VMRay Analyzer Report for Sample #657417
VMRay Analyzer
3.0.2
Process
1
2956
bs03u4lh.exe
1116
bs03u4lh.exe
"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bs03u4lh.exe"
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
c:\users\5p5nrgjn0js halpmcxz\desktop\bs03u4lh.exe
Child_Of
Created
Opened
Opened
Opened
Deleted
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Created
Wrote_To
Opened
Process
2
1744
vssadmin.exe
2956
vssadmin.exe
"C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
C:\Windows\System32\
c:\windows\system32\vssadmin.exe
Child_Of
Process
3
804
vssvc.exe
460
vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\
c:\windows\system32\vssvc.exe
File
STD_INPUT_HANDLE
File
STD_OUTPUT_HANDLE
File
STD_ERROR_HANDLE
File
File
users\5p5nrgjn0js halpmcxz\desktop\com3
users\5p5nrgjn0js halpmcxz\desktop\com3
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\com3
File
$recycle.bin
$recycle.bin
c:\
c:\$recycle.bin
bin
File
boot
boot
c:\
c:\boot
File
bootmgr
bootmgr
c:\
c:\bootmgr
File
bootsect.bak
bootsect.bak
c:\
c:\bootsect.bak
bak
File
config.msi\.
config.msi\.
c:\
c:\config.msi\.
File
c:
File
documents and settings\# decrypt my files #.txt
documents and settings\# decrypt my files #.txt
c:\
c:\documents and settings\# decrypt my files #.txt
txt
File
hiberfil.sys
hiberfil.sys
c:\
c:\hiberfil.sys
sys
File
msocache\.
msocache\.
c:\
c:\msocache\.
File
msocache\all users\.
msocache\all users\.
c:\
c:\msocache\all users\.
File
msocache
msocache
c:\
c:\msocache
File
msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\.
File
msocache\all users
msocache\all users
c:\
c:\msocache\all users
File
msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excellr.cab
msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excellr.cab
c:\
c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excellr.cab
cab
File
msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.msi
msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.msi
c:\
c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.msi
msi
File
msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\powerpointmui.msi
msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\powerpointmui.msi
c:\
c:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\powerpointmui.msi
msi
File
msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\pptlr.cab
msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\pptlr.cab
c:\
c:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\pptlr.cab
cab
File
msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlklr.cab
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlklr.cab
c:\
c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlklr.cab
cab
File
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.msi
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.msi
c:\
c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.msi
msi
File
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.xml
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.xml
c:\
c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.xml
xml
File
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordlr.cab
msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordlr.cab
c:\
c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordlr.cab
cab
File
msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordmui.msi
msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordmui.msi
c:\
c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordmui.msi
msi
File
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.cab
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.cab
c:\
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.cab
cab
File
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.msi
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.msi
c:\
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.msi
msi
File
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.cab
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.cab
c:\
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.cab
cab
File
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.msi
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.msi
c:\
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.msi
msi
File
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.cab
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.cab
c:\
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.cab
cab
File
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.msi
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.msi
c:\
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.msi
msi
File
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proofing.msi
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proofing.msi
c:\
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proofing.msi
msi
File
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\office32mui.msi
msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\office32mui.msi
c:\
c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\office32mui.msi
msi
File
msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\owow32lr.cab
msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\owow32lr.cab
c:\
c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\owow32lr.cab
cab
File
msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\inflr.cab
msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\inflr.cab
c:\
c:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\inflr.cab
cab
File
msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\infopathmui.msi
msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\infopathmui.msi
c:\
c:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\infopathmui.msi
msi
File
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiolr.cab
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiolr.cab
c:\
c:\msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiolr.cab
cab
File
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiomui.msi
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiomui.msi
c:\
c:\msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiomui.msi
msi
File
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiomui.xml
msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiomui.xml
c:\
c:\msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiomui.xml
xml
File
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onenotemui.msi
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onenotemui.msi
c:\
c:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onenotemui.msi
msi
File
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onenotemui.xml
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onenotemui.xml
c:\
c:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onenotemui.xml
xml
File
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onotelr.cab
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onotelr.cab
c:\
c:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\onotelr.cab
cab
File
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\projectmui.msi
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\projectmui.msi
c:\
c:\msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\projectmui.msi
msi
File
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\projectmui.xml
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\projectmui.xml
c:\
c:\msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\projectmui.xml
xml
File
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\projlr.cab
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\projlr.cab
c:\
c:\msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\projlr.cab
cab
File
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-00b4-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovelr.cab
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovelr.cab
c:\
c:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovelr.cab
cab
File
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovemui.msi
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovemui.msi
c:\
c:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovemui.msi
msi
File
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovemui.xml
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovemui.xml
c:\
c:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\groovemui.xml
xml
File
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\1033\dwintl20.dll
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\1033\dwintl20.dll
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\1033\dwintl20.dll
dll
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\branding.xml
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\branding.xml
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\branding.xml
xml
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dw20.exe
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dw20.exe
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dw20.exe
exe
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dwdcw20.dll
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dwdcw20.dll
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dwdcw20.dll
dll
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dwtrig20.exe
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dwtrig20.exe
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\dwtrig20.exe
exe
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\microsoft.vc90.crt.manifest
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\microsoft.vc90.crt.manifest
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\microsoft.vc90.crt.manifest
manifest
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\msvcr90.dll
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\msvcr90.dll
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\msvcr90.dll
dll
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officelr.cab
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officelr.cab
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officelr.cab
cab
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemui.msi
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemui.msi
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemui.msi
msi
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemui.xml
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemui.xml
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemui.xml
xml
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemuiset.msi
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemuiset.msi
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemuiset.msi
msi
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemuiset.xml
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemuiset.xml
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\officemuiset.xml
xml
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\osetupui.dll
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\osetupui.dll
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\osetupui.dll
dll
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\pss10r.chm
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\pss10r.chm
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\pss10r.chm
chm
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\setup.chm
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\setup.chm
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\setup.chm
chm
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\shellui.mst
msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\shellui.mst
c:\
c:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\shellui.mst
mst
File
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\.
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\.
File
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\accessmui.msi
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\accessmui.msi
c:\
c:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\accessmui.msi
msi
File
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\accessmui.xml
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\accessmui.xml
c:\
c:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\accessmui.xml
xml
File
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\acclr.cab
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\acclr.cab
c:\
c:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\acclr.cab
cab
File
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\branding.xml
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\branding.xml
c:\
c:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\branding.xml
xml
File
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\accessmuiset.msi
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\accessmuiset.msi
c:\
c:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\accessmuiset.msi
msi
File
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\accessmuiset.xml
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\accessmuiset.xml
c:\
c:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\accessmuiset.xml
xml
File
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\.
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\.
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\office32ww.msi
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\office32ww.msi
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\office32ww.msi
msi
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\office32ww.xml
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\office32ww.xml
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\office32ww.xml
xml
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\ose.exe
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\ose.exe
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\ose.exe
exe
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\osetup.dll
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\osetup.dll
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\osetup.dll
dll
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\owow32ww.cab
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\owow32ww.cab
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\owow32ww.cab
cab
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\pidgenx.dll
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\pidgenx.dll
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\pidgenx.dll
dll
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
xrm-ms
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proplusrww.msi
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proplusrww.msi
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proplusrww.msi
msi
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proplusrww.xml
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proplusrww.xml
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proplusrww.xml
xml
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proprww.cab
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proprww.cab
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proprww.cab
cab
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proprww2.cab
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proprww2.cab
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\proprww2.cab
cab
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\setup.exe
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\setup.exe
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\setup.exe
exe
File
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{91140000-0011-0000-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\.
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\.
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\office32ww.msi
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\office32ww.msi
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\office32ww.msi
msi
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\office32ww.xml
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\office32ww.xml
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\office32ww.xml
xml
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\ose.exe
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\ose.exe
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\ose.exe
exe
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\osetup.dll
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\osetup.dll
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\osetup.dll
dll
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\owow32ww.cab
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\owow32ww.cab
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\owow32ww.cab
cab
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\pidgenx.dll
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\pidgenx.dll
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\pidgenx.dll
dll
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
xrm-ms
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\prjprorww.msi
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\prjprorww.msi
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\prjprorww.msi
msi
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\prjprorww.xml
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\prjprorww.xml
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\prjprorww.xml
xml
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\prjprrww.cab
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\prjprrww.cab
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\prjprrww.cab
cab
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\setup.exe
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\setup.exe
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\setup.exe
exe
File
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{91140000-003b-0000-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\.
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\.
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\.
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\office32ww.msi
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\office32ww.msi
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\office32ww.msi
msi
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\office32ww.xml
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\office32ww.xml
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\office32ww.xml
xml
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\ose.exe
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\ose.exe
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\ose.exe
exe
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\osetup.dll
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\osetup.dll
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\osetup.dll
dll
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\owow32ww.cab
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\owow32ww.cab
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\owow32ww.cab
cab
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\pidgenx.dll
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\pidgenx.dll
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\pidgenx.dll
dll
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\pkeyconfig-office.xrm-ms
xrm-ms
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\setup.exe
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\setup.exe
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\setup.exe
exe
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\setup.xml
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\setup.xml
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\setup.xml
xml
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\visiorww.cab
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\visiorww.cab
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\visiorww.cab
cab
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\visiorww.msi
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\visiorww.msi
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\visiorww.msi
msi
File
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\visiorww.xml
msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\visiorww.xml
c:\
c:\msocache\all users\{91140000-0057-0000-1000-0000000ff1ce}-c\visiorww.xml
xml
File
pagefile.sys
pagefile.sys
c:\
c:\pagefile.sys
sys
File
program files
program files
c:\
c:\program files
File
program files (x86)
program files (x86)
c:\
c:\program files (x86)
File
programdata
programdata
c:\
c:\programdata
File
recovery
recovery
c:\
c:\recovery
File
system volume information
system volume information
c:\
c:\system volume information
File
users\.
users\.
c:\
c:\users\.
File
users\5p5nrgjn0js halpmcxz\appdata
users\5p5nrgjn0js halpmcxz\appdata
c:\
c:\users\5p5nrgjn0js halpmcxz\appdata
File
users\5p5nrgjn0js halpmcxz\application data\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\application data\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\application data\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\contacts\.
users\5p5nrgjn0js halpmcxz\contacts\.
c:\
c:\users\5p5nrgjn0js halpmcxz\contacts\.
File
users\5p5nrgjn0js halpmcxz
users\5p5nrgjn0js halpmcxz
c:\
c:\users\5p5nrgjn0js halpmcxz
File
users\5p5nrgjn0js halpmcxz\contacts\aclviho asldjfl.contact
users\5p5nrgjn0js halpmcxz\contacts\aclviho asldjfl.contact
c:\
c:\users\5p5nrgjn0js halpmcxz\contacts\aclviho asldjfl.contact
contact
File
users\5p5nrgjn0js halpmcxz\contacts\administrator.contact
users\5p5nrgjn0js halpmcxz\contacts\administrator.contact
c:\
c:\users\5p5nrgjn0js halpmcxz\contacts\administrator.contact
contact
File
users\5p5nrgjn0js halpmcxz\contacts\asdlfk poopvy.contact
users\5p5nrgjn0js halpmcxz\contacts\asdlfk poopvy.contact
c:\
c:\users\5p5nrgjn0js halpmcxz\contacts\asdlfk poopvy.contact
contact
File
users\5p5nrgjn0js halpmcxz\contacts\chucu jadnvk.contact
users\5p5nrgjn0js halpmcxz\contacts\chucu jadnvk.contact
c:\
c:\users\5p5nrgjn0js halpmcxz\contacts\chucu jadnvk.contact
contact
File
users\5p5nrgjn0js halpmcxz\contacts\desktop.ini
users\5p5nrgjn0js halpmcxz\contacts\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\contacts\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\contacts\lulcit amkdfe.contact
users\5p5nrgjn0js halpmcxz\contacts\lulcit amkdfe.contact
c:\
c:\users\5p5nrgjn0js halpmcxz\contacts\lulcit amkdfe.contact
contact
File
users\5p5nrgjn0js halpmcxz\contacts\sikvnb huvuib.contact
users\5p5nrgjn0js halpmcxz\contacts\sikvnb huvuib.contact
c:\
c:\users\5p5nrgjn0js halpmcxz\contacts\sikvnb huvuib.contact
contact
File
users\5p5nrgjn0js halpmcxz\cookies\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\cookies\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\cookies\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\desktop\.
users\5p5nrgjn0js halpmcxz\desktop\.
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\.
File
users\5p5nrgjn0js halpmcxz\desktop\-b8ed06nfqhtvq.png
users\5p5nrgjn0js halpmcxz\desktop\-b8ed06nfqhtvq.png
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\-b8ed06nfqhtvq.png
png
File
users\5p5nrgjn0js halpmcxz\desktop\0btaq.gif
users\5p5nrgjn0js halpmcxz\desktop\0btaq.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\0btaq.gif
gif
File
users\5p5nrgjn0js halpmcxz\desktop\1pvnleanse6dz.pptx
users\5p5nrgjn0js halpmcxz\desktop\1pvnleanse6dz.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\1pvnleanse6dz.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\desktop\3fr lb_ f2v10zjcimwu.swf
users\5p5nrgjn0js halpmcxz\desktop\3fr lb_ f2v10zjcimwu.swf
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\3fr lb_ f2v10zjcimwu.swf
swf
File
users\5p5nrgjn0js halpmcxz\desktop\7afwq_wze5ha.swf
users\5p5nrgjn0js halpmcxz\desktop\7afwq_wze5ha.swf
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\7afwq_wze5ha.swf
swf
File
users\5p5nrgjn0js halpmcxz\desktop\8nxhxvqpwzapb7mf10p.swf
users\5p5nrgjn0js halpmcxz\desktop\8nxhxvqpwzapb7mf10p.swf
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\8nxhxvqpwzapb7mf10p.swf
swf
File
users\5p5nrgjn0js halpmcxz\desktop\bbrlrdivr4ak12b.pptx
users\5p5nrgjn0js halpmcxz\desktop\bbrlrdivr4ak12b.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\bbrlrdivr4ak12b.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\desktop\bs03u4lh.exe
users\5p5nrgjn0js halpmcxz\desktop\bs03u4lh.exe
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\bs03u4lh.exe
exe
File
users\5p5nrgjn0js halpmcxz\desktop\bwpqi.bmp
users\5p5nrgjn0js halpmcxz\desktop\bwpqi.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\bwpqi.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\desktop\c0pib-nmaac\d5e0ldbq40k.png
users\5p5nrgjn0js halpmcxz\desktop\c0pib-nmaac\d5e0ldbq40k.png
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\c0pib-nmaac\d5e0ldbq40k.png
png
File
users\5p5nrgjn0js halpmcxz\desktop\c0pib-nmaac\dnflc.mp4
users\5p5nrgjn0js halpmcxz\desktop\c0pib-nmaac\dnflc.mp4
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\c0pib-nmaac\dnflc.mp4
mp4
File
users\5p5nrgjn0js halpmcxz\desktop\desktop.ini
users\5p5nrgjn0js halpmcxz\desktop\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\desktop\di_ol.flv
users\5p5nrgjn0js halpmcxz\desktop\di_ol.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\di_ol.flv
flv
File
users\5p5nrgjn0js halpmcxz\desktop\e8 ke88i1w3qwh\5zfgr6.odp
users\5p5nrgjn0js halpmcxz\desktop\e8 ke88i1w3qwh\5zfgr6.odp
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\e8 ke88i1w3qwh\5zfgr6.odp
odp
File
users\5p5nrgjn0js halpmcxz\desktop\e8 ke88i1w3qwh\qlvsxwen.flv
users\5p5nrgjn0js halpmcxz\desktop\e8 ke88i1w3qwh\qlvsxwen.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\e8 ke88i1w3qwh\qlvsxwen.flv
flv
File
users\5p5nrgjn0js halpmcxz\desktop\e8 ke88i1w3qwh\v5bnknbxfxwtpuys9la1.mp3
users\5p5nrgjn0js halpmcxz\desktop\e8 ke88i1w3qwh\v5bnknbxfxwtpuys9la1.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\e8 ke88i1w3qwh\v5bnknbxfxwtpuys9la1.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\desktop\em-npgqgiqe.gif
users\5p5nrgjn0js halpmcxz\desktop\em-npgqgiqe.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\em-npgqgiqe.gif
gif
File
users\5p5nrgjn0js halpmcxz\desktop\hsu8rbm.flv
users\5p5nrgjn0js halpmcxz\desktop\hsu8rbm.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\hsu8rbm.flv
flv
File
users\5p5nrgjn0js halpmcxz\desktop\k6ncz6.csv
users\5p5nrgjn0js halpmcxz\desktop\k6ncz6.csv
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\k6ncz6.csv
csv
File
users\5p5nrgjn0js halpmcxz\desktop\nucaoxsjgdbbwgg.flv
users\5p5nrgjn0js halpmcxz\desktop\nucaoxsjgdbbwgg.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\nucaoxsjgdbbwgg.flv
flv
File
users\5p5nrgjn0js halpmcxz\desktop\pojt3ztlqeasx2xnz7p3.mkv
users\5p5nrgjn0js halpmcxz\desktop\pojt3ztlqeasx2xnz7p3.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\pojt3ztlqeasx2xnz7p3.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\desktop\s5y4b80lmsknwewf.avi
users\5p5nrgjn0js halpmcxz\desktop\s5y4b80lmsknwewf.avi
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\s5y4b80lmsknwewf.avi
avi
File
users\5p5nrgjn0js halpmcxz\desktop\t7ojftduh.docx
users\5p5nrgjn0js halpmcxz\desktop\t7ojftduh.docx
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\t7ojftduh.docx
docx
File
users\5p5nrgjn0js halpmcxz\desktop\u90ymi9hqg28pj.mkv
users\5p5nrgjn0js halpmcxz\desktop\u90ymi9hqg28pj.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\u90ymi9hqg28pj.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\desktop\usckm_dag.wav
users\5p5nrgjn0js halpmcxz\desktop\usckm_dag.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\usckm_dag.wav
wav
File
users\5p5nrgjn0js halpmcxz\desktop\vrdm-nn3b8n30taetv.mp4
users\5p5nrgjn0js halpmcxz\desktop\vrdm-nn3b8n30taetv.mp4
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\vrdm-nn3b8n30taetv.mp4
mp4
File
users\5p5nrgjn0js halpmcxz\desktop\vsu1kvcnmfkdhgan_.mp3
users\5p5nrgjn0js halpmcxz\desktop\vsu1kvcnmfkdhgan_.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\vsu1kvcnmfkdhgan_.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\desktop\xfxmnv.mp3
users\5p5nrgjn0js halpmcxz\desktop\xfxmnv.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\xfxmnv.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\desktop\yjbkwbgfupiajch2p.m4a
users\5p5nrgjn0js halpmcxz\desktop\yjbkwbgfupiajch2p.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\yjbkwbgfupiajch2p.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\desktop\z zc8oqut.rtf
users\5p5nrgjn0js halpmcxz\desktop\z zc8oqut.rtf
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\z zc8oqut.rtf
rtf
File
users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\avhb.mkv
users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\avhb.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\avhb.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\f3rz.ppt
users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\f3rz.ppt
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\f3rz.ppt
ppt
File
users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\rcgak8.mp3
users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\rcgak8.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\rcgak8.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\wsk4_vic.mp4
users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\wsk4_vic.mp4
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\_bbtyngdbh5er5ql6fd\wsk4_vic.mp4
mp4
File
users\5p5nrgjn0js halpmcxz\desktop\_c doik-5qmbl6d4u.jpg
users\5p5nrgjn0js halpmcxz\desktop\_c doik-5qmbl6d4u.jpg
c:\
c:\users\5p5nrgjn0js halpmcxz\desktop\_c doik-5qmbl6d4u.jpg
jpg
File
users\5p5nrgjn0js halpmcxz\documents\.
users\5p5nrgjn0js halpmcxz\documents\.
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\.
File
users\5p5nrgjn0js halpmcxz\documents\-9eub4l3399awcc.docx
users\5p5nrgjn0js halpmcxz\documents\-9eub4l3399awcc.docx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\-9eub4l3399awcc.docx
docx
File
users\5p5nrgjn0js halpmcxz\documents\-syzrpllcrjp.docx
users\5p5nrgjn0js halpmcxz\documents\-syzrpllcrjp.docx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\-syzrpllcrjp.docx
docx
File
users\5p5nrgjn0js halpmcxz\documents\0xuun9jsdsxrem7mzg.rtf
users\5p5nrgjn0js halpmcxz\documents\0xuun9jsdsxrem7mzg.rtf
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\0xuun9jsdsxrem7mzg.rtf
rtf
File
users\5p5nrgjn0js halpmcxz\documents\1cpsd8g65 meplw4.xls
users\5p5nrgjn0js halpmcxz\documents\1cpsd8g65 meplw4.xls
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\1cpsd8g65 meplw4.xls
xls
File
users\5p5nrgjn0js halpmcxz\documents\1fa4gxhgrpk.pptx
users\5p5nrgjn0js halpmcxz\documents\1fa4gxhgrpk.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\1fa4gxhgrpk.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\documents\42kp8_d45.pptx
users\5p5nrgjn0js halpmcxz\documents\42kp8_d45.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\42kp8_d45.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\documents\4ibpce--kbmsfv_ajw.pptx
users\5p5nrgjn0js halpmcxz\documents\4ibpce--kbmsfv_ajw.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\4ibpce--kbmsfv_ajw.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\documents\5-lnj.csv
users\5p5nrgjn0js halpmcxz\documents\5-lnj.csv
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\5-lnj.csv
csv
File
users\5p5nrgjn0js halpmcxz\documents\75ogwdshhuf.pptx
users\5p5nrgjn0js halpmcxz\documents\75ogwdshhuf.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\75ogwdshhuf.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\documents\9fd2k.pdf
users\5p5nrgjn0js halpmcxz\documents\9fd2k.pdf
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\9fd2k.pdf
pdf
File
users\5p5nrgjn0js halpmcxz\documents\abf0albg963m ekiybx.xlsx
users\5p5nrgjn0js halpmcxz\documents\abf0albg963m ekiybx.xlsx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\abf0albg963m ekiybx.xlsx
xlsx
File
users\5p5nrgjn0js halpmcxz\documents\af wdc6gvvb4geovyk.rtf
users\5p5nrgjn0js halpmcxz\documents\af wdc6gvvb4geovyk.rtf
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\af wdc6gvvb4geovyk.rtf
rtf
File
users\5p5nrgjn0js halpmcxz\documents\bcdhtvqzqtwv-s-vy.ods
users\5p5nrgjn0js halpmcxz\documents\bcdhtvqzqtwv-s-vy.ods
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\bcdhtvqzqtwv-s-vy.ods
ods
File
users\5p5nrgjn0js halpmcxz\documents\cjge5q8h.csv
users\5p5nrgjn0js halpmcxz\documents\cjge5q8h.csv
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\cjge5q8h.csv
csv
File
users\5p5nrgjn0js halpmcxz\documents\ck2rvdl46qw.pdf
users\5p5nrgjn0js halpmcxz\documents\ck2rvdl46qw.pdf
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\ck2rvdl46qw.pdf
pdf
File
users\5p5nrgjn0js halpmcxz\documents\desktop.ini
users\5p5nrgjn0js halpmcxz\documents\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\documents\eos6c.xls
users\5p5nrgjn0js halpmcxz\documents\eos6c.xls
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\eos6c.xls
xls
File
users\5p5nrgjn0js halpmcxz\documents\fbw9 _1x0mquhszfwg.doc
users\5p5nrgjn0js halpmcxz\documents\fbw9 _1x0mquhszfwg.doc
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\fbw9 _1x0mquhszfwg.doc
doc
File
users\5p5nrgjn0js halpmcxz\documents\grahznhnzmvqcgokfi3z.doc
users\5p5nrgjn0js halpmcxz\documents\grahznhnzmvqcgokfi3z.doc
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\grahznhnzmvqcgokfi3z.doc
doc
File
users\5p5nrgjn0js halpmcxz\documents\h4qfj9qj.xlsx
users\5p5nrgjn0js halpmcxz\documents\h4qfj9qj.xlsx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\h4qfj9qj.xlsx
xlsx
File
users\5p5nrgjn0js halpmcxz\documents\hy4pujba nt.pps
users\5p5nrgjn0js halpmcxz\documents\hy4pujba nt.pps
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\hy4pujba nt.pps
pps
File
users\5p5nrgjn0js halpmcxz\documents\hzgdwyat6.pptx
users\5p5nrgjn0js halpmcxz\documents\hzgdwyat6.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\hzgdwyat6.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\documents\i7of 8t7pv.docx
users\5p5nrgjn0js halpmcxz\documents\i7of 8t7pv.docx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\i7of 8t7pv.docx
docx
File
users\5p5nrgjn0js halpmcxz\documents\jr-aykangk5k.docx
users\5p5nrgjn0js halpmcxz\documents\jr-aykangk5k.docx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\jr-aykangk5k.docx
docx
File
users\5p5nrgjn0js halpmcxz\documents\kl3ic7rd7z_ajaio5vbv.xlsx
users\5p5nrgjn0js halpmcxz\documents\kl3ic7rd7z_ajaio5vbv.xlsx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\kl3ic7rd7z_ajaio5vbv.xlsx
xlsx
File
users\5p5nrgjn0js halpmcxz\documents\kqtfq 4.xlsx
users\5p5nrgjn0js halpmcxz\documents\kqtfq 4.xlsx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\kqtfq 4.xlsx
xlsx
File
users\5p5nrgjn0js halpmcxz\documents\krvxet8yg61j.docx
users\5p5nrgjn0js halpmcxz\documents\krvxet8yg61j.docx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\krvxet8yg61j.docx
docx
File
users\5p5nrgjn0js halpmcxz\documents\mhho2l.odp
users\5p5nrgjn0js halpmcxz\documents\mhho2l.odp
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\mhho2l.odp
odp
File
users\5p5nrgjn0js halpmcxz\documents\mnhoo.odp
users\5p5nrgjn0js halpmcxz\documents\mnhoo.odp
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\mnhoo.odp
odp
File
users\5p5nrgjn0js halpmcxz\documents\my music\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\documents\my music\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\my music\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\documents\my pictures\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\documents\my pictures\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\my pictures\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\documents\my shapes\.
users\5p5nrgjn0js halpmcxz\documents\my shapes\.
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\.
File
users\5p5nrgjn0js halpmcxz\documents
users\5p5nrgjn0js halpmcxz\documents
c:\
c:\users\5p5nrgjn0js halpmcxz\documents
File
users\5p5nrgjn0js halpmcxz\documents\my shapes\desktop.ini
users\5p5nrgjn0js halpmcxz\documents\my shapes\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\documents\my shapes\favorites.vss
users\5p5nrgjn0js halpmcxz\documents\my shapes\favorites.vss
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\favorites.vss
vss
File
users\5p5nrgjn0js halpmcxz\documents\my shapes\_private\.
users\5p5nrgjn0js halpmcxz\documents\my shapes\_private\.
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\_private\.
File
users\5p5nrgjn0js halpmcxz\documents\my shapes
users\5p5nrgjn0js halpmcxz\documents\my shapes
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes
File
users\5p5nrgjn0js halpmcxz\documents\my shapes\_private\folder.ico
users\5p5nrgjn0js halpmcxz\documents\my shapes\_private\folder.ico
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\_private\folder.ico
ico
File
users\5p5nrgjn0js halpmcxz\documents\my videos\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\documents\my videos\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\my videos\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\documents\outlook files\voeimd@djhreuu.uhd.pst
users\5p5nrgjn0js halpmcxz\documents\outlook files\voeimd@djhreuu.uhd.pst
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\outlook files\voeimd@djhreuu.uhd.pst
pst
File
users\5p5nrgjn0js halpmcxz\documents\ppl yiqpwbxmt.csv
users\5p5nrgjn0js halpmcxz\documents\ppl yiqpwbxmt.csv
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\ppl yiqpwbxmt.csv
csv
File
users\5p5nrgjn0js halpmcxz\documents\qdst.pptx
users\5p5nrgjn0js halpmcxz\documents\qdst.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\qdst.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\documents\qet0p39t1ig.xlsx
users\5p5nrgjn0js halpmcxz\documents\qet0p39t1ig.xlsx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\qet0p39t1ig.xlsx
xlsx
File
users\5p5nrgjn0js halpmcxz\documents\rbweppzklxjr9wytw.docx
users\5p5nrgjn0js halpmcxz\documents\rbweppzklxjr9wytw.docx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\rbweppzklxjr9wytw.docx
docx
File
users\5p5nrgjn0js halpmcxz\documents\rzfogn.docx
users\5p5nrgjn0js halpmcxz\documents\rzfogn.docx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\rzfogn.docx
docx
File
users\5p5nrgjn0js halpmcxz\documents\r_jye.odt
users\5p5nrgjn0js halpmcxz\documents\r_jye.odt
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\r_jye.odt
odt
File
users\5p5nrgjn0js halpmcxz\documents\s9sg.ots
users\5p5nrgjn0js halpmcxz\documents\s9sg.ots
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\s9sg.ots
ots
File
users\5p5nrgjn0js halpmcxz\documents\sue4q.xls
users\5p5nrgjn0js halpmcxz\documents\sue4q.xls
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\sue4q.xls
xls
File
users\5p5nrgjn0js halpmcxz\documents\vu7mfr csr2doi1.odp
users\5p5nrgjn0js halpmcxz\documents\vu7mfr csr2doi1.odp
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\vu7mfr csr2doi1.odp
odp
File
users\5p5nrgjn0js halpmcxz\documents\vuptw2gf8fupwub1q39.xlsx
users\5p5nrgjn0js halpmcxz\documents\vuptw2gf8fupwub1q39.xlsx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\vuptw2gf8fupwub1q39.xlsx
xlsx
File
users\5p5nrgjn0js halpmcxz\documents\wrxv j10fal aiubf_p.pptx
users\5p5nrgjn0js halpmcxz\documents\wrxv j10fal aiubf_p.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\wrxv j10fal aiubf_p.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\documents\x7lcrcuh5cbt3ggn.csv
users\5p5nrgjn0js halpmcxz\documents\x7lcrcuh5cbt3ggn.csv
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\x7lcrcuh5cbt3ggn.csv
csv
File
users\5p5nrgjn0js halpmcxz\documents\xfu8jl.rtf
users\5p5nrgjn0js halpmcxz\documents\xfu8jl.rtf
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\xfu8jl.rtf
rtf
File
users\5p5nrgjn0js halpmcxz\documents\y loqu8bi.pdf
users\5p5nrgjn0js halpmcxz\documents\y loqu8bi.pdf
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\y loqu8bi.pdf
pdf
File
users\5p5nrgjn0js halpmcxz\documents\y-3amvxxvw9zk0.xls
users\5p5nrgjn0js halpmcxz\documents\y-3amvxxvw9zk0.xls
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\y-3amvxxvw9zk0.xls
xls
File
users\5p5nrgjn0js halpmcxz\documents\z9ekzacm_waypi6.pptx
users\5p5nrgjn0js halpmcxz\documents\z9ekzacm_waypi6.pptx
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\z9ekzacm_waypi6.pptx
pptx
File
users\5p5nrgjn0js halpmcxz\documents\_hawbj.ods
users\5p5nrgjn0js halpmcxz\documents\_hawbj.ods
c:\
c:\users\5p5nrgjn0js halpmcxz\documents\_hawbj.ods
ods
File
users\5p5nrgjn0js halpmcxz\downloads\.
users\5p5nrgjn0js halpmcxz\downloads\.
c:\
c:\users\5p5nrgjn0js halpmcxz\downloads\.
File
users\5p5nrgjn0js halpmcxz\downloads\desktop.ini
users\5p5nrgjn0js halpmcxz\downloads\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\downloads\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\favorites\.
users\5p5nrgjn0js halpmcxz\favorites\.
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\.
File
users\5p5nrgjn0js halpmcxz\favorites\desktop.ini
users\5p5nrgjn0js halpmcxz\favorites\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\favorites\links\.
users\5p5nrgjn0js halpmcxz\favorites\links\.
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\links\.
File
users\5p5nrgjn0js halpmcxz\favorites
users\5p5nrgjn0js halpmcxz\favorites
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites
File
users\5p5nrgjn0js halpmcxz\favorites\links\desktop.ini
users\5p5nrgjn0js halpmcxz\favorites\links\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\links\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\favorites\links\suggested sites.url
users\5p5nrgjn0js halpmcxz\favorites\links\suggested sites.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\links\suggested sites.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\links\web slice gallery.url
users\5p5nrgjn0js halpmcxz\favorites\links\web slice gallery.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\links\web slice gallery.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\ie add-on site.url
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\ie add-on site.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\ie add-on site.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\ie site on microsoft.com.url
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\ie site on microsoft.com.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\ie site on microsoft.com.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft at home.url
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft at home.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft at home.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft at work.url
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft at work.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft at work.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft store.url
users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft store.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\microsoft store.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn autos.url
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn autos.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn autos.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn entertainment.url
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn entertainment.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn entertainment.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn money.url
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn money.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn money.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn sports.url
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn sports.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn sports.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn.url
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msn.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msnbc news.url
users\5p5nrgjn0js halpmcxz\favorites\msn websites\msnbc news.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\msnbc news.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\windows live\get windows live.url
users\5p5nrgjn0js halpmcxz\favorites\windows live\get windows live.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\get windows live.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live gallery.url
users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live gallery.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live gallery.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live mail.url
users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live mail.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live mail.url
url
File
users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live spaces.url
users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live spaces.url
c:\
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\windows live spaces.url
url
File
users\5p5nrgjn0js halpmcxz\links\.
users\5p5nrgjn0js halpmcxz\links\.
c:\
c:\users\5p5nrgjn0js halpmcxz\links\.
File
users\5p5nrgjn0js halpmcxz\links\desktop.ini
users\5p5nrgjn0js halpmcxz\links\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\links\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\links\desktop.lnk
users\5p5nrgjn0js halpmcxz\links\desktop.lnk
c:\
c:\users\5p5nrgjn0js halpmcxz\links\desktop.lnk
lnk
File
users\5p5nrgjn0js halpmcxz\links\downloads.lnk
users\5p5nrgjn0js halpmcxz\links\downloads.lnk
c:\
c:\users\5p5nrgjn0js halpmcxz\links\downloads.lnk
lnk
File
users\5p5nrgjn0js halpmcxz\links\recentplaces.lnk
users\5p5nrgjn0js halpmcxz\links\recentplaces.lnk
c:\
c:\users\5p5nrgjn0js halpmcxz\links\recentplaces.lnk
lnk
File
users\5p5nrgjn0js halpmcxz\local settings\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\local settings\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\local settings\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\music\.
users\5p5nrgjn0js halpmcxz\music\.
c:\
c:\users\5p5nrgjn0js halpmcxz\music\.
File
users\5p5nrgjn0js halpmcxz\music\0hq94n-alc6zc.wav
users\5p5nrgjn0js halpmcxz\music\0hq94n-alc6zc.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\0hq94n-alc6zc.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\205mwcdys2.wav
users\5p5nrgjn0js halpmcxz\music\205mwcdys2.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\205mwcdys2.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\54ogc bbmwrpdv.mp3
users\5p5nrgjn0js halpmcxz\music\54ogc bbmwrpdv.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\54ogc bbmwrpdv.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\6ybdejwrqfhk.mp3
users\5p5nrgjn0js halpmcxz\music\6ybdejwrqfhk.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\6ybdejwrqfhk.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\7dvojbidauowv9ark.m4a
users\5p5nrgjn0js halpmcxz\music\7dvojbidauowv9ark.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\7dvojbidauowv9ark.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\7is-qtt4pgo b2diir1i.m4a
users\5p5nrgjn0js halpmcxz\music\7is-qtt4pgo b2diir1i.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\7is-qtt4pgo b2diir1i.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\7zn8nhw.m4a
users\5p5nrgjn0js halpmcxz\music\7zn8nhw.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\7zn8nhw.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\85qdgufekh_ij19tr zh.mp3
users\5p5nrgjn0js halpmcxz\music\85qdgufekh_ij19tr zh.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\85qdgufekh_ij19tr zh.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\9ep6pzopmxmwhk.m4a
users\5p5nrgjn0js halpmcxz\music\9ep6pzopmxmwhk.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\9ep6pzopmxmwhk.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\ae8vbxmnm0ogxqu.wav
users\5p5nrgjn0js halpmcxz\music\ae8vbxmnm0ogxqu.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\ae8vbxmnm0ogxqu.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\b4 268qsuwz8dni.wav
users\5p5nrgjn0js halpmcxz\music\b4 268qsuwz8dni.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\b4 268qsuwz8dni.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\bin9vi8aun09sad.m4a
users\5p5nrgjn0js halpmcxz\music\bin9vi8aun09sad.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\bin9vi8aun09sad.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\cyexlqvr.mp3
users\5p5nrgjn0js halpmcxz\music\cyexlqvr.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\cyexlqvr.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\desktop.ini
users\5p5nrgjn0js halpmcxz\music\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\music\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\music\f-xaqllfqkog1hu-bd.wav
users\5p5nrgjn0js halpmcxz\music\f-xaqllfqkog1hu-bd.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\f-xaqllfqkog1hu-bd.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\femlkbig24ucfgo8g.m4a
users\5p5nrgjn0js halpmcxz\music\femlkbig24ucfgo8g.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\femlkbig24ucfgo8g.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\ff257d9q198r.mp3
users\5p5nrgjn0js halpmcxz\music\ff257d9q198r.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\ff257d9q198r.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\fqj-1mq-fepgzsszz.mp3
users\5p5nrgjn0js halpmcxz\music\fqj-1mq-fepgzsszz.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\fqj-1mq-fepgzsszz.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\gqsguwgkip_0fn6.wav
users\5p5nrgjn0js halpmcxz\music\gqsguwgkip_0fn6.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\gqsguwgkip_0fn6.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\gzg_zoiv4zdfnbh.wav
users\5p5nrgjn0js halpmcxz\music\gzg_zoiv4zdfnbh.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\gzg_zoiv4zdfnbh.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\iwc1j8g-.m4a
users\5p5nrgjn0js halpmcxz\music\iwc1j8g-.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\iwc1j8g-.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\jg4atxbqgeh.wav
users\5p5nrgjn0js halpmcxz\music\jg4atxbqgeh.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\jg4atxbqgeh.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\k9qgb2cgw-.mp3
users\5p5nrgjn0js halpmcxz\music\k9qgb2cgw-.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\k9qgb2cgw-.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\ka7y5rwo-sp.m4a
users\5p5nrgjn0js halpmcxz\music\ka7y5rwo-sp.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\ka7y5rwo-sp.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\ktl8c1tgl5dlvbpwytyi.mp3
users\5p5nrgjn0js halpmcxz\music\ktl8c1tgl5dlvbpwytyi.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\ktl8c1tgl5dlvbpwytyi.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\m c 6dazpjmx2ctefd.m4a
users\5p5nrgjn0js halpmcxz\music\m c 6dazpjmx2ctefd.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\m c 6dazpjmx2ctefd.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\m9edpa77chovaxjnhp.mp3
users\5p5nrgjn0js halpmcxz\music\m9edpa77chovaxjnhp.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\m9edpa77chovaxjnhp.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\mdlb1qavok4m-ogu4.m4a
users\5p5nrgjn0js halpmcxz\music\mdlb1qavok4m-ogu4.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\mdlb1qavok4m-ogu4.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\ncqon.wav
users\5p5nrgjn0js halpmcxz\music\ncqon.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\ncqon.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\oybim1a5ylkh2q.wav
users\5p5nrgjn0js halpmcxz\music\oybim1a5ylkh2q.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\oybim1a5ylkh2q.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\rqxxawb1.m4a
users\5p5nrgjn0js halpmcxz\music\rqxxawb1.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\rqxxawb1.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\tybx_ 6bpowtlur64z.m4a
users\5p5nrgjn0js halpmcxz\music\tybx_ 6bpowtlur64z.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\tybx_ 6bpowtlur64z.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\music\vd_u rp_himwkbhtidy.wav
users\5p5nrgjn0js halpmcxz\music\vd_u rp_himwkbhtidy.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\vd_u rp_himwkbhtidy.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\vvivje.wav
users\5p5nrgjn0js halpmcxz\music\vvivje.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\vvivje.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\wrrbh6ssg.mp3
users\5p5nrgjn0js halpmcxz\music\wrrbh6ssg.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\wrrbh6ssg.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\wy6t.wav
users\5p5nrgjn0js halpmcxz\music\wy6t.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\wy6t.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\xghzudhe1kl.mp3
users\5p5nrgjn0js halpmcxz\music\xghzudhe1kl.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\xghzudhe1kl.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\yk-uyfmknuvjkd.mp3
users\5p5nrgjn0js halpmcxz\music\yk-uyfmknuvjkd.mp3
c:\
c:\users\5p5nrgjn0js halpmcxz\music\yk-uyfmknuvjkd.mp3
mp3
File
users\5p5nrgjn0js halpmcxz\music\z4d_q0bb.wav
users\5p5nrgjn0js halpmcxz\music\z4d_q0bb.wav
c:\
c:\users\5p5nrgjn0js halpmcxz\music\z4d_q0bb.wav
wav
File
users\5p5nrgjn0js halpmcxz\music\zl_olbug0cqwhv_g.m4a
users\5p5nrgjn0js halpmcxz\music\zl_olbug0cqwhv_g.m4a
c:\
c:\users\5p5nrgjn0js halpmcxz\music\zl_olbug0cqwhv_g.m4a
m4a
File
users\5p5nrgjn0js halpmcxz\my documents\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\my documents\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\my documents\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\nethood\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\nethood\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\nethood\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\ntuser.dat
users\5p5nrgjn0js halpmcxz\ntuser.dat
c:\
c:\users\5p5nrgjn0js halpmcxz\ntuser.dat
dat
File
users\5p5nrgjn0js halpmcxz\ntuser.dat.log1
users\5p5nrgjn0js halpmcxz\ntuser.dat.log1
c:\
c:\users\5p5nrgjn0js halpmcxz\ntuser.dat.log1
log1
File
users\5p5nrgjn0js halpmcxz\ntuser.dat.log2
users\5p5nrgjn0js halpmcxz\ntuser.dat.log2
c:\
c:\users\5p5nrgjn0js halpmcxz\ntuser.dat.log2
log2
File
users\5p5nrgjn0js halpmcxz\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf
users\5p5nrgjn0js halpmcxz\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf
c:\
c:\users\5p5nrgjn0js halpmcxz\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf
blf
File
users\5p5nrgjn0js halpmcxz\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms
users\5p5nrgjn0js halpmcxz\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms
c:\
c:\users\5p5nrgjn0js halpmcxz\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms
regtrans-ms
File
users\5p5nrgjn0js halpmcxz\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms
users\5p5nrgjn0js halpmcxz\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms
c:\
c:\users\5p5nrgjn0js halpmcxz\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms
regtrans-ms
File
users\5p5nrgjn0js halpmcxz\ntuser.ini
users\5p5nrgjn0js halpmcxz\ntuser.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\ntuser.ini
ini
File
users\5p5nrgjn0js halpmcxz\pictures\.
users\5p5nrgjn0js halpmcxz\pictures\.
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\.
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\3iwvhcv.bmp
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\3iwvhcv.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\3iwvhcv.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\b2wxr2hdno-wlnuui20c.bmp
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\b2wxr2hdno-wlnuui20c.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\b2wxr2hdno-wlnuui20c.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\ckcv.bmp
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\ckcv.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\ckcv.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\wfeqvpd3 lbsdha.gif
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\wfeqvpd3 lbsdha.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\wfeqvpd3 lbsdha.gif
gif
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\x8vg0.gif
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\x8vg0.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\x8vg0.gif
gif
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\_1lwwoo_urs4sfc0.gif
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\_1lwwoo_urs4sfc0.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\f3gtfn8ddo23uuvvu6dv\_1lwwoo_urs4sfc0.gif
gif
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\lrccxxiw6.bmp
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\lrccxxiw6.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\lrccxxiw6.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\uzo-m b66k9r\lznskaws.bmp
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\uzo-m b66k9r\lznskaws.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\uzo-m b66k9r\lznskaws.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\uzo-m b66k9r\qrrralhknncdel.bmp
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\uzo-m b66k9r\qrrralhknncdel.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\uzo-m b66k9r\qrrralhknncdel.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\vae2c-avk.png
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\vae2c-avk.png
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\1kdt-\vae2c-avk.png
png
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\aou8ew.bmp
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\aou8ew.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\aou8ew.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\bf1jrqgwma_w.png
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\bf1jrqgwma_w.png
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\bf1jrqgwma_w.png
png
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\b9ml.png
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\b9ml.png
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\b9ml.png
png
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\fbqhelrpksu_yzkm.jpg
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\fbqhelrpksu_yzkm.jpg
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\fbqhelrpksu_yzkm.jpg
jpg
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\jxggclwgwyt0emc.jpg
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\jxggclwgwyt0emc.jpg
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\jxggclwgwyt0emc.jpg
jpg
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\keuq0z2um06guynan.bmp
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\keuq0z2um06guynan.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\keuq0z2um06guynan.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\tlwoa ck-sz0yif.jpg
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\tlwoa ck-sz0yif.jpg
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\oqdsus71ebal-\tlwoa ck-sz0yif.jpg
jpg
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\x2ws 5bwjrr.gif
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\x2ws 5bwjrr.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\x2ws 5bwjrr.gif
gif
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\yh4mthxogxbcygviw\2bp1macvxug9oai.jpg
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\yh4mthxogxbcygviw\2bp1macvxug9oai.jpg
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\yh4mthxogxbcygviw\2bp1macvxug9oai.jpg
jpg
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\yh4mthxogxbcygviw\n8hbp.jpg
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\yh4mthxogxbcygviw\n8hbp.jpg
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\yh4mthxogxbcygviw\n8hbp.jpg
jpg
File
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\yh4mthxogxbcygviw\_mqfopk.bmp
users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\yh4mthxogxbcygviw\_mqfopk.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4pgvi x8ath7_nzvfnz\yh4mthxogxbcygviw\_mqfopk.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\4vbgo-2lu95yb.gif
users\5p5nrgjn0js halpmcxz\pictures\4vbgo-2lu95yb.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\4vbgo-2lu95yb.gif
gif
File
users\5p5nrgjn0js halpmcxz\pictures\7pjx-q7t_ohlahi4i.jpg
users\5p5nrgjn0js halpmcxz\pictures\7pjx-q7t_ohlahi4i.jpg
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\7pjx-q7t_ohlahi4i.jpg
jpg
File
users\5p5nrgjn0js halpmcxz\pictures\desktop.ini
users\5p5nrgjn0js halpmcxz\pictures\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\pictures\hapy.gif
users\5p5nrgjn0js halpmcxz\pictures\hapy.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\hapy.gif
gif
File
users\5p5nrgjn0js halpmcxz\pictures\kur20vqsg7_2.gif
users\5p5nrgjn0js halpmcxz\pictures\kur20vqsg7_2.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\kur20vqsg7_2.gif
gif
File
users\5p5nrgjn0js halpmcxz\pictures\mblk6qa4ypu.bmp
users\5p5nrgjn0js halpmcxz\pictures\mblk6qa4ypu.bmp
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\mblk6qa4ypu.bmp
bmp
File
users\5p5nrgjn0js halpmcxz\pictures\w2j2ftwmchpzapooj.gif
users\5p5nrgjn0js halpmcxz\pictures\w2j2ftwmchpzapooj.gif
c:\
c:\users\5p5nrgjn0js halpmcxz\pictures\w2j2ftwmchpzapooj.gif
gif
File
users\5p5nrgjn0js halpmcxz\printhood\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\printhood\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\printhood\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\recent\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\recent\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\recent\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\saved games\.
users\5p5nrgjn0js halpmcxz\saved games\.
c:\
c:\users\5p5nrgjn0js halpmcxz\saved games\.
File
users\5p5nrgjn0js halpmcxz\saved games\desktop.ini
users\5p5nrgjn0js halpmcxz\saved games\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\saved games\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\searches\.
users\5p5nrgjn0js halpmcxz\searches\.
c:\
c:\users\5p5nrgjn0js halpmcxz\searches\.
File
users\5p5nrgjn0js halpmcxz\searches\desktop.ini
users\5p5nrgjn0js halpmcxz\searches\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\searches\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\searches\everywhere.search-ms
users\5p5nrgjn0js halpmcxz\searches\everywhere.search-ms
c:\
c:\users\5p5nrgjn0js halpmcxz\searches\everywhere.search-ms
search-ms
File
users\5p5nrgjn0js halpmcxz\searches\indexed locations.search-ms
users\5p5nrgjn0js halpmcxz\searches\indexed locations.search-ms
c:\
c:\users\5p5nrgjn0js halpmcxz\searches\indexed locations.search-ms
search-ms
File
users\5p5nrgjn0js halpmcxz\sendto\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\sendto\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\sendto\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\start menu\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\start menu\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\start menu\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\templates\# decrypt my files #.txt
users\5p5nrgjn0js halpmcxz\templates\# decrypt my files #.txt
c:\
c:\users\5p5nrgjn0js halpmcxz\templates\# decrypt my files #.txt
txt
File
users\5p5nrgjn0js halpmcxz\videos\.
users\5p5nrgjn0js halpmcxz\videos\.
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\.
File
users\5p5nrgjn0js halpmcxz\videos\5b-rauubafilxx.mkv
users\5p5nrgjn0js halpmcxz\videos\5b-rauubafilxx.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\5b-rauubafilxx.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\3 cpp7gx6860-sdj_.avi
users\5p5nrgjn0js halpmcxz\videos\7iumm\3 cpp7gx6860-sdj_.avi
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\3 cpp7gx6860-sdj_.avi
avi
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\36z3anl9f9rn67mwk-oz.mkv
users\5p5nrgjn0js halpmcxz\videos\7iumm\36z3anl9f9rn67mwk-oz.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\36z3anl9f9rn67mwk-oz.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\54qe3lx25z2.flv
users\5p5nrgjn0js halpmcxz\videos\7iumm\54qe3lx25z2.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\54qe3lx25z2.flv
flv
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\73ro7p.flv
users\5p5nrgjn0js halpmcxz\videos\7iumm\73ro7p.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\73ro7p.flv
flv
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\bzo52bmup.flv
users\5p5nrgjn0js halpmcxz\videos\7iumm\bzo52bmup.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\bzo52bmup.flv
flv
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\jx2xdh.flv
users\5p5nrgjn0js halpmcxz\videos\7iumm\jx2xdh.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\jx2xdh.flv
flv
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\q2g8rytef6qd.avi
users\5p5nrgjn0js halpmcxz\videos\7iumm\q2g8rytef6qd.avi
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\q2g8rytef6qd.avi
avi
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\qq7uzhkknaicukqichy.swf
users\5p5nrgjn0js halpmcxz\videos\7iumm\qq7uzhkknaicukqichy.swf
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\qq7uzhkknaicukqichy.swf
swf
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\rlhh95l3rqolip8cefv.swf
users\5p5nrgjn0js halpmcxz\videos\7iumm\rlhh95l3rqolip8cefv.swf
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\rlhh95l3rqolip8cefv.swf
swf
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\sjv8fla6q2rz0vem.flv
users\5p5nrgjn0js halpmcxz\videos\7iumm\sjv8fla6q2rz0vem.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\sjv8fla6q2rz0vem.flv
flv
File
users\5p5nrgjn0js halpmcxz\videos\7iumm\_opymx.mkv
users\5p5nrgjn0js halpmcxz\videos\7iumm\_opymx.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\7iumm\_opymx.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\videos\desktop.ini
users\5p5nrgjn0js halpmcxz\videos\desktop.ini
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\desktop.ini
ini
File
users\5p5nrgjn0js halpmcxz\videos\f-vqc.mp4
users\5p5nrgjn0js halpmcxz\videos\f-vqc.mp4
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\f-vqc.mp4
mp4
File
users\5p5nrgjn0js halpmcxz\videos\gvir11llirsbs3yfm.flv
users\5p5nrgjn0js halpmcxz\videos\gvir11llirsbs3yfm.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\gvir11llirsbs3yfm.flv
flv
File
users\5p5nrgjn0js halpmcxz\videos\o4q7eznzeuaxmp7-4.avi
users\5p5nrgjn0js halpmcxz\videos\o4q7eznzeuaxmp7-4.avi
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\o4q7eznzeuaxmp7-4.avi
avi
File
users\5p5nrgjn0js halpmcxz\videos\powvktyepkaii.mp4
users\5p5nrgjn0js halpmcxz\videos\powvktyepkaii.mp4
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\powvktyepkaii.mp4
mp4
File
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\--iy.avi
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\--iy.avi
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\--iy.avi
avi
File
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\bk9arxkwqpb kacnxtm.swf
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\bk9arxkwqpb kacnxtm.swf
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\bk9arxkwqpb kacnxtm.swf
swf
File
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\gc1p-nqq.mp4
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\gc1p-nqq.mp4
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\gc1p-nqq.mp4
mp4
File
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\mpp1sao.avi
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\mpp1sao.avi
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\mpp1sao.avi
avi
File
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\s7howpjwg29m1djduzik.avi
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\s7howpjwg29m1djduzik.avi
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\s7howpjwg29m1djduzik.avi
avi
File
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\v3f-kv_ ypx.flv
users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\v3f-kv_ ypx.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\qdjefmi9trncjfvvaj7f\v3f-kv_ ypx.flv
flv
File
users\5p5nrgjn0js halpmcxz\videos\rpo7rc6ia8skvbm7y2om.avi
users\5p5nrgjn0js halpmcxz\videos\rpo7rc6ia8skvbm7y2om.avi
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\rpo7rc6ia8skvbm7y2om.avi
avi
File
users\5p5nrgjn0js halpmcxz\videos\tmc.flv
users\5p5nrgjn0js halpmcxz\videos\tmc.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\tmc.flv
flv
File
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\fisglfzual.mkv
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\fisglfzual.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\fisglfzual.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\h7ih8otjw9.swf
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\h7ih8otjw9.swf
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\h7ih8otjw9.swf
swf
File
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\jgxkzgjw7wy8je.flv
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\jgxkzgjw7wy8je.flv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\jgxkzgjw7wy8je.flv
flv
File
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\jx4hjthmr.mp4
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\jx4hjthmr.mp4
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\jx4hjthmr.mp4
mp4
File
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\lne2swwwb2mjpf3d3.mkv
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\lne2swwwb2mjpf3d3.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\lne2swwwb2mjpf3d3.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\n6bruap9kpaefea8.mp4
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\n6bruap9kpaefea8.mp4
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\n6bruap9kpaefea8.mp4
mp4
File
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\xbblylocxcf20gksjtid.mkv
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\xbblylocxcf20gksjtid.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\xbblylocxcf20gksjtid.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\zpobq4sbj1j.mkv
users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\zpobq4sbj1j.mkv
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\tqx wlfzidt33h1fi4\zpobq4sbj1j.mkv
mkv
File
users\5p5nrgjn0js halpmcxz\videos\w0x37oqclbazy4lpxj.mp4
users\5p5nrgjn0js halpmcxz\videos\w0x37oqclbazy4lpxj.mp4
c:\
c:\users\5p5nrgjn0js halpmcxz\videos\w0x37oqclbazy4lpxj.mp4
mp4
File
users\all users
users\all users
c:\
c:\users\all users
File
users\default\.
users\default\.
c:\
c:\users\default\.
File
users
users
c:\
c:\users
File
users\default\appdata
users\default\appdata
c:\
c:\users\default\appdata
File
users\default\application data\# decrypt my files #.txt
users\default\application data\# decrypt my files #.txt
c:\
c:\users\default\application data\# decrypt my files #.txt
txt
File
users\default\contacts\.
users\default\contacts\.
c:\
c:\users\default\contacts\.
File
users\default
users\default
c:\
c:\users\default
File
users\default\contacts\administrator.contact
users\default\contacts\administrator.contact
c:\
c:\users\default\contacts\administrator.contact
contact
File
users\default\contacts\desktop.ini
users\default\contacts\desktop.ini
c:\
c:\users\default\contacts\desktop.ini
ini
File
users\default\cookies\# decrypt my files #.txt
users\default\cookies\# decrypt my files #.txt
c:\
c:\users\default\cookies\# decrypt my files #.txt
txt
File
users\default\desktop\.
users\default\desktop\.
c:\
c:\users\default\desktop\.
File
users\default\desktop\desktop.ini
users\default\desktop\desktop.ini
c:\
c:\users\default\desktop\desktop.ini
ini
File
users\default\documents\.
users\default\documents\.
c:\
c:\users\default\documents\.
File
users\default\documents\desktop.ini
users\default\documents\desktop.ini
c:\
c:\users\default\documents\desktop.ini
ini
File
users\default\documents\my music\# decrypt my files #.txt
users\default\documents\my music\# decrypt my files #.txt
c:\
c:\users\default\documents\my music\# decrypt my files #.txt
txt
File
users\default\documents\my pictures\# decrypt my files #.txt
users\default\documents\my pictures\# decrypt my files #.txt
c:\
c:\users\default\documents\my pictures\# decrypt my files #.txt
txt
File
users\default\documents\my videos\# decrypt my files #.txt
users\default\documents\my videos\# decrypt my files #.txt
c:\
c:\users\default\documents\my videos\# decrypt my files #.txt
txt
File
users\default\downloads\.
users\default\downloads\.
c:\
c:\users\default\downloads\.
File
users\default\downloads\desktop.ini
users\default\downloads\desktop.ini
c:\
c:\users\default\downloads\desktop.ini
ini
File
users\default\favorites\.
users\default\favorites\.
c:\
c:\users\default\favorites\.
File
users\default\favorites\desktop.ini
users\default\favorites\desktop.ini
c:\
c:\users\default\favorites\desktop.ini
ini
File
users\default\favorites\links\.
users\default\favorites\links\.
c:\
c:\users\default\favorites\links\.
File
users\default\favorites
users\default\favorites
c:\
c:\users\default\favorites
File
users\default\favorites\links\desktop.ini
users\default\favorites\links\desktop.ini
c:\
c:\users\default\favorites\links\desktop.ini
ini
File
users\default\favorites\links\web slice gallery.url
users\default\favorites\links\web slice gallery.url
c:\
c:\users\default\favorites\links\web slice gallery.url
url
File
users\default\favorites\microsoft websites\ie add-on site.url
users\default\favorites\microsoft websites\ie add-on site.url
c:\
c:\users\default\favorites\microsoft websites\ie add-on site.url
url
File
users\default\favorites\microsoft websites\ie site on microsoft.com.url
users\default\favorites\microsoft websites\ie site on microsoft.com.url
c:\
c:\users\default\favorites\microsoft websites\ie site on microsoft.com.url
url
File
users\default\favorites\microsoft websites\microsoft at home.url
users\default\favorites\microsoft websites\microsoft at home.url
c:\
c:\users\default\favorites\microsoft websites\microsoft at home.url
url
File
users\default\favorites\microsoft websites\microsoft at work.url
users\default\favorites\microsoft websites\microsoft at work.url
c:\
c:\users\default\favorites\microsoft websites\microsoft at work.url
url
File
users\default\favorites\microsoft websites\microsoft store.url
users\default\favorites\microsoft websites\microsoft store.url
c:\
c:\users\default\favorites\microsoft websites\microsoft store.url
url
File
users\default\favorites\msn websites\msn autos.url
users\default\favorites\msn websites\msn autos.url
c:\
c:\users\default\favorites\msn websites\msn autos.url
url
File
users\default\favorites\msn websites\msn entertainment.url
users\default\favorites\msn websites\msn entertainment.url
c:\
c:\users\default\favorites\msn websites\msn entertainment.url
url
File
users\default\favorites\msn websites\msn money.url
users\default\favorites\msn websites\msn money.url
c:\
c:\users\default\favorites\msn websites\msn money.url
url
File
users\default\favorites\msn websites\msn sports.url
users\default\favorites\msn websites\msn sports.url
c:\
c:\users\default\favorites\msn websites\msn sports.url
url
File
users\default\favorites\msn websites\msn.url
users\default\favorites\msn websites\msn.url
c:\
c:\users\default\favorites\msn websites\msn.url
url
File
users\default\favorites\msn websites\msnbc news.url
users\default\favorites\msn websites\msnbc news.url
c:\
c:\users\default\favorites\msn websites\msnbc news.url
url
File
users\default\favorites\windows live\get windows live.url
users\default\favorites\windows live\get windows live.url
c:\
c:\users\default\favorites\windows live\get windows live.url
url
File
users\default\favorites\windows live\windows live gallery.url
users\default\favorites\windows live\windows live gallery.url
c:\
c:\users\default\favorites\windows live\windows live gallery.url
url
File
users\default\favorites\windows live\windows live mail.url
users\default\favorites\windows live\windows live mail.url
c:\
c:\users\default\favorites\windows live\windows live mail.url
url
File
users\default\favorites\windows live\windows live spaces.url
users\default\favorites\windows live\windows live spaces.url
c:\
c:\users\default\favorites\windows live\windows live spaces.url
url
File
users\default\links\.
users\default\links\.
c:\
c:\users\default\links\.
File
users\default\links\desktop.ini
users\default\links\desktop.ini
c:\
c:\users\default\links\desktop.ini
ini
File
users\default\links\desktop.lnk
users\default\links\desktop.lnk
c:\
c:\users\default\links\desktop.lnk
lnk
File
users\default\links\downloads.lnk
users\default\links\downloads.lnk
c:\
c:\users\default\links\downloads.lnk
lnk
File
users\default\links\recentplaces.lnk
users\default\links\recentplaces.lnk
c:\
c:\users\default\links\recentplaces.lnk
lnk
File
users\default\local settings\# decrypt my files #.txt
users\default\local settings\# decrypt my files #.txt
c:\
c:\users\default\local settings\# decrypt my files #.txt
txt
File
users\default\music\.
users\default\music\.
c:\
c:\users\default\music\.
File
users\default\music\desktop.ini
users\default\music\desktop.ini
c:\
c:\users\default\music\desktop.ini
ini
File
users\default\my documents\# decrypt my files #.txt
users\default\my documents\# decrypt my files #.txt
c:\
c:\users\default\my documents\# decrypt my files #.txt
txt
File
users\default\nethood\# decrypt my files #.txt
users\default\nethood\# decrypt my files #.txt
c:\
c:\users\default\nethood\# decrypt my files #.txt
txt
File
users\default\ntuser.dat
users\default\ntuser.dat
c:\
c:\users\default\ntuser.dat
dat
File
users\default\ntuser.dat.log
users\default\ntuser.dat.log
c:\
c:\users\default\ntuser.dat.log
log
File
users\default\ntuser.dat.log1
users\default\ntuser.dat.log1
c:\
c:\users\default\ntuser.dat.log1
log1
File
users\default\ntuser.dat.log2
users\default\ntuser.dat.log2
c:\
c:\users\default\ntuser.dat.log2
log2
File
users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf
users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf
c:\
c:\users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf
blf
File
users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms
users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms
c:\
c:\users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms
regtrans-ms
File
users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms
users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms
c:\
c:\users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms
regtrans-ms
File
users\default\ntuser.ini
users\default\ntuser.ini
c:\
c:\users\default\ntuser.ini
ini
File
users\default\pictures\.
users\default\pictures\.
c:\
c:\users\default\pictures\.
File
users\default\pictures\desktop.ini
users\default\pictures\desktop.ini
c:\
c:\users\default\pictures\desktop.ini
ini
File
users\default\printhood\# decrypt my files #.txt
users\default\printhood\# decrypt my files #.txt
c:\
c:\users\default\printhood\# decrypt my files #.txt
txt
File
users\default\recent\# decrypt my files #.txt
users\default\recent\# decrypt my files #.txt
c:\
c:\users\default\recent\# decrypt my files #.txt
txt
File
users\default\saved games\.
users\default\saved games\.
c:\
c:\users\default\saved games\.
File
users\default\saved games\desktop.ini
users\default\saved games\desktop.ini
c:\
c:\users\default\saved games\desktop.ini
ini
File
users\default\searches\.
users\default\searches\.
c:\
c:\users\default\searches\.
File
users\default\searches\desktop.ini
users\default\searches\desktop.ini
c:\
c:\users\default\searches\desktop.ini
ini
File
users\default\searches\everywhere.search-ms
users\default\searches\everywhere.search-ms
c:\
c:\users\default\searches\everywhere.search-ms
search-ms
File
users\default\searches\indexed locations.search-ms
users\default\searches\indexed locations.search-ms
c:\
c:\users\default\searches\indexed locations.search-ms
search-ms
File
users\default\sendto\# decrypt my files #.txt
users\default\sendto\# decrypt my files #.txt
c:\
c:\users\default\sendto\# decrypt my files #.txt
txt
File
users\default\start menu\# decrypt my files #.txt
users\default\start menu\# decrypt my files #.txt
c:\
c:\users\default\start menu\# decrypt my files #.txt
txt
File
users\default\templates\# decrypt my files #.txt
users\default\templates\# decrypt my files #.txt
c:\
c:\users\default\templates\# decrypt my files #.txt
txt
File
users\default\videos\.
users\default\videos\.
c:\
c:\users\default\videos\.
File
users\default\videos\desktop.ini
users\default\videos\desktop.ini
c:\
c:\users\default\videos\desktop.ini
ini
File
users\default user\# decrypt my files #.txt
users\default user\# decrypt my files #.txt
c:\
c:\users\default user\# decrypt my files #.txt
txt
File
users\desktop.ini
users\desktop.ini
c:\
c:\users\desktop.ini
ini
File
users\public\.
users\public\.
c:\
c:\users\public\.
File
users\public\desktop\.
users\public\desktop\.
c:\
c:\users\public\desktop\.
File
users\public
users\public
c:\
c:\users\public
File
users\public\desktop\adobe reader x.lnk
users\public\desktop\adobe reader x.lnk
c:\
c:\users\public\desktop\adobe reader x.lnk
lnk
File
users\public\desktop\desktop.ini
users\public\desktop\desktop.ini
c:\
c:\users\public\desktop\desktop.ini
ini
File
users\public\desktop\google chrome.lnk
users\public\desktop\google chrome.lnk
c:\
c:\users\public\desktop\google chrome.lnk
lnk
File
users\public\desktop\mozilla firefox.lnk
users\public\desktop\mozilla firefox.lnk
c:\
c:\users\public\desktop\mozilla firefox.lnk
lnk
File
users\public\desktop.ini
users\public\desktop.ini
c:\
c:\users\public\desktop.ini
ini
File
users\public\documents\.
users\public\documents\.
c:\
c:\users\public\documents\.
File
users\public\documents\desktop.ini
users\public\documents\desktop.ini
c:\
c:\users\public\documents\desktop.ini
ini
File
users\public\documents\my music\# decrypt my files #.txt
users\public\documents\my music\# decrypt my files #.txt
c:\
c:\users\public\documents\my music\# decrypt my files #.txt
txt
File
users\public\documents\my pictures\# decrypt my files #.txt
users\public\documents\my pictures\# decrypt my files #.txt
c:\
c:\users\public\documents\my pictures\# decrypt my files #.txt
txt
File
users\public\documents\my videos\# decrypt my files #.txt
users\public\documents\my videos\# decrypt my files #.txt
c:\
c:\users\public\documents\my videos\# decrypt my files #.txt
txt
File
users\public\downloads\.
users\public\downloads\.
c:\
c:\users\public\downloads\.
File
users\public\downloads\desktop.ini
users\public\downloads\desktop.ini
c:\
c:\users\public\downloads\desktop.ini
ini
File
users\public\favorites\.
users\public\favorites\.
c:\
c:\users\public\favorites\.
File
users\public\libraries\.
users\public\libraries\.
c:\
c:\users\public\libraries\.
File
users\public\libraries\desktop.ini
users\public\libraries\desktop.ini
c:\
c:\users\public\libraries\desktop.ini
ini
File
users\public\libraries\recordedtv.library-ms
users\public\libraries\recordedtv.library-ms
c:\
c:\users\public\libraries\recordedtv.library-ms
library-ms
File
users\public\music\.
users\public\music\.
c:\
c:\users\public\music\.
File
users\public\music\desktop.ini
users\public\music\desktop.ini
c:\
c:\users\public\music\desktop.ini
ini
File
users\public\music\sample music\.
users\public\music\sample music\.
c:\
c:\users\public\music\sample music\.
File
users\public\music
users\public\music
c:\
c:\users\public\music
File
users\public\music\sample music\desktop.ini
users\public\music\sample music\desktop.ini
c:\
c:\users\public\music\sample music\desktop.ini
ini
File
users\public\music\sample music\kalimba.mp3
users\public\music\sample music\kalimba.mp3
c:\
c:\users\public\music\sample music\kalimba.mp3
mp3
File
users\public\music\sample music\maid with the flaxen hair.mp3
users\public\music\sample music\maid with the flaxen hair.mp3
c:\
c:\users\public\music\sample music\maid with the flaxen hair.mp3
mp3
File
users\public\music\sample music\sleep away.mp3
users\public\music\sample music\sleep away.mp3
c:\
c:\users\public\music\sample music\sleep away.mp3
mp3
File
users\public\pictures\.
users\public\pictures\.
c:\
c:\users\public\pictures\.
File
users\public\pictures\desktop.ini
users\public\pictures\desktop.ini
c:\
c:\users\public\pictures\desktop.ini
ini
File
users\public\pictures\sample pictures\.
users\public\pictures\sample pictures\.
c:\
c:\users\public\pictures\sample pictures\.
File
users\public\pictures
users\public\pictures
c:\
c:\users\public\pictures
File
users\public\pictures\sample pictures\chrysanthemum.jpg
users\public\pictures\sample pictures\chrysanthemum.jpg
c:\
c:\users\public\pictures\sample pictures\chrysanthemum.jpg
jpg
File
users\public\pictures\sample pictures\desert.jpg
users\public\pictures\sample pictures\desert.jpg
c:\
c:\users\public\pictures\sample pictures\desert.jpg
jpg
File
users\public\pictures\sample pictures\desktop.ini
users\public\pictures\sample pictures\desktop.ini
c:\
c:\users\public\pictures\sample pictures\desktop.ini
ini
File
users\public\pictures\sample pictures\hydrangeas.jpg
users\public\pictures\sample pictures\hydrangeas.jpg
c:\
c:\users\public\pictures\sample pictures\hydrangeas.jpg
jpg
File
users\public\pictures\sample pictures\jellyfish.jpg
users\public\pictures\sample pictures\jellyfish.jpg
c:\
c:\users\public\pictures\sample pictures\jellyfish.jpg
jpg
File
users\public\pictures\sample pictures\koala.jpg
users\public\pictures\sample pictures\koala.jpg
c:\
c:\users\public\pictures\sample pictures\koala.jpg
jpg
File
users\public\pictures\sample pictures\lighthouse.jpg
users\public\pictures\sample pictures\lighthouse.jpg
c:\
c:\users\public\pictures\sample pictures\lighthouse.jpg
jpg
File
users\public\pictures\sample pictures\penguins.jpg
users\public\pictures\sample pictures\penguins.jpg
c:\
c:\users\public\pictures\sample pictures\penguins.jpg
jpg
File
users\public\pictures\sample pictures\tulips.jpg
users\public\pictures\sample pictures\tulips.jpg
c:\
c:\users\public\pictures\sample pictures\tulips.jpg
jpg
File
users\public\recorded tv\.
users\public\recorded tv\.
c:\
c:\users\public\recorded tv\.
File
users\public\recorded tv\desktop.ini
users\public\recorded tv\desktop.ini
c:\
c:\users\public\recorded tv\desktop.ini
ini
File
users\public\recorded tv\sample media\.
users\public\recorded tv\sample media\.
c:\
c:\users\public\recorded tv\sample media\.
File
users\public\recorded tv
users\public\recorded tv
c:\
c:\users\public\recorded tv
File
users\public\recorded tv\sample media\desktop.ini
users\public\recorded tv\sample media\desktop.ini
c:\
c:\users\public\recorded tv\sample media\desktop.ini
ini
File
users\public\recorded tv\sample media\win7_scenic-demoshort_raw.wtv
users\public\recorded tv\sample media\win7_scenic-demoshort_raw.wtv
c:\
c:\users\public\recorded tv\sample media\win7_scenic-demoshort_raw.wtv
wtv
File
users\public\videos\.
users\public\videos\.
c:\
c:\users\public\videos\.
File
users\public\videos\desktop.ini
users\public\videos\desktop.ini
c:\
c:\users\public\videos\desktop.ini
ini
File
users\public\videos\sample videos\.
users\public\videos\sample videos\.
c:\
c:\users\public\videos\sample videos\.
File
users\public\videos
users\public\videos
c:\
c:\users\public\videos
File
users\public\videos\sample videos\desktop.ini
users\public\videos\sample videos\desktop.ini
c:\
c:\users\public\videos\sample videos\desktop.ini
ini
File
users\public\videos\sample videos\wildlife.wmv
users\public\videos\sample videos\wildlife.wmv
c:\
c:\users\public\videos\sample videos\wildlife.wmv
wmv
File
System Paging File
WinRegistryKey
�ÁD
HKEY_CURRENT_USER
Analyzed Sample #657417
Malware Artifacts
657417
Sample-ID: #657417
Job-ID: #979084
This sample was analyzed by VMRay Analyzer 3.0.2 on a Windows 7 system
100
VTI Score based on VTI Database Version 3.3
Metadata of Sample File #657417
Submission-ID: #1127512
8d833937f4da8ab0269850f961e8a9f963c23e6bef04a31af925a152f01a1169exe
MD5
6d21c5c3bcff6076179bccd9ea6d1464
SHA1
75aa1e3404aaab3a11ee7cb2f7e3682145fa6324
SHA256
8d833937f4da8ab0269850f961e8a9f963c23e6bef04a31af925a152f01a1169
Opened_By
Metadata of Analysis for Job-ID #979084
True
Timeout
True
326.392
XDUWTFONO
win7_64_sp1
x86 64-bit
Windows 7
6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)
5p5NrGJn0jS HALPmcxz
XDUWTFONO
This is a property collection for additional information of VMRay analysis
VMRay Analyzer
Anti Analysis
VTI rule match with VTI rule score 2/5
vmray_dynamic_api_usage_by_api
Resolves an unusually high number of APIs.
Resolves APIs dynamically to possibly evade static detection
Process
VTI rule match with VTI rule score 1/5
vmray_create_process_with_hidden_window
The process "vssadmin.exe" starts with hidden window.
Creates process with hidden window
File System
VTI rule match with VTI rule score 4/5
vmray_modify_user_files
Modifies the content of multiple user files. This is an indicator for an encryption attempt.
Modifies content of user files
File System
VTI rule match with VTI rule score 4/5
vmray_rename_user_files
Renames multiple user files. This is an indicator for an encryption attempt.
Renames user files
OS
VTI rule match with VTI rule score 2/5
vmray_set_desktop_wallpaper_by_api
Sets the desktop wallpaper to the file "c:\users\5p5nrg~1\appdata\local\tempdesk.bmp".
Changes the desktop wallpaper.
OS
VTI rule match with VTI rule score 4/5
vmray_modify_windows_backup_settings
Deletes Windows volume shadow copies.
Modifies Windows automatic backups
File System
VTI rule match with VTI rule score 3/5
vmray_drop_ransom_note_files
Possibly drops ransom note files (creates 112 instances of the file "# DECRYPT MY FILES #.txt" in different locations).
Possibly drops ransom note files
Local AV
VTI rule match with VTI rule score 5/5
vmray_av_malicious_match
Local AV detected a memory dump of process "bs03u4lh.exe" as "Gen:Heur.Ransom.Imps.3".
Malicious content was detected by heuristic scan
Device
VTI rule match with VTI rule score 5/5
vmray_write_mbr
Writes 512 bytes to master boot record (MBR).
Writes to Master Boot Record (MBR)