EYHCNP50mS4ARFu9V0GWK4kqEYh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jppO8iseUv.bmp	47.13 KB	MD5: 798de9e97b48d30b136e33fa3dcecd01 SHA1: 502e21686550ff76d3caad4940114a8dfbba4fda SHA256: da03e4efccc4eb674aa515b69f11bbe16141b150fe8b08533d2c1954832ce8c9 SSDeep: 768:WTHcAbB+r/xc9gmDb/u9SciaDpOJZP12ZLrD2XFbKktk0XDmFyM5c5zIbEP9Fvj:mcAOpfq/u9TzkPP12BP217W8mFyOcS0h	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Oj9EUJHKpsOfq.jpg	23.18 KB	MD5: e6018247207872de876f6683d9f1cad6 SHA1: 1a39462354f2b95d77915bf741577030daea8bd8 SHA256: 24c95394d4bd75d676f3f8fc5bca359b0a877c6a69ed7ac4e2e461e18787ff90 SSDeep: 384:dS6zeHqK127RP5DYs45TvtSCYeW9zMZSYKSnCtD7UrRP1DAwLgJg8xNQooUMfi:dS6zEqK6R5n4htxaq5KSC1mhWOi	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\REDKpPryBoCE3SWLx1.png	12.64 KB	MD5: a9e9e1f72a292640a8f3d4e1f828b0ea SHA1: 67b2e994223030b61b40b7362080f52ad8e6b94c SHA256: 2eacc5ef9a5e37bca431a874535b9aad24b345002712d2d0d2afef97bf035a9d SSDeep: 192:txeYLYRimmBpPFKYF9mPWWbkSa5lJCQuiPktdygZJm49R/F94/PbDI9C+svTHyMv:tnYAzKYGPWHSGJCD51mKRN98Z+s20	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\skWySyu.bmp	16.11 KB	MD5: b14cc3d98ee65962a8f5029f6e2dc4af SHA1: b8e1e534653282d568a735985013c178975b6c1e SHA256: aeaa953535f6b41a8efc1e937719aca8d1d60fd0a6ad00c6ddfcfbbf94375fea SSDeep: 384:E7UGusb8Rc/en23QH2X1lHFTHJz1u3U4ME+OpwtNGOaOSL+Sd:IW+3/82dX1lHFTpz1uk4ME+OpwtNlaVd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y_z1 i4Ltt8.jpg	74.17 KB	MD5: ac3c8b5d619007415ce297ca81c73ffb SHA1: 78bcdef429d26e69af48d61395602f7e95bd055c SHA256: b51035a7917475755ec769ad77ea6bdb533de8bf593cbe8eb119211a62247c81 SSDeep: 1536:SDcSBvASWzcXNzY1LHErdZ485rStAoiHwHaiAXNMm6mu/TQXhMbngg:ecVjzcXNzqZA/wFqNMPFTAg	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\znNdKX_AXzU74PLmUWg.bmp	20.68 KB	MD5: 36e1e6aa923e43de34363594d1821e91 SHA1: 3353b1536e8f25c8ec1ce47448f59d26b9332d55 SHA256: 88d437499dc18571e53edaf2e6d25afcc86cac061b76b7d2e433e53995754981 SSDeep: 384:aB7y6+bVAY3ZCrbStcftcnI8DVLtw0qsQbVkChj2OjyA0RgdDjP259f8JpHKbjj:a4FbRSbSw8DVLq0Wbfs2c59EJpqj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\uU1kKYvSH0B.flv	7.37 KB	MD5: 9898d73614a60c261dfcba65f8a5a0d1 SHA1: 6655745193411146bcdc37760c5b91cefd12dcba SHA256: 3d669c03b00adc2048016a965a5e8d3df254ef2af94bff7186ee6f5afdc06f02 SSDeep: 192:oaFnCrL3k9BCL2L0058RW97m4vPVik+PedmU956IFpil31zfkd6X1:pnwLUmRJZ41ik+Pedm5kpiV1kdQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\X SffuOAF0TL.avi	64.13 KB	MD5: 5fb038bf5d627898a89891cb1bd339b8 SHA1: 967e9d80c936a537c43347451b23b8aaae8c05c6 SHA256: 8f0d74d3fe28f28a5c78e2925e8031d4b9e81f5087aaf561d6aecc70ecfe7fd4 SSDeep: 1536:VZHCpzSDjVrg4TL7y6+kXZCGmGOUFqzi6gZNGae2iSopeJWZhCBLkRx:HHwsV8437yaZPmGOUF/pEJ9uWZMez	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\2ZMRkOD2Lz_.xls	90.75 KB	MD5: 95c99558b6f4df1d670914ef1f6985db SHA1: 0d713c209b1729a5df123e34e765e4fdd30ae36d SHA256: fe2dff3e9edd2c4c9e38ebb0223fbc7ab018371df9cedcdc49e5e535e5b6a5de SSDeep: 1536:pv6O3So8fQ4GkrtKdxyX555nsbdFxa1OJzk17ioOvX4sNXPZD/Gftbj51xBPd:pv6WSP447rtKg555sbfxFklio+XJRDa3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\9hdqtzw Z.xlsx	75.04 KB	MD5: e080074650a0909bf2fd3815e5b490c2 SHA1: 02c05b1b80cd36ed91b563f9d5a4f8ef49213eb1 SHA256: 9a0651888bfbef9568e85827dd9b5f9621dbc611a16bf0956fd961d4023c4a1d SSDeep: 1536:32eHHdXtDZjphepbUEkCvnLk9V892Xqd/JgZVtbHDOtSPG0JctnWIGt9cGa7sDBe:GeHHdRZjvepbUEkCLk6d/Y2N0JcBWINZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\eJ7XqPBACiw50mT5S.ppt	35.06 KB	MD5: c8b5efcbe371640d1a5b092858608a1a SHA1: d3832d99b92e33941bc92bc6d7075ad9e0924ba4 SHA256: 7852a543edb6afa3ceb579246fe37bd7cd2f43888e55f4c78866d5bafd0976b9 SSDeep: 768:tQFZgxnKl3apHOdS2Wbcl1R1fB9+lYEmMIkc+D5pgIjpVB4G3LXbTmqDYtaP0k:aFZgxng36mHfn+lYEm3+D5pVlTXbTmw7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	211 bytes	MD5: 292847eb247b6e9e2180eebf75636481 SHA1: 80181d6d51e9245f247920b18dc0a6a777612cc6 SHA256: 3e06c8c774df9789cefd673430f9e0a1bfd0c4255e8b9185c8984d13c7928308 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4QcPk0lRi8iEcii96Z:bXeDRQ/wk1xTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	212 bytes	MD5: 27a2885f9e54ed390841d0bfe8524729 SHA1: ef4d7d102e8fb6c9904677531e82ee732a00f23e SHA256: d7f7579eb2d1078d92dc158b29fe96e2a204165235e936097d07f2f139ee4fc6 SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4QVNRi8iEcii96Z:bXeDRQ/wkINxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	211 bytes	MD5: f3aac0620e280de9564a0e5fb4ad626f SHA1: dc1dc873ed48e9f05c388274d71071901060b42b SHA256: 52638a54888ab528133f6e8e91de8ca9d7e3a491e05aa26aca0bbe57cc82f00e SSDeep: 6:Jw+XeDR0pxKSRrNwk9DW4w0BMk0lRi8iEcii96Z:bXeDRQ/wkFBMxxTcii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\1x2x9-0Xwg-1EWE.mp4	67.05 KB	MD5: 2d553bd1a5afed205da97f9cb8d0299a SHA1: 00fed6c35da7c8051d593d6056cdaff3a3dbfed1 SHA256: 99e4f11cf25f64c4f8bc419ff86b4bb9e5be6267f48790bfdb5b5d88698c945e SSDeep: 1536:vcaQQznNVjmNrFmk5/LO2C38Z4mqa0N5UmH6gHe8wRwgsluF:vNQiarYi/LGsRGUNg+jzd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\8i3DCjvaGbZD0.mkv	98.92 KB	MD5: 6304f7bc34fd3d0477f70aca7b63c5de SHA1: 1e9388fcb0da15719837fe4e1fab0dedb4cf8ac2 SHA256: a45bcf8a5c0aa88888c879f17e928560641b7006795e11cd1adb6ca6633344e1 SSDeep: 1536:hygQJ1YxfJQMdobymlfX/74nB8e9nj//daYL6r1MhWCrBwI7Obvp5zI:hyR3YxfJJdUymlfX/0n79jl6+hFN7GvY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\79si7ZeLhYFP.flv	88.11 KB	MD5: 3a3124841d17292f63b24ed725b1ef47 SHA1: 5adc4d2effa39546f14b3ac95c13f73b3e5ed38b SHA256: 0886833e11fc15c59438859731d3340dd7ffecf59e7b3d6306ca6ba124e74ddf SSDeep: 1536:zum+EGoy3f7n7+LdfWV8Ra+OWvIn3FzFF9cyhK8fCVbX2P+vwqRnIY1k1hb:zb8PWLUV8Ra+yn3FzuyYbX2P+lnI1F	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\mJouaT8GLVkAGNwL.mp4	51.39 KB	MD5: 573bb3a014dd26b9b784d789889bc4db SHA1: c348f87ad610bc1d897bfb87f187179cd08e2cd0 SHA256: 81a7bfe4f73a97ba1793ab615daba9b9bc249a6b159defd72603ca4093810116 SSDeep: 768:ze8PwPu9PovWhI1a4GDetw/IRhPqEjvXDDoAhWC+QnYuT/ZFXJv30Z6eLYLgREA3:zv99Po+61DHCEjvzDLaQftFx3010yw+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\-ef3Wc3uX6CMMun91g7o.avi	75.29 KB	MD5: 59920efed709d4064e2be95893434f0a SHA1: 2991e8b73cb3b71a0abffaf5239619812c5c532c SHA256: 4536558be9b9cc169fd8fdf544961ec731f7b09135f0e7b964c5dbbdacbabe42 SSDeep: 1536:Kwz0VFeXBGj6WJEaCxQacOpFW9KJKlUFmaM5/DXMfp7Zew4IDfW1nap3aXNjLAAs:Zz0HeXdzaCxQvgCKKlUFVW/YBZewpDf1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\06x3ed5rZHiwke9E.flv	24.86 KB	MD5: 9d5254d6070701bc3fd9c7395ae63563 SHA1: 5c65d56e8b7cc99d1b6871f52ea385f119901a7d SHA256: f5b74a7df486c6228df15d2e31addc060a095e6d48ee1cbca53b12d96c49b199 SSDeep: 768:yimO3rYH2fBcF0I3qoaUbG5GCE/FRPJIvF:csrYWW0ImUnCELhIvF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\Ca1cHda7JPJatHi.ods	78.19 KB	MD5: 44174c6386dc21c4161e51dc9a6d190a SHA1: b4a13c4a9a4e19405fa74178cb2beaa2fb035c81 SHA256: 5761e59d9bfef4a9edc5b24bd961796fc3199fde41151c83daf414080569c030 SSDeep: 1536:op9AFn6ZwzucYlSzHvpMhftv2bhqhKv2oP7NNNybYxwuFKz4FdkqO5/QGblU4jf:op/2XYl+xBZP7FC8whzEO5/Xa47	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\GybORRS.doc	22.11 KB	MD5: 26957e4dd02a1cfa985543c1f3546a10 SHA1: 3a0e27b423ea727616c4bc3855927bd7b1062640 SHA256: 0a0f2472e1c3575a5bb5d870c519ff8f25f8dca356ad15a61b82d920d651d900 SSDeep: 384:t+BIgDrIwI4hmqMd7c4hS8ZY2PcphKja4bZt19dcKIzGr8xv3xHpuTmYiZwYCYe2:t+/Q8TM+n8GVhB4bZNxuPfuTmPwKGQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\rHF1mal.ots	61.60 KB	MD5: eb22e884221c158f7bd319dc4eec11b2 SHA1: c469df44d09a2e971f1bc050a8017b0ce7b6887c SHA256: efd63642d3eef8b3da185eb22b6015f236b7676865ce7803cd23259e79484252 SSDeep: 1536:zFQn8LTJHbntWHd7tPdXe5qkU0qNqpGITeLsrsFIvABLY:Gn8RHLtWjDX0q4p2Lsw+voE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\yySnK GxBcD.pps	43.18 KB	MD5: 6867e7ea5dd6b600fceb0ff794d73111 SHA1: b617a6a9efbacacd5a268f02c88e7664e69964ac SHA256: cd6f19edf4a7fc247ebbd07d04c37389e6ce53283954702cdbce7de85f5f6017 SSDeep: 768:tT9qjFYULUo/A88x4D+czIRjB4dF2mQP8TAx0Yec7a4mZ2nwRNtRn0TMO3U/3SWS:2jkI38x0clB4doJ8UxNec7LlYNtR0VY+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\9M5mfpNiu.avi	24.26 KB	MD5: 87ccb7c302199ebb5e5a99a2d6bc9a4b SHA1: 4aec576d5d147962404d4f08dd25b97618e654d0 SHA256: f2195aa28cbf5fe605d84cdda31d7ebed3b99a1641852e3b2fa90b9608442955 SSDeep: 768:yWdNbvuFHqNBpx+ZTlveC7+GdeNHtiCvpTn/:yWdNb2FICLgNHZF/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\NnrUk7lhXvK.avi	11.33 KB	MD5: ea978376ecad4b68a348575842f56f70 SHA1: 3c4078477f14388efb06a3aa68901f4e9e1b1aa5 SHA256: 77257fc543e293728e8c87e55871bdf9aca81d8c9895a73fcb1791114b3f4af8 SSDeep: 192:DPipZFtjuaNqcreN/2Y1MdNFY+FupDKs0LWCZgRzWn8bMB0b4tFsolzKeO1:DAFUaEcs/X4Y+Fuks0LWfRzWn8bMB0yk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	568.17 KB	MD5: d4389e3521ee674d4fbe97af24f3faf2 SHA1: 626216fea94e9544052eba445f32f3b981fd7142 SHA256: 1fa072ba2db32b69a30cf2d41325165dba0ef8a9e33956c345be768902b2645b SSDeep: 12288:5gBlQ4S3l6ZIdmY4hyMPezVNK9TcS5RyjDUI6Eh/MOhTw:SlQ4SZxMPgyTx6jDUbE2Ik	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	797 bytes	MD5: 6d90cc0072703e14011cd609cfceec2b SHA1: 207aa5b8a2bbe060dfaf60d091c8378b83123bf4 SHA256: dacfa202a5597a4631237516428c2cc8438583315f57b55a6c440224bc765ab1 SSDeep: 12:HaZi9HTHTa2HB9TZ1RagEtffa05Udrqw2hiRSdyn3OnYBNPZNExTcii9a:6QHTzp9HIgEtffaldrqwoibenQBNEtbD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\5D72zjcGaxP.docx	9.03 KB	MD5: 0c2a4a9bd344931ba19f74c1f405b63a SHA1: f82f459dfeee882c77933d4d858dc7f3bd7cf9e4 SHA256: 4e2de764f650750cd8c91df02d314dbc7bd155cd02cbc34526e385bdabde5c3c SSDeep: 192:l5P6Cbe9Qc2rUEtTk/q9kHsqBzDSJPhW/aJ4i9k4aSdT1:lRrUEtj9csk+JPUU4iS87	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\QPk6.doc	91.79 KB	MD5: b7ba450d2f7c8410b61a2d88eef80593 SHA1: 411863b97c0873308e6f47c374fec289c7e39570 SHA256: d98e555edf6339aae0071e62c8630ad9ccdcce0f72d6b3d1572b3f27471cc2b9 SSDeep: 1536:uwJoJjv7V9/fT2Hh+Gw+1BhxDgXBGFNik2ucFIisOqyomw99YA0SajphVE1RHS8U:uwJOvspf32JrFIiP1oj9X0J/E1RHS7i6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\Zk1KEVdjg.csv	49.88 KB	MD5: 6f85ed5d4f4efdf391ab72e7bd701faf SHA1: 873272e3872c2e44a66b926ee8056fd64cdfecb7 SHA256: 7bd5496849238915b1b449101b684f09ea5ffafbd88219e1d16b5c318de3f666 SSDeep: 1536:v72jQzjmRziacGz0aQEfjmO1antrSK26ZxLWTgzDx:v7GQ/K7IPEfCO16S6Zxv9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\zMnh8m1qSffqOBU79Ql.ods	76.13 KB	MD5: 307c6a5fce57801e73a98cb7e19b8476 SHA1: 711d52160e2007c32f576c69ba46f2ccf259e69a SHA256: 088e1339915ef37279c939dddfa26a5e82c54b6d2173040498594d34d95f554a SSDeep: 1536:jtb3FlIZwJo40bK/tmSLPdrUYwEgTPv9xtvv/Xg+tUpmnrZyFV44Tb:BL7o4GSDz6H9xtvv/w+amtyn3n	... File Actions Show Properties Download

Host Behavior

File (1523)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\SystemID\PersonalID.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\SystemID\PersonalID.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Config.Msi\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\cs-CZ\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\da-DK\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\de-DE\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\el-GR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\en-US\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\es-ES\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\fi-FI\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\Fonts\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\fr-FR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\hu-HU\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\it-IT\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\ja-JP\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\ko-KR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\nb-NO\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\nl-NL\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\pl-PL\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\pt-BR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\pt-PT\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\ru-RU\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\sv-SE\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\tr-TR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\zh-CN\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\zh-HK\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\zh-TW\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	1	Fn
Create	C:\BOOTSECT.BAK	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BCD.LOG	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BCD.LOG1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BCD.LOG2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BOOTSTAT.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\memtest.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\cs-CZ\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\da-DK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\de-DE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\el-GR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\en-US\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\en-US\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\es-ES\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\fi-FI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\fr-FR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\hu-HU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\it-IT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\ja-JP\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\ko-KR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\nb-NO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\nl-NL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\pl-PL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\pt-BR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\pt-PT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\ru-RU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\sv-SE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\tr-TR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\zh-CN\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\zh-HK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\zh-TW\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2-_K6lTtjSYNHLM8.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7i-hclJt.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7o_dfQXVcSB.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CPqgEkvnaFdq_y.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_F4Y77Iv__EabK.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Emq6vD0ivZ4XdEfJ.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eX-YvFXQkLn0gu2V.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ffTf6.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS00PnIq2P8Kp.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HZMv21_uk.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN mvP_WadxDj6.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iqS7xw7P.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivu v64ETcPV9Avp.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O5-QxOkuS7l.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePm7UfV1NMKY4Pl.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pknw9.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Qrw8cI.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\suJChr7SBbY4qJ.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Sw0t6XcCq_-sZjnOduKn.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tx70s-VsAQSc.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEGeQkzsNxB9WeTM.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VRP-Z6.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wY8i S_.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xj-o.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2CT69ygJXeQqr8Q.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5hGto9u9m313.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ACBE_lrqSEFAf.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BNK6dBch57n5aoP0t.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GkId5.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HXfImV4Qtfg1Ex.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\iDsL9dCjo_LaXt.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\m3fpL4NiO_tDUBU.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PSaER.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rHxPXYmZyC.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tosXZeBkp.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TUDp84ZZaxYWbhN0.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TvZ1bKJ tiq.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vqFDMq0vDJBGr2hc.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YbrQBo2.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ydHK_AJbvu6-wWm.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YuznX2-DO1aKAcy18.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1LH ai8TTh YEvyGD.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1m-pL.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OENLvsSvA_3B3xAhQM.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\5NnU5R.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7wK8zcb6fytX2DCx65.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8Wt-fr78MDaMolHBnA.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\AfS4W9T-vl.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\eVkUqXz.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f0KzGkVddjxFrhVbLx4y.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\fBS7mSNK6.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FIVz Pn-IkWrJfBV.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FUHOLzUUk7aWGniPbKU.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\GuF8APTZ9unXBfPE-UL_.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j9WBFDemL.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\L6arSbkZ7.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\m5E4cMfxi NqFn.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\OHu_s.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\QjxSgCh.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tjl_cEIieo_pVMS7Kw.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\uYJ6-T5.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\W7FUqTq.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\X CNm1ePx68ob.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XDsCW7KhypcISoT.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xhJyMD-UA.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XUycEgivdCqOtq.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ym45zlaZS.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0PKxTObiZ.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0XXhnuQwlnRW 1zNP6.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1FtUuIqrnmvC9b.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2HrWHjA4PKJeRGV.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8EmMRvazI4x9KWTUm.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AV3bVnC.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BjAZB51qWZoAHkE5.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\CWSnMwdRRtXA.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D131k21I.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dLald8SOrzsBDSo38L.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fQe1ychsju.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GFnV27F7zcqX6l.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GZFXJ5sPjVz.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\heN4k.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hFp26ULLEeCgRocq.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hOVtKO.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hs-cQ G F8kD3.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j6nzOT.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jppO8iseUv.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LtV7_Xi9cOpTXz1QsNs.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\lvjoq7Ac0y5wIsBJa.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\MhWRB9plYFucf8hAPu.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nqOPg0wxa3Z.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oIFGYUZwA9gCm l_aOn.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Oj9EUJHKpsOfq.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PE ApnfO.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QU_VRdUt NRyuxhaK.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\REDKpPryBoCE3SWLx1.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\riH elLcs.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Rk9GCNO.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S--e.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\SbXik3LvTBfT.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\skWySyu.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uA3602jdk4LLtIeK.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UJnG.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\watBxpzRgOgaq m-.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YdHbKfRnKrxhFcKFQ.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y_z1 i4Ltt8.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zJRA8eKdBctBG.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\znNdKX_AXzU74PLmUWg.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0g5wGPdK.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\81m98bb.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\bewfSQ65DCd3I.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\BgXRSx7UFqKOmFFcD3.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\E6tpFg5YUih.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\nUY4nxCO FfN6j.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\uU1kKYvSH0B.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\X SffuOAF0TL.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\2ZMRkOD2Lz_.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\9hdqtzw Z.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\eJ7XqPBACiw50mT5S.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\f9wy.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\1x2x9-0Xwg-1EWE.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\8i3DCjvaGbZD0.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\91os8u99hZG.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\NKvRPhAYf4Ra.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\ZZI5JtzTKrmNM.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\79si7ZeLhYFP.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\eknZ1ElyFLFFe.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\JljeDE FbKXuiY1.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\mJouaT8GLVkAGNwL.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\iZgdpj28McGBvZ.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\k GCuA4o1c5KGh.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\OQ3V ylmHyu5rZMlP.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\pUMjEQU7g4.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\-ef3Wc3uX6CMMun91g7o.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\b6wh.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\wpWUhevKBRfd9lm.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\06x3ed5rZHiwke9E.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\hkYdWviKftqSOmoU.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\q1mFKd_YNe1ZXJ.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\827UvCxR.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\ev5fZtMbXU-mo.xls	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\h1LjxbbEaGY.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\JB9Crr4gSM_9- n.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\mEnZGaCx-HF41kNT.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\5WOBU.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\Ca1cHda7JPJatHi.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\VOFBy.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\vwwPCJ.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\GybORRS.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\i aQpW6c954.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\OM-0BNFr0vxP9yGlxp.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\rHF1mal.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\xRZA5bTbxl.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\yySnK GxBcD.pps	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\75RcH8me-e.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\9M5mfpNiu.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\tAptBCu.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\zr0w9NBOX\uHy6bk3SudEl.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\651znms2s4dj.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\Sw-G7SU7kk.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\NnrUk7lhXvK.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\q9ql_Ez22le8gAau.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\5D72zjcGaxP.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\8SXrSbpJ3InRj4z.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Fz vkQH.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\HIQxU.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\I72HRyADAN.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\NvxdP_f.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\QPk6.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\RB_VbiG YqKM.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\ZAwkWcabdoc-gK4i7YW.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Zj1qqssvFW_0nIQh.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\6WrvXBq4WxmL.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\lhiTt9 LMR2EF6hN.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\Zk1KEVdjg.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\zMnh8m1qSffqOBU79Ql.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create Directory	C:\SystemID	-	1	Fn
Get Info	C:\SystemID\PersonalID.txt	type = file_type	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	type = size, size_out = 1178	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	type = size, size_out = 68382	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	type = size, size_out = 1171	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	type = size, size_out = 1177	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	type = size, size_out = 1174	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	type = size, size_out = 1172	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2-_K6lTtjSYNHLM8.doc	type = size, size_out = 72270	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	type = size, size_out = 538112	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7i-hclJt.ppt	type = size, size_out = 69295	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7o_dfQXVcSB.bmp	type = size, size_out = 27110	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CPqgEkvnaFdq_y.gif	type = size, size_out = 39817	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_F4Y77Iv__EabK.m4a	type = size, size_out = 39483	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Emq6vD0ivZ4XdEfJ.swf	type = size, size_out = 64991	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eX-YvFXQkLn0gu2V.jpg	type = size, size_out = 95569	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ffTf6.gif	type = size, size_out = 3062	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS00PnIq2P8Kp.gif	type = size, size_out = 17345	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HZMv21_uk.jpg	type = size, size_out = 78689	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN mvP_WadxDj6.m4a	type = size, size_out = 73116	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iqS7xw7P.ots	type = size, size_out = 67249	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivu v64ETcPV9Avp.jpg	type = size, size_out = 54750	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O5-QxOkuS7l.odt	type = size, size_out = 35003	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePm7UfV1NMKY4Pl.bmp	type = size, size_out = 73862	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pknw9.bmp	type = size, size_out = 61353	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Qrw8cI.bmp	type = size, size_out = 40644	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\suJChr7SBbY4qJ.mkv	type = size, size_out = 30342	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Sw0t6XcCq_-sZjnOduKn.jpg	type = size, size_out = 92534	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tx70s-VsAQSc.wav	type = size, size_out = 52198	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEGeQkzsNxB9WeTM.m4a	type = size, size_out = 21614	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VRP-Z6.png	type = size, size_out = 1820	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wY8i S_.flv	type = size, size_out = 53879	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xj-o.png	type = size, size_out = 41055	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2CT69ygJXeQqr8Q.docx	type = size, size_out = 18200	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5hGto9u9m313.docx	type = size, size_out = 96494	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ACBE_lrqSEFAf.pptx	type = size, size_out = 44758	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BNK6dBch57n5aoP0t.xlsx	type = size, size_out = 59507	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GkId5.pdf	type = size, size_out = 59089	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HXfImV4Qtfg1Ex.odp	type = size, size_out = 73583	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\iDsL9dCjo_LaXt.pptx	type = size, size_out = 53919	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\m3fpL4NiO_tDUBU.xlsx	type = size, size_out = 72734	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PSaER.xlsx	type = size, size_out = 83011	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rHxPXYmZyC.xlsx	type = size, size_out = 71799	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tosXZeBkp.docx	type = size, size_out = 88106	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TUDp84ZZaxYWbhN0.pptx	type = size, size_out = 55193	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TvZ1bKJ tiq.pptx	type = size, size_out = 57010	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vqFDMq0vDJBGr2hc.docx	type = size, size_out = 13757	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YbrQBo2.docx	type = size, size_out = 58304	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ydHK_AJbvu6-wWm.pptx	type = size, size_out = 71216	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YuznX2-DO1aKAcy18.xlsx	type = size, size_out = 77549	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1LH ai8TTh YEvyGD.m4a	type = size, size_out = 87674	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1m-pL.m4a	type = size, size_out = 43274	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OENLvsSvA_3B3xAhQM.wav	type = size, size_out = 47606	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\5NnU5R.mp3	type = size, size_out = 6071	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7wK8zcb6fytX2DCx65.m4a	type = size, size_out = 78592	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8Wt-fr78MDaMolHBnA.mp3	type = size, size_out = 25387	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\AfS4W9T-vl.m4a	type = size, size_out = 21197	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\eVkUqXz.mp3	type = size, size_out = 49511	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f0KzGkVddjxFrhVbLx4y.m4a	type = size, size_out = 96265	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\fBS7mSNK6.m4a	type = size, size_out = 83355	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FIVz Pn-IkWrJfBV.m4a	type = size, size_out = 16352	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FUHOLzUUk7aWGniPbKU.m4a	type = size, size_out = 50322	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\GuF8APTZ9unXBfPE-UL_.mp3	type = size, size_out = 90294	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j9WBFDemL.mp3	type = size, size_out = 75788	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\L6arSbkZ7.wav	type = size, size_out = 53228	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\m5E4cMfxi NqFn.wav	type = size, size_out = 42748	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\OHu_s.m4a	type = size, size_out = 95874	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\QjxSgCh.mp3	type = size, size_out = 31330	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tjl_cEIieo_pVMS7Kw.m4a	type = size, size_out = 12385	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\uYJ6-T5.mp3	type = size, size_out = 64527	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\W7FUqTq.mp3	type = size, size_out = 84786	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\X CNm1ePx68ob.wav	type = size, size_out = 26246	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XDsCW7KhypcISoT.mp3	type = size, size_out = 17925	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xhJyMD-UA.mp3	type = size, size_out = 41943	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XUycEgivdCqOtq.wav	type = size, size_out = 2085	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ym45zlaZS.m4a	type = size, size_out = 3141	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0PKxTObiZ.gif	type = size, size_out = 76145	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0XXhnuQwlnRW 1zNP6.png	type = size, size_out = 17839	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1FtUuIqrnmvC9b.bmp	type = size, size_out = 17111	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2HrWHjA4PKJeRGV.bmp	type = size, size_out = 39447	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8EmMRvazI4x9KWTUm.png	type = size, size_out = 26321	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AV3bVnC.png	type = size, size_out = 40897	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BjAZB51qWZoAHkE5.bmp	type = size, size_out = 79658	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\CWSnMwdRRtXA.png	type = size, size_out = 99781	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D131k21I.jpg	type = size, size_out = 32452	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dLald8SOrzsBDSo38L.gif	type = size, size_out = 32517	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fQe1ychsju.png	type = size, size_out = 91903	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GFnV27F7zcqX6l.jpg	type = size, size_out = 24957	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GZFXJ5sPjVz.png	type = size, size_out = 79356	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\heN4k.jpg	type = size, size_out = 7106	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hFp26ULLEeCgRocq.jpg	type = size, size_out = 80902	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hOVtKO.png	type = size, size_out = 72193	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hs-cQ G F8kD3.jpg	type = size, size_out = 53603	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j6nzOT.png	type = size, size_out = 40974	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jppO8iseUv.bmp	type = size, size_out = 48179	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LtV7_Xi9cOpTXz1QsNs.jpg	type = size, size_out = 51583	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\lvjoq7Ac0y5wIsBJa.png	type = size, size_out = 43749	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\MhWRB9plYFucf8hAPu.bmp	type = size, size_out = 101577	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nqOPg0wxa3Z.bmp	type = size, size_out = 62737	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oIFGYUZwA9gCm l_aOn.gif	type = size, size_out = 54493	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Oj9EUJHKpsOfq.jpg	type = size, size_out = 23656	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PE ApnfO.bmp	type = size, size_out = 3849	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QU_VRdUt NRyuxhaK.gif	type = size, size_out = 70814	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\REDKpPryBoCE3SWLx1.png	type = size, size_out = 12867	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\riH elLcs.png	type = size, size_out = 18517	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Rk9GCNO.png	type = size, size_out = 58769	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S--e.jpg	type = size, size_out = 61593	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\SbXik3LvTBfT.jpg	type = size, size_out = 99366	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\skWySyu.bmp	type = size, size_out = 16418	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uA3602jdk4LLtIeK.png	type = size, size_out = 26862	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UJnG.jpg	type = size, size_out = 72161	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\watBxpzRgOgaq m-.bmp	type = size, size_out = 61454	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YdHbKfRnKrxhFcKFQ.png	type = size, size_out = 81674	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y_z1 i4Ltt8.jpg	type = size, size_out = 75870	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zJRA8eKdBctBG.png	type = size, size_out = 36300	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\znNdKX_AXzU74PLmUWg.bmp	type = size, size_out = 21098	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0g5wGPdK.flv	type = size, size_out = 71785	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\81m98bb.mp4	type = size, size_out = 56394	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\bewfSQ65DCd3I.mkv	type = size, size_out = 3433	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\BgXRSx7UFqKOmFFcD3.avi	type = size, size_out = 94520	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\E6tpFg5YUih.mkv	type = size, size_out = 52584	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\nUY4nxCO FfN6j.gif	type = size, size_out = 86752	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\uU1kKYvSH0B.flv	type = size, size_out = 7470	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\X SffuOAF0TL.avi	type = size, size_out = 65593	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\2ZMRkOD2Lz_.xls	type = size, size_out = 92849	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\9hdqtzw Z.xlsx	type = size, size_out = 76768	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\eJ7XqPBACiw50mT5S.ppt	type = size, size_out = 35826	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\f9wy.ppt	type = size, size_out = 92305	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss	type = size, size_out = 0	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	type = size, size_out = 271360	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	type = size, size_out = 236	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	type = size, size_out = 226	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	type = size, size_out = 134	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\1x2x9-0Xwg-1EWE.mp4	type = size, size_out = 68582	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\8i3DCjvaGbZD0.mkv	type = size, size_out = 101220	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\91os8u99hZG.avi	type = size, size_out = 26539	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\NKvRPhAYf4Ra.swf	type = size, size_out = 51666	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\ZZI5JtzTKrmNM.avi	type = size, size_out = 87706	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\79si7ZeLhYFP.flv	type = size, size_out = 90146	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\eknZ1ElyFLFFe.swf	type = size, size_out = 1991	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\JljeDE FbKXuiY1.swf	type = size, size_out = 64126	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\mJouaT8GLVkAGNwL.mp4	type = size, size_out = 52542	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\iZgdpj28McGBvZ.flv	type = size, size_out = 28574	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\k GCuA4o1c5KGh.avi	type = size, size_out = 28795	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\OQ3V ylmHyu5rZMlP.avi	type = size, size_out = 6795	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\pUMjEQU7g4.mkv	type = size, size_out = 84128	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\-ef3Wc3uX6CMMun91g7o.avi	type = size, size_out = 77015	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\b6wh.swf	type = size, size_out = 49357	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\wpWUhevKBRfd9lm.swf	type = size, size_out = 26302	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\06x3ed5rZHiwke9E.flv	type = size, size_out = 25383	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\hkYdWviKftqSOmoU.mp4	type = size, size_out = 36193	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\q1mFKd_YNe1ZXJ.swf	type = size, size_out = 22352	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\827UvCxR.ods	type = size, size_out = 89901	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\ev5fZtMbXU-mo.xls	type = size, size_out = 19756	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\h1LjxbbEaGY.odp	type = size, size_out = 3847	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\JB9Crr4gSM_9- n.ods	type = size, size_out = 53518	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\mEnZGaCx-HF41kNT.pdf	type = size, size_out = 35480	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	type = size, size_out = 29926	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\5WOBU.doc	type = size, size_out = 82322	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\Ca1cHda7JPJatHi.ods	type = size, size_out = 79984	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\VOFBy.ppt	type = size, size_out = 40512	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\vwwPCJ.csv	type = size, size_out = 61105	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\GybORRS.doc	type = size, size_out = 22564	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\i aQpW6c954.odt	type = size, size_out = 101112	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\OM-0BNFr0vxP9yGlxp.rtf	type = size, size_out = 99159	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\rHF1mal.ots	type = size, size_out = 62998	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\xRZA5bTbxl.xlsx	type = size, size_out = 56083	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\yySnK GxBcD.pps	type = size, size_out = 44143	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\75RcH8me-e.mp4	type = size, size_out = 48671	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\9M5mfpNiu.avi	type = size, size_out = 24766	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\tAptBCu.swf	type = size, size_out = 47337	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\zr0w9NBOX\uHy6bk3SudEl.avi	type = size, size_out = 24377	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\651znms2s4dj.ots	type = size, size_out = 24079	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\Sw-G7SU7kk.pdf	type = size, size_out = 36302	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\NnrUk7lhXvK.avi	type = size, size_out = 11529	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\q9ql_Ez22le8gAau.flv	type = size, size_out = 57460	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	type = size, size_out = 42495	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	type = size, size_out = 32768	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	type = size, size_out = 581730	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	type = size, size_out = 185344	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	type = size, size_out = 719	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	type = size, size_out = 25340970	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	type = size, size_out = 906752	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\5D72zjcGaxP.docx	type = size, size_out = 9169	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\8SXrSbpJ3InRj4z.ppt	type = size, size_out = 17380	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Fz vkQH.xlsx	type = size, size_out = 58047	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\HIQxU.ppt	type = size, size_out = 91893	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\I72HRyADAN.pptx	type = size, size_out = 6676	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\NvxdP_f.pdf	type = size, size_out = 83335	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\QPk6.doc	type = size, size_out = 93920	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\RB_VbiG YqKM.csv	type = size, size_out = 80217	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\ZAwkWcabdoc-gK4i7YW.rtf	type = size, size_out = 64991	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Zj1qqssvFW_0nIQh.ots	type = size, size_out = 92968	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\6WrvXBq4WxmL.odt	type = size, size_out = 43129	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\lhiTt9 LMR2EF6hN.odp	type = size, size_out = 62416	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\Zk1KEVdjg.csv	type = size, size_out = 51001	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\zMnh8m1qSffqOBU79Ql.ods	type = size, size_out = 77880	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	type = size, size_out = 13	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml	type = size, size_out = 13	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	type = size, size_out = 836	1	Fn
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2-_K6lTtjSYNHLM8.doc.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2-_K6lTtjSYNHLM8.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7i-hclJt.ppt.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7i-hclJt.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7o_dfQXVcSB.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7o_dfQXVcSB.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CPqgEkvnaFdq_y.gif.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CPqgEkvnaFdq_y.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_F4Y77Iv__EabK.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_F4Y77Iv__EabK.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Emq6vD0ivZ4XdEfJ.swf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Emq6vD0ivZ4XdEfJ.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eX-YvFXQkLn0gu2V.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eX-YvFXQkLn0gu2V.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ffTf6.gif.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ffTf6.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS00PnIq2P8Kp.gif.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS00PnIq2P8Kp.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HZMv21_uk.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HZMv21_uk.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN mvP_WadxDj6.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN mvP_WadxDj6.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iqS7xw7P.ots.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iqS7xw7P.ots	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivu v64ETcPV9Avp.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivu v64ETcPV9Avp.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O5-QxOkuS7l.odt.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O5-QxOkuS7l.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePm7UfV1NMKY4Pl.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePm7UfV1NMKY4Pl.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pknw9.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pknw9.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Qrw8cI.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Qrw8cI.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\suJChr7SBbY4qJ.mkv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\suJChr7SBbY4qJ.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Sw0t6XcCq_-sZjnOduKn.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Sw0t6XcCq_-sZjnOduKn.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tx70s-VsAQSc.wav.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tx70s-VsAQSc.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEGeQkzsNxB9WeTM.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEGeQkzsNxB9WeTM.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VRP-Z6.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VRP-Z6.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wY8i S_.flv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wY8i S_.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xj-o.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xj-o.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2CT69ygJXeQqr8Q.docx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2CT69ygJXeQqr8Q.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5hGto9u9m313.docx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5hGto9u9m313.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ACBE_lrqSEFAf.pptx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ACBE_lrqSEFAf.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BNK6dBch57n5aoP0t.xlsx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BNK6dBch57n5aoP0t.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GkId5.pdf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GkId5.pdf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HXfImV4Qtfg1Ex.odp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HXfImV4Qtfg1Ex.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\iDsL9dCjo_LaXt.pptx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\iDsL9dCjo_LaXt.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\m3fpL4NiO_tDUBU.xlsx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\m3fpL4NiO_tDUBU.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PSaER.xlsx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PSaER.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rHxPXYmZyC.xlsx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rHxPXYmZyC.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tosXZeBkp.docx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tosXZeBkp.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TUDp84ZZaxYWbhN0.pptx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TUDp84ZZaxYWbhN0.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TvZ1bKJ tiq.pptx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TvZ1bKJ tiq.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vqFDMq0vDJBGr2hc.docx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vqFDMq0vDJBGr2hc.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YbrQBo2.docx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YbrQBo2.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ydHK_AJbvu6-wWm.pptx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ydHK_AJbvu6-wWm.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YuznX2-DO1aKAcy18.xlsx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YuznX2-DO1aKAcy18.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1LH ai8TTh YEvyGD.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\1LH ai8TTh YEvyGD.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1m-pL.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\1m-pL.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OENLvsSvA_3B3xAhQM.wav.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OENLvsSvA_3B3xAhQM.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\5NnU5R.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\5NnU5R.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7wK8zcb6fytX2DCx65.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7wK8zcb6fytX2DCx65.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8Wt-fr78MDaMolHBnA.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\8Wt-fr78MDaMolHBnA.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\AfS4W9T-vl.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\AfS4W9T-vl.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\eVkUqXz.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\eVkUqXz.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f0KzGkVddjxFrhVbLx4y.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\f0KzGkVddjxFrhVbLx4y.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\fBS7mSNK6.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\fBS7mSNK6.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FIVz Pn-IkWrJfBV.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\FIVz Pn-IkWrJfBV.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FUHOLzUUk7aWGniPbKU.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\FUHOLzUUk7aWGniPbKU.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\GuF8APTZ9unXBfPE-UL_.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\GuF8APTZ9unXBfPE-UL_.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j9WBFDemL.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\j9WBFDemL.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\L6arSbkZ7.wav.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\L6arSbkZ7.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\m5E4cMfxi NqFn.wav.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\m5E4cMfxi NqFn.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\OHu_s.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\OHu_s.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\QjxSgCh.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\QjxSgCh.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tjl_cEIieo_pVMS7Kw.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\tjl_cEIieo_pVMS7Kw.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\uYJ6-T5.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\uYJ6-T5.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\W7FUqTq.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\W7FUqTq.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\X CNm1ePx68ob.wav.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\X CNm1ePx68ob.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XDsCW7KhypcISoT.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\XDsCW7KhypcISoT.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xhJyMD-UA.mp3.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\xhJyMD-UA.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XUycEgivdCqOtq.wav.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\XUycEgivdCqOtq.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ym45zlaZS.m4a.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ym45zlaZS.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0PKxTObiZ.gif.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0PKxTObiZ.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0XXhnuQwlnRW 1zNP6.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0XXhnuQwlnRW 1zNP6.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1FtUuIqrnmvC9b.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1FtUuIqrnmvC9b.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2HrWHjA4PKJeRGV.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2HrWHjA4PKJeRGV.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8EmMRvazI4x9KWTUm.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8EmMRvazI4x9KWTUm.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AV3bVnC.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AV3bVnC.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BjAZB51qWZoAHkE5.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BjAZB51qWZoAHkE5.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\CWSnMwdRRtXA.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\CWSnMwdRRtXA.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D131k21I.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D131k21I.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dLald8SOrzsBDSo38L.gif.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dLald8SOrzsBDSo38L.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fQe1ychsju.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fQe1ychsju.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GFnV27F7zcqX6l.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GFnV27F7zcqX6l.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GZFXJ5sPjVz.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GZFXJ5sPjVz.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\heN4k.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\heN4k.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hFp26ULLEeCgRocq.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hFp26ULLEeCgRocq.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hOVtKO.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hOVtKO.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hs-cQ G F8kD3.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hs-cQ G F8kD3.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j6nzOT.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j6nzOT.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jppO8iseUv.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jppO8iseUv.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LtV7_Xi9cOpTXz1QsNs.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LtV7_Xi9cOpTXz1QsNs.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\lvjoq7Ac0y5wIsBJa.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\lvjoq7Ac0y5wIsBJa.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\MhWRB9plYFucf8hAPu.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\MhWRB9plYFucf8hAPu.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nqOPg0wxa3Z.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nqOPg0wxa3Z.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oIFGYUZwA9gCm l_aOn.gif.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oIFGYUZwA9gCm l_aOn.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Oj9EUJHKpsOfq.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Oj9EUJHKpsOfq.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PE ApnfO.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PE ApnfO.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QU_VRdUt NRyuxhaK.gif.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QU_VRdUt NRyuxhaK.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\REDKpPryBoCE3SWLx1.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\REDKpPryBoCE3SWLx1.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\riH elLcs.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\riH elLcs.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Rk9GCNO.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Rk9GCNO.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S--e.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S--e.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\SbXik3LvTBfT.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\SbXik3LvTBfT.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\skWySyu.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\skWySyu.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uA3602jdk4LLtIeK.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uA3602jdk4LLtIeK.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UJnG.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UJnG.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\watBxpzRgOgaq m-.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\watBxpzRgOgaq m-.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YdHbKfRnKrxhFcKFQ.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YdHbKfRnKrxhFcKFQ.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y_z1 i4Ltt8.jpg.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y_z1 i4Ltt8.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zJRA8eKdBctBG.png.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zJRA8eKdBctBG.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\znNdKX_AXzU74PLmUWg.bmp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\znNdKX_AXzU74PLmUWg.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0g5wGPdK.flv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0g5wGPdK.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\81m98bb.mp4.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\81m98bb.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\bewfSQ65DCd3I.mkv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\bewfSQ65DCd3I.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\BgXRSx7UFqKOmFFcD3.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\BgXRSx7UFqKOmFFcD3.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\E6tpFg5YUih.mkv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\E6tpFg5YUih.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\nUY4nxCO FfN6j.gif.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\nUY4nxCO FfN6j.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\uU1kKYvSH0B.flv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\uU1kKYvSH0B.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\X SffuOAF0TL.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\X SffuOAF0TL.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\2ZMRkOD2Lz_.xls.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\2ZMRkOD2Lz_.xls	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\9hdqtzw Z.xlsx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\9hdqtzw Z.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\eJ7XqPBACiw50mT5S.ppt.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\eJ7XqPBACiw50mT5S.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\f9wy.ppt.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\f9wy.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\1x2x9-0Xwg-1EWE.mp4.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\1x2x9-0Xwg-1EWE.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\8i3DCjvaGbZD0.mkv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\8i3DCjvaGbZD0.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\91os8u99hZG.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\91os8u99hZG.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\NKvRPhAYf4Ra.swf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\NKvRPhAYf4Ra.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\ZZI5JtzTKrmNM.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\ZZI5JtzTKrmNM.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\79si7ZeLhYFP.flv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\79si7ZeLhYFP.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\eknZ1ElyFLFFe.swf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\eknZ1ElyFLFFe.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\JljeDE FbKXuiY1.swf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\JljeDE FbKXuiY1.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\mJouaT8GLVkAGNwL.mp4.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\C1rxOBMk76mToWuy0Nfm\mJouaT8GLVkAGNwL.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\iZgdpj28McGBvZ.flv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\iZgdpj28McGBvZ.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\k GCuA4o1c5KGh.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\k GCuA4o1c5KGh.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\OQ3V ylmHyu5rZMlP.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\OQ3V ylmHyu5rZMlP.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\pUMjEQU7g4.mkv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\pUMjEQU7g4.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\-ef3Wc3uX6CMMun91g7o.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\-ef3Wc3uX6CMMun91g7o.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\b6wh.swf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\b6wh.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\wpWUhevKBRfd9lm.swf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\TtcUW\wpWUhevKBRfd9lm.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\06x3ed5rZHiwke9E.flv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\06x3ed5rZHiwke9E.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\hkYdWviKftqSOmoU.mp4.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\hkYdWviKftqSOmoU.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\q1mFKd_YNe1ZXJ.swf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\VAl2x_eF9QxFAJr5rV\q1mFKd_YNe1ZXJ.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\827UvCxR.ods.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\827UvCxR.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\ev5fZtMbXU-mo.xls.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\ev5fZtMbXU-mo.xls	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\h1LjxbbEaGY.odp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\h1LjxbbEaGY.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\JB9Crr4gSM_9- n.ods.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\JB9Crr4gSM_9- n.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\mEnZGaCx-HF41kNT.pdf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\qIBuq\mEnZGaCx-HF41kNT.pdf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\5WOBU.doc.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\5WOBU.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\Ca1cHda7JPJatHi.ods.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\Ca1cHda7JPJatHi.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\VOFBy.ppt.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\VOFBy.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\vwwPCJ.csv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\vwwPCJ.csv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\GybORRS.doc.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\GybORRS.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\i aQpW6c954.odt.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\i aQpW6c954.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\OM-0BNFr0vxP9yGlxp.rtf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\OM-0BNFr0vxP9yGlxp.rtf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\rHF1mal.ots.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\rHF1mal.ots	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\xRZA5bTbxl.xlsx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\xRZA5bTbxl.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\yySnK GxBcD.pps.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\s-2Yi4nxLO_tQ5d\yySnK GxBcD.pps	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\75RcH8me-e.mp4.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\75RcH8me-e.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\9M5mfpNiu.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\9M5mfpNiu.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\tAptBCu.swf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\tAptBCu.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\zr0w9NBOX\uHy6bk3SudEl.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\zr0w9NBOX\uHy6bk3SudEl.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\651znms2s4dj.ots.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\651znms2s4dj.ots	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\Sw-G7SU7kk.pdf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\Sw-G7SU7kk.pdf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\NnrUk7lhXvK.avi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\NnrUk7lhXvK.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\q9ql_Ez22le8gAau.flv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\jDCuGCvpf1uArI\DazZdjJb9WM2iqx\aMTPOWpHV-gn\q9ql_Ez22le8gAau.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\5D72zjcGaxP.docx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\5D72zjcGaxP.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\8SXrSbpJ3InRj4z.ppt.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\8SXrSbpJ3InRj4z.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Fz vkQH.xlsx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Fz vkQH.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\HIQxU.ppt.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\HIQxU.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\I72HRyADAN.pptx.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\I72HRyADAN.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\NvxdP_f.pdf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\NvxdP_f.pdf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\QPk6.doc.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\QPk6.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\RB_VbiG YqKM.csv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\RB_VbiG YqKM.csv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\ZAwkWcabdoc-gK4i7YW.rtf.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\ZAwkWcabdoc-gK4i7YW.rtf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Zj1qqssvFW_0nIQh.ots.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\H8Jb9z2r7CZ5\Zj1qqssvFW_0nIQh.ots	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\6WrvXBq4WxmL.odt.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\6WrvXBq4WxmL.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\lhiTt9 LMR2EF6hN.odp.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\lhiTt9 LMR2EF6hN.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\Zk1KEVdjg.csv.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\Zk1KEVdjg.csv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\zMnh8m1qSffqOBU79Ql.ods.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YSKur86t\7sg88LIA79bVPrOA\jCjO-w4 p w1\sx6 WWNEtkP28pvoC\zMnh8m1qSffqOBU79Ql.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml.dalle	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	1	Fn
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	size = 153605, size_out = 1178	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	size = 153605, size_out = 68382	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	size = 153605, size_out = 1171	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	size = 153605, size_out = 1177	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	size = 153605, size_out = 1174	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	size = 153605, size_out = 1172	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2-_K6lTtjSYNHLM8.doc	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2-_K6lTtjSYNHLM8.doc	size = 153605, size_out = 72270	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\370E.tmp.exe	size = 153605, size_out = 153605	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7i-hclJt.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7i-hclJt.ppt	size = 153605, size_out = 69295	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7o_dfQXVcSB.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7o_dfQXVcSB.bmp	size = 153605, size_out = 27110	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CPqgEkvnaFdq_y.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CPqgEkvnaFdq_y.gif	size = 153605, size_out = 39817	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_F4Y77Iv__EabK.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_F4Y77Iv__EabK.m4a	size = 153605, size_out = 39483	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Emq6vD0ivZ4XdEfJ.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Emq6vD0ivZ4XdEfJ.swf	size = 153605, size_out = 64991	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eX-YvFXQkLn0gu2V.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\eX-YvFXQkLn0gu2V.jpg	size = 153605, size_out = 95569	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ffTf6.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ffTf6.gif	size = 153605, size_out = 3062	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS00PnIq2P8Kp.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HS00PnIq2P8Kp.gif	size = 153605, size_out = 17345	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HZMv21_uk.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HZMv21_uk.jpg	size = 153605, size_out = 78689	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN mvP_WadxDj6.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iN mvP_WadxDj6.m4a	size = 153605, size_out = 73116	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iqS7xw7P.ots	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iqS7xw7P.ots	size = 153605, size_out = 67249	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivu v64ETcPV9Avp.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivu v64ETcPV9Avp.jpg	size = 153605, size_out = 54750	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O5-QxOkuS7l.odt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\O5-QxOkuS7l.odt	size = 153605, size_out = 35003	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePm7UfV1NMKY4Pl.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oePm7UfV1NMKY4Pl.bmp	size = 153605, size_out = 73862	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pknw9.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pknw9.bmp	size = 153605, size_out = 61353	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Qrw8cI.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Qrw8cI.bmp	size = 153605, size_out = 40644	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\suJChr7SBbY4qJ.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\suJChr7SBbY4qJ.mkv	size = 153605, size_out = 30342	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Sw0t6XcCq_-sZjnOduKn.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Sw0t6XcCq_-sZjnOduKn.jpg	size = 153605, size_out = 92534	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tx70s-VsAQSc.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Tx70s-VsAQSc.wav	size = 153605, size_out = 52198	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEGeQkzsNxB9WeTM.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uEGeQkzsNxB9WeTM.m4a	size = 153605, size_out = 21614	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VRP-Z6.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VRP-Z6.png	size = 153605, size_out = 1820	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wY8i S_.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wY8i S_.flv	size = 153605, size_out = 53879	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xj-o.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xj-o.png	size = 153605, size_out = 41055	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2CT69ygJXeQqr8Q.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2CT69ygJXeQqr8Q.docx	size = 153605, size_out = 18200	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5hGto9u9m313.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5hGto9u9m313.docx	size = 153605, size_out = 96494	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ACBE_lrqSEFAf.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ACBE_lrqSEFAf.pptx	size = 153605, size_out = 44758	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BNK6dBch57n5aoP0t.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BNK6dBch57n5aoP0t.xlsx	size = 153605, size_out = 59507	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GkId5.pdf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GkId5.pdf	size = 153605, size_out = 59089	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HXfImV4Qtfg1Ex.odp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\HXfImV4Qtfg1Ex.odp	size = 153605, size_out = 73583	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\iDsL9dCjo_LaXt.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\iDsL9dCjo_LaXt.pptx	size = 153605, size_out = 53919	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\m3fpL4NiO_tDUBU.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\m3fpL4NiO_tDUBU.xlsx	size = 153605, size_out = 72734	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PSaER.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PSaER.xlsx	size = 153605, size_out = 83011	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rHxPXYmZyC.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rHxPXYmZyC.xlsx	size = 153605, size_out = 71799	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tosXZeBkp.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tosXZeBkp.docx	size = 153605, size_out = 88106	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TUDp84ZZaxYWbhN0.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TUDp84ZZaxYWbhN0.pptx	size = 153605, size_out = 55193	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TvZ1bKJ tiq.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TvZ1bKJ tiq.pptx	size = 153605, size_out = 57010	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vqFDMq0vDJBGr2hc.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\vqFDMq0vDJBGr2hc.docx	size = 153605, size_out = 13757	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YbrQBo2.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YbrQBo2.docx	size = 153605, size_out = 58304	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ydHK_AJbvu6-wWm.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ydHK_AJbvu6-wWm.pptx	size = 153605, size_out = 71216	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YuznX2-DO1aKAcy18.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\YuznX2-DO1aKAcy18.xlsx	size = 153605, size_out = 77549	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1LH ai8TTh YEvyGD.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1LH ai8TTh YEvyGD.m4a	size = 153605, size_out = 87674	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1m-pL.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1m-pL.m4a	size = 153605, size_out = 43274	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OENLvsSvA_3B3xAhQM.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1OENLvsSvA_3B3xAhQM.wav	size = 153605, size_out = 47606	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\5NnU5R.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\5NnU5R.mp3	size = 153605, size_out = 6071	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7wK8zcb6fytX2DCx65.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7wK8zcb6fytX2DCx65.m4a	size = 153605, size_out = 78592	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8Wt-fr78MDaMolHBnA.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8Wt-fr78MDaMolHBnA.mp3	size = 153605, size_out = 25387	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\AfS4W9T-vl.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\AfS4W9T-vl.m4a	size = 153605, size_out = 21197	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\eVkUqXz.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\eVkUqXz.mp3	size = 153605, size_out = 49511	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f0KzGkVddjxFrhVbLx4y.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\f0KzGkVddjxFrhVbLx4y.m4a	size = 153605, size_out = 96265	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\fBS7mSNK6.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\fBS7mSNK6.m4a	size = 153605, size_out = 83355	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FIVz Pn-IkWrJfBV.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FIVz Pn-IkWrJfBV.m4a	size = 153605, size_out = 16352	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FUHOLzUUk7aWGniPbKU.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\FUHOLzUUk7aWGniPbKU.m4a	size = 153605, size_out = 50322	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\GuF8APTZ9unXBfPE-UL_.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\GuF8APTZ9unXBfPE-UL_.mp3	size = 153605, size_out = 90294	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j9WBFDemL.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j9WBFDemL.mp3	size = 153605, size_out = 75788	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\L6arSbkZ7.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\L6arSbkZ7.wav	size = 153605, size_out = 53228	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\m5E4cMfxi NqFn.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\m5E4cMfxi NqFn.wav	size = 153605, size_out = 42748	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\OHu_s.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\OHu_s.m4a	size = 153605, size_out = 95874	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\QjxSgCh.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\QjxSgCh.mp3	size = 153605, size_out = 31330	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tjl_cEIieo_pVMS7Kw.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\tjl_cEIieo_pVMS7Kw.m4a	size = 153605, size_out = 12385	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\uYJ6-T5.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\uYJ6-T5.mp3	size = 153605, size_out = 64527	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\W7FUqTq.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\W7FUqTq.mp3	size = 153605, size_out = 84786	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\X CNm1ePx68ob.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\X CNm1ePx68ob.wav	size = 153605, size_out = 26246	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XDsCW7KhypcISoT.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XDsCW7KhypcISoT.mp3	size = 153605, size_out = 17925	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xhJyMD-UA.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xhJyMD-UA.mp3	size = 153605, size_out = 41943	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XUycEgivdCqOtq.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\XUycEgivdCqOtq.wav	size = 153605, size_out = 2085	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ym45zlaZS.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ym45zlaZS.m4a	size = 153605, size_out = 3141	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0PKxTObiZ.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0PKxTObiZ.gif	size = 153605, size_out = 76145	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0XXhnuQwlnRW 1zNP6.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0XXhnuQwlnRW 1zNP6.png	size = 153605, size_out = 17839	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1FtUuIqrnmvC9b.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1FtUuIqrnmvC9b.bmp	size = 153605, size_out = 17111	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2HrWHjA4PKJeRGV.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2HrWHjA4PKJeRGV.bmp	size = 153605, size_out = 39447	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8EmMRvazI4x9KWTUm.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8EmMRvazI4x9KWTUm.png	size = 153605, size_out = 26321	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AV3bVnC.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AV3bVnC.png	size = 153605, size_out = 40897	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BjAZB51qWZoAHkE5.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BjAZB51qWZoAHkE5.bmp	size = 153605, size_out = 79658	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\CWSnMwdRRtXA.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\CWSnMwdRRtXA.png	size = 153605, size_out = 99781	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D131k21I.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D131k21I.jpg	size = 153605, size_out = 32452	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dLald8SOrzsBDSo38L.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dLald8SOrzsBDSo38L.gif	size = 153605, size_out = 32517	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fQe1ychsju.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fQe1ychsju.png	size = 153605, size_out = 91903	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GFnV27F7zcqX6l.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GFnV27F7zcqX6l.jpg	size = 153605, size_out = 24957	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GZFXJ5sPjVz.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\GZFXJ5sPjVz.png	size = 153605, size_out = 79356	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\heN4k.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\heN4k.jpg	size = 153605, size_out = 7106	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hFp26ULLEeCgRocq.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hFp26ULLEeCgRocq.jpg	size = 153605, size_out = 80902	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hOVtKO.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hOVtKO.png	size = 153605, size_out = 72193	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hs-cQ G F8kD3.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hs-cQ G F8kD3.jpg	size = 153605, size_out = 53603	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j6nzOT.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\j6nzOT.png	size = 153605, size_out = 40974	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jppO8iseUv.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jppO8iseUv.bmp	size = 153605, size_out = 48179	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LtV7_Xi9cOpTXz1QsNs.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LtV7_Xi9cOpTXz1QsNs.jpg	size = 153605, size_out = 51583	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\lvjoq7Ac0y5wIsBJa.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\lvjoq7Ac0y5wIsBJa.png	size = 153605, size_out = 43749	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\MhWRB9plYFucf8hAPu.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\MhWRB9plYFucf8hAPu.bmp	size = 153605, size_out = 101577	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nqOPg0wxa3Z.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\nqOPg0wxa3Z.bmp	size = 153605, size_out = 62737	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oIFGYUZwA9gCm l_aOn.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oIFGYUZwA9gCm l_aOn.gif	size = 153605, size_out = 54493	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Oj9EUJHKpsOfq.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Oj9EUJHKpsOfq.jpg	size = 153605, size_out = 23656	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PE ApnfO.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PE ApnfO.bmp	size = 153605, size_out = 3849	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QU_VRdUt NRyuxhaK.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\QU_VRdUt NRyuxhaK.gif	size = 153605, size_out = 70814	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\REDKpPryBoCE3SWLx1.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\REDKpPryBoCE3SWLx1.png	size = 153605, size_out = 12867	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\riH elLcs.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\riH elLcs.png	size = 153605, size_out = 18517	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Rk9GCNO.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Rk9GCNO.png	size = 153605, size_out = 58769	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S--e.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S--e.jpg	size = 153605, size_out = 61593	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\SbXik3LvTBfT.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\SbXik3LvTBfT.jpg	size = 153605, size_out = 99366	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\skWySyu.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\skWySyu.bmp	size = 153605, size_out = 16418	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uA3602jdk4LLtIeK.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uA3602jdk4LLtIeK.png	size = 153605, size_out = 26862	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UJnG.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UJnG.jpg	size = 153605, size_out = 72161	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\watBxpzRgOgaq m-.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\watBxpzRgOgaq m-.bmp	size = 153605, size_out = 61454	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YdHbKfRnKrxhFcKFQ.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\YdHbKfRnKrxhFcKFQ.png	size = 153605, size_out = 81674	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y_z1 i4Ltt8.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y_z1 i4Ltt8.jpg	size = 153605, size_out = 75870	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zJRA8eKdBctBG.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zJRA8eKdBctBG.png	size = 153605, size_out = 36300	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\znNdKX_AXzU74PLmUWg.bmp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\znNdKX_AXzU74PLmUWg.bmp	size = 153605, size_out = 21098	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0g5wGPdK.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0g5wGPdK.flv	size = 153605, size_out = 71785	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\81m98bb.mp4	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\81m98bb.mp4	size = 153605, size_out = 56394	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\bewfSQ65DCd3I.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\bewfSQ65DCd3I.mkv	size = 153605, size_out = 3433	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\BgXRSx7UFqKOmFFcD3.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\BgXRSx7UFqKOmFFcD3.avi	size = 153605, size_out = 94520	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\E6tpFg5YUih.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\E6tpFg5YUih.mkv	size = 153605, size_out = 52584	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\nUY4nxCO FfN6j.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\nUY4nxCO FfN6j.gif	size = 153605, size_out = 86752	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\uU1kKYvSH0B.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\uU1kKYvSH0B.flv	size = 153605, size_out = 7470	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\X SffuOAF0TL.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xwoxab1ONVdFr-x7cTy\X SffuOAF0TL.avi	size = 153605, size_out = 65593	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\2ZMRkOD2Lz_.xls	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\2ZMRkOD2Lz_.xls	size = 153605, size_out = 92849	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\9hdqtzw Z.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\9hdqtzw Z.xlsx	size = 153605, size_out = 76768	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\eJ7XqPBACiw50mT5S.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\eJ7XqPBACiw50mT5S.ppt	size = 153605, size_out = 35826	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\f9wy.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BZeNr_asZgOghC\f9wy.ppt	size = 153605, size_out = 92305	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	size = 153605, size_out = 153605	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	size = 153605, size_out = 236	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	size = 153605, size_out = 226	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	size = 153605, size_out = 134	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	size = 153605, size_out = 133	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\1x2x9-0Xwg-1EWE.mp4	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\1x2x9-0Xwg-1EWE.mp4	size = 153605, size_out = 68582	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3RmBDGRm1\8i3DCjvaGbZD0.mkv	size = 38, size_out = 38	1	Fn Data
Write	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1m-pL.m4a	size = 43269	1	Fn Data
For performance reasons, the remaining 494 entries are omitted. The remaining entries can be found in glog.xml.

Registry (5)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe" --AutoStart, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	value_name = SysHelper, data = 0, type = REG_NONE	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	value_name = SysHelper, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN	1	Fn

Process (28)

Operation	Process	Additional Information	Count	Logfile
Enumerate Processes	-	-	1	Fn
Open	System	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\smss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wininit.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\winlogon.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\services.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsass.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\consent.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\userinit.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\explorer.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dllhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\spoolsv.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dllhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\rundll32.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dinotify.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn

Module (437)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x764a0000	3	Fn
Load	RPCRT4.dll	base_address = 0x76140000	1	Fn
Load	MPR.dll	base_address = 0x75320000	1	Fn
Load	WININET.dll	base_address = 0x753d0000	1	Fn
Load	WINMM.dll	base_address = 0x752e0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x766f0000	1	Fn
Load	KERNEL32.dll	base_address = 0x764a0000	1	Fn
Load	USER32.dll	base_address = 0x77110000	1	Fn
Load	ADVAPI32.dll	base_address = 0x76610000	1	Fn
Load	SHELL32.dll	base_address = 0x754f0000	1	Fn
Load	ole32.dll	base_address = 0x762d0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x76e90000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x752c0000	1	Fn
Load	WS2_32.dll	base_address = 0x76db0000	1	Fn
Load	DNSAPI.dll	base_address = 0x75260000	1	Fn
Load	CRYPT32.dll	base_address = 0x767a0000	1	Fn
Load	msvcr100.dll	base_address = 0x751a0000	1	Fn
Load	Psapi.dll	base_address = 0x766b0000	1	Fn
Load	Shell32.dll	base_address = 0x754f0000	58	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x764a0000	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370e.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe, size = 260	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370e.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\3f2aa1c4-e619-4d34-a21e-283f3d2a3401\370E.tmp.exe, size = 1024	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x764b4f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x764b359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x764b1252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x764b4208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x764b4d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x7653410b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76534195	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x764bd31f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x764cee7e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x7785441c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x7787c50e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x7787c381	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x764cf088	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x778605d7	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x7787ca24	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77830b8c	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x778efde8	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x77881e1d	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76534761	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x7652cd11	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x7653424f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x765346b1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76546676	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76534751	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x765465f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x765347c1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x765347e1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x765347f1	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x764ceee0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x764b588e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x764b11c0	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x764b10ff	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x764d735f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Module32First, address_out = 0x76535cd9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x764b1410	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x764b49d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x764b1856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x764b435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x764b186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x764b3519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x764cd802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x764b7a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x764b1b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x76161635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x76181ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x761bd918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x76183fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x7615f48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x75322dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x75322f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x75323058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x753eab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x7544be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x753eb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x754130f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x753f5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x753ff18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x753f9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x752e26e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7670a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7670bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x76703248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x767045bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x767081ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x766fd65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7672ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x764b110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x764b3587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x764b5223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x764b53c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x764b4435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x764b17d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x764b5a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x764b34c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x764b103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x764cc807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x764b4259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x764b1136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x764b5371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x764b1282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x764cef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x764b1986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x764b5063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x764b170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x764b492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x764d830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x764b4620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x764dd556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x764b1072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x764b3ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x764b3f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x764d2b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x764b33a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x764b5929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x764b192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x764b1700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x764b469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x764d594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x764b59e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x764b11a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x764b1222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x764c9af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x764b4442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x764d8baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x764b168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x764b183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x764b14b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x764d896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x764d828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x764b4c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x76534691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x764b89b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x764b2d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x764d3102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x764b5444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x764d2a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x764ccf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x764b34b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x764bdd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x764c174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x764b4950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x764b5558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x764b4467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x764dd526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x764b34d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x764b14fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x764b11e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x764b49ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x764b1916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x764b87c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x764d772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x764b51cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x764b51e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x764b11f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x764b1725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x764b4d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x778445f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x764b465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x764b58a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x764b1946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77843002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x764b495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7783e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x764b3c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x764cce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x764b3da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x7653425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x764d34d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x764cf481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x764b3bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x764b17b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76557bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x764b1328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77851f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x7653454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x764cce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x764b51b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x764b3531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x764b4a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x764d7aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x7655739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x764dd1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x764b8a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x764dd1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77832270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x778322b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x765340d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x764b14e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x764b1450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x764b17ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x764b5189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x764b14c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x764be331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77850fcb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77849d35	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x764b3509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x764b1809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x764cca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x764dd1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x764b179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x764b4493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x764b5235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x764b54ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x764b4a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x771288f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x77127809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x7712b17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x77130dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x77127136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x77128a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x77133559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x778425dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x771305ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x77128bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x7717fd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x7712787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x77129abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x77129a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x77129679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x771278e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x7661df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x7661df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x7661ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x7661ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x7661e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x7662157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x7661df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x766214d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x7662469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x7661df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x76637144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x7662468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x7661df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x7663779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x7661c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x76622a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x766246ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x7662369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x755817bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7557e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75509ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x75737078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75511e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x762eb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x762f7259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x763186d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x76319d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x76e9fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x76e94642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x76e93eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x76e93ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x76e93e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x76e93f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x76e95dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x76e94af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x752c9263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x76dbb131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x76db311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x76dc7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x7527572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x7526436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x767d5d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x751bc544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcesses, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcessModules, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleBaseNameW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcesses, address_out = 0x766b1544	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcessModules, address_out = 0x766b1408	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = GetModuleBaseNameW, address_out = 0x766b152c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathW, address_out = 0x75575708	58	Fn

User (1)

Operation	Additional Information	Success	Count	Logfile
Get Username	user_name_out = 5p5NrGJn0jS HALPmcxz		1	Fn

Window (1)

Operation	Window Name	Additional Information	Success	Count	Logfile
Create	LPCWSTRszTitle	class_name = LPCWSTRszWindowClass, wndproc_parameter = 0		1	Fn

System (506)

Operation	Additional Information	Count	Logfile
Get Computer Name	result_out = XDUWTFONO	1	Fn
Sleep	duration = 0 milliseconds (0.000 seconds)	1	Fn
Sleep	duration = 1000 milliseconds (1.000 seconds)	1	Fn
Get Time	type = System Time, time = 2019-06-24 17:40:41 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 6089442148	1	Fn
Get Time	type = Ticks, time = 17862	41	Fn
Get Time	type = Ticks, time = 18018	67	Fn
Get Time	type = Ticks, time = 18033	72	Fn
Get Time	type = Ticks, time = 18049	69	Fn
Get Time	type = System Time, time = 2019-06-24 17:40:50 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 6811480728	1	Fn
Get Info	type = Hardware Information	249	Fn
Get Info	type = Operating System	1	Fn

Mutex (1)

Operation	Additional Information	Success	Count	Logfile
Create	mutex_name = {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}		1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Network Behavior

HTTP Sessions (2)

Information	Value
Total Data Sent	631 bytes
Total Data Received	7.47 KB
Contacted Host Count	2
Contacted Hosts	77.123.139.189, 45.86.180.158

HTTP Session #1

Information	Value
User Agent	Microsoft Internet Explorer
Server Name	texet1.ug
Server Port	80
Username	-
Password	-
Data Sent	164 bytes
Data Received	285 bytes

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = texet1.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /ASUdy34576lUAd8756y90/Asd7356oisudfh345683g/get.php	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://texet1.ug/ASUdy34576lUAd8756y90/Asd7356oisudfh345683g/get.php?pid=0C9F822062B97945A1C3E8A42C889890	1	Fn
Read Response	size = 1024, size_out = 103	1	Fn Data
Close Session	-	1	Fn

HTTP Session #2

Information	Value
Server Name	api.2ip.ua
Server Port	443
Username	-
Password	-
Data Sent	467 bytes
Data Received	7.19 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = https, server_name = api.2ip.ua, server_port = 443	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json	1	Fn
Read Response	size = 10240, size_out = 465	1	Fn Data
Close Session	-	1	Fn

Remarks (2/2)

Monitored Processes

Behavior Information - Grouped by Category

Before

After