BigEyes/Lime Ransomware | Grouped Behavior
Try VMRay Analyzer
Monitored Processes
Process Graph
Behavior Information - Grouped by Category
Process #1: crypt.exe
(Host: 1499, Network: 0)
+
Information Value
ID #1
File Name c:\users\5jghkoaofdp\desktop\crypt.exe
Command Line "C:\Users\5JgHKoaOfdp\Desktop\Crypt.exe"
Initial Working Directory C:\Users\5JgHKoaOfdp\Desktop\
Monitor Start Time: 00:00:23, Reason: Analysis Target
Unmonitor End Time: 00:03:13, Reason: Terminated by Timeout
Monitor Duration 00:02:50
OS Process Information
+
Information Value
PID 0xaf8
Parent PID 0x3f8 (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username FIVAUF\5JgHKoaOfdp
Groups
  • FIVAUF\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0000befc (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x AFC
0x B00
0x B04
0x B08
0x B64
0x 0
0x 7B0
0x 808
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
crypt.exe 0x00140000 0x001b3fff Memory Mapped File Readable, Writable, Executable True True False
private_0x00000000001c0000 0x001c0000 0x001dffff Private Memory Readable, Writable True True False
pagefile_0x00000000001c0000 0x001c0000 0x001cffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x00000000001d0000 0x001d0000 0x001d3fff Private Memory Readable, Writable True True False
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory Readable, Writable True True False
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory Readable, Writable True True False
pagefile_0x00000000001f0000 0x001f0000 0x001fefff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000200000 0x00200000 0x0023ffff Private Memory Readable, Writable True True False
private_0x0000000000240000 0x00240000 0x0033ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000340000 0x00340000 0x00343fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000000350000 0x00350000 0x00350fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000360000 0x00360000 0x00361fff Private Memory Readable, Writable True True False
private_0x0000000000370000 0x00370000 0x00370fff Private Memory Readable, Writable True True False
pagefile_0x0000000000380000 0x00380000 0x00380fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000390000 0x00390000 0x0039ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x00000000003a0000 0x003a0000 0x003affff Private Memory - True True False
private_0x00000000003b0000 0x003b0000 0x003bffff Private Memory - True True False
private_0x00000000003c0000 0x003c0000 0x003cffff Private Memory Readable, Writable True True False
locale.nls 0x003d0000 0x0044dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000450000 0x00450000 0x0045ffff Private Memory - True True False
private_0x0000000000460000 0x00460000 0x0055ffff Private Memory Readable, Writable True True False
private_0x0000000000560000 0x00560000 0x0056ffff Private Memory - True True False
private_0x0000000000570000 0x00570000 0x0057ffff Private Memory - True True False
private_0x0000000000580000 0x00580000 0x00580fff Private Memory Readable, Writable True True False
private_0x0000000000590000 0x00590000 0x00590fff Private Memory Readable, Writable True True False
private_0x00000000005a0000 0x005a0000 0x005dffff Private Memory Readable, Writable True True False
private_0x00000000005e0000 0x005e0000 0x005effff Private Memory Readable, Writable True True False
pagefile_0x00000000005f0000 0x005f0000 0x005f0fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000005f0000 0x005f0000 0x005f3fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000600000 0x00600000 0x0060ffff Private Memory Readable, Writable True True False
private_0x0000000000610000 0x00610000 0x006affff Private Memory Readable, Writable True True False
private_0x00000000006b0000 0x006b0000 0x006effff Private Memory Readable, Writable True True False
private_0x00000000006f0000 0x006f0000 0x006f3fff Private Memory Readable, Writable True True False
private_0x0000000000700000 0x00700000 0x0070ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000710000 0x00710000 0x00897fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000008a0000 0x008a0000 0x00a20fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000000a30000 0x00a30000 0x01e2ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000001e30000 0x01e30000 0x01f2ffff Private Memory Readable, Writable True True False
private_0x0000000001f30000 0x01f30000 0x01f3ffff Private Memory Readable, Writable True True False
private_0x0000000001f40000 0x01f40000 0x01f4ffff Private Memory - True True False
private_0x0000000001f50000 0x01f50000 0x01f5ffff Private Memory - True True False
private_0x0000000001f60000 0x01f60000 0x01f63fff Private Memory Readable, Writable True True False
private_0x0000000001f70000 0x01f70000 0x01f7ffff Private Memory Readable, Writable, Executable True True False
private_0x0000000001f80000 0x01f80000 0x01fbffff Private Memory Readable, Writable True True False
private_0x0000000001fc0000 0x01fc0000 0x01ffffff Private Memory Readable, Writable True True False
private_0x0000000002000000 0x02000000 0x02003fff Private Memory Readable, Writable True True False
private_0x0000000002010000 0x02010000 0x0201ffff Private Memory Readable, Writable, Executable True True False
private_0x0000000002020000 0x02020000 0x0401ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004020000 0x04020000 0x0411ffff Private Memory Readable, Writable True True False
sortdefault.nls 0x04120000 0x043f4fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004400000 0x04400000 0x0455ffff Private Memory Readable, Writable True True False
pagefile_0x0000000004400000 0x04400000 0x044f0fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000004500000 0x04500000 0x04505fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004510000 0x04510000 0x0451ffff Private Memory Readable, Writable True True False
pagefile_0x0000000004510000 0x04510000 0x04510fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004520000 0x04520000 0x0452ffff Private Memory Readable, Writable True True False
pagefile_0x0000000004520000 0x04520000 0x04530fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004530000 0x04530000 0x0453ffff Private Memory Readable, Writable True True False
tzres.dll 0x04540000 0x04541fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004540000 0x04540000 0x0454ffff Private Memory Readable, Writable True True False
private_0x0000000004550000 0x04550000 0x0455ffff Private Memory Readable, Writable True True False
private_0x0000000004560000 0x04560000 0x0465ffff Private Memory Readable, Writable True True False
comctl32.dll 0x04660000 0x046e2fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004660000 0x04660000 0x0473ffff Private Memory Readable, Writable True True False
private_0x0000000004660000 0x04660000 0x046fffff Private Memory Readable, Writable True True False
mscorrc.dll 0x04660000 0x046c0fff Memory Mapped File Readable True False False
  • Region Actions
pagefile_0x00000000046d0000 0x046d0000 0x046d2fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000046e0000 0x046e0000 0x046e0fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x00000000046f0000 0x046f0000 0x046fffff Private Memory Readable, Writable True True False
tzres.dll.mui 0x04700000 0x04707fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004700000 0x04700000 0x0472ffff Private Memory Readable, Writable True True False
pagefile_0x0000000004700000 0x04700000 0x0470ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004710000 0x04710000 0x0471ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004720000 0x04720000 0x0472ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004730000 0x04730000 0x0473ffff Private Memory Readable, Writable True True False
private_0x0000000004740000 0x04740000 0x0483ffff Private Memory Readable, Writable True True False
~fontcache-system.dat 0x04840000 0x048e4fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000048f0000 0x048f0000 0x049effff Private Memory Readable, Writable True True False
pagefile_0x00000000049f0000 0x049f0000 0x04ee1fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
~fontcache-fontface.dat 0x04ef0000 0x05eeffff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000005ef0000 0x05ef0000 0x05f6ffff Private Memory Readable, Writable True True False
private_0x0000000005f70000 0x05f70000 0x06212fff Private Memory Readable, Writable True True False
private_0x0000000006220000 0x06220000 0x0631ffff Private Memory Readable, Writable True True False
private_0x0000000006320000 0x06320000 0x063c1fff Private Memory Readable, Writable True True False
pagefile_0x0000000006320000 0x06320000 0x06320fff Pagefile Backed Memory Readable True False False
  • Region Actions
version.dll 0x70df0000 0x70df7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
windowscodecs.dll 0x70e00000 0x70f4cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
profapi.dll 0x70f50000 0x70f5dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x70f60000 0x70f8efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
dwrite.dll 0x70f90000 0x71101fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
system.runtime.remoting.ni.dll 0x71110000 0x711d4fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
system.windows.forms.ni.dll 0x711e0000 0x71e25fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
system.core.ni.dll 0x71e30000 0x724d2fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
system.ni.dll 0x724e0000 0x72e6cfff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
mscorlib.ni.dll 0x72e70000 0x73f04fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
cryptsp.dll 0x74040000 0x74057fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
system.drawing.ni.dll 0x74060000 0x741f1fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
dwmapi.dll 0x74200000 0x74217fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x74220000 0x742fafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
apphelp.dll 0x74300000 0x74398fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x743a0000 0x743bcfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x743c0000 0x74435fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
clrjit.dll 0x74440000 0x744bcfff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
microsoft.visualbasic.ni.dll 0x744c0000 0x74698fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
kernel.appcore.dll 0x746a0000 0x746a8fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcr120_clr0400.dll 0x746b0000 0x74786fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
clr.dll 0x74790000 0x74e2afff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
mscoreei.dll 0x74e30000 0x74eadfff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
mscoree.dll 0x74eb0000 0x74f05fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
bcryptprimitives.dll 0x74f10000 0x74f62fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x74f70000 0x74f78fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x74f80000 0x74f9cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x74fb0000 0x75027fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x75040000 0x7518dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x75190000 0x75297fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x754c0000 0x755b6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x755c0000 0x755e4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x755f0000 0x7572ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x75730000 0x757e0fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ole32.dll 0x757f0000 0x758fbfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75950000 0x75a1efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x75be0000 0x75c1dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x75c60000 0x75ce6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x75d40000 0x75d80fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75e30000 0x75f7efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x75f80000 0x7712cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdiplus.dll 0x77130000 0x7727cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x77280000 0x77305fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x773a0000 0x7745dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64cpu.dll 0x77480000 0x77488fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x77490000 0x774d8fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x774e0000 0x77547fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x77550000 0x776b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007ebd0000 0x7ebd0000 0x7ebdffff Private Memory Readable, Writable, Executable True True False
private_0x000000007ebe0000 0x7ebe0000 0x7ec2ffff Private Memory Readable, Writable, Executable True True False
private_0x000000007ec3a000 0x7ec3a000 0x7ec3cfff Private Memory Readable, Writable True True False
private_0x000000007ec3d000 0x7ec3d000 0x7ec3ffff Private Memory Readable, Writable True True False
pagefile_0x000000007ec40000 0x7ec40000 0x7ed3ffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ed40000 0x7ed40000 0x7ed62fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ed63000 0x7ed63000 0x7ed63fff Private Memory Readable, Writable True True False
private_0x000000007ed64000 0x7ed64000 0x7ed66fff Private Memory Readable, Writable True True False
private_0x000000007ed67000 0x7ed67000 0x7ed69fff Private Memory Readable, Writable True True False
private_0x000000007ed6a000 0x7ed6a000 0x7ed6cfff Private Memory Readable, Writable True True False
private_0x000000007ed6d000 0x7ed6d000 0x7ed6dfff Private Memory Readable, Writable True True False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7ff9d524ffff Private Memory Readable True False False
  • Region Actions
ntdll.dll 0x7ff9d5250000 0x7ff9d53f9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ff9d53fa000 0x7ff9d53fa000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\microsoft\hash 0.05 KB (50 bytes) MD5: 79570daf5afe49ef71c9148c51aa1dda
SHA1: b6a11a5f191391aca1095932d387945c9ef934a3
SHA256: a963f08069a8ba118efd65291347f46968be1e5a02bb81036ed3584ea972f0e3 		False
c:\users\5jghkoaofdp\documents\-spm6vjb.odt.lime 62.45 KB (63952 bytes) MD5: b4d942f4683ba6b39b7cce37c902355b
SHA1: a66b7f2d457ac42df6587b1831ecadaeaae35e56
SHA256: a44f8fcfa0d42cf77ef27e2ce5acf0ad9b4ae77ec6f5be9de07f78ac14ec11ce 		False
c:\users\5jghkoaofdp\documents\0u2ya.docx.lime 11.69 KB (11968 bytes) MD5: 2546d9ba9be02db58e8fe966ab91caea
SHA1: c0ebdbc21ddb63954919b3a45b392151fbc9f16b
SHA256: 1efd55214870714732c1e9503d42c853f342603c93207dbe729325729689ef2b 		False
c:\users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf.lime 1.33 KB (1360 bytes) MD5: 4919359f1310c4aefcda111370faf616
SHA1: 6b7f727a9b5a7f2de9f5494d8cce8678cd9d4ca8
SHA256: de60cda7106e04857a224b2c139381dc5907348f8465827ad0366ea471ccbf64 		False
c:\users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx.lime 92.20 KB (94416 bytes) MD5: 424c59058aaca748e44049c9abc42f85
SHA1: 62f42f357977e8edb15a956b472846fd42cf756f
SHA256: bbf01e9b2887fadc026683f02a469d7f991fac5240fc3777ecf3f6f3b1e0cb96 		False
c:\users\5jghkoaofdp\documents\aeghbubms5ntl.pptx.lime 68.31 KB (69952 bytes) MD5: 815ee7a3f7a76c7f3b38c1ae17fcd72e
SHA1: 8abce056fbccf6c09114555e172441aa16c67561
SHA256: 2189fcee260e07ef63e22ce138ade649ed24c8d061e292d7f64593b93e2a928b 		False
c:\users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx.lime 85.77 KB (87824 bytes) MD5: 862921b589b1174597317f170cbab044
SHA1: 9fe9f87c32d73f2054d4fe01b35d096b0f6e3a47
SHA256: bd1b4d09a8585e5676e94e24ffb2ebd2be748da757059de0792829119d1bf1ba 		False
c:\users\5jghkoaofdp\documents\desktop.ini.lime 0.41 KB (416 bytes) MD5: c9b46817038fb05173f74b2790bbc4ce
SHA1: cc9f85de2a7c64983b76b792c886127d138a5aed
SHA256: db5d72c549b2858b34b9b5e3c30992eddabea01e5932f4c96f85fff201341613 		False
c:\users\5jghkoaofdp\documents\erhcl a2gbl1at.docx.lime 48.88 KB (50048 bytes) MD5: 8a71b4f4b4ad2e149140cb2b622b1fad
SHA1: 88449cd7ef630459459cca28010d9ca8afe14b34
SHA256: 515ff8c559e9c6e7954935a84d186ab4d02babe1ba2aabf27f31bc230828bfeb 		False
c:\users\5jghkoaofdp\documents\eyedf199l.xlsx.lime 90.39 KB (92560 bytes) MD5: ae2cdd9a7f32633b027bd575d0f113dc
SHA1: 53cb828326932fff1ad9caea8f57461806bb230e
SHA256: bea704f52a0f00d060ac9941e436d630e7cada31f56fb73e48af2218d2411796 		False
c:\users\5jghkoaofdp\documents\g 5zx6m5n.docx.lime 14.73 KB (15088 bytes) MD5: 94bec26d56d482bd139bdfb85b01cec0
SHA1: a9dc1a26b2b735e470a74a18e40944eb7b4bd7ce
SHA256: 85cbd08116d0556bf80968bdae8afba8d4e59270cee8f0c4d8ca0097661246bc 		False
c:\users\5jghkoaofdp\documents\gmur.xlsx.lime 78.11 KB (79984 bytes) MD5: 00921b3dd8f8a0b4c3c838ce320f8d51
SHA1: 5d5dd5fed4d0390fe22f9e93247b43b68f7ef5c6
SHA256: 9ef6930900b28d361eaa83d4cd61d1525e143c3ccffc312a22644d23aa27f4a4 		False
c:\users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx.lime 61.45 KB (62928 bytes) MD5: b2c1aba23191532fc0d783f69e75770f
SHA1: 4858c75da24b0b7dfd769f7b3da5d4405b6fc45c
SHA256: 3d4def9f5b6a66da1060a8388b8d0119ebd8d0a56c4091682ede7fe757adb9db 		False
c:\users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt.lime 19.61 KB (20080 bytes) MD5: 43785acb2b4829ee93a6166f488f3f43
SHA1: dc663c05346efb28562d5a1c7fc5c82a2cab90ca
SHA256: 9a4d4bffaa3f4693a95905f1d125f721d3926beb00104f4b035c6b54d8c60714 		False
c:\users\5jghkoaofdp\documents\oczespochpv.csv.lime 97.41 KB (99744 bytes) MD5: b7246b6277c064427412b2b3f7ce6ffc
SHA1: d55113611d99fcf8132db6c89e38a7035fb4b7c5
SHA256: c6a0f5d5f54b84da2cde0afe2ed7cde7095f06df136891752e06bec52fd7cd01 		False
c:\users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx.lime 1.67 KB (1712 bytes) MD5: 5ff36f203bba5b322f5b8687bfc8f0a2
SHA1: f0c3ca41a1e38db91f05d0bd1a007d3294ed2770
SHA256: 5957d364d5e8c1b48c1b42eeb3fa02f4d4c5c3e2f1829a182d2a5445b576abe7 		False
c:\users\5jghkoaofdp\documents\x7nab3sx5u.pptx.lime 94.19 KB (96448 bytes) MD5: db0cc0cdc6760daae4c33c0948512fb6
SHA1: 43fcfa1a53d7bc16eb97c3f98fc7241c186d6659
SHA256: 8f9a92d8c392f354ee9843901e1f5d0fd331f6056f1e3528118caa998ec2b9b9 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps.lime 25.73 KB (26352 bytes) MD5: eda419c37b32c3b4aa1b721cb678a437
SHA1: 82d30c13eee7e1277275b27a50bb7dfacdb8cc9d
SHA256: 9dbeee248a82d89fc500ef79880ab80c3b3d8a95cb60c8866ec1bd13bc317b91 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps.lime 2.14 KB (2192 bytes) MD5: 846a4dddd2a1dd6c856e3040ff20f2bf
SHA1: f40041b3f0a9f0d460112b99798a88b002695f16
SHA256: 30012a509d48b4fa6da6e0e0b242526de79aaa8cbe373971c02ac7f10d58e540 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\dupiwyyc2jp.docx.lime 57.05 KB (58416 bytes) MD5: 3de5fba903cec3f1edbd740b43e4c9f0
SHA1: 1a0cb04b9f174a09eb689fd29cd48343a10634c8
SHA256: 0ad60be3f262f563d7fbebba20b4f7cb87c04e2e4c5e4de572b83266220a0cf9 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\gtn-k.odt.lime 80.55 KB (82480 bytes) MD5: f341d44e54207d2b5ecafa488e0d6d41
SHA1: 42d2bd5e141cb52a34ea655dbf88e39ba694cad5
SHA256: b5868ee3bca2076893a61add47be36d73e56868bf2aa8129431eaddafc11bc59 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\mt8ryidfz3cr.pptx.lime 55.09 KB (56416 bytes) MD5: df4afaf4f93aaceb0d4e62cef5a86cf4
SHA1: abc7b577d51e6d8223fde047b95fdc56becb5f20
SHA256: 9216bc5e02ff640e2cd85f6dc7035a0ba6ea016b074346d374f65c47880cb038 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nadn7qwb885nzat o.odp.lime 86.08 KB (88144 bytes) MD5: f15adc0f50a7dc19f47f0d00b75ed444
SHA1: 516a82381412d27d61ca16b172cef47848ac2a27
SHA256: 64e84454898b46715d6c573f812a36236bf4585e169553cf2bb5af036339e916 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nuvav.rtf.lime 41.34 KB (42336 bytes) MD5: ae505c67a1f9c6807e2e64ebdff8c37b
SHA1: f91536a2dc4a9e9fb00953b0dd87555dd9b835c7
SHA256: f424568ed0e0742e9f7045cafaf42a9e10cc5dbb2e0d538ca8cd700ce50d4892 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\u2 jrsbzpir7oxwwq.pptx.lime 72.94 KB (74688 bytes) MD5: 17e53bd42e9e3784a675460c04ebc5bc
SHA1: 21f73a8d3364d9f59d75732826a391b73a94da27
SHA256: 1b2790b749c9dc3c85a06d557e2962b01d220bf277274aba2bce80225f2178a7 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\w anjoz7.doc.lime 14.30 KB (14640 bytes) MD5: 056b121ba3acf890e659c167d6a07df3
SHA1: a3c1943bce25a355e41fb1abb3708ec6ad56df55
SHA256: 50fb1fa37546a0765205d0424199bf5c8159c1b33cb537d5d3e35e830aec6097 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\vksw t\77jqfti.csv.lime 68.53 KB (70176 bytes) MD5: 1a58904a8f4ba4b6ff21bfa0a818100e
SHA1: afe3e1fb048518682ae7eabe0f3f877de3c3759b
SHA256: 727add00ffb70858d8200cc3978111b36952698bf1651bc52c987d6391245f1d 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\vksw t\9bweefny0rpp.ods.lime 31.14 KB (31888 bytes) MD5: 31f5d82dd9b4998635e79cac53e84cd8
SHA1: 8e959e4f97c1a0816fb8aa4af2fa4d78648ffa00
SHA256: d4711d2201a585572de2ca9791b17db939b9abffb6f56abc46c556f73c05d497 		False
c:\users\5jghkoaofdp\documents\my shapes\desktop.ini.lime 0.22 KB (224 bytes) MD5: 543aa4d0bab6eb92f144852b9321c9b2
SHA1: e5073a14c3b2a9140d4d16009dc228818f9137ac
SHA256: b4c49666006e8249df4923c13cfe489feb472ea5350dc96c9c552a7cd902884a 		False
c:\users\5jghkoaofdp\documents\my shapes\favorites.vssx.lime 0.02 KB (16 bytes) MD5: b89066756566fcf59d882699f2aed3a3
SHA1: 7341b43d325c1971d0caabc3dd8d361a2020c668
SHA256: 1179b80a694dc4fc5e4f87ad86f8bb625ec972d54c1da2f97b51d3c259c3abb8 		False
c:\users\5jghkoaofdp\documents\my shapes\_private\folder.ico.lime 29.23 KB (29936 bytes) MD5: 7c0bc7cc02efbf4681b564565419920e
SHA1: 65312a2bd1539f3aa2702dbf0ae4e665a27581fc
SHA256: 356a2f5864d5e933d3044ff8d1b970bd1a0d2e9c664745a9bc92582fc221fb13 		False
c:\users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst.lime 265.02 KB (271376 bytes) MD5: 3147acf6ff86361711af9cd9666eb006
SHA1: d15c599e256a7d53ffae0f60d0b2a7411124ddc4
SHA256: 7cda96a618d8c66d7f42d9a569683b30986c6ad6caf88f7e1940f11a6b87b93a 		False
c:\users\5jghkoaofdp\pictures\8yzc.gif.lime 47.28 KB (48416 bytes) MD5: 26adc1f9ab71097bd0197bee8a3ce9e0
SHA1: 817fc246afcab2a188fd1a160465e0d368c42d19
SHA256: d91c3eb862790256ec19c1b161c5e0fba291212fe3918c54c7ac7fc0d7109499 		False
c:\users\5jghkoaofdp\pictures\97qmvfp-n9t7b4u.png.lime 65.88 KB (67456 bytes) MD5: 8464ff4b3e9f397ccf609b1a41ad44d5
SHA1: 02b899ed7ef44eaaaea793469d898fc191498790
SHA256: 57dd4d4511a75a6999d4e0dd7410a21003c11a5f3a3b097905fdae9831b8f889 		False
c:\users\5jghkoaofdp\pictures\9pzhjofdzk0fqc8d56gx.bmp.lime 26.36 KB (26992 bytes) MD5: ddf1569c4ee4980e9f06a0ab99fc9a78
SHA1: 75a85b1d0bd23ab66caf64c251da2af78809c293
SHA256: 97cc8af117df3c2143929e739a288dcd74ac549c59dac5bc3d4e615206fb5812 		False
c:\users\5jghkoaofdp\pictures\auoxltyrvw31 biyhvn.png.lime 44.50 KB (45568 bytes) MD5: 57786d413b451721be96c2ddbab09113
SHA1: 9b28d33d86a94aa351138e10073bdb2fc79f70eb
SHA256: 6e8aa604822738992563e086227bab934c8a672c4f787c4f4849de32597c1a9f 		False
c:\users\5jghkoaofdp\pictures\hoshp.gif.lime 97.02 KB (99344 bytes) MD5: d2befa51c32e29e1b649063ca7df518a
SHA1: 02bbb9921b9d89493f11067bf3cde44027875a5b
SHA256: 4fd2643d374ec75b8e9d82def8992c62d8130871e2104a7d5a5bbbfd3c40a0a0 		False
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\cn2.bmp.lime 5.53 KB (5664 bytes) MD5: 4165af98fa053b0ee858800fdea6bf2b
SHA1: cc4f196f2c84e8341319a9d160b59e1ef8cc7b75
SHA256: 37b69b47f658dff4332165ccaa4cfa88d83cc13c0502fee6a512d5ae46e1c0a5 		False
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\eemvu3dk.bmp.lime 24.06 KB (24640 bytes) MD5: b7a5dafa65e2e3fa682f5465eb1b0916
SHA1: 62ce2237261b73c50cff867af65cab8cd538454e
SHA256: 6a59dc100b1eaee7d56d79938e985486549ebd0b6b0917da24fe39571ea22573 		False
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\fnzhhkemnjg.gif.lime 19.50 KB (19968 bytes) MD5: 273d2cab40ee021cef924385e9f4c715
SHA1: e9788c8741af89cc2abc5ce89840cb45dc6fe459
SHA256: 04a68085ad7d4195d1f82b683a8801a78efe5bc170386553eedc12a772336b41 		False
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\nr6dmjkjcntfscqr.gif.lime 55.36 KB (56688 bytes) MD5: 5f2dc9ccbe05c735697196fa730a5295
SHA1: 1a4b13b00ce7944428fe442e64ab917cf379fac1
SHA256: ac617690e7e57582c5f49af08ee04a6ced2a8b3082576c3eca0295a9b1a9b6cb 		False
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\qkgeynbdljnjdcbmjb.gif.lime 45.47 KB (46560 bytes) MD5: 4f0d0c36301c73cf775da773e984b771
SHA1: 6a0424d118d3a53091d507ac8e29e67b2b433b63
SHA256: d32a53331826fce9e18511db91f521bb5cc09964d78e290add6f8591fbb6e76f 		False
c:\users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\b4tjitd_nyk uv.bmp.lime 99.69 KB (102080 bytes) MD5: f8a8e6adf87e50988f6afe69041bf3bc
SHA1: a19758a519ee1988e175c104406249dbfd899819
SHA256: e994ef93dcc6b432041411aab490fbdf22f7258987f4140a7fd20e9d8c219a95 		False
c:\users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\dc394objo9c.bmp.lime 35.89 KB (36752 bytes) MD5: b5291809b8a3d6841d00a129a3668c31
SHA1: 2263a7b583f32b506984163065c41aa5736506fb
SHA256: ba0a44b2bc81d19046e1e05ae96a55702829e8c74d9ea559fc6d3bca964566f3 		False
c:\users\5jghkoaofdp\music\c-56as7eiall.mp3.lime 24.48 KB (25072 bytes) MD5: f8d5cb7a00e83a49149d4622021fa5b7
SHA1: ecf37d0aa1bb699abb4b6f1bfb1ba5ebc43e1172
SHA256: 3f9c4be52001bdc0622ab3e8b33131d749f02a8e80773babce9d699958965bc1 		False
c:\users\5jghkoaofdp\music\desktop.ini.lime 0.50 KB (512 bytes) MD5: bbecdaa0d5d5dff70246d8e481a133ae
SHA1: 59464008c26a95368fb4cfc3e78e6726e45ac9ba
SHA256: 2a52121b8b48b82524a604eb11e4387e009828454101301bf9082b72508c616a 		False
c:\users\5jghkoaofdp\music\gru-m3d0ihjq.wav.lime 89.11 KB (91248 bytes) MD5: fbd8c5a14f99ea11a20c1ff956261d27
SHA1: 6002af7f5e9928336c5fb4694afc2ac381a01331
SHA256: d1947ab433b644e42b7ab6cdb566a7dc835578180b0822277ea04ff4b4ed6608 		False
c:\users\5jghkoaofdp\music\od32to.mp3.lime 18.06 KB (18496 bytes) MD5: 41fb7d419423fe05675a472228237edf
SHA1: 1c2a9a43891bcd3d57dea5d1b7c469dea590ef67
SHA256: 424ed283f523ee782bbb8ff96eaae18a66f3b05a5b5135a69ef8de7ed755deaf 		False
c:\users\5jghkoaofdp\music\q0ua0ahepdpsiaueq0.mp3.lime 33.09 KB (33888 bytes) MD5: c11b3421e93e99a9f4e8588c9e6d19cd
SHA1: bd9c49df024f11fe5696c90eb0a4ba6eab851455
SHA256: e280296785805f92d2ef712b1d496a23c86ff294d3b9d7557349b31423fb6ba0 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\ggnh.m4a.lime 4.73 KB (4848 bytes) MD5: 2f83fe33b0187cc874874dee35b83c00
SHA1: 32fdcfabc4f858ff7ad973a5a08fba06ae33d4d4
SHA256: dc3735b311a07d5212c839e07f472f08d8a8f60eceef76383e043aefde3c2b69 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\gqfyfnbufhd0b2hnpcm.wav.lime 84.66 KB (86688 bytes) MD5: 3b2c8cc031100456b9b0ffb630df0ab6
SHA1: 2ad64c5d4e7359842e2148b78c442bb2c15fa92c
SHA256: ea72462195205f5f53848347d49a13d5f980fc8ef624334a204a42dcde841d14 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\gwcyviwii.mp3.lime 31.67 KB (32432 bytes) MD5: 9a63c489b44c5bcaec8f54223f9d1ddc
SHA1: d87aba4cffead69f90729f35cd99848ba58eed43
SHA256: 71f256e963cc4efa21b3ca27d9c5ed2ee9523efd012d162869e4dbb60ca77475 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\kz2m.mp3.lime 81.66 KB (83616 bytes) MD5: 232e3e201518c574f55948d982da7262
SHA1: acbab8ba8b246e038e2ee4cd39f48e10146589f4
SHA256: 621e4d05e90a7da85ecff96f71cc85cdb6a0c215a21a7801796e19a20a6db720 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\qvxpyewmyw121.wav.lime 96.69 KB (99008 bytes) MD5: 30b1cbcca53c3afbf7739e9b5c485620
SHA1: 6e7632974f0e8ef95663c011a7921b105d0009d6
SHA256: bcded786bc9f0f036c7760a25e425e9deb362c1265d59a3ba3b6545e3aab7d52 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\sy3cpsu.m4a.lime 82.53 KB (84512 bytes) MD5: 71e60381304f1802e946ff866646cd28
SHA1: 7b52b959b53f7c79a597872fda5285b0a7612a44
SHA256: 483972808aa0b1d792e66d2201c5b78067c217835d495b625da7baf1a06a4a54 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\ufkl.wav.lime 85.83 KB (87888 bytes) MD5: b495fd88db772adac97d11470dd8a8bd
SHA1: b284b1a5203fcd4db7af7b5d58eb529b9bd50b15
SHA256: 73442b4eb6caeccdfd967382166bd31b245fd660a136241f477c2a605b7393fb 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\uxkqt2i9x6pc8.wav.lime 39.28 KB (40224 bytes) MD5: 2ce61dd19d7c10d95f54fba753b61738
SHA1: ac1089615d1750d344b7ec76b6ea4dc499875ba0
SHA256: a380013c0f1dd0c0d85144a283a881ac09ef175646a0c67663d768fd5dfb950c 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\vw e9ij.mp3.lime 85.11 KB (87152 bytes) MD5: 7a87d1bc45fc6d5b99bfa3abe234568a
SHA1: de332830980ece74917caa8434af0a68e943b235
SHA256: 57ce3032a943cbadbee69a59aeb817f1acebeec309fb0bb580065cd0354c2eb6 		False
c:\users\5jghkoaofdp\music\_wgbp3qw\yotflh9s-- h9v.wav.lime 28.77 KB (29456 bytes) MD5: 5d5703232f6c7e693d45a9080797fce7
SHA1: 23df6e3bd71165c4c4e106f377ec448f0e84a8b5
SHA256: da7d529409b523b4216ee38f38541f39f648e29b3da4846ed443957e0e847775 		False
c:\users\5jghkoaofdp\videos\40y6k2fub.avi.lime 95.66 KB (97952 bytes) MD5: 5ba848a370ecbc1d9392edc6eac9ef5b
SHA1: dde681e2c6ad9a32e576e64321df1dcac08a692e
SHA256: af95427274472be2882fff49284ab5a3eac5ede0f94da6648c7339b629594945 		False
c:\users\5jghkoaofdp\desktop\2-lzf_caeytdih8ls.avi.lime 84.27 KB (86288 bytes) MD5: 7736005a93c48d4f5792444a73c22b5c
SHA1: aaa9c36387a59e1f1cb8e91ede7f9c320a00efc9
SHA256: 92b0d410d7d6398e758576b05db4888a2711138f6f0a06bf58ddc9198bbfc236 		False
c:\users\5jghkoaofdp\desktop\2kzlcfwdx.mkv.lime 67.55 KB (69168 bytes) MD5: 3f72b45f772ab924e75bd7338e5a8f93
SHA1: 3ffe94a87675650f531ed2659cf33e276fa28034
SHA256: 86c13c0f9ff470e4f33fc7ec54c386e2f0f1871b4243b204125507a92d6d71f2 		False
c:\users\5jghkoaofdp\desktop\6l2vjzd4y qgt3nzdwl.wav.lime 94.81 KB (97088 bytes) MD5: 91d0b4f5783581561a077f8f92b3141a
SHA1: 6147e5c1bf5e5854614d0860a930541b3bd13c0a
SHA256: 24839805f0ecab51b4ca4ec822fd6fc436a1efee638ec9fa0d78e8049563e19a 		False
c:\users\5jghkoaofdp\desktop\6s fhiyfbc68fla.flv.lime 34.31 KB (35136 bytes) MD5: 5736547bcb17855352e15fa8a8cf0da8
SHA1: f098feb70877d38ced438ee66153f493e248bf0f
SHA256: b5f360c039a2d602364df75508f673b2821af174ea595822405d62d693011c48 		False
c:\users\5jghkoaofdp\desktop\7huc np.mkv.lime 98.38 KB (100736 bytes) MD5: da7cb2f1323a5a5708599b5d07b641ec
SHA1: f61222d95ff46b88b9f29322f7a5763527bfebb0
SHA256: 1a5c0cdcd3f33a0184d467c99c9837721f0857358187bdd10589ae23d7d23ace 		False
c:\users\5jghkoaofdp\desktop\makfq5zaptizrce7iru.ods.lime 54.59 KB (55904 bytes) MD5: 88831cd5bfab6063eaacddee7e5c6938
SHA1: f9d5013d07ae92624abd6562e8419c166a123bcb
SHA256: a07ba284e07f3c583e34972e57d8c5654396224169d3da853520c17402f409d8 		False
c:\users\5jghkoaofdp\desktop\mv3nggj4w65.png.lime 23.56 KB (24128 bytes) MD5: 65b2b016d015d7f31a9818d6f03daa3d
SHA1: 61341e31998a1faa5153037cfddae14c34248d20
SHA256: a613402abe1b7b0b647c9051b2399363463e072c10cc0bace9749318cc302f97 		False
c:\users\5jghkoaofdp\desktop\wvjrcaiyskl.jpg.lime 20.16 KB (20640 bytes) MD5: be0e7a5ab911465203ec7f5487da93e5
SHA1: 8dc5d60e704a256ffc8571c6d80a75cdf89e8c14
SHA256: f3c16f8c60c2fb20fc0197d73375f282b376ba8836ee0a418760fbc7062aecb7 		False
c:\users\5jghkoaofdp\desktop\xcdhr9fnegvb5d0.pdf.lime 3.33 KB (3408 bytes) MD5: b8f3165a278ec51a42def26e8d173a8b
SHA1: 79ce39666cceb936f4716a46d148f25b222ceb68
SHA256: fe0ae165145e455fff3ebd83a651d9bf07341b479dc9fdefd93517245e123c6d 		False
c:\users\5jghkoaofdp\desktop\c opbv-sts\hv1siahr-wdxqnisdtes.m4a.lime 41.38 KB (42368 bytes) MD5: 237ddb41e9949baeb6693976da0830ea
SHA1: 06a03690a1af6bd7f5fadb302a280a25024ae48d
SHA256: efb821296eed29cbdccc6425afa105c2bff2dea737615d4f4d2ff92b02038ba3 		False
c:\users\5jghkoaofdp\desktop\rsvw596pft9dfxj qf8\7mq72ddmzjhmf.jpg.lime 74.06 KB (75840 bytes) MD5: 9b4d9414327de03c6621157276c20c03
SHA1: 3f4ffc64a14c8511feca0f2241393d0683d5c1ed
SHA256: 98d0f7a708417bbc365ac91078f7170c2da6cec0fc60b0cc5a08227ed372984e 		False
c:\users\5jghkoaofdp\desktop\#decryptor.exe 393.00 KB (402432 bytes) MD5: 067c61ebc26990537ed9c52908cc6025
SHA1: 00df5ad324626992fd83ecfca84b7297bbbfaa26
SHA256: 60ef3c12e67a01d4445dc3bfac5545fc85b94e33c6c806a681186a5e1ed58561 		False
c:\users\5jghkoaofdp\desktop\#decryptor.exe 393.00 KB (402437 bytes) MD5: a0e0875ab72ff05e04a2b928a30da0f8
SHA1: 8b0e48e33f8c824b55227b7b504f84ccb996136b
SHA256: 0ae0c749e69b33ad8fd3b14820a46bc39eae027a75fddc791dccb16b449a2bfc 		False
c:\users\5jghkoaofdp\desktop\#background.png 29.08 KB (29775 bytes) MD5: 292cc611f0a5c4acd4cb5dd1fab236f6
SHA1: 7e89c27d5cd44cd53b8ab6c8c08aab6ce0bc07fe
SHA256: cfaca5d62f7d5ea934b3a80069c3de24b062c6fc7d696f2514dd587bf86ebcca 		False
c:\users\5jghkoaofdp\documents\-spm6vjb.odt 62.44 KB (63938 bytes) MD5: 58393dcbf626cfa2e64abf5f28575be8
SHA1: db10c994113b5425ff93b59581a5c9c46aaabf33
SHA256: 4bf873910a64441ccaeacdf8852d1b07f0c6c469c8cfb30394f133e51fa22a86 		False
c:\users\5jghkoaofdp\documents\0u2ya.docx 11.68 KB (11958 bytes) MD5: a320cd9c75e3083bf63fb92c7649ae6b
SHA1: f630cf75c0ef711b159af4c02fdbde959cffe1bb
SHA256: 406b291294e6c4c1cc2decbe675545637cdb8c133c87981c4c64e77c64a9bda9 		False
c:\users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf 1.33 KB (1359 bytes) MD5: fb6f7a95eb2466d83942f7c860d0ef92
SHA1: 5ea740cdcd863e75c1956671fd51ee1162a195cf
SHA256: c1d0c9c9b48e9e14473f247bb4e690c6d06d998a23736a9c5e2ccd731e7792df 		False
c:\users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx 92.20 KB (94414 bytes) MD5: 18cc57d055dbd0f5941e23419aa65ab0
SHA1: 0f7166e2dcf95cffcf647a2b333b315c3935a2ab
SHA256: d32ef1ff293d8fb074e59a5a9e467a733fbc624bfbcb2a9a9790611e8f7540f8 		False
c:\users\5jghkoaofdp\documents\aeghbubms5ntl.pptx 68.30 KB (69943 bytes) MD5: d1cf1130d18e6e4c74d3bfabb2b92f21
SHA1: 88874850a50903aae0caed235f60af3dc455a512
SHA256: 8a7c1123605a784568aa1e4cf62f3a256ea92417822c24eedf7ce27bc2e02158 		False
c:\users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx 85.76 KB (87821 bytes) MD5: 7ad8bc3380511b4925e6395d3fcfa9b2
SHA1: bbb28eea7616ab36b23d6251cc24a225d88b279d
SHA256: 15c7a555d745149508e5d327dfe1139ea7b1d860da904e2c014f4e97248489b2 		False
c:\users\5jghkoaofdp\documents\desktop.ini 0.39 KB (402 bytes) MD5: ecf88f261853fe08d58e2e903220da14
SHA1: f72807a9e081906654ae196605e681d5938a2e6c
SHA256: cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844 		False
c:\users\5jghkoaofdp\documents\erhcl a2gbl1at.docx 48.87 KB (50041 bytes) MD5: a7b21e63df46e1fb905b2a522b7344d8
SHA1: 62c19701ef52142244eb102156dd39592777cd7e
SHA256: 1057f4a6ee8945b5b62a519f2083f3b59cc3f8e311481e348b098468a0815126 		False
c:\users\5jghkoaofdp\documents\eyedf199l.xlsx 90.38 KB (92552 bytes) MD5: a96f62abda1c6e0b69ea17b84a75e4ba
SHA1: d7a6de0a918d918fae62b5771741b0efa317ff6b
SHA256: ed7d8f2de672435bee20e565ab6e5976af4a74758bf2092b6cf236a01d0c74a2 		False
c:\users\5jghkoaofdp\documents\g 5zx6m5n.docx 14.73 KB (15083 bytes) MD5: 7fcd1501bb1e6377cfc477ac38c6cd6a
SHA1: b702e0777e4cc9886593859d41e1be0b2af85781
SHA256: 8e3c9160ca415a81f42630372690914b8bf8573acdf356074dc75d3e47a5d296 		False
c:\users\5jghkoaofdp\documents\gmur.xlsx 78.11 KB (79981 bytes) MD5: 997cb45da07305a5295adadce04410e6
SHA1: 0336a5e1609006d5fda1de11a43ad59f6b350afb
SHA256: ab9e36a1aecbf6ad45a86034a161f115a8b4f031e8bec177f46e30d421aadb31 		False
c:\users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx 61.44 KB (62916 bytes) MD5: b5d11377e240c9d4182487819bb696e5
SHA1: 558b695cc95730f732c8ddf3f7ed973c55b6981b
SHA256: aa037a1aeb4fbd6ab534fe2fe774fc71d0f03ca79b5a1b6d972b9042763557a6 		False
c:\users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt 19.60 KB (20068 bytes) MD5: 89a101f6735aebaeb9f2f37bcb7c35a4
SHA1: 96dec5a6c017ddd0e7b3286507ca03679c18b8b0
SHA256: 70c616a305d92876229444b03d2787e15060de5f05eb19f10d3752366db99fa9 		False
c:\users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx 26.77 KB (27412 bytes) MD5: a4fa2518874f45be4ea728dd59e06469
SHA1: 82a9792fe24d414d390cf6369866d6c2a2d8c2f7
SHA256: d3a44d490722d497c7235ccaa833fd5671d7841413c1d32d36817dbb10b6509b 		False
c:\users\5jghkoaofdp\documents\oczespochpv.csv 97.40 KB (99738 bytes) MD5: a6dd475d55ae89c0c495742667cf04c9
SHA1: 4486320b73acfc1cf4252b7c3f6aa0c6a848fc2b
SHA256: 04c473b3899dfc95ac0675156eed6e91581a6e3b335ff95217a5b8177a6fe076 		False
c:\users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx 1.66 KB (1702 bytes) MD5: 927100c1e43af166a66ee4c719e986cb
SHA1: f0e74f7a3bb23214f26ea45c5f0b01f36e25c3ec
SHA256: 7c4667ca8b873156623e4a119071b383b7dedeb3e08cbef83aec421f8a135039 		False
c:\users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx 88.29 KB (90406 bytes) MD5: 9e597634dd83f188f7c54793ea7911fc
SHA1: e0d16a8f056927b5ccb1c71bc6704743693a3c25
SHA256: e3663a81a83b566044a2b5d0161e9f999e212457451fedebad7fa690eca372d8 		False
c:\users\5jghkoaofdp\documents\x7nab3sx5u.pptx 94.18 KB (96442 bytes) MD5: 2ddc0f8eb8daf54320413c3827ca96f8
SHA1: 5e20b75ea989cb07f8c4660f8f8b1fe993d0630e
SHA256: e817aa9e9feb2cf9ab35ba5901f1dfd21a8c39b3da500445e836f3700a251489 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt 94.90 KB (97180 bytes) MD5: f100080dc8c3ad3c4b3f107a423a3bf9
SHA1: c40ee4d57022abf161f1ed3a7698e854279dc938
SHA256: 162f9044fc4e24728ae4e3cad7751f7d863cc00f78d2580922a782868af94eaa 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps 25.73 KB (26344 bytes) MD5: a246d5fca5d699a98740cc3261a36f1f
SHA1: bf2848ae0818f8390b4cc0556c4a47978665654a
SHA256: a8daddf7d9bf5c4fb1aad39a1fe4ecb4345a37e8f3f2900c011096a4f5043232 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf 39.51 KB (40454 bytes) MD5: 52ce1e0b7ce3bc2061c3131c7c0b1f6f
SHA1: aeea0a492c9be1f442267b6d80c375e957705e3a
SHA256: 69310ae8f6f9562a68bc46aae8f37fcf21a15c60f068c13fe9adca43a2bfc07f 		False
c:\users\5jghkoaofdp\documents\my shapes\desktop.ini 0.21 KB (216 bytes) MD5: 14967ba849b93421843b52d7e50b75a8
SHA1: 523e3329eaf92f12918c1ceaee8b575e74e88318
SHA256: 88c8875112fe06eeb89c4b53bab11c72f6db6ad6621fbc94c29e0ac50f83cb06 		False
c:\users\5jghkoaofdp\documents\my shapes\favorites.vssx 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\5jghkoaofdp\documents\my shapes\_private\folder.ico 29.22 KB (29926 bytes) MD5: 5130ee1b914d382af41ff3a35eb151b8
SHA1: 81ad3e1731197926cc36fa9d12a1b224b6b82f5c
SHA256: baaf97e8e0606daecc8c3271b73b91b1d8b1f2e521ae677480b0a3f87173eb39 		False
c:\users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst 265.00 KB (271360 bytes) MD5: ca76558a6946bce314bad215edd2ad25
SHA1: 52930ef4033d72843f561d9f2d0a02d27fdf3dbf
SHA256: cf63f7457bda0006f06cd6716b75216b6a759671ee82787baeb28f1a7a921e8c 		False
c:\users\5jghkoaofdp\pictures\8yzc.gif 47.27 KB (48401 bytes) MD5: 32c698f3bc99e6ee641f8d19fbd32533
SHA1: c63afa5a10f4034a3bd3c2f24caa0b4839e6d5ba
SHA256: 6e6fb90bc296c80d98f9c69c60b6fc5a7c3c8aaa6dc04547e0656002bef29caa 		False
c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a.lime 86.42 KB (88496 bytes) MD5: bc321946df2fb79b64c3fd4e4e4946e6
SHA1: 3d97b8fd35439ef2969a0cd93d966d1e7e908de1
SHA256: 03da487ed31144fba421d1e0456526c29ddfd99decd8b3923a4d3500cc940626 		False
Host Behavior
File (1444)
+
Operation Filename Additional Information Success Count Logfile
Create C:\Microsoft\hash desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\desktop.ini desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\desktop.ini desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\desktop.ini.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\Od32To.mp3.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3 desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg.Lime desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\NTUSER.DAT desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ False 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL True 1
Fn
Create Directory C:\Microsoft - True 1
Fn
Get Info C:\Microsoft\ type = file_attributes False 2
Fn
Get Info C:\Microsoft type = file_attributes False 1
Fn
Get Info C:\Microsoft\hash type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents type = file_attributes True 116
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\desktop.ini type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\desktop.ini type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\desktop.ini type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX type = file_attributes True 18
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn type = file_attributes True 26
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7 type = file_attributes True 15
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T type = file_attributes True 14
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Pictures type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes type = file_attributes True 18
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private type = file_attributes True 10
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Videos type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks type = file_attributes True 6
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook type = file_attributes True 6
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Outlook Files type = file_attributes True 4
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures type = file_attributes True 36
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png type = file_attributes True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\GhM3IdiNT.gif type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl type = file_attributes True 28
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP type = file_attributes True 10
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music type = file_attributes True 30
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\desktop.ini type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\desktop.ini type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\desktop.ini.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\desktop.ini type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Od32To.mp3.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3 type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3 type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\EQRSjs.wav type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw type = file_attributes True 59
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Videos type = file_attributes True 12
Fn
Get Info C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop type = file_attributes True 56
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\m6MihhsYl_M5kam0.swf type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\ViLLuBaagV2DSJK7a.png type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\gnOVeG6HPj.doc type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs type = file_attributes True 10
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\3zph\3gLjWk8Dnbmky\_epX.png type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\3zph\3gLjWk8Dnbmky type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8 type = file_attributes True 8
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp type = file_attributes True 6
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\Crypt.exe.config type = file_attributes False 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe type = file_type True 6
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe type = file_attributes True 3
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe type = file_attributes False 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\Crypt.exe type = file_attributes True 1
Fn
Read C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt size = 63938, size_out = 63938 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx size = 11958, size_out = 11958 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf size = 4096, size_out = 1359 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx size = 94414, size_out = 94414 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx size = 69943, size_out = 69943 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx size = 87821, size_out = 87821 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\desktop.ini size = 4096, size_out = 402 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx size = 50041, size_out = 50041 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx size = 92552, size_out = 92552 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx size = 15083, size_out = 15083 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx size = 79981, size_out = 79981 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx size = 62916, size_out = 62916 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt size = 20068, size_out = 20068 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv size = 99738, size_out = 99738 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx size = 4096, size_out = 1702 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx size = 96442, size_out = 96442 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps size = 26344, size_out = 26344 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt size = 82476, size_out = 82476 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx size = 56410, size_out = 56410 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp size = 88134, size_out = 88134 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf size = 42329, size_out = 42329 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx size = 74682, size_out = 74682 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc size = 14639, size_out = 14639 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv size = 70163, size_out = 70163 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods size = 31883, size_out = 31883 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini size = 4096, size_out = 216 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico size = 29926, size_out = 29926 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 size = 6184, size_out = 6184 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 size = 271360, size_out = 271360 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif size = 48401, size_out = 48401 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png size = 67452, size_out = 67452 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp size = 26990, size_out = 26990 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png size = 45565, size_out = 45565 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif size = 99332, size_out = 99332 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp size = 24639, size_out = 24639 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif size = 19957, size_out = 19957 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif size = 56673, size_out = 56673 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif size = 46555, size_out = 46555 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp size = 36744, size_out = 36744 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 size = 25058, size_out = 25058 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\desktop.ini size = 4096, size_out = 504 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav size = 91234, size_out = 91234 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 size = 18495, size_out = 18495 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3 size = 33877, size_out = 33877 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a size = 4841, size_out = 4841 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav size = 86679, size_out = 86679 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 size = 32419, size_out = 32419 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 size = 83604, size_out = 83604 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav size = 98993, size_out = 98993 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a size = 84500, size_out = 84500 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav size = 40223, size_out = 40223 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 size = 87150, size_out = 87150 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav size = 29447, size_out = 29447 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi size = 97945, size_out = 97945 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi size = 86280, size_out = 86280 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv size = 69165, size_out = 69165 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav size = 97086, size_out = 97086 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv size = 35126, size_out = 35126 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv size = 100724, size_out = 100724 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods size = 55899, size_out = 55899 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png size = 24118, size_out = 24118 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg size = 20631, size_out = 20631 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf size = 4096, size_out = 3393 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a size = 42356, size_out = 42356 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg size = 75837, size_out = 75837 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 402432, size_out = 402432 True 1
Fn
Data
Write C:\Microsoft\hash size = 50 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime size = 63952 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime size = 11968 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime size = 1360 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime size = 94416 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime size = 69952 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime size = 87824 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime size = 416 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime size = 50048 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime size = 92560 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime size = 15088 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime size = 79984 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime size = 62928 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime size = 20080 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime size = 99744 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime size = 1712 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime size = 96448 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime size = 26352 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime size = 2192 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx.Lime size = 58416 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt.Lime size = 82480 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx.Lime size = 56416 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp.Lime size = 88144 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf.Lime size = 42336 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx.Lime size = 74688 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc.Lime size = 14640 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv.Lime size = 70176 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods.Lime size = 31888 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime size = 224 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime size = 16 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime size = 29936 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime size = 271376 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime size = 48416 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png.Lime size = 67456 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp.Lime size = 26992 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png.Lime size = 45568 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif.Lime size = 99344 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp.Lime size = 5664 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp.Lime size = 24640 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif.Lime size = 19968 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif.Lime size = 56688 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif.Lime size = 46560 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp.Lime size = 102080 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp.Lime size = 36752 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3.Lime size = 25072 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\desktop.ini.Lime size = 512 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav.Lime size = 91248 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\Od32To.mp3.Lime size = 18496 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3.Lime size = 33888 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a.Lime size = 4848 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav.Lime size = 86688 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3.Lime size = 32432 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3.Lime size = 83616 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav.Lime size = 99008 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a.Lime size = 84512 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav.Lime size = 87888 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav.Lime size = 40224 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3.Lime size = 87152 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav.Lime size = 29456 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi.Lime size = 97952 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi.Lime size = 86288 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv.Lime size = 69168 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav.Lime size = 97088 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv.Lime size = 35136 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv.Lime size = 100736 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods.Lime size = 55904 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png.Lime size = 24128 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg.Lime size = 20640 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf.Lime size = 3408 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a.Lime size = 42368 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg.Lime size = 75840 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 402432 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 4096 True 98
Fn
Data
Write C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 1029 True 1
Fn
Data
Delete C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\desktop.ini - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\GhM3IdiNT.gif - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\desktop.ini - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\EQRSjs.wav - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\m6MihhsYl_M5kam0.swf - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\ViLLuBaagV2DSJK7a.png - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\gnOVeG6HPj.doc - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\3zph\3gLjWk8Dnbmky\_epX.png - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe - True 1
Fn
Registry (4)
+
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\ConsoleApplication1\ConsoleApplication1\1.0.0.0 - False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework value_name = DbgJITDebugLaunchSetting, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework value_name = DbgManagedDebugger, type = REG_NONE False 1
Fn
Module (26)
+
Operation Module Additional Information Success Count Logfile
Load comctl32.dll base_address = 0x77280000 True 1
Fn
Get Handle comctl32.dll base_address = 0x0 False 1
Fn
Get Handle c:\windows\syswow64\user32.dll base_address = 0x75e30000 True 1
Fn
Get Handle c:\users\5jghkoaofdp\desktop\crypt.exe base_address = 0x140000 True 8
Fn
Get Handle c:\windows\syswow64\comctl32.dll base_address = 0x77280000 True 14
Fn
Get Address c:\windows\syswow64\user32.dll function = DefWindowProcW, address_out = 0x7431bdea True 1
Fn
Window (18)
+
Operation Window Name Additional Information Success Count Logfile
Create - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0 class_name = .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 32966158 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 32966278 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 32966358 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551608, new_long = 393242 False 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551608, new_long = 393242 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551600, new_long = 41943040 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551596, new_long = 589825 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 32966398 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 328064 False 1
Fn
Keyboard (1)
+
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 1
Fn
Process #2: #decryptor.exe
(Host: 1805, Network: 0)
+
Information Value
ID #2
File Name c:\users\5jghkoaofdp\desktop\#decryptor.exe
Command Line "C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe"
Initial Working Directory C:\Users\5JgHKoaOfdp\Desktop\
Monitor Start Time: 00:01:31, Reason: Modified File
Unmonitor End Time: 00:03:13, Reason: Terminated by Timeout
Monitor Duration 00:01:42
OS Process Information
+
Information Value
PID 0x9ec
Parent PID 0x3f8 (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level Medium
Username FIVAUF\5JgHKoaOfdp
Groups
  • FIVAUF\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0000befc (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 9E4
0x 9DC
0x 3B4
0x 0
0x 60C
0x 4E0
0x 944
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
#decryptor.exe 0x00fb0000 0x01017fff Memory Mapped File Readable, Writable, Executable True True False
private_0x0000000001020000 0x01020000 0x0103ffff Private Memory Readable, Writable True True False
pagefile_0x0000000001020000 0x01020000 0x0102ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000001030000 0x01030000 0x01033fff Private Memory Readable, Writable True True False
private_0x0000000001040000 0x01040000 0x01040fff Private Memory Readable, Writable True True False
private_0x0000000001040000 0x01040000 0x01040fff Private Memory Readable, Writable True True False
pagefile_0x0000000001050000 0x01050000 0x0105efff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000001060000 0x01060000 0x0109ffff Private Memory Readable, Writable True True False
private_0x00000000010a0000 0x010a0000 0x0119ffff Private Memory Readable, Writable True True False
pagefile_0x00000000011a0000 0x011a0000 0x011a3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000011b0000 0x011b0000 0x011b0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000011c0000 0x011c0000 0x011c1fff Private Memory Readable, Writable True True False
locale.nls 0x011d0000 0x0124dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000001250000 0x01250000 0x01250fff Private Memory Readable, Writable True True False
pagefile_0x0000000001260000 0x01260000 0x01260fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000001270000 0x01270000 0x0127ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000001280000 0x01280000 0x0128ffff Private Memory - True True False
private_0x0000000001290000 0x01290000 0x0129ffff Private Memory - True True False
private_0x00000000012a0000 0x012a0000 0x012affff Private Memory - True True False
private_0x00000000012b0000 0x012b0000 0x012bffff Private Memory - True True False
private_0x00000000012c0000 0x012c0000 0x012cffff Private Memory - True True False
private_0x00000000012d0000 0x012d0000 0x012d0fff Private Memory Readable, Writable True True False
private_0x00000000012e0000 0x012e0000 0x012e0fff Private Memory Readable, Writable True True False
private_0x00000000012f0000 0x012f0000 0x0132ffff Private Memory Readable, Writable True True False
pagefile_0x0000000001330000 0x01330000 0x01330fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000001330000 0x01330000 0x01333fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000001340000 0x01340000 0x01343fff Private Memory Readable, Writable True True False
private_0x0000000001350000 0x01350000 0x0135ffff Private Memory Readable, Writable, Executable True True False
private_0x0000000001360000 0x01360000 0x0136ffff Private Memory Readable, Writable True True False
private_0x0000000001370000 0x01370000 0x013affff Private Memory Readable, Writable True True False
private_0x00000000013b0000 0x013b0000 0x013bffff Private Memory Readable, Writable True True False
private_0x00000000013c0000 0x013c0000 0x013cffff Private Memory Readable, Writable True True False
private_0x00000000013d0000 0x013d0000 0x0144ffff Private Memory Readable, Writable True True False
private_0x00000000013d0000 0x013d0000 0x013dffff Private Memory - True True False
private_0x00000000013e0000 0x013e0000 0x013effff Private Memory - True True False
tzres.dll 0x013f0000 0x013f1fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000013f0000 0x013f0000 0x013f3fff Private Memory Readable, Writable True True False
pagefile_0x0000000001400000 0x01400000 0x01402fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000001410000 0x01410000 0x01410fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
tzres.dll.mui 0x01420000 0x01427fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000001420000 0x01420000 0x01423fff Private Memory Readable, Writable True True False
private_0x0000000001430000 0x01430000 0x01430fff Private Memory Readable, Writable True True False
private_0x0000000001440000 0x01440000 0x0144ffff Private Memory Readable, Writable True True False
private_0x0000000001450000 0x01450000 0x0145ffff Private Memory Readable, Writable True True False
private_0x0000000001460000 0x01460000 0x014fffff Private Memory Readable, Writable True True False
private_0x0000000001500000 0x01500000 0x0153ffff Private Memory Readable, Writable True True False
user32.dll.mui 0x01540000 0x01544fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000001550000 0x01550000 0x0155ffff Private Memory Readable, Writable True True False
pagefile_0x0000000001560000 0x01560000 0x01560fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000001560000 0x01560000 0x01563fff Private Memory Readable, Writable, Executable True True False
pagefile_0x0000000001570000 0x01570000 0x01572fff Pagefile Backed Memory Readable True False False
  • Region Actions
windowsshell.manifest 0x01580000 0x01580fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000001580000 0x01580000 0x0158ffff Private Memory Readable, Writable True True False
private_0x0000000001590000 0x01590000 0x0168ffff Private Memory Readable, Writable True True False
pagefile_0x0000000001690000 0x01690000 0x01817fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000001820000 0x01820000 0x019a0fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000019b0000 0x019b0000 0x02daffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000002db0000 0x02db0000 0x02eaffff Private Memory Readable, Writable True True False
private_0x0000000002eb0000 0x02eb0000 0x04eaffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004eb0000 0x04eb0000 0x04faffff Private Memory Readable, Writable True True False
sortdefault.nls 0x04fb0000 0x05284fff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x0000000005290000 0x05290000 0x05380fff Pagefile Backed Memory Readable True False False
  • Region Actions
comctl32.dll 0x05390000 0x05412fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000005390000 0x05390000 0x054dffff Private Memory Readable, Writable True True False
private_0x0000000005390000 0x05390000 0x0548ffff Private Memory Readable, Writable True True False
pagefile_0x0000000005490000 0x05490000 0x05491fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000054a0000 0x054a0000 0x054affff Private Memory Readable, Writable True True False
pagefile_0x00000000054a0000 0x054a0000 0x054a0fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x00000000054b0000 0x054b0000 0x054bffff Private Memory Readable, Writable True True False
private_0x00000000054b0000 0x054b0000 0x054b0fff Private Memory Readable, Writable True True False
private_0x00000000054b0000 0x054b0000 0x054b0fff Private Memory Readable, Writable True True False
private_0x00000000054b0000 0x054b0000 0x054b4fff Private Memory Readable, Writable True True False
private_0x00000000054b0000 0x054b0000 0x054b7fff Private Memory Readable, Writable True True False
private_0x00000000054c0000 0x054c0000 0x054c0fff Private Memory Readable, Writable True True False
private_0x00000000054c0000 0x054c0000 0x054c0fff Private Memory Readable, Writable True True False
private_0x00000000054d0000 0x054d0000 0x054dffff Private Memory Readable, Writable True True False
private_0x00000000054e0000 0x054e0000 0x054e0fff Private Memory Readable, Writable True True False
private_0x00000000054e0000 0x054e0000 0x054effff Private Memory Readable, Writable True True False
private_0x00000000054f0000 0x054f0000 0x05507fff Private Memory Readable, Writable True True False
private_0x00000000054f0000 0x054f0000 0x054fffff Private Memory Readable, Writable True True False
private_0x00000000054f0000 0x054f0000 0x054f0fff Private Memory Readable, Writable True True False
private_0x0000000005510000 0x05510000 0x05510fff Private Memory Readable, Writable True True False
private_0x0000000005530000 0x05530000 0x0553ffff Private Memory Readable, Writable, Executable True True False
private_0x0000000005540000 0x05540000 0x0570ffff Private Memory Readable, Writable True True False
~fontcache-system.dat 0x05540000 0x055e4fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000055f0000 0x055f0000 0x056effff Private Memory Readable, Writable True True False
private_0x0000000005700000 0x05700000 0x0570ffff Private Memory Readable, Writable True True False
pagefile_0x0000000005710000 0x05710000 0x05c01fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
~fontcache-fontface.dat 0x05c10000 0x06c0ffff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x0000000006c10000 0x06c10000 0x0700bfff Pagefile Backed Memory Readable True False False
  • Region Actions
staticcache.dat 0x07010000 0x07e7ffff Memory Mapped File Readable False False False
  • Region Actions
mscorrc.dll 0x07e80000 0x07ee0fff Memory Mapped File Readable True False False
  • Region Actions
private_0x0000000007ef0000 0x07ef0000 0x07f6ffff Private Memory Readable, Writable True True False
private_0x0000000007f70000 0x07f70000 0x08070fff Private Memory Readable, Writable True True False
pagefile_0x0000000007f70000 0x07f70000 0x080d1fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
comctl32.dll 0x70c00000 0x70de5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
version.dll 0x70df0000 0x70df7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
dwrite.dll 0x70f90000 0x71101fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
system.runtime.remoting.ni.dll 0x71110000 0x711d4fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
system.windows.forms.ni.dll 0x711e0000 0x71e25fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
system.core.ni.dll 0x71e30000 0x724d2fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
system.ni.dll 0x724e0000 0x72e6cfff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
mscorlib.ni.dll 0x72e70000 0x73f04fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
msls31.dll 0x73f60000 0x73f90fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
usp10.dll 0x73fa0000 0x73fb3fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
riched20.dll 0x73fc0000 0x7403ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
system.drawing.ni.dll 0x74060000 0x741f1fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
dwmapi.dll 0x74200000 0x74217fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x74220000 0x742fafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
apphelp.dll 0x74300000 0x74398fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x743c0000 0x74435fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
clrjit.dll 0x74440000 0x744bcfff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
microsoft.visualbasic.ni.dll 0x744c0000 0x74698fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
kernel.appcore.dll 0x746a0000 0x746a8fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcr120_clr0400.dll 0x746b0000 0x74786fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
clr.dll 0x74790000 0x74e2afff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
mscoreei.dll 0x74e30000 0x74eadfff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
mscoree.dll 0x74eb0000 0x74f05fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
bcryptprimitives.dll 0x74f10000 0x74f62fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x74f70000 0x74f78fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x74f80000 0x74f9cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x74fb0000 0x75027fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x75040000 0x7518dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x75190000 0x75297fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x754c0000 0x755b6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x755c0000 0x755e4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x755f0000 0x7572ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x75730000 0x757e0fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ole32.dll 0x757f0000 0x758fbfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75950000 0x75a1efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x75be0000 0x75c1dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x75c60000 0x75ce6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x75d40000 0x75d80fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75e30000 0x75f7efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x75f80000 0x7712cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdiplus.dll 0x77130000 0x7727cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x77280000 0x77305fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x773a0000 0x7745dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64cpu.dll 0x77480000 0x77488fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x77490000 0x774d8fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x774e0000 0x77547fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x77550000 0x776b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007f47d000 0x7f47d000 0x7f47ffff Private Memory Readable, Writable True True False
private_0x000000007f480000 0x7f480000 0x7f48ffff Private Memory Readable, Writable, Executable True True False
private_0x000000007f490000 0x7f490000 0x7f4dffff Private Memory Readable, Writable, Executable True True False
pagefile_0x000000007f4e0000 0x7f4e0000 0x7f5dffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007f5e0000 0x7f5e0000 0x7f602fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007f605000 0x7f605000 0x7f605fff Private Memory Readable, Writable True True False
private_0x000000007f606000 0x7f606000 0x7f606fff Private Memory Readable, Writable True True False
private_0x000000007f607000 0x7f607000 0x7f609fff Private Memory Readable, Writable True True False
private_0x000000007f60a000 0x7f60a000 0x7f60cfff Private Memory Readable, Writable True True False
private_0x000000007f60d000 0x7f60d000 0x7f60ffff Private Memory Readable, Writable True True False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7ff9d524ffff Private Memory Readable True False False
  • Region Actions
ntdll.dll 0x7ff9d5250000 0x7ff9d53f9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ff9d53fa000 0x7ff9d53fa000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
For performance reasons, the remaining 5 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\5jghkoaofdp\documents\my new app.accdb 340.00 KB (348160 bytes) MD5: c45d578f9e9a1266af3cc6e5e97ba22c
SHA1: 6c88ea4d469d67607c080ff382d00a99b1d1848f
SHA256: 540d34f9fdd75b168b375af16a03fb56931cc091f3307e93b4c00ec425005b44 		False
c:\users\5jghkoaofdp\documents\opm-kssufbhrnfhi.pptx 73.42 KB (75177 bytes) MD5: 7e44c83622cf642a687436b19bbdf7c5
SHA1: 5257ebcbfe67babe8da4af6a572ba0b5f1ebf35b
SHA256: 6495949d27728f9ab2513312a2372533c3d6d129fbe1a97c43f91aebd3e36de9 		False
c:\users\5jghkoaofdp\documents\sbskabnlrtuf_m3v.pps 30.60 KB (31339 bytes) MD5: ede2a099d42c2e374add4cf4ed6d8a66
SHA1: 9fac5bd2d032ac39299e49a47fb09cb5dd81d0ca
SHA256: 7efc6b3cee4c81707c2b7cf4debe15932f70e2a0e347dc9ca6a78056f1d17665 		False
c:\users\5jghkoaofdp\documents\vuzmaoyqtk9.xlsx 17.26 KB (17675 bytes) MD5: 97b5850dcd3d927977faeef6ec644fc0
SHA1: 2af6bec46ea945bf863fedf9a49a54b869398c7e
SHA256: 76427017d90f9a394db4b8c58bec354b8b41e7864edfd50e0228116a38c6cdc5 		False
c:\users\5jghkoaofdp\documents\vy83cxy9y.pptx 51.37 KB (52600 bytes) MD5: 1d8a7b969ceffa682c848fc0b28a2d22
SHA1: 701ae2a769a783b87e2b46193b13b1f6d5af6742
SHA256: 6b5310ad5e9a05d2d15893db1024d69735f09319d52f5f5f90f6c67763b63ce4 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ghgjaavctako.odp 5.10 KB (5221 bytes) MD5: 133115af56e424faf213adbd499d2a62
SHA1: 4eed0715e868fe993aecfd668632e0d29813361a
SHA256: b432cea438644d72e9b27f52704db1bfc26b5fb3d3922f23ef042ab553fc5b38 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps 2.14 KB (2190 bytes) MD5: ac96e352209a62467275e902ac3351e6
SHA1: 09fb35368d6f79f3e89b345df2d4f44337f00a08
SHA256: 761cea0b1c9d61215a481c300ddf15a3427be7b5f32ba8564edec23becf097bb 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\sjkbeubnh7w9.doc 75.55 KB (77360 bytes) MD5: c70ea899fb2f0ebe752b448cddb37ea9
SHA1: c25aaa40c4e8c2b1f0d0db77f960ba0b80c70060
SHA256: c44f4fd12538fe0d64d47517d212ba3aaa1fdad1588afaf198ab5161646e4b21 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\sqfvqa7ma39tieo.pps 25.36 KB (25965 bytes) MD5: 8848697dc3f2d84ce39e5cc9dd05aa48
SHA1: 714c58ac882aeadffdad48d6824aa1ddf4862f07
SHA256: f88e6e581e1d51fb0e1eeb4db2246f92a5d885fe6d6e6ef24adaf4b93cc04774 		False
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\lksfxnysxlvz37r4o.ppt 50.26 KB (51471 bytes) MD5: cb36d07465657ab460d8553a2391194a
SHA1: 5c6b28582292b1e7684a31f931f428c981f444cb
SHA256: 2022cb33b3c14bf23a99a7bc1052d3fb8c2b51b0ade81c1b8063bd3cefd819a1 		False
c:\users\5jghkoaofdp\documents\onenote notebooks\my notebook\quick notes.one 353.54 KB (362024 bytes) MD5: 8225e9a335045f929e70f16497be6a6e
SHA1: 967a519bee766ec649faa21cf2d5641a5c858353
SHA256: 7420b80abec64b239c7823ab16d3b00914c10e1b35a50350391ba96cc579e81a 		False
c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a 86.41 KB (88483 bytes) MD5: 9c6d979affdd7860884bb04c98d10afa
SHA1: b0fedebe8cd378113eab7e494f560583c16e57fe
SHA256: 325dcda1b80ee42747d77d69ee1a91c512ac806099b440df64f942a18724446b 		False
c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\lbl5mdka70eza0p4h.wav 84.50 KB (86525 bytes) MD5: b53e14cc282779545cf989170687d987
SHA1: 0e7841b54bd3dd81d48fd2aeb211d15030b799f5
SHA256: 17e53cb0c9bd954dddb7d5c56fa4d4c464b5fddb6f8245d586f3cfab73e0358a 		False
Host Behavior
File (855)
+
Operation Filename Additional Information Success Count Logfile
Create C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\desktop.ini desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My New App.accdb desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe type = file_type True 2
Fn
Get Info C:\Windows\SYSTEM32\RichEd20.DLL type = file_attributes True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe.config type = file_attributes False 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe type = file_attributes True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents type = file_attributes True 148
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\desktop.ini type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My New App.accdb type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX type = file_attributes True 42
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7 type = file_attributes True 12
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Pictures type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes type = file_attributes True 18
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private type = file_attributes True 10
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook type = file_attributes True 4
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Outlook Files type = file_attributes True 10
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures type = file_attributes True 10
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe type = file_attributes True 10
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime type = size, size_out = 0 True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav type = file_type True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime type = file_attributes True 2
Fn
Get Info C:\Users\5JgHKoaOfdp\AppData\Local type = file_attributes True 6
Fn
Get Info C:\Users\5JgHKoaOfdp\AppData\Local\EmieSiteList type = file_attributes True 6
Fn
Get Info C:\Users\5JgHKoaOfdp\AppData\Local\EmieUserList type = file_attributes True 6
Fn
Get Info C:\Users\5JgHKoaOfdp\AppData\Local\Google type = file_attributes True 6
Fn
Get Info C:\Users\5JgHKoaOfdp\AppData\Local\Google\Chrome type = file_attributes True 6
Fn
Get Info C:\Users\5JgHKoaOfdp\AppData\Local\Google\Chrome\User Data type = file_attributes True 2
Fn
Read C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 4096, size_out = 4096 True 98
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 4096, size_out = 1029 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 1019, size_out = 0 True 1
Fn
Read C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 4096, size_out = 0 True 1
Fn
Read C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime size = 63952, size_out = 63952 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime size = 11968, size_out = 11968 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime size = 4096, size_out = 1360 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime size = 94416, size_out = 94416 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime size = 69952, size_out = 69952 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime size = 87824, size_out = 87824 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime size = 4096, size_out = 416 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime size = 50048, size_out = 50048 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime size = 92560, size_out = 92560 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime size = 15088, size_out = 15088 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime size = 79984, size_out = 79984 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime size = 62928, size_out = 62928 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime size = 20080, size_out = 20080 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime size = 348176, size_out = 348176 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime size = 27424, size_out = 27424 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime size = 99744, size_out = 99744 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime size = 4096, size_out = 1712 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime size = 75184, size_out = 75184 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps.Lime size = 31344, size_out = 31344 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime size = 17680, size_out = 17680 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime size = 52608, size_out = 52608 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime size = 90416, size_out = 90416 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime size = 96448, size_out = 96448 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime size = 97184, size_out = 97184 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime size = 26352, size_out = 26352 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime size = 5232, size_out = 5232 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime size = 4096, size_out = 2192 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime size = 77376, size_out = 77376 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime size = 25968, size_out = 25968 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime size = 40464, size_out = 40464 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime size = 4096, size_out = 224 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime size = 4096, size_out = 16 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime size = 29936, size_out = 29936 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime size = 271376, size_out = 271376 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime size = 48416, size_out = 48416 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime size = 86528, size_out = 86528 True 1
Fn
Data
Read - size = 100720, size_out = 100720 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt size = 63938 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx size = 11958 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf size = 1359 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx size = 94414 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx size = 69943 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx size = 87821 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\desktop.ini size = 402 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx size = 50041 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx size = 92552 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx size = 15083 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx size = 79981 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx size = 62916 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt size = 20068 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\My New App.accdb size = 348160 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx size = 27412 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv size = 99738 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx size = 1702 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx size = 75177 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps size = 31339 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx size = 17675 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx size = 52600 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx size = 90406 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx size = 96442 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt size = 97180 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps size = 26344 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp size = 5221 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps size = 2190 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc size = 77360 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps size = 25965 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt size = 51471 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf size = 40454 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini size = 216 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico size = 29926 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one size = 362024 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst size = 271360 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif size = 48401 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a size = 88483 True 1
Fn
Data
Write C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav size = 86525 True 1
Fn
Data
Delete C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a.Lime - True 1
Fn
Delete C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime - True 1
Fn
Registry (9)
+
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework - True 1
Fn
Open Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework value_name = DbgJITDebugLaunchSetting, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework value_name = DbgManagedDebugger, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run value_name = #Decryptor, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main value_name = Anchor Underline, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main value_name = Anchor Underline, data = yes, type = REG_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run value_name = #Decryptor, data = C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe, size = 88, type = REG_SZ True 1
Fn
Module (237)
+
Operation Module Additional Information Success Count Logfile
Load comctl32.dll base_address = 0x77280000 True 1
Fn
Load RichEd20.DLL base_address = 0x73fc0000 True 1
Fn
Get Handle comctl32.dll base_address = 0x0 False 1
Fn
Get Handle c:\windows\syswow64\user32.dll base_address = 0x75e30000 True 1
Fn
Get Handle c:\users\5jghkoaofdp\desktop\#decryptor.exe base_address = 0xfb0000 True 30
Fn
Get Handle c:\windows\syswow64\comctl32.dll base_address = 0x77280000 True 178
Fn
Get Filename RichEd20.DLL process_name = c:\users\5jghkoaofdp\desktop\#decryptor.exe, file_name_orig = C:\Windows\SYSTEM32\RichEd20.DLL, size = 260 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = DefWindowProcW, address_out = 0x7431bdea True 1
Fn
Get Address c:\windows\syswow64\comctl32.dll function = ImageList_WriteEx, address_out = 0x0 False 23
Fn
Window (84)
+
Operation Window Name Additional Information Success Count Logfile
Create - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0 class_name = .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0, wndproc_parameter = 0 True 1
Fn
Create #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Decrypt class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Enter the key: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Key class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create How to buy your file ? class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create ? class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create https://www.youtube.com/watch?v=Ji9IwPId5Uk class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Message class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Bictoins class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Send 100$ to this bitcoins adress: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Time class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Destruction de fichier prevue le class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Decrypt class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create TimerNativeWindow class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create TimerNativeWindow class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327118 True 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327238 True 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551608, new_long = 0 False 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551600, new_long = 46661632 True 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551596, new_long = 327681 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327278 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 131752 False 1
Fn
Set Attribute Enter the key: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 True 1
Fn
Set Attribute Enter the key: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327358 True 1
Fn
Set Attribute Enter the key: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66230 False 1
Fn
Set Attribute Key class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237568 True 1
Fn
Set Attribute Key class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327438 True 1
Fn
Set Attribute Key class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66232 False 1
Fn
Set Attribute How to buy your file ? class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute How to buy your file ? class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327478 True 1
Fn
Set Attribute How to buy your file ? class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66234 False 1
Fn
Set Attribute ? class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237440 True 1
Fn
Set Attribute ? class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327558 True 1
Fn
Set Attribute ? class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66236 False 1
Fn
Set Attribute https://www.youtube.com/watch?v=Ji9IwPId5Uk class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 True 1
Fn
Set Attribute https://www.youtube.com/watch?v=Ji9IwPId5Uk class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327598 True 1
Fn
Set Attribute https://www.youtube.com/watch?v=Ji9IwPId5Uk class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66238 False 1
Fn
Set Attribute - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 True 1
Fn
Set Attribute - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327638 True 1
Fn
Set Attribute - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66240 False 1
Fn
Set Attribute Message class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute Message class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327678 True 1
Fn
Set Attribute Message class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66242 False 1
Fn
Set Attribute - class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1945902605 True 1
Fn
Set Attribute - class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340198 True 1
Fn
Set Attribute - class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66244 False 1
Fn
Set Attribute Bictoins class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute Bictoins class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340718 True 1
Fn
Set Attribute Bictoins class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66246 False 1
Fn
Set Attribute Send 100$ to this bitcoins adress: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 True 1
Fn
Set Attribute Send 100$ to this bitcoins adress: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340438 True 1
Fn
Set Attribute Send 100$ to this bitcoins adress: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66248 False 1
Fn
Set Attribute 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237568 True 1
Fn
Set Attribute 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340038 True 1
Fn
Set Attribute 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66250 False 1
Fn
Set Attribute Time class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute Time class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340238 True 1
Fn
Set Attribute Time class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66252 False 1
Fn
Set Attribute Destruction de fichier prevue le class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 True 1
Fn
Set Attribute Destruction de fichier prevue le class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340758 True 1
Fn
Set Attribute Destruction de fichier prevue le class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66254 False 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1999119598 True 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340278 True 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66256 False 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1999119598 True 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340478 True 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66258 False 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237440 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340518 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66260 False 1
Fn
Set Attribute TimerNativeWindow class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute TimerNativeWindow class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340558 True 1
Fn
Set Attribute TimerNativeWindow class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 True 1
Fn
Set Attribute TimerNativeWindow class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340598 True 1
Fn
Keyboard (597)
+
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 15
Fn
Read virtual_key_code = VK_RBUTTON, result_out = 1 True 75
Fn
Read virtual_key_code = VK_MBUTTON, result_out = 0 True 110
Fn
Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 110
Fn
Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 110
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 0 True 53
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 18446744073709551489 True 6
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 1 True 37
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 18446744073709551488 True 13
Fn
Read virtual_key_code = VK_SHIFT, result_out = 1 True 11
Fn
Read virtual_key_code = VK_CONTROL, result_out = 18446744073709551488 True 9
Fn
Read virtual_key_code = VK_MENU, result_out = 0 True 11
Fn
Read virtual_key_code = VK_CONTROL, result_out = 0 True 2
Fn
Read virtual_key_code = VK_RBUTTON, result_out = 0 True 35
Fn
System (2)
+
Operation Additional Information Success Count Logfile
Sleep duration = 100 milliseconds (0.100 seconds) True 1
Fn
Sleep duration = 10 milliseconds (0.010 seconds) True 1
Fn
Process #3: #decryptor.exe
(Host: 493, Network: 0)
+
Information Value
ID #3
File Name c:\users\5jghkoaofdp\desktop\#decryptor.exe
Command Line "C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:29, Reason: Autostart
Unmonitor End Time: 00:03:13, Reason: Terminated by Timeout
Monitor Duration 00:00:44
OS Process Information
+
Information Value
PID 0x3c0
Parent PID 0x62c (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level Medium
Username FIVAUF\5JgHKoaOfdp
Groups
  • FIVAUF\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:00011e5e (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 77C
0x 5C8
0x 5E0
0x 5D8
0x 8B8
0x 8BC
0x 8C0
0x 8C8
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
#decryptor.exe 0x00990000 0x009f7fff Memory Mapped File Readable, Writable, Executable True True False
private_0x0000000000a00000 0x00a00000 0x00a1ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000a00000 0x00a00000 0x00a0ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000a10000 0x00a10000 0x00a13fff Private Memory Readable, Writable True True False
private_0x0000000000a20000 0x00a20000 0x00a20fff Private Memory Readable, Writable True True False
private_0x0000000000a20000 0x00a20000 0x00a20fff Private Memory Readable, Writable True True False
pagefile_0x0000000000a30000 0x00a30000 0x00a3efff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000a40000 0x00a40000 0x00a7ffff Private Memory Readable, Writable True True False
private_0x0000000000a80000 0x00a80000 0x00b7ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000b80000 0x00b80000 0x00b83fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000000b90000 0x00b90000 0x00b90fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000ba0000 0x00ba0000 0x00ba1fff Private Memory Readable, Writable True True False
locale.nls 0x00bb0000 0x00c2dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000c30000 0x00c30000 0x00c30fff Private Memory Readable, Writable True True False
private_0x0000000000c40000 0x00c40000 0x00c4ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000c50000 0x00c50000 0x00c50fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000c60000 0x00c60000 0x00c6ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000c70000 0x00c70000 0x00c7ffff Private Memory - True True False
private_0x0000000000c80000 0x00c80000 0x00c8ffff Private Memory - True True False
private_0x0000000000c90000 0x00c90000 0x00c9ffff Private Memory - True True False
private_0x0000000000ca0000 0x00ca0000 0x00caffff Private Memory - True True False
private_0x0000000000cb0000 0x00cb0000 0x00cbffff Private Memory - True True False
private_0x0000000000cc0000 0x00cc0000 0x00cc0fff Private Memory Readable, Writable True True False
private_0x0000000000cd0000 0x00cd0000 0x00cd0fff Private Memory Readable, Writable True True False
private_0x0000000000ce0000 0x00ce0000 0x00d1ffff Private Memory Readable, Writable True True False
private_0x0000000000d20000 0x00d20000 0x00e1ffff Private Memory Readable, Writable True True False
private_0x0000000000e20000 0x00e20000 0x00ebffff Private Memory Readable, Writable True True False
private_0x0000000000ec0000 0x00ec0000 0x00edffff Private Memory Readable, Writable True True False
pagefile_0x0000000000ec0000 0x00ec0000 0x00ec0fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000000ec0000 0x00ec0000 0x00ec3fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000ed0000 0x00ed0000 0x00edffff Private Memory Readable, Writable True True False
private_0x0000000000ee0000 0x00ee0000 0x00eeffff Private Memory Readable, Writable, Executable True True False
private_0x0000000000ef0000 0x00ef0000 0x00efffff Private Memory Readable, Writable True True False
private_0x0000000000f00000 0x00f00000 0x00ffffff Private Memory Readable, Writable True True False
private_0x0000000001000000 0x01000000 0x0103ffff Private Memory Readable, Writable True True False
private_0x0000000001040000 0x01040000 0x01043fff Private Memory Readable, Writable True True False
private_0x0000000001050000 0x01050000 0x0105ffff Private Memory Readable, Writable True True False
private_0x0000000001060000 0x01060000 0x0106ffff Private Memory Readable, Writable True True False
pagefile_0x0000000001070000 0x01070000 0x011f7fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000001200000 0x01200000 0x01380fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000001390000 0x01390000 0x0278ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000002790000 0x02790000 0x0288ffff Private Memory Readable, Writable True True False
private_0x0000000002890000 0x02890000 0x0289ffff Private Memory - True True False
private_0x00000000028a0000 0x028a0000 0x028affff Private Memory - True True False
comctl32.dll 0x028b0000 0x02932fff Memory Mapped File Readable False False False
  • Region Actions
tzres.dll 0x028b0000 0x028b1fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000028b0000 0x028b0000 0x028bffff Private Memory Readable, Writable True True False
pagefile_0x00000000028c0000 0x028c0000 0x028c2fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000028d0000 0x028d0000 0x028d0fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
tzres.dll.mui 0x028e0000 0x028e7fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000028e0000 0x028e0000 0x0291ffff Private Memory Readable, Writable True True False
private_0x0000000002920000 0x02920000 0x02923fff Private Memory Readable, Writable True True False
private_0x0000000002930000 0x02930000 0x02933fff Private Memory Readable, Writable True True False
private_0x0000000002940000 0x02940000 0x02940fff Private Memory Readable, Writable True True False
private_0x0000000002950000 0x02950000 0x0295ffff Private Memory Readable, Writable True True False
private_0x0000000002960000 0x02960000 0x0495ffff Private Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x04960000 0x04c34fff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x0000000004c40000 0x04c40000 0x04d30fff Pagefile Backed Memory Readable True False False
  • Region Actions
~fontcache-system.dat 0x04d40000 0x04de4fff Memory Mapped File Readable False False False
  • Region Actions
user32.dll.mui 0x04df0000 0x04df4fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004e00000 0x04e00000 0x04e0ffff Private Memory Readable, Writable, Executable True True False
private_0x0000000004e10000 0x04e10000 0x04ffffff Private Memory Readable, Writable True True False
private_0x0000000004e10000 0x04e10000 0x04f0ffff Private Memory Readable, Writable True True False
micross.ttf 0x04f10000 0x04fb2fff Memory Mapped File Readable False False False
  • Region Actions
mscorrc.dll 0x04f10000 0x04f70fff Memory Mapped File Readable True False False
  • Region Actions
pagefile_0x0000000004f80000 0x04f80000 0x04f80fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004f80000 0x04f80000 0x04f83fff Private Memory Readable, Writable, Executable True True False
pagefile_0x0000000004f90000 0x04f90000 0x04f92fff Pagefile Backed Memory Readable True False False
  • Region Actions
windowsshell.manifest 0x04fa0000 0x04fa0fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004fa0000 0x04fa0000 0x04faffff Private Memory Readable, Writable True True False
pagefile_0x0000000004fb0000 0x04fb0000 0x04fb1fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004fc0000 0x04fc0000 0x04fcffff Private Memory Readable, Writable True True False
pagefile_0x0000000004fc0000 0x04fc0000 0x04fc0fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004fd0000 0x04fd0000 0x04fdffff Private Memory Readable, Writable True True False
private_0x0000000004fd0000 0x04fd0000 0x04fd0fff Private Memory Readable, Writable True True False
private_0x0000000004fd0000 0x04fd0000 0x04fd0fff Private Memory Readable, Writable True True False
private_0x0000000004fd0000 0x04fd0000 0x04fd4fff Private Memory Readable, Writable True True False
private_0x0000000004fd0000 0x04fd0000 0x04fd7fff Private Memory Readable, Writable True True False
private_0x0000000004fe0000 0x04fe0000 0x04fe0fff Private Memory Readable, Writable True True False
private_0x0000000004ff0000 0x04ff0000 0x04ffffff Private Memory Readable, Writable True True False
private_0x0000000005000000 0x05000000 0x050fffff Private Memory Readable, Writable True True False
pagefile_0x0000000005100000 0x05100000 0x055f1fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005100000 0x05100000 0x05100fff Private Memory Readable, Writable True True False
private_0x0000000005100000 0x05100000 0x05106fff Private Memory Readable, Writable True True False
private_0x0000000005110000 0x05110000 0x05127fff Private Memory Readable, Writable True True False
private_0x0000000005130000 0x05130000 0x05130fff Private Memory Readable, Writable True True False
private_0x0000000005140000 0x05140000 0x0517ffff Private Memory Readable, Writable True True False
private_0x0000000005180000 0x05180000 0x0527ffff Private Memory Readable, Writable True True False
private_0x0000000005280000 0x05280000 0x052bffff Private Memory Readable, Writable True True False
private_0x00000000052c0000 0x052c0000 0x053bffff Private Memory Readable, Writable True True False
private_0x00000000053c0000 0x053c0000 0x053fffff Private Memory Readable, Writable True True False
private_0x0000000005400000 0x05400000 0x054fffff Private Memory Readable, Writable True True False
private_0x0000000005500000 0x05500000 0x0553ffff Private Memory Readable, Writable True True False
~fontcache-fontface.dat 0x05600000 0x065fffff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000006600000 0x06600000 0x069fffff Private Memory Readable, Writable True True False
private_0x0000000006a00000 0x06a00000 0x06afffff Private Memory Readable, Writable True True False
pagefile_0x0000000006b00000 0x06b00000 0x06efbfff Pagefile Backed Memory Readable True False False
  • Region Actions
staticcache.dat 0x06f00000 0x07d6ffff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000007d70000 0x07d70000 0x07deffff Private Memory Readable, Writable True True False
private_0x0000000007df0000 0x07df0000 0x07ef0fff Private Memory Readable, Writable True True False
pagefile_0x0000000007df0000 0x07df0000 0x07f51fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007f60000 0x07f60000 0x0805ffff Private Memory Readable, Writable True True False
shcore.dll 0x70e10000 0x70e85fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x70e90000 0x71075fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
version.dll 0x71080000 0x71087fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msls31.dll 0x71090000 0x710c0fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
usp10.dll 0x710d0000 0x710e3fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
riched20.dll 0x710f0000 0x7116ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
dwrite.dll 0x71170000 0x712e1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
system.runtime.remoting.ni.dll 0x712f0000 0x713b4fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
dwmapi.dll 0x713c0000 0x713d7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
system.windows.forms.ni.dll 0x713e0000 0x72025fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
system.drawing.ni.dll 0x72030000 0x721c1fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
clrjit.dll 0x721d0000 0x7224cfff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
microsoft.visualbasic.ni.dll 0x72250000 0x72428fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
system.core.ni.dll 0x72430000 0x72ad2fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
system.ni.dll 0x72ae0000 0x7346cfff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
uxtheme.dll 0x73470000 0x7354afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel.appcore.dll 0x73550000 0x73558fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
mscorlib.ni.dll 0x73560000 0x745f4fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
msvcr120_clr0400.dll 0x74600000 0x746d6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
clr.dll 0x746e0000 0x74d7afff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
mscoreei.dll 0x74d80000 0x74dfdfff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
apphelp.dll 0x74e00000 0x74e98fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
mscoree.dll 0x74ea0000 0x74ef5fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
bcryptprimitives.dll 0x74f00000 0x74f52fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x74f60000 0x74f68fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x74f70000 0x74f8cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ole32.dll 0x74f90000 0x7509bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x750b0000 0x75160fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x75170000 0x751e7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdiplus.dll 0x751f0000 0x7533cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x755c0000 0x756c7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x756d0000 0x7580ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x75810000 0x75895fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x758a0000 0x75996fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x759a0000 0x75a6efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x75ab0000 0x75b36fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75be0000 0x75d2efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x75d30000 0x75dedfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x75df0000 0x75e14fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x75f30000 0x75f6dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x76120000 0x76160fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x76170000 0x7731cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x77320000 0x7746dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x77470000 0x774b8fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x774c0000 0x77527fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64cpu.dll 0x77530000 0x77538fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x77540000 0x776a7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007fdc1000 0x7fdc1000 0x7fdc3fff Private Memory Readable, Writable True True False
private_0x000000007fdc4000 0x7fdc4000 0x7fdc6fff Private Memory Readable, Writable True True False
private_0x000000007fdc7000 0x7fdc7000 0x7fdc9fff Private Memory Readable, Writable True True False
private_0x000000007fdca000 0x7fdca000 0x7fdccfff Private Memory Readable, Writable True True False
private_0x000000007fdcd000 0x7fdcd000 0x7fdcffff Private Memory Readable, Writable True True False
private_0x000000007fdd0000 0x7fdd0000 0x7fddffff Private Memory Readable, Writable, Executable True True False
private_0x000000007fde0000 0x7fde0000 0x7fe2ffff Private Memory Readable, Writable, Executable True True False
pagefile_0x000000007fe30000 0x7fe30000 0x7ff2ffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ff30000 0x7ff30000 0x7ff52fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ff55000 0x7ff55000 0x7ff57fff Private Memory Readable, Writable True True False
private_0x000000007ff58000 0x7ff58000 0x7ff5afff Private Memory Readable, Writable True True False
private_0x000000007ff5b000 0x7ff5b000 0x7ff5dfff Private Memory Readable, Writable True True False
private_0x000000007ff5e000 0x7ff5e000 0x7ff5efff Private Memory Readable, Writable True True False
private_0x000000007ff5f000 0x7ff5f000 0x7ff5ffff Private Memory Readable, Writable True True False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7ff8927dffff Private Memory Readable True False False
  • Region Actions
ntdll.dll 0x7ff8927e0000 0x7ff892989fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ff89298a000 0x7ff89298a000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
For performance reasons, the remaining 4 entries are omitted.
The remaining entries can be found in flog.txt.
Host Behavior
File (107)
+
Operation Filename Additional Information Success Count Logfile
Create C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe type = file_type True 2
Fn
Get Info C:\Windows\SYSTEM32\RichEd20.DLL type = file_attributes True 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe.config type = file_attributes False 1
Fn
Get Info C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe type = file_attributes True 1
Fn
Read C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 4096, size_out = 4096 True 98
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 4096, size_out = 1029 True 1
Fn
Data
Read C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 1019, size_out = 0 True 1
Fn
Read C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe size = 4096, size_out = 0 True 1
Fn
Registry (9)
+
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework - True 1
Fn
Open Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework value_name = DbgJITDebugLaunchSetting, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework value_name = DbgManagedDebugger, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run value_name = #Decryptor, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main value_name = Anchor Underline, data = 0, type = REG_SZ True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main value_name = Anchor Underline, data = yes, type = REG_SZ True 1
Fn
Write Value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run value_name = #Decryptor, data = C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe, size = 88, type = REG_SZ True 1
Fn
Module (219)
+
Operation Module Additional Information Success Count Logfile
Load comctl32.dll base_address = 0x75810000 True 1
Fn
Load RichEd20.DLL base_address = 0x710f0000 True 1
Fn
Get Handle comctl32.dll base_address = 0x0 False 1
Fn
Get Handle c:\windows\syswow64\user32.dll base_address = 0x75be0000 True 2
Fn
Get Handle c:\users\5jghkoaofdp\desktop\#decryptor.exe base_address = 0x990000 True 36
Fn
Get Handle c:\windows\syswow64\comctl32.dll base_address = 0x75810000 True 163
Fn
Get Filename RichEd20.DLL process_name = c:\users\5jghkoaofdp\desktop\#decryptor.exe, file_name_orig = C:\Windows\SYSTEM32\RichEd20.DLL, size = 260 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = DefWindowProcW, address_out = 0x74e1bdea True 2
Fn
Get Address c:\windows\syswow64\comctl32.dll function = ImageList_WriteEx, address_out = 0x0 False 12
Fn
Window (83)
+
Operation Window Name Additional Information Success Count Logfile
Create - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0 class_name = .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0, wndproc_parameter = 0 True 1
Fn
Create #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Decrypt class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Enter the key: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Key class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create How to buy your file ? class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create ? class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create https://www.youtube.com/watch?v=Ji9IwPId5Uk class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Message class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Bictoins class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Send 100$ to this bitcoins adress: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Time class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Destruction de fichier prevue le class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create Decrypt class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Create TimerNativeWindow class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 True 1
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 True 2
Fn
Set Attribute - class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790478 True 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 True 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790598 True 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551608, new_long = 0 False 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551600, new_long = 46661632 True 1
Fn
Set Attribute #Lime Decryptor class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551596, new_long = 327681 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790638 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65956 False 1
Fn
Set Attribute Enter the key: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 True 1
Fn
Set Attribute Enter the key: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790718 True 1
Fn
Set Attribute Enter the key: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65958 False 1
Fn
Set Attribute Key class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172032 True 1
Fn
Set Attribute Key class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790798 True 1
Fn
Set Attribute Key class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65960 False 1
Fn
Set Attribute How to buy your file ? class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 True 1
Fn
Set Attribute How to buy your file ? class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790838 True 1
Fn
Set Attribute How to buy your file ? class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65962 False 1
Fn
Set Attribute ? class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002171904 True 1
Fn
Set Attribute ? class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790918 True 1
Fn
Set Attribute ? class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65964 False 1
Fn
Set Attribute https://www.youtube.com/watch?v=Ji9IwPId5Uk class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 True 1
Fn
Set Attribute https://www.youtube.com/watch?v=Ji9IwPId5Uk class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790958 True 1
Fn
Set Attribute https://www.youtube.com/watch?v=Ji9IwPId5Uk class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65966 False 1
Fn
Set Attribute - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 True 1
Fn
Set Attribute - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790998 True 1
Fn
Set Attribute - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65968 False 1
Fn
Set Attribute Message class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 True 1
Fn
Set Attribute Message class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81791038 True 1
Fn
Set Attribute Message class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65970 False 1
Fn
Set Attribute - class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1896816141 True 1
Fn
Set Attribute - class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803998 True 1
Fn
Set Attribute - class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65972 False 1
Fn
Set Attribute Bictoins class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 True 1
Fn
Set Attribute Bictoins class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803798 True 1
Fn
Set Attribute Bictoins class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65974 False 1
Fn
Set Attribute Send 100$ to this bitcoins adress: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 True 1
Fn
Set Attribute Send 100$ to this bitcoins adress: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803398 True 1
Fn
Set Attribute Send 100$ to this bitcoins adress: class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65976 False 1
Fn
Set Attribute 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172032 True 1
Fn
Set Attribute 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803838 True 1
Fn
Set Attribute 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65978 False 1
Fn
Set Attribute Time class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 True 1
Fn
Set Attribute Time class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803878 True 1
Fn
Set Attribute Time class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65980 False 1
Fn
Set Attribute Destruction de fichier prevue le class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 True 1
Fn
Set Attribute Destruction de fichier prevue le class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803758 True 1
Fn
Set Attribute Destruction de fichier prevue le class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65982 False 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1971397870 True 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803278 True 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65984 False 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1971397870 True 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803478 True 1
Fn
Set Attribute - class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65986 False 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002171904 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81804038 True 1
Fn
Set Attribute Decrypt class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65988 False 1
Fn
Set Attribute TimerNativeWindow class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 True 1
Fn
Set Attribute TimerNativeWindow class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803318 True 1
Fn
Set Attribute .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0 class_name = .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0, index = 18446744073709551612, new_long = 1960951274 True 1
Fn
Keyboard (47)
+
Operation Additional Information Success Count Logfile
Get Info type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 True 3
Fn
Read virtual_key_code = VK_RBUTTON, result_out = 0 True 9
Fn
Read virtual_key_code = VK_MBUTTON, result_out = 0 True 9
Fn
Read virtual_key_code = VK_XBUTTON1, result_out = 0 True 9
Fn
Read virtual_key_code = VK_XBUTTON2, result_out = 0 True 9
Fn
Read virtual_key_code = VK_LBUTTON, result_out = 1 True 8
Fn
System (4)
+
Operation Additional Information Success Count Logfile
Get Cursor x_out = 1362, y_out = 468 True 2
Fn
Sleep duration = 100 milliseconds (0.100 seconds) True 1
Fn
Sleep duration = -1 (infinite) True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image