f5e98f53...1485 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan, Downloader, Ransomware

f5e98f5380e46cbae5d8019cf61db164213b5b63b0c056adae445eea08551485 (SHA256)

11111.exe

Windows Exe (x86-32)

Created at 2019-02-22 08:26:00

Notifications (2/2)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x93c Analysis Target High (Elevated) 11111.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe" -
#2 0xbdc Child Process High (Elevated) 11111.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe" #1
#3 0xbe4 Child Process High (Elevated) 11111.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe" #1
#4 0x40c Child Process High (Elevated) wmic.exe "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete #3

Behavior Information - Grouped by Category

Process #1: 11111.exe
276 0
»
Information Value
ID #1
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:37, Reason: Analysis Target
Unmonitor End Time: 00:03:40, Reason: Self Terminated
Monitor Duration 00:03:03
OS Process Information
»
Information Value
PID 0x93c
Parent PID 0x460 (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 940
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00030fff Private Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
private_0x00000000000d0000 0x000d0000 0x000dffff Private Memory rw True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d7fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d6fff Pagefile Backed Memory rw True False False -
private_0x00000000000d0000 0x000d0000 0x000d0fff Private Memory rw True False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e7fff Pagefile Backed Memory rw True False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e6fff Pagefile Backed Memory rw True False False -
private_0x00000000000e0000 0x000e0000 0x000e0fff Private Memory rw True False False -
private_0x00000000000f0000 0x000f0000 0x000f0fff Private Memory rw True False False -
private_0x0000000000100000 0x00100000 0x00100fff Private Memory rw True False False -
private_0x0000000000110000 0x00110000 0x0014ffff Private Memory rw True False False -
private_0x0000000000150000 0x00150000 0x001c0fff Private Memory rw True False False -
private_0x0000000000250000 0x00250000 0x0025ffff Private Memory rw True False False -
private_0x00000000002b0000 0x002b0000 0x003affff Private Memory rw True False False -
pagefile_0x00000000003b0000 0x003b0000 0x00537fff Pagefile Backed Memory r True False False -
private_0x0000000000550000 0x00550000 0x005cffff Private Memory rw True False False -
pagefile_0x00000000005d0000 0x005d0000 0x00750fff Pagefile Backed Memory r True False False -
private_0x0000000000770000 0x00770000 0x0086ffff Private Memory rw True False False -
sortdefault.nls 0x00870000 0x00b3efff Memory Mapped File r False False False -
11111.exe 0x011c0000 0x01260fff Memory Mapped File rwx True True False
pagefile_0x0000000001270000 0x01270000 0x0266ffff Pagefile Backed Memory r True False False -
api-ms-win-core-synch-l1-2-0.dll 0x74f70000 0x74f72fff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Host Behavior
File (3)
»
Operation Filename Additional Information Success Count Logfile
Open STD_INPUT_HANDLE - True 1
Fn
Open STD_OUTPUT_HANDLE - True 1
Fn
Open STD_ERROR_HANDLE - True 1
Fn
Process (3)
»
Operation Process Additional Information Success Count Logfile
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe os_pid = 0xbdc, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe os_pid = 0xbe4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE True 1
Fn
Terminate C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe exit_code = 0 True 1
Fn
Thread (4)
»
Operation Process Additional Information Success Count Logfile
Get Context c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe os_tid = 0x940 True 1
Fn
Get Context c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe os_tid = 0x940 True 1
Fn
Set Context c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe os_tid = 0x940 True 1
Fn
Resume c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe os_tid = 0x940 True 1
Fn
Memory (10)
»
Operation Process Additional Information Success Count Logfile
Allocate C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 114688 False 1
Fn
Allocate C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x400000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 114688 True 1
Fn
Read C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x7efde008, size = 4 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x7efde008, size = 4 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x400000, size = 1024 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x401000, size = 70144 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x413000, size = 5632 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x415000, size = 22016 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x41b000, size = 2048 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe address = 0x7efde008, size = 4 True 1
Fn
Data
Module (253)
»
Operation Module Additional Information Success Count Logfile
Load KERNEL32.DLL base_address = 0x773b0000 True 1
Fn
Load ADVAPI32.dll base_address = 0x76f90000 True 1
Fn
Load USER32.dll base_address = 0x771d0000 True 1
Fn
Load api-ms-win-core-synch-l1-2-0 base_address = 0x0 False 2
Fn
Load api-ms-win-core-synch-l1-2-0 base_address = 0x74f70000 True 2
Fn
Load api-ms-win-core-fibers-l1-1-1 base_address = 0x0 False 4
Fn
Load kernel32 base_address = 0x0 False 2
Fn
Load kernel32 base_address = 0x773b0000 True 2
Fn
Load advapi32 base_address = 0x0 False 1
Fn
Load advapi32 base_address = 0x76f90000 True 1
Fn
Load api-ms-win-core-localization-l1-2-1 base_address = 0x0 False 2
Fn
Load kernel32.dll base_address = 0x773b0000 True 55
Fn
Load user32.dll base_address = 0x771d0000 True 2
Fn
Load ntdll.dll base_address = 0x77a40000 True 12
Fn
Load Advapi32.dll base_address = 0x76f90000 True 6
Fn
Get Handle c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe base_address = 0x11c0000 True 1
Fn
Get Filename api-ms-win-core-localization-l1-2-1 process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe, size = 260 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateToolhelp32Snapshot, address_out = 0x773e735f True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32Next, address_out = 0x773e88a4 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseHandle, address_out = 0x773c1410 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ExitProcess, address_out = 0x773c7a10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetDefaultCommConfigA, address_out = 0x77448009 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadPriority, address_out = 0x773c32bb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryA, address_out = 0x773c49d7 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcAddress, address_out = 0x773c1222 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DecodePointer, address_out = 0x77a79d35 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = UnhandledExceptionFilter, address_out = 0x773e772f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetUnhandledExceptionFilter, address_out = 0x773c87c9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcess, address_out = 0x773c1809 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TerminateProcess, address_out = 0x773dd802 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsProcessorFeaturePresent, address_out = 0x773c5235 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = QueryPerformanceCounter, address_out = 0x773c1725 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentProcessId, address_out = 0x773c11f8 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCurrentThreadId, address_out = 0x773c1450 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemTimeAsFileTime, address_out = 0x773c3509 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeSListHead, address_out = 0x77a794a4 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsDebuggerPresent, address_out = 0x773c4a5d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStartupInfoW, address_out = 0x773c4d40 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleW, address_out = 0x773c34b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EncodePointer, address_out = 0x77a80fcb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RaiseException, address_out = 0x773c58a6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLastError, address_out = 0x773c11c0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameW, address_out = 0x773c4950 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetLastError, address_out = 0x773c11a9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RtlUnwind, address_out = 0x773ed1c3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSectionAndSpinCount, address_out = 0x773c1916 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsAlloc, address_out = 0x773c49ad True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsGetValue, address_out = 0x773c11e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsSetValue, address_out = 0x773c14fb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = TlsFree, address_out = 0x773c3587 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeLibrary, address_out = 0x773c34c8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryExW, address_out = 0x773c495d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnterCriticalSection, address_out = 0x77a622b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LeaveCriticalSection, address_out = 0x77a62270 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteCriticalSection, address_out = 0x77a745f5 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleExW, address_out = 0x773c4a6f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStdHandle, address_out = 0x773c51b3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteFile, address_out = 0x773c1282 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = MultiByteToWideChar, address_out = 0x773c192e True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WideCharToMultiByte, address_out = 0x773c170d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetACP, address_out = 0x773c179c True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapFree, address_out = 0x773c14c9 True 3
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapAlloc, address_out = 0x77a6e026 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LCMapStringW, address_out = 0x773c17b9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileType, address_out = 0x773c3531 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindClose, address_out = 0x773c4442 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindFirstFileExW, address_out = 0x773d1811 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindNextFileW, address_out = 0x773c54ee True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = IsValidCodePage, address_out = 0x773c4493 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetOEMCP, address_out = 0x773ed1a1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCPInfo, address_out = 0x773c5189 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCommandLineA, address_out = 0x773c51a1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetCommandLineW, address_out = 0x773c5223 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentStringsW, address_out = 0x773c51e3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FreeEnvironmentStringsW, address_out = 0x773c51cb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetStdHandle, address_out = 0x7744454f True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetStringTypeW, address_out = 0x773c1946 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcessHeap, address_out = 0x773c14e9 True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlushFileBuffers, address_out = 0x773c469b True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetConsoleCP, address_out = 0x77467bff True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetConsoleMode, address_out = 0x773c1328 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapSize, address_out = 0x77a73002 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = HeapReAlloc, address_out = 0x77a81f6e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetFilePointerEx, address_out = 0x773dc807 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteConsoleW, address_out = 0x773e7aca True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileW, address_out = 0x773c3f5c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Process32First, address_out = 0x773e8ae7 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = SystemFunction036, address_out = 0x76f91919 True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = MessageBoxA, address_out = 0x7723fd1e True 2
Fn
Get Address c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll function = InitializeCriticalSectionEx, address_out = 0x0 False 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsAlloc, address_out = 0x773c4f2b True 2
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsSetValue, address_out = 0x773c4208 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventRegister, address_out = 0x77a7f6ba True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = EventSetInformation, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FlsGetValue, address_out = 0x773c1252 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LCMapStringEx, address_out = 0x774447f1 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcmpiW, address_out = 0x773dd5cd True 5
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateFileA, address_out = 0x773c53c6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReadFile, address_out = 0x773c3ed3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GlobalAlloc, address_out = 0x773c588e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetFileSize, address_out = 0x773c196e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleFileNameA, address_out = 0x773c14b1 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtUnmapViewOfSection, address_out = 0x77a5fc70 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtReadVirtualMemory, address_out = 0x77a5fe80 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtWriteVirtualMemory, address_out = 0x77a5fe04 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtSetContextThread, address_out = 0x77a61910 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtGetContextThread, address_out = 0x77a60c20 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtResumeThread, address_out = 0x77a60058 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtTerminateProcess, address_out = 0x77a5fca0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualFree, address_out = 0x773c186e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateProcessA, address_out = 0x773c1072 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualAlloc, address_out = 0x773c1856 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetThreadContext, address_out = 0x773e79d4 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReadProcessMemory, address_out = 0x773dcfcc True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualAllocEx, address_out = 0x773dd9b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WriteProcessMemory, address_out = 0x773dd9e0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadContext, address_out = 0x77445393 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ResumeThread, address_out = 0x773c43ef True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = RtlFillMemory, address_out = 0x77444852 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Sleep, address_out = 0x773c10ff True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ®&ù¤L²Õì²Z, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CreateProcessW, address_out = 0x773c103d True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlCreateUserThread, address_out = 0x77aee5d1 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlImageNtHeader, address_out = 0x77a73164 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlAdjustPrivilege, address_out = 0x77af1f40 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtClose, address_out = 0x77a5f9d0 True 1
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtOpenProcess, address_out = 0x77a5fc10 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetEnvironmentVariableW, address_out = 0x773c1b48 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegGetValueW, address_out = 0x76fa0e47 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegDeleteValueW, address_out = 0x76f9cf31 True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegOpenKeyExW, address_out = 0x76fa468d True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCloseKey, address_out = 0x76fa469d True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegCreateKeyExW, address_out = 0x76fa40fe True 1
Fn
Get Address c:\windows\syswow64\advapi32.dll function = RegSetValueExW, address_out = 0x76fa14d6 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CopyFileW, address_out = 0x773e830d True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = DeleteFileW, address_out = 0x773c89b3 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemWow64DirectoryW, address_out = 0x773cd975 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetSystemDirectoryW, address_out = 0x773c5063 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcpyW, address_out = 0x773e3102 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcatW, address_out = 0x773e828e True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualProtectEx, address_out = 0x774445bf True 1
Fn
Get Address c:\windows\syswow64\user32.dll function = wsprintfW, address_out = 0x7720e061 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = VirtualFreeEx, address_out = 0x773dd9c8 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = StrDup, address_out = 0x0 False 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = OpenProcess, address_out = 0x773c1986 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetModuleHandleA, address_out = 0x773c1245 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = lstrcmpA, address_out = 0x773deceb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = FindResourceA, address_out = 0x773de9bb True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadResource, address_out = 0x773c594c True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SizeofResource, address_out = 0x773c5ac9 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LockResource, address_out = 0x773c5959 True 1
Fn
System (2)
»
Operation Additional Information Success Count Logfile
Get Time type = System Time, time = 2019-02-22 08:26:59 (UTC) True 1
Fn
Get Info type = Wow64 Directory, result_out = C:\Windows\SysWOW64 True 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #2: 11111.exe
0 0
»
Information Value
ID #2
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:03:38, Reason: Child Process
Unmonitor End Time: 00:03:40, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xbdc
Parent PID 0x93c (c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BE0
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
private_0x0000000000110000 0x00110000 0x0014ffff Private Memory rw True False False -
private_0x0000000000330000 0x00330000 0x0042ffff Private Memory rw True False False -
11111.exe 0x011c0000 0x01260fff Memory Mapped File rwx True True False
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Process #3: 11111.exe
14266 4
»
Information Value
ID #3
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\11111.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:03:38, Reason: Child Process
Unmonitor End Time: 00:04:40, Reason: Terminated by Timeout
Monitor Duration 00:01:02
OS Process Information
»
Information Value
PID 0xbe4
Parent PID 0x93c (c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BE8
0x 248
0x 728
0x C4
0x 2C4
0x 150
0x 518
0x 138
0x 1C4
0x C0
0x 680
0x 528
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
private_0x0000000000020000 0x00020000 0x00020fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00030fff Private Memory rw True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
pagefile_0x0000000000050000 0x00050000 0x00053fff Pagefile Backed Memory r True False False -
locale.nls 0x00060000 0x000c6fff Memory Mapped File r False False False -
private_0x00000000000d0000 0x000d0000 0x000d0fff Private Memory rw True False False -
private_0x00000000000e0000 0x000e0000 0x0015ffff Private Memory rw True False False -
private_0x0000000000160000 0x00160000 0x00160fff Private Memory rw True False False -
private_0x0000000000170000 0x00170000 0x00170fff Private Memory rw True False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
private_0x0000000000190000 0x00190000 0x001cffff Private Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x0023ffff Private Memory rw True False False -
private_0x00000000001d0000 0x001d0000 0x001d0fff Private Memory rw True False False -
private_0x00000000001e0000 0x001e0000 0x001e0fff Private Memory rw True False False -
private_0x00000000001f0000 0x001f0000 0x001f0fff Private Memory rw True False False -
private_0x0000000000200000 0x00200000 0x0023ffff Private Memory rw True False False -
private_0x0000000000240000 0x00240000 0x00240fff Private Memory rw True False False -
private_0x0000000000250000 0x00250000 0x00250fff Private Memory rw True False False -
private_0x0000000000260000 0x00260000 0x0026ffff Private Memory rw True False False -
pagefile_0x0000000000260000 0x00260000 0x00267fff Pagefile Backed Memory rw True False False -
private_0x0000000000260000 0x00260000 0x00260fff Private Memory rw True False False -
pagefile_0x0000000000270000 0x00270000 0x00277fff Pagefile Backed Memory rw True False False -
private_0x0000000000270000 0x00270000 0x00270fff Private Memory rwx True False False -
private_0x0000000000270000 0x00270000 0x0027ffff Private Memory rw True False False -
pagefile_0x0000000000280000 0x00280000 0x00280fff Pagefile Backed Memory rw True False False -
private_0x0000000000290000 0x00290000 0x0029ffff Private Memory rw True False False -
private_0x00000000002a0000 0x002a0000 0x002a0fff Private Memory rw True False False -
pagefile_0x00000000002a0000 0x002a0000 0x002a7fff Pagefile Backed Memory rw True False False -
rsaenh.dll 0x002a0000 0x002dbfff Memory Mapped File r False False False -
private_0x00000000002b0000 0x002b0000 0x002b0fff Private Memory rwx True False False -
private_0x00000000002c0000 0x002c0000 0x002c0fff Private Memory rw True False False -
pagefile_0x00000000002d0000 0x002d0000 0x002d6fff Pagefile Backed Memory r True False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e1fff Pagefile Backed Memory rw True False False -
private_0x00000000002f0000 0x002f0000 0x002f0fff Private Memory rw True False False -
pagefile_0x00000000002f0000 0x002f0000 0x002f1fff Pagefile Backed Memory r True False False -
private_0x0000000000300000 0x00300000 0x003fffff Private Memory rw True False False -
private_0x0000000000400000 0x00400000 0x0041bfff Private Memory rwx True False False -
private_0x0000000000420000 0x00420000 0x00420fff Private Memory rwx True False False -
windowsshell.manifest 0x00420000 0x00420fff Memory Mapped File r False False False -
pagefile_0x0000000000420000 0x00420000 0x00420fff Pagefile Backed Memory r True False False -
private_0x0000000000430000 0x00430000 0x00431fff Private Memory rw True False False -
private_0x0000000000440000 0x00440000 0x00440fff Private Memory rw True False False -
pagefile_0x0000000000440000 0x00440000 0x00441fff Pagefile Backed Memory r True False False -
private_0x0000000000450000 0x00450000 0x00450fff Private Memory rw True False False -
pagefile_0x0000000000450000 0x00450000 0x00450fff Pagefile Backed Memory r True False False -
private_0x0000000000460000 0x00460000 0x00460fff Private Memory rwx True False False -
private_0x0000000000460000 0x00460000 0x00462fff Private Memory rw True False False -
private_0x0000000000470000 0x00470000 0x00470fff Private Memory rw True False False -
cversions.1.db 0x00470000 0x00473fff Memory Mapped File r True False False -
cversions.2.db 0x00470000 0x00473fff Memory Mapped File r True False False -
private_0x0000000000480000 0x00480000 0x00480fff Private Memory rw True False False -
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db 0x00480000 0x0049efff Memory Mapped File r True False False -
private_0x0000000000490000 0x00490000 0x00491fff Private Memory rw True False False -
private_0x0000000000490000 0x00490000 0x00490fff Private Memory rwx True False False -
private_0x00000000004a0000 0x004a0000 0x0059ffff Private Memory rw True False False -
pagefile_0x00000000005a0000 0x005a0000 0x00727fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000730000 0x00730000 0x008b0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000008c0000 0x008c0000 0x0099efff Pagefile Backed Memory r True False False -
private_0x00000000009a0000 0x009a0000 0x009dffff Private Memory rw True False False -
private_0x00000000009e0000 0x009e0000 0x009e0fff Private Memory rw True False False -
private_0x00000000009f0000 0x009f0000 0x009f0fff Private Memory rwx True False False -
pagefile_0x00000000009f0000 0x009f0000 0x009f0fff Pagefile Backed Memory rw True False False -
private_0x0000000000a00000 0x00a00000 0x00a00fff Private Memory rw True False False -
private_0x0000000000a10000 0x00a10000 0x00a10fff Private Memory rw True False False -
private_0x0000000000a20000 0x00a20000 0x00a5ffff Private Memory rw True False False -
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db 0x00a20000 0x00a4ffff Memory Mapped File r True False False -
cversions.2.db 0x00a50000 0x00a53fff Memory Mapped File r True False False -
private_0x0000000000a60000 0x00a60000 0x00a60fff Private Memory rw True False False -
private_0x0000000000a70000 0x00a70000 0x00a71fff Private Memory rw True False False -
private_0x0000000000a80000 0x00a80000 0x00a80fff Private Memory rwx True False False -
private_0x0000000000ac0000 0x00ac0000 0x00bbffff Private Memory rw True False False -
sortdefault.nls 0x00bc0000 0x00e8efff Memory Mapped File r False False False -
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db 0x00e90000 0x00ef5fff Memory Mapped File r True False False -
private_0x0000000000f40000 0x00f40000 0x00f7ffff Private Memory rw True False False -
private_0x0000000000f80000 0x00f80000 0x01080fff Private Memory rw True False False -
private_0x0000000000fb0000 0x00fb0000 0x00feffff Private Memory rw True False False -
private_0x0000000000ff0000 0x00ff0000 0x010effff Private Memory rw True False False -
kernelbase.dll.mui 0x010f0000 0x011affff Memory Mapped File rw False False False -
11111.exe 0x011c0000 0x01260fff Memory Mapped File rwx True True False
pagefile_0x0000000001270000 0x01270000 0x0266ffff Pagefile Backed Memory r True False False -
pagefile_0x0000000002670000 0x02670000 0x02a62fff Pagefile Backed Memory r True False False -
private_0x0000000002aa0000 0x02aa0000 0x02adffff Private Memory rw True False False -
private_0x0000000002b40000 0x02b40000 0x02c3ffff Private Memory rw True False False -
private_0x0000000002c40000 0x02c40000 0x02d40fff Private Memory rw True False False -
private_0x0000000002e00000 0x02e00000 0x02efffff Private Memory rw True False False -
private_0x0000000002f00000 0x02f00000 0x03000fff Private Memory rw True False False -
private_0x0000000003010000 0x03010000 0x0310ffff Private Memory rw True False False -
bxmeoengtf.bmp 0x03a40000 0x03f31fff Memory Mapped File r True True False
uxtheme.dll 0x74ef0000 0x74f6ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
ntmarta.dll 0x75060000 0x75080fff Memory Mapped File rwx False False False -
comctl32.dll 0x75090000 0x7522dfff Memory Mapped File rwx False False False -
propsys.dll 0x75230000 0x75324fff Memory Mapped File rwx False False False -
browcli.dll 0x75330000 0x7533cfff Memory Mapped File rwx False False False -
netutils.dll 0x75340000 0x75348fff Memory Mapped File rwx False False False -
cscapi.dll 0x75350000 0x7535afff Memory Mapped File rwx False False False -
wkscli.dll 0x75360000 0x7536efff Memory Mapped File rwx False False False -
davhlpr.dll 0x75370000 0x75377fff Memory Mapped File rwx False False False -
davclnt.dll 0x75380000 0x75396fff Memory Mapped File rwx False False False -
ntlanman.dll 0x753a0000 0x753b3fff Memory Mapped File rwx False False False -
winsta.dll 0x753c0000 0x753e8fff Memory Mapped File rwx False False False -
drprov.dll 0x753f0000 0x753f7fff Memory Mapped File rwx False False False -
mpr.dll 0x75400000 0x75411fff Memory Mapped File rwx False False False -
rsaenh.dll 0x75420000 0x7545afff Memory Mapped File rwx False False False -
cryptsp.dll 0x75460000 0x75475fff Memory Mapped File rwx False False False -
profapi.dll 0x75480000 0x7548afff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
crypt32.dll 0x75720000 0x7583cfff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
wldap32.dll 0x75c70000 0x75cb4fff Memory Mapped File rwx False False False -
shell32.dll 0x75cc0000 0x76909fff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
urlmon.dll 0x76cf0000 0x76e25fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
For performance reasons, the remaining 71 entries are omitted.
The remaining entries can be found in flog.txt.
Injection Information
»
Injection Type Source Process Source Os Thread ID Information Success Count Logfile
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe 0x940 address = 0x400000, size = 1024 True 1
Fn
Data
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe 0x940 address = 0x401000, size = 70144 True 1
Fn
Data
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe 0x940 address = 0x413000, size = 5632 True 1
Fn
Data
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe 0x940 address = 0x415000, size = 22016 True 1
Fn
Data
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe 0x940 address = 0x41b000, size = 2048 True 1
Fn
Data
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe 0x940 address = 0x7efde008, size = 4 True 1
Fn
Data
Modify Control Flow #1: c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe 0x940 os_tid = 0xbe8, address = 0x77a501c4 True 1
Fn
Created Files
»
Filename File Size Hash Values YARA Match Actions
C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\9c354ca49c354b4621e.lock 0.00 KB MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep: 3::
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9 0.98 KB MD5: 167b6196441a4350783e4974b9fd5d78
SHA1: d017ece756a0b2a4c16fcbd69cae6762c322f04b
SHA256: e883af822e579b867f21189b85c23e84a1fec33b2511ffeb7d51c9ff81a3acbc
SSDeep: 24:Y+hAg8qPFDjb+FLo81q9UUFsf9n92Luugw7v7YJepyVail:Y+hxFDj6FLZq9Uf+Ll7v7YDVa4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\A_7eD85g.swf 20.63 KB MD5: dfa7e1c336c5af7ecb6ed3d4fd0a4171
SHA1: a5e21ed72b7a3279682099fa412cde4a28531b4a
SHA256: eab717037fc3353e965a30c26d32349309406987ab6ea4173035f31ab907407f
SSDeep: 384:sHqCCb5xM+qcuj/61U0TxWYJ7XaFZyTmYCYAZHmVZHyGR3B:sK1Lj8/613Ta9dYA9mvyGBB
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.xml 2.94 KB MD5: c5347de8c3a77fe0a20e9577c91f9f8c
SHA1: b90e8855ff39e89400cbc449debe275c033cfe74
SHA256: f9a2d86672c49ae3c7954df649898fc8e077dd2db21f8bdd35e446708edd1c28
SSDeep: 48:NRWm4D9+CgRL3DC9OiKfL6hverD7Jen9gagJ+NIvBR5QL9PbmXG7rnJ04eXAzEQX:3UPgFCZQLpr/JHaY+NIf5QL9PyXG79vP
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Hzi4Zxo_l.wav 31.06 KB MD5: e50f54b1c4160728f2f1fc52fbe6cbcd
SHA1: bae2ff7392b758dcbb46871cb8464e4cfc87b485
SHA256: 14a36a350c9dddc0d6f55e497bd67d1dc812e999507e5e275f702e2c21539c25
SSDeep: 768:C3Vf73TVCk/KV+rMKS6jN7AKHpC9xM00fLA/XqjO:e3TMHkJSgN79pCrM0SAyjO
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f 0.57 KB MD5: 01d7d392966fb33307f7f63a27c8c014
SHA1: af62b93e04bc6c276dc9c56c2152c19416dfbd86
SHA256: 9b7329070c23445a17de0f1da0be904416870c0b090d1c42617e489031999674
SSDeep: 12:TfUPN2KPDUBBq9zKb128jUbaqvyA0F7B4V0nk/adaCcfVboX2eV6lBjWcC:TEN23q9Y1peURg0nOkcfVcmg6DWl
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js 0.54 KB MD5: 837ae79e3b141346f28fd0ce36d7655f
SHA1: c445fd8c0a890b9a17f9bd0cb18b985efbe79aa9
SHA256: 10821eeb55f8e4ae18c2ba7d76ce0ef3028b00521c9c821b07c036bfe0ca90d6
SSDeep: 12:wyv4QobRUXTLCPALVCrNYfgt5Vu6ov1QHZs8An1O21WBNd4EIkC:wG4byPCocOw5qv1oZs8AI21WBNd4EI9
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\rXJA_qzjCfNd.mp4 44.53 KB MD5: dd1b39eb803dbf542978cdfd221dc799
SHA1: 9042654de7a22aa1b757229c00de649876905fd0
SHA256: 830185116d2ba2a29c1f653df1c7f16b1b72ecb6e2dcc5db197619a8d35d6731
SSDeep: 768:2OcRJ7E/oDYXtwGpxuoaLGdVWAeo5Xy84styUnohaCjbe8RsCVZ87/76ihyYvRvL:2NcoiZrKLG+0s8VtyCohDbXvZ8yihDRL
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\secmod.db 16.53 KB MD5: 7f2c138fcf5563b568f8818a9a78c9a8
SHA1: 7521eb0a497a0c16602134fa1dc17712228ca8cc
SHA256: b63a845baf89ebe3d9c641b6041e6945522de72a11c4070725cefcab83164c46
SSDeep: 384:grzRpt1HdSmmKEmzrUte57egEfwflSTqG51ZLzVuxrWYwEexgEE1jb:gr1GmjnUE1LfOqG/ZLAxyYwXE1jb
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\102a7bc8-3f85-4bb4-840a-38257d2965d2 0.98 KB MD5: 8e93167ae1f20c6bf5e257ff2cc8fb93
SHA1: 8d8a8e09633f70543fe97b1c2cc00d0281cfb5c6
SHA256: 2905a4904d753c0eeac01cef225f32ec7ff0f5350e69fd43915184765434ebf8
SSDeep: 24:iiLybuLAtkLx8/2LkUzxdikAlPkb6/tRMZXlOJk9vwU1C:BLrVSMkmdikA+b6/t+Gi9ot
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webappsstore.sqlite 96.53 KB MD5: c7a974079fa5ee1685608880a96e774d
SHA1: 7f1d5da525066c5110ffe75908223cf14c7dd792
SHA256: 15dd334269405683bd70006854ff2cae1be14874ada8e719f1bf458ee38b0096
SSDeep: 3072:z+eavdYssxh6Jh1mPpMOMZjsdMMDoB5Qg:zkvrsz6JhkPOOMZanDS5T
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\UezaAtm.mp3 4.71 KB MD5: 650500e15c0a88b68486a6b9aa87f997
SHA1: a25046b89da2b31550aa8d867e5b90464493d1c8
SHA256: 9ca4bc65a8dd9849311ce9e8a2cbaac946be24f099b3329f8226edcbd22b1e72
SSDeep: 96:UcgQsxcisVnIu/nBwVGvdZexe8lV/ikQyOtysao4R/q+Ua3scyr9hm:UisxcnGu/neVGvdZeoztys2hlsvm
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cert8.db 64.53 KB MD5: a992ea975dcbd616a71ea17a5fe8c9b6
SHA1: dcf7899a1ead1407daccddadc209afd4f2fc3f61
SHA256: e54a86d6866a89c898d998f3318082f16605e653dcd1ca37b635d966f35bcbb6
SSDeep: 1536:v/51UrFfnFbmdIJ7NMkiA8A8Gq9Q+a6hsqaVPoVZsUVHPK8XanA4:vAZfnFUIJxMPA3PEQ+jhZEoV/dMA4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\O1UBl.m4a 14.14 KB MD5: da3ce747d610374d90c5b698314e0169
SHA1: 8497dfcd0d4f923f5fe31f979fb7bdee2f068683
SHA256: 7cb16e0eb2640f57d71d89a0811afb9b75e910006f43ae5c07902d6a5a84777c
SSDeep: 384:aj9luZk24JShrqF49mYPL9IruMs5rkiJ+RAv6rq5NA+Fp:xZk24JQmFoRPL9I/s5zJ+ev6eK+D
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y2yRLSXnlxA6\Kl4_lyvPu9.flv 37.71 KB MD5: 17af59796744eb68f7b923900a81a37f
SHA1: 49825df5ffa386e23263b049ff10c5baae51a00e
SHA256: 422ba30a28945513dfcb5c43ad9034b97aa4d1bc7026085964fdf42d9b4f018c
SSDeep: 768:G5xE4HjjJP//aaeg8R7ko2Ce9g7b0iTqcpzKBXERdz0m4s:yxE4HjjJ/hegcAQD7Qi2cpzKBURdl4s
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bucTb.gif 4.04 KB MD5: 5989cd4b9746ddcaea5f22f1a692c3ca
SHA1: afffc407f9c462136146875c847fe2e942b6fb25
SHA256: 4c88d64c4e16ab7981ae2f0f892974b1deec8755e1f29fb8ef569aab5a279689
SSDeep: 96:o64O9ZVqim3Da2HrTH8fiBQ35i0MEyo/A2+HOx:opEqiAe2Hv8aS35i0dyiAxHOx
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\C3VzdO5WAe3dGKJ.bmp 92.25 KB MD5: 9d065f795df086795b40ad35f47d4f33
SHA1: bbdef3b7c81fb7e86014e1519b392b2c0387b816
SHA256: 06c0bb91212b89d6b98b72632c4d2a5a121a9c99920689ad7c6bb06427f8ed03
SSDeep: 1536:TU9NXhrcdxA2uRUcsQX0Xi4OpEUL1cRd/lJ0GOurLkY2x6bTCtC6yvlMMKXAJ+uS:TkppcuRU3QX0yTpr1cXJcDx6b+tMvlMd
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\pluginreg.dat 4.05 KB MD5: 73fd13830e30be9d0e1455924f93e078
SHA1: 9bd1af8ff2015bd5dbed9e510b97116cd599a846
SHA256: 7549d580f9203517928b6df65d0f313668090be054d6295180e0ea921217c61d
SSDeep: 96:3M5wWbePn1OJ0n53SX8N/QljoWM2sfMZhiOQAgyhRoKw2hU10v:3M5ZeP1OJ0n53U8N/QtoWMToMOxhRoKn
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\3OQ79xVp.swf 82.73 KB MD5: f5c0569531d0c412adf1b315fc3fe04b
SHA1: e90cef3b021b9849523e575afd8704d61f8eecad
SHA256: 59af266f1802eaf5b358ddca3062736a74d33d13311b93c495dfd251de426c9f
SSDeep: 1536:GouLP6UmnaeF8so7Eigd5cV/mbx6M2MqbAmeC3LwUPmlivN2oC6Jjwr9ft:Gn7tmn7Fn0Eig4Ve1P23U9rNr
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\addons.json 0.55 KB MD5: 341fa9ee9f55da3dc99cb3203993adff
SHA1: 8fe4d72137f27b7e21aafd674cf54c4a93d3797b
SHA256: 469135699031a84488ef29062593abe833fe689022a84186ca7a13cd2df79322
SSDeep: 12:TH0NE4j7/fnBSZIu/yypOFCnne7wVBEjX/LB4m0ElVFV8C:TCH3nBe/ynunWQEjv14TEXF
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.sqlite 448.53 KB MD5: 6cd28b0fa1f1a2c8325ce2fe2278cee0
SHA1: d19ccb3dea265e013bc8c97a2b50e037f3322cc3
SHA256: 2be88b4ebc2497a2afa285f9a928e3ead29a7efeffd189c74fe167c9605cd947
SSDeep: 12288:cx5mENO6It5fPaxwi23Igicp7WeAV5FkOHTt:05mpJ56n2rf9WeAVDHt
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact 1.68 KB MD5: 92a3031e93178ead5632646f539fb967
SHA1: 866d9dea4d622a0bececf1cb88d3bc2c880a85fc
SHA256: ab95ed35379ed8a2a0c87fa7c35aa156f0debeb6610562992c644e1ff0d88663
SSDeep: 48:iFlVsvbBQRcFMYiXlFtCgqB1yaqE5b5Rt:o7svlQOFMYClMSaqE5Z
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F4Vtqjr_GT.wav 45.17 KB MD5: 99c4fc012790e8aab37248890a5c78f1
SHA1: 11718c02e62550ef97c87c477402375c77eeab12
SHA256: 168ac3583fa10244799fdf92dd258bf508e8e83039e1a142c45546ac5307e17f
SSDeep: 768:HOpoJLPYCbBtVZgg9v5n13vAJEgL2ygCfWhhZxjQzRacSAYerFtxPbaiJ+S5dA:HOpQLY6tVfnBvAmgL2lh3QtacSAYykiw
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\VxTdG_8-.png 22.10 KB MD5: 11503a16a26daff352d1781eeae68eed
SHA1: 3e520d1a9b5455bcd3ba17c5336d69975e8a0067
SHA256: 3894f69dec03f085dd12de9d5604800da3a5cc134d31bca5bff98af10c6fdc5b
SSDeep: 384:i+75PViaXlL6Rji9ewX4uZyVfPVLWveHP9bCho0zTExZxOCQe50AuUiwKdjx0a3Z:i+Ndp9esFZKfPpN9WdEx7OCQe50AXin5
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.bak 1.49 KB MD5: b667c7751cead42f2ab22db4cc46985e
SHA1: 97bcf0dc385da15113be2911a04307322166208b
SHA256: 897e5d07488f4dc062c1a226ae28499bbdc0d20af9cc92eef9ec877255e99657
SSDeep: 24:prWehR3slNiGLfHIM2de2MgtPrdzvSzkWuxX3b+7+yUKy6dMg/FqEim3cTS4AP5i:paehZi8Qvn2FtTdz0uxFKy/QIoBWsw
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\L6lBA1XLEg.m4a 51.08 KB MD5: 24c4433c92bcaf69b3c0ea7e2a040230
SHA1: 7709398b2e37e733d81fd39f83c0e572eac57fc5
SHA256: 57a277d05bbe54c3403eb7d867703b9b76eb6711698015373f03c22928d3565f
SSDeep: 768:oaxscaCaNvovyl3IA328fOaYQmVg5KkoOT888R7eOcO6zBhGMmUThRCaB2p6z:talovUYAIhQmVgAs88EeOcOCBkMmK2TO
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\dv0fVo_p-eFE zhXhLF.mp4 32.54 KB MD5: 6a259cc46bc62fda96b77a7651bc56a9
SHA1: e196df6857651d7c7132f6a1b736be551b78a748
SHA256: 08f74d85a80475eec3091094196cb2c0274974d4336f3e4861966ca849666ddd
SSDeep: 768:p7ds1HC1+yfkQ1b9/QJTXytcCGxIT/X41E/H2pDNuB:p7MHi8Qftc9Cj41jpDIB
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\vTHnDk1Vq.bmp 73.62 KB MD5: 00dbb63e1baf22f2692564775fe51245
SHA1: 5950490a63a72dee8b04419fcc00e2a69a2f964f
SHA256: 6275fc8863dce305e0deab2a3a2da2b6ab6fa6d45ef0e08e8e73742985291bdc
SSDeep: 1536:57wwUSX7U4QLfBN0PV7HUSmN1MX0mdYyHNCn5UdAUMzebMFx7Cd+6gE:5UsXI4Sv0PxUSmXPmPHNYU/MFw+tE
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl 37.35 KB MD5: 13471973c68f18becaafcb7ec7c30933
SHA1: b87cefefdf81e71087fd8141f24d3b7969fa6845
SHA256: d1d3c2fb3ba03bf2fd279305aee8e16e215647f1d4025742c0c0a2f83a1b368b
SSDeep: 768:FEqdN5EhRi2Pj5vDtss7IvYtGXnrTj1pz6/Uoqfj3YB9eLb2r/r:qqvaPj5vyH5PjuNqj3YB9UO/r
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7l38Ee.gif 89.58 KB MD5: d302a516db7a72a4b1765ab933a7013d
SHA1: d87916968af1ca4a28d32b73de7405ad498bb4f6
SHA256: 8b8a473c6ae168ad8110acd17251ec3310ade3431a3be074a317bd15ddc2b64c
SSDeep: 1536:ORR4nLnRgx7fP4bPBPdjyIQ0cDfaRY/tlMq1L82pzvvjO:I6nLnRM7QTmIRcTaRY/IqrO
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\CREDHIST 0.69 KB MD5: 7b2f5e17d1a651ed139ab7cc70d19383
SHA1: fb42ebbc6efaed5900b07bac747ce255b84b4770
SHA256: e2b87f8a6c2706e7df6222c65d4dfcbedd09254f58006afbcc93ce332a6520e2
SSDeep: 12:Pop7ciLmgHEIsfHU+ZxuwPNHeW/mjJnepeK7JmWKQy6ZZ+soqcYC:gpQiylIQHbx/P1etjqeiJmWdZJ4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webapps\webapps.json 0.53 KB MD5: 275ce939571761cdcbc49ef930f11dcc
SHA1: fa1d89754870741ea4998b1ae0fb359078f5988a
SHA256: b1910b6e60518b49ad390905479f0146e88120092240f5a1e76f605e108589f6
SSDeep: 12:M4+ZX/GJ2gjrmjhf4DDGI1UD8z1mFH5JEUgiHFOd+AxvcMfy/leLPywC:4ZGJ2gjrmtmDQJH5JfUd+eEMfydezq
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9vWvoQ L.csv 17.31 KB MD5: c07afa8e5405dc484da515b891b8ff3d
SHA1: 87bdc5f8f2c5a3bb3d08c4c1256087a76d13941a
SHA256: 91bbfeb043d3792cad30c78390861393da574a76c760703686ea2e8ed2c8c955
SSDeep: 384:rAuyTsHaJgrFnisyBbraN0oac+NH/nAxBptgezMB9lxth/DS:rbLaurFnhOovaGzyezElN/DS
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.ini 0.67 KB MD5: b3f78e562f5d06ce7f12c443e4b5f93a
SHA1: 2abd824b3bc06bd08275be3b6478aab664e631bb
SHA256: be0659612e5a53f90c3e4f9b9a9212ebb8732f67b4d79e9f620ac7eb256ed340
SSDeep: 12:k9kIahPqKUUcRsIVvX/EaoiQq2BLMQMyPvsysScxTIgnd3bUL5vlcEC:Nnws+sIt/rQJBLJMov0Vb3bU1vA
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Qp92YpydVN3.ppt 52.01 KB MD5: b7e0e86e2a20089c85898ed4f0907e9a
SHA1: 752547d9309e802c7048ac520a019f357024b96f
SHA256: 52e0639381e835ebef58df952f002e9f3ed21cadff4536db0d065064b4f9071f
SSDeep: 768:E8xHCR0SUJYKf8i1c5+Ygn+438SGGhiW1ciNZ+JirYnuI4gRBPSTw9diMuaEifTC:ZxiCpYKf3znBMgrvOPRsifTAL7Yq
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\times.json 0.56 KB MD5: 5c97266ed9b13586dab77183428bc02a
SHA1: 6a435f58fc83215810c53da2cd30f0b7940caaa0
SHA256: d596a5e6c79893e9cd9e241e58e6cd6e9a0ecbb45e8ac650dfee6c89148485a5
SSDeep: 12:+63dDLy+Jk7w0bhvMue9ijpUAn37+FtcUMbovsT4C:+63dDLahvuEuErwcno8
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ksf2Zca.docx 95.11 KB MD5: 5370cf06a738e972756d1f841f37c632
SHA1: e8161c086971d80c67306915208cabd80ad7cb03
SHA256: 6ef350e3aa53129aa394ed021eaf18a205958db44210bd000dd9506782eef440
SSDeep: 1536:YhHUZPUOzInpp/70CxG3swUkwSGZlc3zjKj+6/vxHv8QZy6uuMskE5ZGoTcpfxDU:YhsPjCb0j3swUPnqKjNznWvEvXTctVg
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\v7nq66.bmp 68.06 KB MD5: cd6cd28db9ebcac7d1e251b0d4047ced
SHA1: bca581f71ed9f45929a7962c03751f6bdb1603e9
SHA256: 6fb8d23341a7db391823eb09274e587a177758aae9c9dc30494a8db72ae7f49b
SSDeep: 1536:HVP1WZd1QsV0Cdudkkk+BuM2QrK4mJfMsMK5dotOd/cYU9NCUZI:HVQd50Cdu15HrlmJfMKdvdkYCNC1
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cKlnfg15XrF7bvO0.gif 34.27 KB MD5: f5c6d1faea8149f916043c7333976984
SHA1: 2b2df2741f275c8e13f67bae99529d3d2e895df7
SHA256: c35d7f41a28e99ce8775e2c40d94d62340c8626a38ca87b8f14e960f4c66b1c1
SSDeep: 768:hqjAR+1hfxuuzdZyi33g16yjwHOhikMxZafnduMo7H:hqER+FuMy61YWUyZafheH
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\fbbe72db-afd8-443b-88dd-64b20388700d 0.98 KB MD5: 7894099842f0a1ca9dd64fcda808441e
SHA1: 12bf25c7d90238bed48d18fa9f615dca1cf86fb9
SHA256: db30809b4fad1ce926146e8cb442ad6a06cfe1f68e3f9831feb6db4d016713e5
SSDeep: 24:rB5EKh7sWPvCARRC/Pw09NiIQSGfHLWidOf:oKh9Bm+SYaf
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\mimeTypes.rdf 4.26 KB MD5: 768453de810c36a0a72d72e2d1d4c74e
SHA1: 822a9dab55da85cf41ec0ffe131a976626573643
SHA256: f5e4ce41a67b10d17d13bf0b051e034bfeb912980cddcb8fdbb2843f5f94e185
SSDeep: 96:8pRXfydhSeM3Tq0FeoA4QBnFtljbez65SwT0h132SWhzRc2REEZsrNbqsEK:8pRXOgei3A4slez65By2S0REEuqs3
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\ceYPdnUpXgCg.mkv 36.01 KB MD5: 427cc76e06e4c7c7215d0c58177860b6
SHA1: ab629e4586967d9dd149ef0e841231798fc7e98b
SHA256: 48e018ddd6d0b6733f221d044e156bd3a0f3e35795201a975bf67e565666632b
SSDeep: 768:wyNLbE6t1NT1tIrSqfsv8h0rWi/dHDFAHG4T9h:wKY6vNTLIf3ad/NDF2G4Tn
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite 640.53 KB MD5: 32a9ba9f311b02ea4b1dcb56526d53d3
SHA1: d1b3599b7d6f55e1757fe35ee1f93d137b5b6eba
SHA256: 366cece25656828e6a7fd356fbb342dfa59679fbcd0b2d8e6463c5c4f63f28fb
SSDeep: 12288:pJVYxZBx/n/e/yc48mT4BwxWqHKypZScbzG3Y5kw7w7YYOAENGRxxvLC:pIxbx/2qTNWqHKyfScf2Y55w7YYxENuW
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332 0.54 KB MD5: 89b95ca8af2874e93eb4717b717ddb7a
SHA1: b44b98a14762f136e2c15b401576e35e91deee2b
SHA256: 53f7777e388a5091d91d4a6303f113e2b2ef18ad9d86ad6f3b66aae08cc34ce6
SSDeep: 12:n8lU8lAk+7CMuqDsMdgxJ2c1YGgkUFFfPRHnth98RP/zxkIJ9jKkIC:FCa71uqwcgL1GkULDh98RP/SK9jKI
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y2yRLSXnlxA6\gWOLwd36.mkv 27.89 KB MD5: 8a0326ef483f2a44d61c238592029dd6
SHA1: 317c7fcb5f2395906207efe86b22e2849aba58fa
SHA256: eefa0972857d37c8c829a4aad31e027a9996ac9d65ac19b224e6e77aff76ddfe
SSDeep: 768:mgmnaBCZ8wI66rywqcR08tZBnJIU+qBYqji:mgDBnwUOwqKh5BYV
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\Preferred 0.55 KB MD5: 1bf34ebe63ed4b14a7847072c6396ad7
SHA1: 8efa3d9a332acfb6e8d2428e24704cd623441c96
SHA256: 7bbf68d5bea050a3aad1239e58e7630532bcdf7ea9b4a2e12a4a96fd6b6024cc
SSDeep: 12:blj8DKeL3lteY6zHQfFxqcIgYE/ztzu0T0xqy5RuSScNEkzv0udiC:Bj8D/3ltT6az7YEbt1Mii7vL
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\AWhrvcVrBG.wav 1.76 KB MD5: 0100fc4933bee9f65027646a08a14505
SHA1: fd5c79f0222bdd2ca01d11deb9e4d93aa224935a
SHA256: e98bfc91e013debbd0e1d7225bdfd1a6de0177b5b3b656fdb0c03c3cf0de23f2
SSDeep: 48:orLAqhDhCDQfSswNa2MkLvu0GzwkM2jzRDon35r3t:WAahCtswE2jLvaw32j2n3J3t
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\31kwfNFercIrh8w.swf 78.58 KB MD5: d5495ec64daebed9b8dcff9d7c2c2107
SHA1: 7139a811cf92878d2b5899f69d35de9a84a3269b
SHA256: c72e048927c31be9e412acda830d79a2bf2832a7713de009c4583f33f5d97e38
SSDeep: 1536:GUDo4CRAJj0e9nZggf8Ogk4GuD05080FEL+TyisF9jI:G4CRaj06nZg7hkRuD05/4nTcG
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\kxPjHZSI.gif 61.33 KB MD5: d5ef5e9b2c6a5aacc025278ec4e0bdf5
SHA1: 9300584542c20cecf257b63abc37a0cb61c4b441
SHA256: 08813056ab4e63479edf3c691295ad6bc4d093897d4650f7c54049fb9bdf1c4b
SSDeep: 1536:nkeuQKbaq4TNfWlcFCvWYrHyD3Evf7B9XJ/GaVgm:kMYaq4ucMdTyD38fDpZ6m
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\K4 ZY9Ss3auLgf.rtf 38.69 KB MD5: e049f0d36014aeafb8883661bc3f3505
SHA1: adcb578cf4db5928494322aabbc626549c6ce093
SHA256: 5c0c470c1697412e37c2542f40b49476e01e3efbe2fcffac4f55ded8c1b26a27
SSDeep: 768:n6EwcXjdEnKpuNyZTFB6TbE6SQEXm2MhKx8w4iJTd2IUX1a6vez:nU8RiKMNy5uuQESwhJxLUX1ez
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ihzz.bmp 54.40 KB MD5: 0588d61fa530268587666669f398429a
SHA1: 03aaba9b2f7ca3b3d7d80a9442f49725cf277e39
SHA256: 07095c97c9ecc6a6f02e4de1a8e9bc8099c59848f4307b4359e373125668fd9a
SSDeep: 1536:rXyqqBjqF65CEFdh8ATSr5Va4erOF/x93CNTmAzFz:rXyFBO45CEOZgk51CNTRzFz
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\02540a10-7eb7-4b20-a8c7-470f8986389c 0.98 KB MD5: 7a0f04ac0b5a2e5240f2df4bd962de8f
SHA1: c709a6d9d243ee867af5a1db11b002acc6eb212e
SHA256: 5510e9f3037693a548150daa92489e4de6eeef69d58624f52c8faeefd43b4ea2
SSDeep: 24:088UbemhIwk7KD65mQBkwvLnxb35nSPRn:/pbemurKm5mQJLnxwn
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\search.json 16.91 KB MD5: af51570f258f8de5cb6b7d3a75965ceb
SHA1: bdc72b6ca770bbfdfd9f7862cf070854dc307790
SHA256: f14e06f8e0b22887b234f099e35986392e3989f4e40b07eff5cb0309e2a7323c
SSDeep: 384:BwLiamjQFVhGUPhTKxNUUpoGE5XwSf21fpiZ4:5jQFVD+xCU2nMEZ4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\content-prefs.sqlite 224.53 KB MD5: 55164d982c38d6c74fd61fdbd76a6233
SHA1: 9a6b71868adbed9936457afe0994af2fe3230269
SHA256: 023a0887180ca9733ea4474d9c5a14f906f6af8aa83d10608eea9d4e12a7fc6e
SSDeep: 6144:xFoqOPJMiPJSiKHi13K4LArxIu5c+O9uKEW4b:xLyJMiPJKY3zL4iCO9uhW4b
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl 37.40 KB MD5: dc11c3efda599ce669e6db1288e208f1
SHA1: fe3a2e0fc5b5c4a2ac26797e5a6040647625cb9c
SHA256: ed08ed3b4f071e151ffc168c1c9bdccba8036d71b0a6805e76eca32c667aed6b
SSDeep: 768:JLWDrQkzGV3V/gOgbx0669CP6jSPgAuEQOyKOh/DtOb44VVfgp/LE:VW14V/g1bxgMzPq6Oh/Dt4VVfCA
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact 67.31 KB MD5: d710d4cec491e46fa9f9b9f35bda4107
SHA1: 7ae3e2dc99890a576b867999dd98910820d12d28
SHA256: bb49bf61f2f989c88699e8117d91773caa27ac8686df29e83f16585dda062536
SSDeep: 1536:rJFUPo/ZXNMzqGL3ZCROHID5Dq16Qzwibj1XbSmmNJTlR6kxyOA:lUo/ZK3tCROEq16nejZbcNJj/xA
False
C:\\JDXYUWELWX-DECRYPT.txt 8.45 KB MD5: 55735e5afb9208c502c2505ca0f82256
SHA1: dc5b834ab5e720571fd0bb7e7f8e6a34384ecc2b
SHA256: a210b3fb2e7cb02deba15a83b09da11d74a10d94deb9c590d86749ab0f65504b
SSDeep: 192:SbzPhf4qc17M/aqIq8HMlYQjwjUbAYXEL/R0IGU:+zPhQqGqKMqWj0r+IGU
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\KqSpi5awWuXxk.avi 92.23 KB MD5: 6bce922b5670beaf3c74bf01fe4c04f1
SHA1: c8c25e225d17760bbfd31ef5e57b9583b316e54f
SHA256: a50247da4b561cad2d1eb6fdb51fa78f8da8f781c1cedc133a2bc8821b0d1763
SSDeep: 1536:x0a9SQhSDnfhotxCuEwKoHP+HLy/HvTu+tYGmQu2+n+2YHmUvSN1cugmEKbz0bDY:iHfhozIEWryPakYgulnpYLSN1KmEaz0Y
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact 1.67 KB MD5: 7a5d3e8ceaa8bd9d25ad41be3246666b
SHA1: 6734a72b21636a3b8bbaee6a81c872ba572af65c
SHA256: 95d44c08dc8cb9fafe661e79aeb33859909409ee35ecaa76649992645ab6e352
SSDeep: 48:fItQR8HtnWkP+rSppv/JLX3xPEdnYPAkt0o1n0Lq2Ed3:gtW8nj/1XB+nYI+0oGqD
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\aI_uyfA0L\oLlF0_pTp4BI.m4a 54.58 KB MD5: 58714039fc5aa86faf93fedfa325f1ae
SHA1: dd65ebbd93f3ac80951914f1a9707b1003df2098
SHA256: 8d7d731e07d1aeeabf1a512171075ade9e6cf48694755858bd0e36ec6532597d
SSDeep: 1536:zCXehbGzRdPxklsEt/jrBScOqIICJGrYac2HgyKcj2dBj:zCwGNgm8/jrMHICJ9mAR
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 0.99 KB MD5: f116703ed3a3cc106bc3f146beb6a363
SHA1: 5ccb0e88df120364e44ea476ab215aa65e50a956
SHA256: 9baea6d6b6071908f9093655f1f8e7df0398dceaca3073c14d5b34a653ce9d4b
SSDeep: 24:vN8Wyq2ZFhlJmdZlEAdcdc5lPrZfZUHVLR94Zq/IazEXc:vN81q6Fxmd/EIcdc5lIlRwFM
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KGNn.ots 6.14 KB MD5: 00e05dcfdba062833793e06897ce862d
SHA1: 4a526b8fc0ee8453c3260e4db2e99d575d1881eb
SHA256: f857d85564b431290b1c52d8602bf02332844f4ef1eb9f327aae2b5a452e1688
SSDeep: 192:tb4bEA+ZCCLX/9CxW5D6pRqfmpCqCR5Kn:tcEZgCz/uY2RY92n
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\_H Hn5Bs8BWNQr39.ppt 42.69 KB MD5: 50507b9eeff494acf93aa0b18b9b86df
SHA1: 4c5f032e85a574dd05d70a890ad224b2056773b0
SHA256: 0fbf0c025a77520b24a668d0c63bf06f0aed95000531132d5de3f4004b6523b6
SSDeep: 768:CCfzhCk415YNFePv6b90+OFMQxKahnsQfQRaJ3fiZpDXX9PSu+2V1Sop0hSE37fe:XfEZ+NF6v6bWNnhnsQfeaJ3fiZd9r+g9
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ms86E.m4a 48.95 KB MD5: ae00d764b3dbea539814faf5960b39c8
SHA1: 047ce592b479dfd613302839b570a48459f23219
SHA256: 2728489a9ae13468ef6814ca3ea91c553daaa76471c416bc4f13cbdc710111a6
SSDeep: 768:bwMrpaJf0ueCnjoNyq/IY2t3udMUjC33T7bOW2uGjd0FgMqFA2wzwicUGY9oZAUT:sGnuZ2b/IoLmbB2uGj6iMqSwvgUBd
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\Preferred 0.55 KB MD5: 3f12a2279c2bb7d87c3d4538473cbb6d
SHA1: e8d33a8ea9b6beaeb4402c47022f6458615b9283
SHA256: 02f8de746d058d268586e942b1275d8bd4b01320740cdda386979f59b574b4cd
SSDeep: 12:BN9sCXd329lJ8qu/lkLuDIlh863pv2jqr2gnlcousKC:X9xXd329lJ8BpUlq634j6coj
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini 0.64 KB MD5: 04e0c24c5350baf076cc75f7a2cf7a92
SHA1: 7141993d49358836a78ed51d428f5b38b4a61115
SHA256: e8cc1b9f51ac9b7ff2afaaf45c10011f6d3cf0beaa156bef3d5b57894ad42add
SSDeep: 12:I77N6ksjxNg2XJDfAAFxzOy9QNSVMWPbEQGU95gJd4O/Pb0C:k7N6k4N1JDYAFbx1bTGU6B/PR
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uND 5UqeHqMK4LA.mp4 24.74 KB MD5: 4a18a01d64053ee016c9d9a338b95f7b
SHA1: 3fa9cdb685b627ca51ea26788f80aa885e54639f
SHA256: 316a569176a0cf53228f9ba450898c74dd221d283d2932723f0d9f467d319e08
SSDeep: 768:XrdDlcGjULEXzMPcxxrcWqi4lA901Jwc7R04f/clVRsl:XrzKgXE2rc24aGv1KRsl
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Fio9Y6EsL9GS.wav 64.33 KB MD5: 444b6920d1ab19ba0b0c82e4dc8c7e95
SHA1: 7064fe57dc4f358a84185a4255670d7fe2aaf113
SHA256: 2203cec4ac661eb582c8e3a84857de36d8cfcfc51163da3671289d29b8a43ea9
SSDeep: 1536:6etudclacJQJmWZ0OmQWziQNh7nSoJSUGb:ZbalmPHzii7SoEUO
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact 1.68 KB MD5: e9874ddbda27c8b84b4b02262b9a733b
SHA1: 9d6f10398862ca00750a5ec1e6f1495ea1c5a701
SHA256: c8d4c524385db6eb32957dca64b84065b72337d9090774aeb8293794a0ddd6b7
SSDeep: 48:n97M348hEITY96FY60MUAByd/iA1MksOQJM8IutVOD:m348hMB60wiX1MzOQmKOD
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2yxduGc9tbtQvdoZndN.png 91.61 KB MD5: 4af027e8c26de731ef5a19d8e7dcd6bf
SHA1: 8f6f36cacacf0cccd1de6d3953ae2f72bbc1c04b
SHA256: 215109205897ae45e729014551463a03a787866917547f208a8e0ba3908cdadc
SSDeep: 1536:qTSYSwqu4nVGfV9GXdtHYN5EobrcQqViQiO6no3to/D5i4yJRnGVYhXiTYs:qoKUEVK2N5pnc/Vi8tEY4+R2TT
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HWyvWISKUb7g.flv 25.44 KB MD5: 1c8465102d80c76b841e0483b9f4a72f
SHA1: bfffbd4456f3cee50e710433e6c983fb21867bbf
SHA256: cdbc1a0bb67f97f5d2a825ea8132b5bfa1678c1a224942d2b94405cbdc46b070
SSDeep: 768:zgm/wZsVi+FlICZr+YGEjqDxrehXBPZH3SaE:UtsBFVQoYChXlZCx
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FS2a.flv 94.95 KB MD5: d1fcd99d3ae5fc46ea20f6b439d9728b
SHA1: 13734c708e488b3888fb34c91b8fb5265557d05c
SHA256: 6d4bc7019556461f7e143a23d6c5d09aa92cf18868ae9909d767bb5669bc74a3
SSDeep: 1536:18zd9hsNllH2gSSBSNTXDmne1gDo2tJKuWebyyHx5gJvvoLG:1ojaj2gP0meco2KuWOyyRalZ
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lboDsAjdTqAqpr.m4a 8.66 KB MD5: c9105c7eccc828beaefdab6bbf6c21c6
SHA1: 2c1477311c4c9287bcea8d933539ced97e676899
SHA256: 8b6a18bad06c0ccd048e1d38ff56c08559f043769b73e8565a0457066e6ca844
SSDeep: 192:Fex7jKokP/neUhpoW0cqzHciovhxRc0a/4JDuuJvEuwJCEs8:0x76fY1HSfRcyzcG4
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\GzgC55.gif 37.48 KB MD5: bd90039a7b194ac6fe3794d34959b1d8
SHA1: 541fe62ac3654e76c30e25c1ec4ade2fdaa7791e
SHA256: ab6cddf0d75fd54f1483d6e097a4067c2384ce47dfd468f76259c715e80031d1
SSDeep: 768:CauIbW5qSCQ5zfEkWHG+C7g4N+IvgEXCY5K/6bCoDbI7+dxzq3xp2qCVGe8Xg7G:17bW5qSCQ5tWHG+C7gxITCj0bqExzq3Z
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cjblLudFGCMB.png 31.41 KB MD5: 269fcf4159bb3ff46c57656c4de98d01
SHA1: f1d5e9429c556ed0439f41503a855bdee658de95
SHA256: 30c51d1d9aa15e8bab04e3a371a4104132608a04a52d90435d438c1ad6a73e7d
SSDeep: 768:YPpEOIOH6abTd4amjMQMTdBquSNt+YZmsnrsp7KCD5PSFsaXX4:6pzSvKTd6N2RpWEPSFsl
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f 0.59 KB MD5: 891774544cdb0a410219259f849242cb
SHA1: 011bc2e601b11076d9c2ce91e635aabb258633a0
SHA256: 1ae94a461a58adc148b59e16009a24d4e4976ffe92e86fc2f95ee22bc2bd6740
SSDeep: 12:chESGRiartmJXUGzj4IfM+mckNBsQvlUvKZ+oe6aIEC:chESOrtmJxjsNckN9uvKAoB7
False
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi 3.02 MB MD5: 9c43c76650eacc889637dac112389695
SHA1: 6614bf696eab8cda5e63fec4c9d5b6e80fcce6b9
SHA256: 4589c150c1839faf037d3a4ea7658e10fcec3241b546f47951ef25fa5d9d19c8
SSDeep: 24576:6FmX9U24aUfFn2ymMLvCAryh4r6MhrtG88BFzOHObTvNpRBH/vV:6EtkfXjLRGqrM80KHKNpRB/t
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\localstore.rdf 1.78 KB MD5: 410c60d655aa3b3cf15dab6314be7fc5
SHA1: 9b8033092e4a7a77cd91408d690ac4ef1b994aac
SHA256: 0d0eaa81db7b01ca19d42d3519b99f5adc612085f3c68782a213a52e3d00c728
SSDeep: 48:+ni9Hzp3JjMlB/ZPFYg/zhMpldIi7839sDgn+x:tTpoB/tugbhM1T7+9sMs
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\VVk_rvAnTcgN6kmmJ-S.m4a 66.99 KB MD5: 879c5cd47d303388d1d5ad5b3723f22a
SHA1: 1428089cc6ae21087194c1a91f6ca9ed49751b41
SHA256: c34e51eb9b1a7ea9be30a2fd18aead533c8a3e5c5d2327a388952847d61a0123
SSDeep: 1536:j1sa/ttSQPxletg4oLW6GDV+6kOG4QFxkkSwKH/:j1sa/ttR2tiKJl7EkiKf
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gQhG.gif 11.75 KB MD5: 61b4e4fd1bc18ad1cc8fe37dd8a111b2
SHA1: e7203574f3d136383115b9c515955d3a974328ce
SHA256: 6d450ad2dff84dfc9d75128de71aada7e90dfacf8c6e21de9b77561a7022cd51
SSDeep: 192:qz7YV6IHaAtc0pcC2U8VeRXxUZuxxJmCG6dV5C8DGcxUsZ9iweSTclma2fvvcKw3:qzevHjtRpc3U8WhUZuxCCG6djCOGdsZO
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact 1.67 KB MD5: 335000ef9d173d01855159d86088f7c2
SHA1: 86d443b7284d9e84d40c182fb6afd1e8dcdbfcfd
SHA256: 03bb207f6024e779ff7ec826c1b7bb6ecb32c23c91c71bc115dea71f17df460a
SSDeep: 48:Fdk4KianiJlnZliEmiVc047oxSM2TG+6/KVXMD:FdZKimiT/miVx475xlM
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata 5.80 KB MD5: d7505dfb6d734da3e2f62a54503f9b8f
SHA1: 59e962aca5dcb375c7b717ec9b3608bea6e351f3
SHA256: 0b6eca09059106b0313fceb03114d6fa49531cad6026dcab90a8a8ab5a6a1a37
SSDeep: 96:FsfsTEWWHy+oDgvLV/z5lqnH9XaHwNQ9xlF26kRKwrZuKx3WzNI/XZZoOhlWXH:FsG+o2G9aHwN6yXcwr2z2/XjqX
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\euXdiWkWMMlS.wav 83.74 KB MD5: 98b72f06095e9abf6749d59d0cf3af03
SHA1: d530eea71eef7099355ff96b1d69d1f8f5bae2d5
SHA256: 0d5a7e4a81dd974c13ab6ae56cd653a6b1a4c20db7f434897de156e6d7b24f97
SSDeep: 1536:S6avhJmXkV/1oTqSxYPHC3jzLQSXmSgc8sCH2SeoxplMKFdJKt3cs:gJm0voGSAC3jzLT4cVTOxlMcs
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\places.sqlite 10.00 MB MD5: 15aa05735b8b78aaf876a997b1df2e1b
SHA1: aec267ac5425d87fd02375abc7d8b09114626841
SHA256: f60466534f218ecaf48ac02c29d627fc5bfd91fea400651d27203712a73f9f4e
SSDeep: 24576:+uDBc1H7zHaEE3c4S64+sxVa+RcfBEZ+wR1xu/iE107:+h1bU3ZBMawcfBy0G
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\key3.db 16.53 KB MD5: 5cef38e5290c0f61d14090c2bcd3ca47
SHA1: 8e66b75c9414c7598bd4ebb7c5157b44a2036255
SHA256: 94aa60becbbc820b91a9c49e7d2615000f8d759a9fdc893d73f793b326e8121a
SSDeep: 384:AvJHelrndZf2Lg4fIAxD9KhxX6mMFZzak4BpQjCCGYauRy:AvJWeLgcxpDJFZG5pQjCCGYU
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\signons.sqlite 320.53 KB MD5: 5b66034e7f5c83eb2ee76fcb2b2b9281
SHA1: 6ef4a23de9b4b227ba2728495d2a9ed1abb003a9
SHA256: dd1446684c1bcb7e87851e33e5a78b0e2fadf6afef921a6dea3f1d1617efa134
SSDeep: 6144:XRUWgjKyElkx62ksoINVO2YI3i/UzRn+L4QAI3xSkcyEo1CI7wb440Mr+ftUHaP:XR1pH2FzzVPSSR+L40SkPEKibD0MytUS
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-05_5.json 3.49 KB MD5: 9501f21a9a00bb67846472d5c5e88427
SHA1: ef026a94b174dd6f55e8b4b20ab329a37d847748
SHA256: 57130e152c2a54e160966ccef4a52b9c829617e0d30eb98210925eb177881619
SSDeep: 96:B5HlNEAGJk3vt15xkIQXXA87mIWZ+tPQX2uac:B5rGJk3vt15xkxSIWZ+tPQX2Xc
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SNZnJAH8yum.wav 15.19 KB MD5: 4c4095389413abaa16ae3989534a4189
SHA1: daef240f25b52444a062a3363dc07c6df5bab6e1
SHA256: 62d81a2f3356d7511ec2bce7c4628e1e2de8b227910bd8eec8a76c12c9ac1fca
SSDeep: 192:uNspAm5xSSLZr7Q7PdbNNU6zTiDeXlvl3OfWwUe1KkZFaLXsg4WCFqhlquWMTFt:9pb5wSLV7QbdbrUt0dkFa44CFeUsFt
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\MSTuZpty_Rc1sF5.bmp 41.67 KB MD5: eed13a0ddfa8eb0d3472b82942ed4b38
SHA1: e7374ed3bbf7ebbe18ca97f74ec575cfaf66f20b
SHA256: ee07158fb02893d340c63be0b9400a39c620ceafc3ab0064f5aea367b2cf5d10
SSDeep: 768:AQN2if4SwOskzcQaxsVqbCr+JbBKXEzIH901TJQdctIb07g1gZt47xGL+x2Z+E+:AcZwOskzWxstr+vKXbHGxJxtdgWZtcxx
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cQ5f0X_B MzbcM7.avi 71.11 KB MD5: 0bd2d353cfa8d234849ba4dc04ca5b4a
SHA1: 3972cdbefee6d7fa1a0269c27a7f6d4f44d08208
SHA256: 392af25ace0fee8e5561f5dec2e223614244e0b9df53d883831a91be20035f58
SSDeep: 1536:SnGv2WPmd4mlwVvG+feYju2LsLlQkPxCZckKmYXEQ/:lv2MmSGwVvLeWu2gLGkPxnkLYXEQ/
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\compatibility.ini 0.73 KB MD5: 38527ca319e3828c0ddc1db5f0a7cc15
SHA1: 63eddf70c4b6b2e9ac1165c683886260e26d7e0f
SHA256: a95d062c05783dc39b9d61af98c8d2077335a78ff26826e9d4d9af11ff505432
SSDeep: 12:cigWzGruPAPB/XxPJgGKNCdZ2JgsRF3kspwDJDGE9+CTgQyP5RWyvOEhRmhJ5Tdo:tKqAPVhPWGXKga3RpYGxQyeyvOEhg5o
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-16_5.json 3.49 KB MD5: 22cff880c27511a9424acd673369659d
SHA1: 81b32a79ee07bd0fe714b54114d0a01fb17d74aa
SHA256: cf0ce6dcbab3a64c501ca20afbda41ef1e9fca3608f834d5f781b80d002864d6
SSDeep: 96:43oQbh9nZ+fwGIppcoyknMaIq6K7ped5tPQnx:6jhlcIhrlNnbRl7pejtonx
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cg3OQ.mp3 76.36 KB MD5: e0f07a90127834b6b3245adbc3eccfe8
SHA1: 90a269e4c10c6e2159f289facc9d153d614644aa
SHA256: 6582703a9b268a416ac57563445d80ab4c65d9afc1bcd80b1b3cfe28cb355566
SSDeep: 1536:+mKCOc9NpX69IEEo37iQhGZgtMzh9WVD1dgc1e2zk/P/NpaTrkNtA:5mc9bsIEEo37iQhGZcMzh9WVD/Fe2zkQ
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl 1.44 KB MD5: 419f53b5a838b61b50c100efcb5bac29
SHA1: f641b1dc1246e38e409182b0010dcdad8e8536a8
SHA256: e37ab410792f6b082888ef1e5a42dba775cce3543b74374c424cf8b4e7e9ab9e
SSDeep: 24:2yLX+wJPB/KJ0DANwOEs0NmoZrY+bf4m2HF4DIYgK0UN0KDNBNKijHKDoKL531WY:22uwn/QNnEsgmIrlD4m44+KlmKhKqKDT
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.js 3.47 KB MD5: 6279c6f47ba681febd6a2d31fcc65d57
SHA1: ad33993e77dc9859a566bf2c400b80951ca49024
SHA256: 0b1c4af304c4710629551c7eaeac295b7e9221acd42d2a19bebf67ec7e2d46ee
SSDeep: 48:q/MdSjJzaEjAv8d6rZyySEW+sOVADfYxyoHwwZil16MZmz0RkC0QXXY1qYDms:q/M4jJzFAv8+iEW9OVqaf4R3KKXkqYL
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aG8T40Qxf_lp30_qS47I.xlsx 31.02 KB MD5: 97b8e6c9266138aba68c8eb033db39ce
SHA1: 8a74bea6adbe7a2defda0c34edceb6c1c1dee67b
SHA256: 294b5fee4e57a03c44194b91d1ae7b485452b537eed058f02acaf02997062014
SSDeep: 768:kSOZjTcqYgdZQtrKt5uG0uzPm7bjI8UHzPwaH8XahrehDobc:zOFTfitrsoorm7bjI8UHjwyIhoo
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\FS-LIb.flv 56.98 KB MD5: abfdff89a7801f4bfa8fdac232bef7c8
SHA1: 5ba0e4752f66ac28177e287883081de1851d1ef6
SHA256: 6dd1bac119b886273340f1f3f70442f7d2813dc864b1d7d10b60956d17c6a7dc
SSDeep: 768:LyEscEfvXUzYNR5OvMIJ3BzCTNjoCZqesMVin8Tj41N1y9ye6U58MyDtV0impL:LkXUzMRgmNf8M+bD1De6UO1tWimpL
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\rk8AFcHDgHmtg.mp4 56.78 KB MD5: f32b2f429548ee93a675b796c3a8072f
SHA1: adab5b4a058d2e407a7b54128aaddbe075630154
SHA256: 00b237cbef164e1ddd88ade53258118d3da9ea625f7830b22d7aa711ce898e14
SSDeep: 1536:mc6sJKYLkS3YjHAbDQ+IWoRbrft0KLNJhDz4n4kUug:mc6sJrLX3YjQAb2dlU
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xljcThxNugCCh57P.avi 69.97 KB MD5: b38da5bb10433c561c57542720bd24e8
SHA1: e9eb02cb15ac75be242ef403960201e4de0ab2d0
SHA256: cbf17666bb30f0646fc31400d373c026d8b285737860e25b9a333a223fed2f4c
SSDeep: 1536:D8Qnt/VEqTw/T3tnrz5+LSgbH0UFKJQBgWkyF3:gQnVd2t5qXwJykK
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\iOyPas ihlRd7U.mkv 24.53 KB MD5: 5ec9cdfc6305e97acf6fc02fb07a1dc3
SHA1: ec8dc74d4166194645f5cec28979108fc44b5bbf
SHA256: b1fa0db0b9348a8239011277988fd1dd7cc0112b1e67a6ffc956cf12b5a7b043
SSDeep: 768:3/sk32c0EkaKKbAWeXGsIurFsQqv/eMqMdJrcjCqMb:3kE2cLFbASahEJrp
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT 382.03 KB MD5: 02630be5078e2486e53042bf7c16308c
SHA1: 4cac7fa30974c12de7c1b6de4b51028839a74a97
SHA256: 8de33886100682a29d55f45bc48229b8a15375770741fdb8d186363daaec8ddc
SSDeep: 6144:1qjDQwFvzHsgWHpsKYnVg+Dre8p1EpdYu3b2HE0pb7HhJ6oK8XlA6q:1q1dspsKYnVHre8DWB3iDX9XlE
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\0e15476d-d8fe-46ca-8099-ebdcf80f637c 0.98 KB MD5: 0278ff553eaa5703dc9b4a8882b06a78
SHA1: 8846fcf5c20cce4b4fcb059c315fefb2f6689fbe
SHA256: 6066aa88f972d497c7ca62479f4c04661bba089b7cb8bd110ca4769b8a77a2cb
SSDeep: 24:cl9n1mGRSM9h7+afGCZ4MkqqKlRs7yxGjZ6dM:k91C6R4KlR/xNM
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pnn1.bmp 63.56 KB MD5: a51b69b7c43b0f7bc0ca219dd47ac943
SHA1: f84d3f24984cd180db2b2eab9b539a821bc1a827
SHA256: 049cfb1448505b7ce5110ef91df49227681c180192f17a639a6b15fe3c0b47e8
SSDeep: 768:JGEox15x1J32wQjo6JY3IG8b7Bb27o5sPa4o0SNanZI5UJ9TNRmE4pTJNuvmXoLE:AEcJ4jo6sb8c7RPQISKHZ4pN8vn7990
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mnaMfy5O.mp3 20.05 KB MD5: b8b06fb2ebbfa75dff89e386626c799c
SHA1: 4b7b6fde95c720d74f7a8cb7db5febe08a3ace71
SHA256: 6e8cf1577d927841b5ff7d37f6210a551f7ac3d6dbbe8f19ed4aa91301f5cfb5
SSDeep: 384:hNO7TbJwWaqKI1BS+D1euJ3KAW6i0vrIg3f4aUQjw3LxM/vqs1zNWb8U+ePDAXHf:hQ7T2WPKI1BSg1euJ+6iorIEvUQ83Fj4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm 20.68 KB MD5: 93c01e7128143696197ff3668954d38c
SHA1: 254e8c6becdaff5538f4203ad0e693ecea85abc9
SHA256: de76191084a127365d3c4be319ec5f67ef1a63808ec12bd1b579e6f544426d30
SSDeep: 384:ILTcfw0ghZAeBOmi9AtQi2aO9U7y+zc/y926SL+FRZysRPA/zBV7hYRWuc:ILTcBeBtiVU7y+z86SOtA9YRWx
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\n9zuIgG8PG8NzTr-23e1.flv 5.26 KB MD5: 83cdc7c705635a22207114fe79624b75
SHA1: 716b120c5788c61f850f981d0aa869fc042538ef
SHA256: 4e3865514d388107d010f26a020b40312ca1d7e742761fe5a76151e37b654654
SSDeep: 96:FHK3hhTTbVTVLYwIle9+McSW58owE+lqsA0w2JorKHvpMGUzeU3:FHKvTTzLYHqcS0Jh+ldhJsKPp5UqY
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\index.dat 0.58 KB MD5: c6f4bd683dc54cb1fd9cb9b203538e6f
SHA1: 48f346c9a9d918d317a36271896cad8581ca6aa5
SHA256: 264fbf45ef3d909021a2f2ab121b529ebf20a02ad4125eae44506c3db61673e3
SSDeep: 12:SZbrZaw2iSkIawzMuyW9zX6jhu3u1Ls1ez9QXHLZpYEUtCC:SZHZDPIawf76k71eyLZpYTt
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\lRnyKbLLxwSfG7-F7T.m4a 15.96 KB MD5: ea1fb236c0729c4b5b421ae412b1b0bc
SHA1: 76be2e99f7b5b86f30578e3895ae7f9db66679ed
SHA256: 77a6b716f00ff8ee4f71b2b399880a09a8aecf78f8e953e067fef2c698945ffe
SSDeep: 384:u0ZX/aYB8nnwYOd1p6Z2KdqMosafwVGigq/5MhOwSjQ:u8Xi2Mw7d18IZsmigqhXfjQ
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\2be989a0-16a1-424b-9211-51aa3bb43e5d 0.98 KB MD5: a73241725d8abfb3432b10ebf9539631
SHA1: 1f997d21809989e8168b6f31c96f9a80a256f2a2
SHA256: 4ae046283036b16f36b983ce2355d280c8f6acf27033f3fad4a57ff9828e51d2
SSDeep: 24:U2qwTh0oZzFxJOJ0Y85iU/sRnZy7n7WoJqEzyFz060Xdc9dG+Up4q:U2qwTh0oplOGY8h/mU7n7XYEzylp0XdR
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XwlZ4_3gRYpi5hUPw.bmp 78.13 KB MD5: 62cce4da9bf1492ef5d57b591b4f55ba
SHA1: f16e63f7fc19af3f4fe7143e11114961c5d6a023
SHA256: e7a96838e7e96dbcbacbc6111da5ef968bbbaab49724808344d78619818a33dd
SSDeep: 1536:tOFkGYZnYy5WUkZMK5Ft/RnBjd1eeareI8gUW/JFgpFrQXQ8w:AFrYZno/MUlI8gUMCrQk
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\54dYL8epc8labEL-yrrC.gif 44.87 KB MD5: aa426e47802181cfde203b1963ece7ea
SHA1: 812614ec52a2dd143277bde26c60f65e353eef05
SHA256: 71da2eb7e9b6b88f07a3f471b29c641acb867b71399a16a32ab808314a253ab7
SSDeep: 768:H/Z32sZBkFzxRudtPCIppVHFCah4SXWz3LaINS01IBkLTxaQwpKze0nUKkdE:fZ32sZ+FzaPCcFzqqWz3LaINS01hTfys
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\permissions.sqlite 64.53 KB MD5: 2f5a22efe57bb5d9d97053bd63553ab4
SHA1: 66662930261149e2dd368ecc066b0c5759f6e2a3
SHA256: f737777b9bc541b116954d637b742417698a46e41755ea2225df076696b56ba7
SSDeep: 1536:PTHLhfA0I/oedPAl7aJW6PTnYsIlW8SKhfZgxWD1wB:LJA0YP1YgT1TwfZCm4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\eyw zkgWUdFIyaJTef.ppt 25.74 KB MD5: 201531ac959991f82de13a6cfa66da15
SHA1: 766a6d4cb6f8face776d345a93a64c86ad2314a6
SHA256: e2abbd6bc35bd2deabb8e03883049404105eccead38974b258f51957c56054c6
SSDeep: 768:b14vvcWbVO2/Kwkih3R6f/rlQtkrZnNNPsYcDP:bWvUWbVXiihQfjrZnDPsYIP
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite 512.53 KB MD5: c165d3d6e135e4df41d7cd959cdacc7d
SHA1: 522510dbc8c984b77e809e9eef78ade75c673a39
SHA256: b09aa96233ab0b82d497a6c0ef9faf7695745ab5eb3fedd581da7920428fb5e3
SSDeep: 6144:GFZ0qvnCEzrrorEKHp8PQdh92FaL+b53AY21X28+AOgUrZQhMC6M/wty3Q+sQtXH:GFAEbqd1Lgvm28hOgrCGh7Mgiq3zEAg6
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f 0.61 KB MD5: 9c6a58c9fb0c5266c0cbb85b5dbf81cb
SHA1: 2177373350e0cea3effc3d26cb4bf3625a019b44
SHA256: 1b9a11cd1fba5f4f0483cd0bcabaa08c5c6d97c54c7e56d41606a5f3c8d0e300
SSDeep: 12:ITUxH0fGq7NL4ttjzQlvB/I2MNGQuNse+yywDzmGe7kwTKC:ITUxH0+AgjzIpqN/e+ypmjBP
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\q6c_NQXtn.avi 12.92 KB MD5: ae48318285e88010a299e42ad955affc
SHA1: 399c659c3afe630f3d5896ee22afc51d6814aca4
SHA256: 54444ea451ad471018c197093c1f08c387c69cf391006d5317eb4e8775773032
SSDeep: 384:grVEqwg0FYAGpYYdbYwh7wco66LpgZk8cBL:g640FYFMwhkz66d8kr9
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\sU-kB2TykU.pdf 75.10 KB MD5: 5c14d94d2f10fd9a0b96a41943df6b7f
SHA1: 8afdd89e57d65978b89cd7b46890446d9bfbc1a0
SHA256: 9ab490012a9b1095d602e4b07f08f78b21dc322387676a226d3f592cc6747f11
SSDeep: 1536:Ie6es/xogDyYKxrz6dwFsHLNU6mdh1yhh56Anw1zwRyL8D59SatRta:IeRGxoRYUrojL+6OM56Aw1EyYc+ta
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\prefs.js 4.49 KB MD5: 8b65ba64099b0c470da2fa9dac250985
SHA1: be2cf7679105f658098a8c891c4a09c56fed25d8
SHA256: c0b5cbc7d5456e26199330bb75b0694369e0da50ad5521a1a7511f5d2eaa8760
SSDeep: 96:rHMvVYNE6M/+hRTJsd8hV8cgoCize0pSFuJIvf1ALuW:rHWVPDWhRTJsKscgtiz1Sn4uW
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\NjY6Y3RUANArVC9i6_.pdf 3.17 KB MD5: 224bd8465cc8057e9b337969617ce701
SHA1: 95d9a32ab2fc84573c56c0bf5cf10f236ee9b8e8
SHA256: a5baa5effe73d05588893c1a3168d9016eea9f7442e7fbeed8afdf9a8a173e25
SSDeep: 48:TG63xJbZz3F8/Gxcc/MwSIjfxS8e89OKMoXiE1jScCdfYVJa+s4z1poMscFQq:nz5F8/40oxS8xBvVpIdfYVY+s4zofcuq
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC 0.53 KB MD5: eb778936ecde4c398848bd8c59f72c5e
SHA1: 720d385b93885fff6d43727e1aa5928644bb6d0f
SHA256: 247d17d6a21dd0a05157c096230ad164c7f579b5225730811af95e67698ea258
SSDeep: 12:9PD2x3PvL1YATCoCZqTSkvu1HX1Z0JTGP9zrHeV5Tc+ldnUuC:9KxnL1YATHXWkv41Z0JTGP5rHeVdcanG
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml 0.69 KB MD5: a78c525e643601df085a444bf281e18b
SHA1: fe0f8727ba67130043efaf50af036625f152a4e2
SHA256: e8e7f4aa7ae6a730d9c3553120915167762d6d6e9861b9396f701f5bb7d1da51
SSDeep: 12:7nk4/GNmplKMIPoEhq4tdpov2CO6U4DZ6VhjRBxax/0YimUaatwRXByYd444XpFV:7wmUMhEA4vpov2CO6DZ6DjRGmYiXuRX6
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\marionette.log 0.58 KB MD5: f61f4cba2a0f5248665e168e1d492db0
SHA1: 2c75186395e9cb7905f46bb835d3543f5a0363d8
SHA256: 5e240a955c71acf770933c6d2892fdf57f899162da5d1d2fa4270b64703c749d
SSDeep: 12:FiIuB6bwVhUyWT/V6DM3yhMpTgIJ18eGkdyR6aoBfiq36lxSmw/C:lu0shUymUXWYezaoBfJsxwK
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\aI_uyfA0L\BC9b-07S-O7vcOJ9e.pps 75.05 KB MD5: 0671f081a9e83f66901e077f23e947dc
SHA1: ee9bd346cbd744e935d319b4e19bb66d554d98b5
SHA256: 12e967231c4219d1891adb46e44dd969a9de45574f0bcabb6e24796c73b40f5e
SSDeep: 1536:YWGgpo0fi8BlG1yj5p8zXljx52MImK3ha/V3YrIKPdV03nuSRn8np:YWGgq01lgyOXPQ9hOoV303u4n8p
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bejNW0w.png 66.51 KB MD5: db063cb97caa6a1e8ab0274006274804
SHA1: d2f04fbac40c9009de1735e6de983e0a2c75ab45
SHA256: 2765943e4d5c8c58451013ee401857f4e837971528b5f9ee210d9dcc00dc3d6a
SSDeep: 1536:h9PiLFgavHuMlcsOkBySckl0PpBwrw5Z8SvEgan0errPIe3gy:rPW/VBO8Bc8upWs5Z8Scga5rLIeT
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\l8fxtgGX7q15p s_b.gif 6.34 KB MD5: ae000508ddb160c7d5171f87642a5e1c
SHA1: c772593e5f8f798c5591bdbaa2bf105c5a3163c5
SHA256: 553124be5d6d39039c4737b24e9d907df76a08765bb891e9da0455c2349cfb94
SSDeep: 96:/yeIwyLrt1j2sAOAVwL2LJYiAyMb2t69d/5q/GMsjsgyS/wYOoMsNXPh3z4FvT:/cwyLrt1bAzERpd/5q/3e4YUqXPdz4p
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\downloads.sqlite 96.53 KB MD5: aa92596ef47ee27cdc4776e9ddc20b13
SHA1: 323ff0bf0e67c0c2b2d2b974fc1aed6dda04ca82
SHA256: 94a38e9d8457aa16fc19779fa4c6ee23cb31f28f18c466388c7539630b6e2814
SSDeep: 3072:+Bde8nUV4qluQLFom4X4Xq44y3UQN5K8H:+i8ni4qA4Xqny3UQis
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bArevy9ogsU.jpg 32.90 KB MD5: 3239766b0f87e3440d21aa596d35ac8e
SHA1: 5d2051f0ca06c94d1c32f198a7e240883630d226
SHA256: 1451a58706a34bece9afd9e49b7ee945b71ca33819ef16b8868cb44eefd1af99
SSDeep: 768:1DINIKcLP0HDYJwTCM95UwlGyoaaB0iDdlkhtNOyHyKn:pKkqDYJynXs1lBTo7f
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Xq3c_DFoHTXbnL-jyfH2.avi 8.38 KB MD5: e614b71a9388f519dbb7f2fd47cfd297
SHA1: 286e5a36e0987cd54f74d8c3cc142a0f3288011b
SHA256: 890259c47bc325f240de7dea4b3e95666a5c1f56da566d276d014a1e6d540dcf
SSDeep: 96:0/Kl+vIagzFeOzXBgSlHFwA4FqK8rIMzaK/XxBnAUK4PcGHBnKhXgJVycOFmI3Wr:0Cl+vTOzXeCJ4R8LJZXK4xheBHmnwdZ+
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\TVOje 2c0vMXc8EvuroQ.jpg 93.66 KB MD5: d93d0cb1468e566be028d6c8df28f607
SHA1: c26da4c79940b1b3652d7c0b6d6a793a429ece1e
SHA256: 6d029b07c3e7985b6f69a7b187f8bcf2bbf8a1d705bd4636dd2725be36737c05
SSDeep: 1536:4E1Pz4oFOoO6/SO+yW4bORTx53UFOBht5DOLThmdXn1oRt3ZQ0yEeUW65JV5qm:lDOo/SXWIxRZ7jiBM8t3ZuzUn
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat 32.53 KB MD5: a70001963fa6a91b9e1db28328ec2077
SHA1: 582fb910fcd16c6dd30b666161f34c96aace567d
SHA256: 4cd02d81bd36e16cd291e47e143c8bcaf8770eb5a35df233f00192223db72981
SSDeep: 768:x0ohgL8NDm+hNK+CprBjFaqsZndT4CMNiEWpssE/wHYQLQzCwBn:u2ZD1H4r5FaqgnvP/mJCYn
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\0IjOhW-BzQ.flv 39.75 KB MD5: ddac42f0d2aa1578af9170ca7c7e807c
SHA1: 9993be29d2c8829d8e0a9fa10fec2a98240bd3b4
SHA256: adbdb25b80e0a473531e8bdaf88e8a0cf29ca0b888c54a2ebe54ba38bf6aa569
SSDeep: 768:qKdkpDJrz/WeheLgztOEETkB3C7WG926PGGYZV2J1FbYgD9vQPaf14nLc0:q6gzOeELgztO8A7C2LP5D2no0
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7_yDsf.png 81.66 KB MD5: bbe6eda935523e68288160302de902a6
SHA1: 2b3c8948d1b2f5cc83856e175a99b417c037cdbd
SHA256: 0dcf0627acce39f32eb3c5f0be52c9663593ad491e145434638dc96961a8ba8d
SSDeep: 1536:EuE6IetrrJ0mNp7gSnMMXPfNc99lc6nOeWf/G50ydKxLqyd/2aM6nW:EobqlSnMAcPq6Oe9WyMLqyd/fM6nW
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xdULuq_93VeB4azhBJS.swf 13.14 KB MD5: 1f7f76f8a6d27d1498659d02bafba8a7
SHA1: dc5fc298af3f85f0fe8dcc4069a54c46d628c5f6
SHA256: c614e2560c1ae345d2a3d59c19a6888f53179f148af34481c1ac54063b801351
SSDeep: 384:aKO5rKlpzsuKvxowQZUFZcjNTke2m+hG5uX9:a/Klpt6o1S4t72K5o
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ZEkmYRlBMNQb.wav 7.37 KB MD5: 026ee7c5f18a72008e385d658aedc9ad
SHA1: ea85580de87b2bff9a9de7187ec2e448523bd1af
SHA256: a31f6cd7ed95c5730ec9b398b36e10879242c0548aead4c2af763af8268c9cc9
SSDeep: 192:Ci/80vOBbOhx+jkKasN7z9gsgROtNLgSZt3Atymq1:71GBShAjkw7zmfiLstnq1
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs 3.03 KB MD5: ab9f965135360eeb48fb0a07e7b45f69
SHA1: 383d4ab2825fd98f3efdaffa6b6620549162165e
SHA256: c4f3f5d00c988f4d42035a36e7405a3f47a939995afd86ca5b34ff7088f8e3e7
SSDeep: 48:xl3xOh7ke2JxjmeQFNCyuxBx2ftHU1hy7dV0kDWxN8qn4x1gy9wKgveQ:33Mk1WcyuYt0187PdDNj2EwZX
False
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim 10.00 MB MD5: 64b2c2f958e670cf8293d6a6ed01ec07
SHA1: feaab98ee497f718c27f8ac7c8faaa605ed2cd73
SHA256: 0956b3025baeb25073910e72b919e4a133fd1d938b0e35c516f762716d0cf26a
SSDeep: 196608:KogiYJEwJ1oXgdL+PUl6xqojQRljrffo1feRTC+JO7MAVgqBpiTGWs:oEwJ18yL+cl6ZjeljrffowRxMMGciWs
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx 3.99 MB MD5: bb0208e0e318a0bb90b9ed59758bdd85
SHA1: cac87d7fa6e2e628e129c0b5497efedab748d78e
SHA256: 89c2e1587cd6c2a19cf5326e4b29690b045a789351d632f210204bc69ea375f2
SSDeep: 98304:23QOJFRb+u3laOSXSNMWwsi0qLJHxRMFb6vPkEZuwW5:23ff6ulaOqpVIl6nkEZI5
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\BAFRApab.swf 14.49 KB MD5: c82809e7faa98973ebd17722e254633e
SHA1: dc4853d08d409dc01b4df80d8409f40808105912
SHA256: 6dea094f3231aec5573feb7fd799606733879fa7280e83e5ac9899586eeb61dd
SSDeep: 384:K6rJKyVf80vg1IeFJvBhTbNjPyn1FiGHYSOOSTIUh:K6rhVffg13Bh97GLYVOScUh
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wVdQ7Km JzSr9VkDEHs.m4a 65.64 KB MD5: 1ee9abbab33fb0652e7aba5fe5fb3a26
SHA1: e20c5431f2b458057abcbb73e2210611925ca4d4
SHA256: fd2beed0153c22874ce765055c6f617e102b6bc8b9f7f73325396a5d8fa66d81
SSDeep: 1536:6MuxOQFvCw00Rv18RAF1hAu/36fzXxFyF8FvAxCwxNZD5I2emi7G:6pbCx0x1kAFcu/36rS8BwRxH2l7G
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact 1.67 KB MD5: f384e73e69aeb3e62ab740414525588f
SHA1: 9c26802829fa9664e4abd13d0faa7be8d8a45f29
SHA256: 723e6cc191551d63513e3d26e5e140388c45e0b223c4083b48017d08b510c6d8
SSDeep: 48:CuWEcq+yt2oeZq0KAtACmQqF1U7r45ZLhey0dCNt:uEcq+yt2Zq0KAtACmQqwf4rUdCf
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\SYNCHIST 0.60 KB MD5: 1b77463a30328fafd68d4342c5bb5831
SHA1: 9b6fc08ee7e172a82ebeb860701962659cd60873
SHA256: 6f38a54166ee5ff8a951cc34e54092db176ed8b6a3539bdfd0a49f34ecfeb056
SSDeep: 12:s+JmiLZGNkKup6Dt0lP7xY3Gk+2zeX1faRs6woaC:giFGXtaPuDleEtwY
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\V3mLxa zbY.png 95.92 KB MD5: bc35d1d04cbe072449f350caf90913e5
SHA1: 0e626c3d6d4f7c7e316f82e3b19201039d30850a
SHA256: 377ae942cac6dd8947d2a6cdee6a1d6a096e091467b521b2dfcaa88ad462ebd1
SSDeep: 1536:KSy+lke8urFTCO5z/IqHlU2+z/ClDCVUVLFubDbq8Zc0l0bxTE35+lXdDpHXDzar:O7QpIqHlU5z/ClccKXq2cM0G5KtNHXDK
False
Modified Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9 0.98 KB MD5: 167b6196441a4350783e4974b9fd5d78
SHA1: d017ece756a0b2a4c16fcbd69cae6762c322f04b
SHA256: e883af822e579b867f21189b85c23e84a1fec33b2511ffeb7d51c9ff81a3acbc
SSDeep: 24:Y+hAg8qPFDjb+FLo81q9UUFsf9n92Luugw7v7YJepyVail:Y+hxFDj6FLZq9Uf+Ll7v7YDVa4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\A_7eD85g.swf 20.63 KB MD5: dfa7e1c336c5af7ecb6ed3d4fd0a4171
SHA1: a5e21ed72b7a3279682099fa412cde4a28531b4a
SHA256: eab717037fc3353e965a30c26d32349309406987ab6ea4173035f31ab907407f
SSDeep: 384:sHqCCb5xM+qcuj/61U0TxWYJ7XaFZyTmYCYAZHmVZHyGR3B:sK1Lj8/613Ta9dYA9mvyGBB
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.xml 2.94 KB MD5: c5347de8c3a77fe0a20e9577c91f9f8c
SHA1: b90e8855ff39e89400cbc449debe275c033cfe74
SHA256: f9a2d86672c49ae3c7954df649898fc8e077dd2db21f8bdd35e446708edd1c28
SSDeep: 48:NRWm4D9+CgRL3DC9OiKfL6hverD7Jen9gagJ+NIvBR5QL9PbmXG7rnJ04eXAzEQX:3UPgFCZQLpr/JHaY+NIf5QL9PyXG79vP
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Hzi4Zxo_l.wav 31.06 KB MD5: e50f54b1c4160728f2f1fc52fbe6cbcd
SHA1: bae2ff7392b758dcbb46871cb8464e4cfc87b485
SHA256: 14a36a350c9dddc0d6f55e497bd67d1dc812e999507e5e275f702e2c21539c25
SSDeep: 768:C3Vf73TVCk/KV+rMKS6jN7AKHpC9xM00fLA/XqjO:e3TMHkJSgN79pCrM0SAyjO
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f 0.57 KB MD5: 01d7d392966fb33307f7f63a27c8c014
SHA1: af62b93e04bc6c276dc9c56c2152c19416dfbd86
SHA256: 9b7329070c23445a17de0f1da0be904416870c0b090d1c42617e489031999674
SSDeep: 12:TfUPN2KPDUBBq9zKb128jUbaqvyA0F7B4V0nk/adaCcfVboX2eV6lBjWcC:TEN23q9Y1peURg0nOkcfVcmg6DWl
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js 0.54 KB MD5: 837ae79e3b141346f28fd0ce36d7655f
SHA1: c445fd8c0a890b9a17f9bd0cb18b985efbe79aa9
SHA256: 10821eeb55f8e4ae18c2ba7d76ce0ef3028b00521c9c821b07c036bfe0ca90d6
SSDeep: 12:wyv4QobRUXTLCPALVCrNYfgt5Vu6ov1QHZs8An1O21WBNd4EIkC:wG4byPCocOw5qv1oZs8AI21WBNd4EI9
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\rXJA_qzjCfNd.mp4 44.53 KB MD5: dd1b39eb803dbf542978cdfd221dc799
SHA1: 9042654de7a22aa1b757229c00de649876905fd0
SHA256: 830185116d2ba2a29c1f653df1c7f16b1b72ecb6e2dcc5db197619a8d35d6731
SSDeep: 768:2OcRJ7E/oDYXtwGpxuoaLGdVWAeo5Xy84styUnohaCjbe8RsCVZ87/76ihyYvRvL:2NcoiZrKLG+0s8VtyCohDbXvZ8yihDRL
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\secmod.db 16.53 KB MD5: 7f2c138fcf5563b568f8818a9a78c9a8
SHA1: 7521eb0a497a0c16602134fa1dc17712228ca8cc
SHA256: b63a845baf89ebe3d9c641b6041e6945522de72a11c4070725cefcab83164c46
SSDeep: 384:grzRpt1HdSmmKEmzrUte57egEfwflSTqG51ZLzVuxrWYwEexgEE1jb:gr1GmjnUE1LfOqG/ZLAxyYwXE1jb
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\102a7bc8-3f85-4bb4-840a-38257d2965d2 0.98 KB MD5: 8e93167ae1f20c6bf5e257ff2cc8fb93
SHA1: 8d8a8e09633f70543fe97b1c2cc00d0281cfb5c6
SHA256: 2905a4904d753c0eeac01cef225f32ec7ff0f5350e69fd43915184765434ebf8
SSDeep: 24:iiLybuLAtkLx8/2LkUzxdikAlPkb6/tRMZXlOJk9vwU1C:BLrVSMkmdikA+b6/t+Gi9ot
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webappsstore.sqlite 96.53 KB MD5: c7a974079fa5ee1685608880a96e774d
SHA1: 7f1d5da525066c5110ffe75908223cf14c7dd792
SHA256: 15dd334269405683bd70006854ff2cae1be14874ada8e719f1bf458ee38b0096
SSDeep: 3072:z+eavdYssxh6Jh1mPpMOMZjsdMMDoB5Qg:zkvrsz6JhkPOOMZanDS5T
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\UezaAtm.mp3 4.71 KB MD5: 650500e15c0a88b68486a6b9aa87f997
SHA1: a25046b89da2b31550aa8d867e5b90464493d1c8
SHA256: 9ca4bc65a8dd9849311ce9e8a2cbaac946be24f099b3329f8226edcbd22b1e72
SSDeep: 96:UcgQsxcisVnIu/nBwVGvdZexe8lV/ikQyOtysao4R/q+Ua3scyr9hm:UisxcnGu/neVGvdZeoztys2hlsvm
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cert8.db 64.53 KB MD5: a992ea975dcbd616a71ea17a5fe8c9b6
SHA1: dcf7899a1ead1407daccddadc209afd4f2fc3f61
SHA256: e54a86d6866a89c898d998f3318082f16605e653dcd1ca37b635d966f35bcbb6
SSDeep: 1536:v/51UrFfnFbmdIJ7NMkiA8A8Gq9Q+a6hsqaVPoVZsUVHPK8XanA4:vAZfnFUIJxMPA3PEQ+jhZEoV/dMA4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\O1UBl.m4a 14.14 KB MD5: da3ce747d610374d90c5b698314e0169
SHA1: 8497dfcd0d4f923f5fe31f979fb7bdee2f068683
SHA256: 7cb16e0eb2640f57d71d89a0811afb9b75e910006f43ae5c07902d6a5a84777c
SSDeep: 384:aj9luZk24JShrqF49mYPL9IruMs5rkiJ+RAv6rq5NA+Fp:xZk24JQmFoRPL9I/s5zJ+ev6eK+D
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y2yRLSXnlxA6\Kl4_lyvPu9.flv 37.71 KB MD5: 17af59796744eb68f7b923900a81a37f
SHA1: 49825df5ffa386e23263b049ff10c5baae51a00e
SHA256: 422ba30a28945513dfcb5c43ad9034b97aa4d1bc7026085964fdf42d9b4f018c
SSDeep: 768:G5xE4HjjJP//aaeg8R7ko2Ce9g7b0iTqcpzKBXERdz0m4s:yxE4HjjJ/hegcAQD7Qi2cpzKBURdl4s
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bucTb.gif 4.04 KB MD5: 5989cd4b9746ddcaea5f22f1a692c3ca
SHA1: afffc407f9c462136146875c847fe2e942b6fb25
SHA256: 4c88d64c4e16ab7981ae2f0f892974b1deec8755e1f29fb8ef569aab5a279689
SSDeep: 96:o64O9ZVqim3Da2HrTH8fiBQ35i0MEyo/A2+HOx:opEqiAe2Hv8aS35i0dyiAxHOx
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\C3VzdO5WAe3dGKJ.bmp 92.25 KB MD5: 9d065f795df086795b40ad35f47d4f33
SHA1: bbdef3b7c81fb7e86014e1519b392b2c0387b816
SHA256: 06c0bb91212b89d6b98b72632c4d2a5a121a9c99920689ad7c6bb06427f8ed03
SSDeep: 1536:TU9NXhrcdxA2uRUcsQX0Xi4OpEUL1cRd/lJ0GOurLkY2x6bTCtC6yvlMMKXAJ+uS:TkppcuRU3QX0yTpr1cXJcDx6b+tMvlMd
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\pluginreg.dat 4.05 KB MD5: 73fd13830e30be9d0e1455924f93e078
SHA1: 9bd1af8ff2015bd5dbed9e510b97116cd599a846
SHA256: 7549d580f9203517928b6df65d0f313668090be054d6295180e0ea921217c61d
SSDeep: 96:3M5wWbePn1OJ0n53SX8N/QljoWM2sfMZhiOQAgyhRoKw2hU10v:3M5ZeP1OJ0n53U8N/QtoWMToMOxhRoKn
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\3OQ79xVp.swf 82.73 KB MD5: f5c0569531d0c412adf1b315fc3fe04b
SHA1: e90cef3b021b9849523e575afd8704d61f8eecad
SHA256: 59af266f1802eaf5b358ddca3062736a74d33d13311b93c495dfd251de426c9f
SSDeep: 1536:GouLP6UmnaeF8so7Eigd5cV/mbx6M2MqbAmeC3LwUPmlivN2oC6Jjwr9ft:Gn7tmn7Fn0Eig4Ve1P23U9rNr
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\addons.json 0.55 KB MD5: 341fa9ee9f55da3dc99cb3203993adff
SHA1: 8fe4d72137f27b7e21aafd674cf54c4a93d3797b
SHA256: 469135699031a84488ef29062593abe833fe689022a84186ca7a13cd2df79322
SSDeep: 12:TH0NE4j7/fnBSZIu/yypOFCnne7wVBEjX/LB4m0ElVFV8C:TCH3nBe/ynunWQEjv14TEXF
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.sqlite 448.53 KB MD5: 6cd28b0fa1f1a2c8325ce2fe2278cee0
SHA1: d19ccb3dea265e013bc8c97a2b50e037f3322cc3
SHA256: 2be88b4ebc2497a2afa285f9a928e3ead29a7efeffd189c74fe167c9605cd947
SSDeep: 12288:cx5mENO6It5fPaxwi23Igicp7WeAV5FkOHTt:05mpJ56n2rf9WeAVDHt
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact 1.68 KB MD5: 92a3031e93178ead5632646f539fb967
SHA1: 866d9dea4d622a0bececf1cb88d3bc2c880a85fc
SHA256: ab95ed35379ed8a2a0c87fa7c35aa156f0debeb6610562992c644e1ff0d88663
SSDeep: 48:iFlVsvbBQRcFMYiXlFtCgqB1yaqE5b5Rt:o7svlQOFMYClMSaqE5Z
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F4Vtqjr_GT.wav 45.17 KB MD5: 99c4fc012790e8aab37248890a5c78f1
SHA1: 11718c02e62550ef97c87c477402375c77eeab12
SHA256: 168ac3583fa10244799fdf92dd258bf508e8e83039e1a142c45546ac5307e17f
SSDeep: 768:HOpoJLPYCbBtVZgg9v5n13vAJEgL2ygCfWhhZxjQzRacSAYerFtxPbaiJ+S5dA:HOpQLY6tVfnBvAmgL2lh3QtacSAYykiw
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\VxTdG_8-.png 22.10 KB MD5: 11503a16a26daff352d1781eeae68eed
SHA1: 3e520d1a9b5455bcd3ba17c5336d69975e8a0067
SHA256: 3894f69dec03f085dd12de9d5604800da3a5cc134d31bca5bff98af10c6fdc5b
SSDeep: 384:i+75PViaXlL6Rji9ewX4uZyVfPVLWveHP9bCho0zTExZxOCQe50AuUiwKdjx0a3Z:i+Ndp9esFZKfPpN9WdEx7OCQe50AXin5
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.bak 1.49 KB MD5: b667c7751cead42f2ab22db4cc46985e
SHA1: 97bcf0dc385da15113be2911a04307322166208b
SHA256: 897e5d07488f4dc062c1a226ae28499bbdc0d20af9cc92eef9ec877255e99657
SSDeep: 24:prWehR3slNiGLfHIM2de2MgtPrdzvSzkWuxX3b+7+yUKy6dMg/FqEim3cTS4AP5i:paehZi8Qvn2FtTdz0uxFKy/QIoBWsw
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\L6lBA1XLEg.m4a 51.08 KB MD5: 24c4433c92bcaf69b3c0ea7e2a040230
SHA1: 7709398b2e37e733d81fd39f83c0e572eac57fc5
SHA256: 57a277d05bbe54c3403eb7d867703b9b76eb6711698015373f03c22928d3565f
SSDeep: 768:oaxscaCaNvovyl3IA328fOaYQmVg5KkoOT888R7eOcO6zBhGMmUThRCaB2p6z:talovUYAIhQmVgAs88EeOcOCBkMmK2TO
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\dv0fVo_p-eFE zhXhLF.mp4 32.54 KB MD5: 6a259cc46bc62fda96b77a7651bc56a9
SHA1: e196df6857651d7c7132f6a1b736be551b78a748
SHA256: 08f74d85a80475eec3091094196cb2c0274974d4336f3e4861966ca849666ddd
SSDeep: 768:p7ds1HC1+yfkQ1b9/QJTXytcCGxIT/X41E/H2pDNuB:p7MHi8Qftc9Cj41jpDIB
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\vTHnDk1Vq.bmp 73.62 KB MD5: 00dbb63e1baf22f2692564775fe51245
SHA1: 5950490a63a72dee8b04419fcc00e2a69a2f964f
SHA256: 6275fc8863dce305e0deab2a3a2da2b6ab6fa6d45ef0e08e8e73742985291bdc
SSDeep: 1536:57wwUSX7U4QLfBN0PV7HUSmN1MX0mdYyHNCn5UdAUMzebMFx7Cd+6gE:5UsXI4Sv0PxUSmXPmPHNYU/MFw+tE
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl 37.35 KB MD5: 13471973c68f18becaafcb7ec7c30933
SHA1: b87cefefdf81e71087fd8141f24d3b7969fa6845
SHA256: d1d3c2fb3ba03bf2fd279305aee8e16e215647f1d4025742c0c0a2f83a1b368b
SSDeep: 768:FEqdN5EhRi2Pj5vDtss7IvYtGXnrTj1pz6/Uoqfj3YB9eLb2r/r:qqvaPj5vyH5PjuNqj3YB9UO/r
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7l38Ee.gif 89.58 KB MD5: d302a516db7a72a4b1765ab933a7013d
SHA1: d87916968af1ca4a28d32b73de7405ad498bb4f6
SHA256: 8b8a473c6ae168ad8110acd17251ec3310ade3431a3be074a317bd15ddc2b64c
SSDeep: 1536:ORR4nLnRgx7fP4bPBPdjyIQ0cDfaRY/tlMq1L82pzvvjO:I6nLnRM7QTmIRcTaRY/IqrO
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\CREDHIST 0.69 KB MD5: 7b2f5e17d1a651ed139ab7cc70d19383
SHA1: fb42ebbc6efaed5900b07bac747ce255b84b4770
SHA256: e2b87f8a6c2706e7df6222c65d4dfcbedd09254f58006afbcc93ce332a6520e2
SSDeep: 12:Pop7ciLmgHEIsfHU+ZxuwPNHeW/mjJnepeK7JmWKQy6ZZ+soqcYC:gpQiylIQHbx/P1etjqeiJmWdZJ4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webapps\webapps.json 0.53 KB MD5: 275ce939571761cdcbc49ef930f11dcc
SHA1: fa1d89754870741ea4998b1ae0fb359078f5988a
SHA256: b1910b6e60518b49ad390905479f0146e88120092240f5a1e76f605e108589f6
SSDeep: 12:M4+ZX/GJ2gjrmjhf4DDGI1UD8z1mFH5JEUgiHFOd+AxvcMfy/leLPywC:4ZGJ2gjrmtmDQJH5JfUd+eEMfydezq
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9vWvoQ L.csv 17.31 KB MD5: c07afa8e5405dc484da515b891b8ff3d
SHA1: 87bdc5f8f2c5a3bb3d08c4c1256087a76d13941a
SHA256: 91bbfeb043d3792cad30c78390861393da574a76c760703686ea2e8ed2c8c955
SSDeep: 384:rAuyTsHaJgrFnisyBbraN0oac+NH/nAxBptgezMB9lxth/DS:rbLaurFnhOovaGzyezElN/DS
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.ini 0.67 KB MD5: b3f78e562f5d06ce7f12c443e4b5f93a
SHA1: 2abd824b3bc06bd08275be3b6478aab664e631bb
SHA256: be0659612e5a53f90c3e4f9b9a9212ebb8732f67b4d79e9f620ac7eb256ed340
SSDeep: 12:k9kIahPqKUUcRsIVvX/EaoiQq2BLMQMyPvsysScxTIgnd3bUL5vlcEC:Nnws+sIt/rQJBLJMov0Vb3bU1vA
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Qp92YpydVN3.ppt 52.01 KB MD5: b7e0e86e2a20089c85898ed4f0907e9a
SHA1: 752547d9309e802c7048ac520a019f357024b96f
SHA256: 52e0639381e835ebef58df952f002e9f3ed21cadff4536db0d065064b4f9071f
SSDeep: 768:E8xHCR0SUJYKf8i1c5+Ygn+438SGGhiW1ciNZ+JirYnuI4gRBPSTw9diMuaEifTC:ZxiCpYKf3znBMgrvOPRsifTAL7Yq
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\times.json 0.56 KB MD5: 5c97266ed9b13586dab77183428bc02a
SHA1: 6a435f58fc83215810c53da2cd30f0b7940caaa0
SHA256: d596a5e6c79893e9cd9e241e58e6cd6e9a0ecbb45e8ac650dfee6c89148485a5
SSDeep: 12:+63dDLy+Jk7w0bhvMue9ijpUAn37+FtcUMbovsT4C:+63dDLahvuEuErwcno8
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ksf2Zca.docx 95.11 KB MD5: 5370cf06a738e972756d1f841f37c632
SHA1: e8161c086971d80c67306915208cabd80ad7cb03
SHA256: 6ef350e3aa53129aa394ed021eaf18a205958db44210bd000dd9506782eef440
SSDeep: 1536:YhHUZPUOzInpp/70CxG3swUkwSGZlc3zjKj+6/vxHv8QZy6uuMskE5ZGoTcpfxDU:YhsPjCb0j3swUPnqKjNznWvEvXTctVg
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\v7nq66.bmp 68.06 KB MD5: cd6cd28db9ebcac7d1e251b0d4047ced
SHA1: bca581f71ed9f45929a7962c03751f6bdb1603e9
SHA256: 6fb8d23341a7db391823eb09274e587a177758aae9c9dc30494a8db72ae7f49b
SSDeep: 1536:HVP1WZd1QsV0Cdudkkk+BuM2QrK4mJfMsMK5dotOd/cYU9NCUZI:HVQd50Cdu15HrlmJfMKdvdkYCNC1
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cKlnfg15XrF7bvO0.gif 34.27 KB MD5: f5c6d1faea8149f916043c7333976984
SHA1: 2b2df2741f275c8e13f67bae99529d3d2e895df7
SHA256: c35d7f41a28e99ce8775e2c40d94d62340c8626a38ca87b8f14e960f4c66b1c1
SSDeep: 768:hqjAR+1hfxuuzdZyi33g16yjwHOhikMxZafnduMo7H:hqER+FuMy61YWUyZafheH
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\fbbe72db-afd8-443b-88dd-64b20388700d 0.98 KB MD5: 7894099842f0a1ca9dd64fcda808441e
SHA1: 12bf25c7d90238bed48d18fa9f615dca1cf86fb9
SHA256: db30809b4fad1ce926146e8cb442ad6a06cfe1f68e3f9831feb6db4d016713e5
SSDeep: 24:rB5EKh7sWPvCARRC/Pw09NiIQSGfHLWidOf:oKh9Bm+SYaf
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\mimeTypes.rdf 4.26 KB MD5: 768453de810c36a0a72d72e2d1d4c74e
SHA1: 822a9dab55da85cf41ec0ffe131a976626573643
SHA256: f5e4ce41a67b10d17d13bf0b051e034bfeb912980cddcb8fdbb2843f5f94e185
SSDeep: 96:8pRXfydhSeM3Tq0FeoA4QBnFtljbez65SwT0h132SWhzRc2REEZsrNbqsEK:8pRXOgei3A4slez65By2S0REEuqs3
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\ceYPdnUpXgCg.mkv 36.01 KB MD5: 427cc76e06e4c7c7215d0c58177860b6
SHA1: ab629e4586967d9dd149ef0e841231798fc7e98b
SHA256: 48e018ddd6d0b6733f221d044e156bd3a0f3e35795201a975bf67e565666632b
SSDeep: 768:wyNLbE6t1NT1tIrSqfsv8h0rWi/dHDFAHG4T9h:wKY6vNTLIf3ad/NDF2G4Tn
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite 640.53 KB MD5: 32a9ba9f311b02ea4b1dcb56526d53d3
SHA1: d1b3599b7d6f55e1757fe35ee1f93d137b5b6eba
SHA256: 366cece25656828e6a7fd356fbb342dfa59679fbcd0b2d8e6463c5c4f63f28fb
SSDeep: 12288:pJVYxZBx/n/e/yc48mT4BwxWqHKypZScbzG3Y5kw7w7YYOAENGRxxvLC:pIxbx/2qTNWqHKyfScf2Y55w7YYxENuW
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332 0.54 KB MD5: 89b95ca8af2874e93eb4717b717ddb7a
SHA1: b44b98a14762f136e2c15b401576e35e91deee2b
SHA256: 53f7777e388a5091d91d4a6303f113e2b2ef18ad9d86ad6f3b66aae08cc34ce6
SSDeep: 12:n8lU8lAk+7CMuqDsMdgxJ2c1YGgkUFFfPRHnth98RP/zxkIJ9jKkIC:FCa71uqwcgL1GkULDh98RP/SK9jKI
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y2yRLSXnlxA6\gWOLwd36.mkv 27.89 KB MD5: 8a0326ef483f2a44d61c238592029dd6
SHA1: 317c7fcb5f2395906207efe86b22e2849aba58fa
SHA256: eefa0972857d37c8c829a4aad31e027a9996ac9d65ac19b224e6e77aff76ddfe
SSDeep: 768:mgmnaBCZ8wI66rywqcR08tZBnJIU+qBYqji:mgDBnwUOwqKh5BYV
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\Preferred 0.55 KB MD5: 1bf34ebe63ed4b14a7847072c6396ad7
SHA1: 8efa3d9a332acfb6e8d2428e24704cd623441c96
SHA256: 7bbf68d5bea050a3aad1239e58e7630532bcdf7ea9b4a2e12a4a96fd6b6024cc
SSDeep: 12:blj8DKeL3lteY6zHQfFxqcIgYE/ztzu0T0xqy5RuSScNEkzv0udiC:Bj8D/3ltT6az7YEbt1Mii7vL
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\AWhrvcVrBG.wav 1.76 KB MD5: 0100fc4933bee9f65027646a08a14505
SHA1: fd5c79f0222bdd2ca01d11deb9e4d93aa224935a
SHA256: e98bfc91e013debbd0e1d7225bdfd1a6de0177b5b3b656fdb0c03c3cf0de23f2
SSDeep: 48:orLAqhDhCDQfSswNa2MkLvu0GzwkM2jzRDon35r3t:WAahCtswE2jLvaw32j2n3J3t
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\31kwfNFercIrh8w.swf 78.58 KB MD5: d5495ec64daebed9b8dcff9d7c2c2107
SHA1: 7139a811cf92878d2b5899f69d35de9a84a3269b
SHA256: c72e048927c31be9e412acda830d79a2bf2832a7713de009c4583f33f5d97e38
SSDeep: 1536:GUDo4CRAJj0e9nZggf8Ogk4GuD05080FEL+TyisF9jI:G4CRaj06nZg7hkRuD05/4nTcG
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\kxPjHZSI.gif 61.33 KB MD5: d5ef5e9b2c6a5aacc025278ec4e0bdf5
SHA1: 9300584542c20cecf257b63abc37a0cb61c4b441
SHA256: 08813056ab4e63479edf3c691295ad6bc4d093897d4650f7c54049fb9bdf1c4b
SSDeep: 1536:nkeuQKbaq4TNfWlcFCvWYrHyD3Evf7B9XJ/GaVgm:kMYaq4ucMdTyD38fDpZ6m
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\K4 ZY9Ss3auLgf.rtf 38.69 KB MD5: e049f0d36014aeafb8883661bc3f3505
SHA1: adcb578cf4db5928494322aabbc626549c6ce093
SHA256: 5c0c470c1697412e37c2542f40b49476e01e3efbe2fcffac4f55ded8c1b26a27
SSDeep: 768:n6EwcXjdEnKpuNyZTFB6TbE6SQEXm2MhKx8w4iJTd2IUX1a6vez:nU8RiKMNy5uuQESwhJxLUX1ez
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ihzz.bmp 54.40 KB MD5: 0588d61fa530268587666669f398429a
SHA1: 03aaba9b2f7ca3b3d7d80a9442f49725cf277e39
SHA256: 07095c97c9ecc6a6f02e4de1a8e9bc8099c59848f4307b4359e373125668fd9a
SSDeep: 1536:rXyqqBjqF65CEFdh8ATSr5Va4erOF/x93CNTmAzFz:rXyFBO45CEOZgk51CNTRzFz
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\02540a10-7eb7-4b20-a8c7-470f8986389c 0.98 KB MD5: 7a0f04ac0b5a2e5240f2df4bd962de8f
SHA1: c709a6d9d243ee867af5a1db11b002acc6eb212e
SHA256: 5510e9f3037693a548150daa92489e4de6eeef69d58624f52c8faeefd43b4ea2
SSDeep: 24:088UbemhIwk7KD65mQBkwvLnxb35nSPRn:/pbemurKm5mQJLnxwn
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\search.json 16.91 KB MD5: af51570f258f8de5cb6b7d3a75965ceb
SHA1: bdc72b6ca770bbfdfd9f7862cf070854dc307790
SHA256: f14e06f8e0b22887b234f099e35986392e3989f4e40b07eff5cb0309e2a7323c
SSDeep: 384:BwLiamjQFVhGUPhTKxNUUpoGE5XwSf21fpiZ4:5jQFVD+xCU2nMEZ4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\content-prefs.sqlite 224.53 KB MD5: 55164d982c38d6c74fd61fdbd76a6233
SHA1: 9a6b71868adbed9936457afe0994af2fe3230269
SHA256: 023a0887180ca9733ea4474d9c5a14f906f6af8aa83d10608eea9d4e12a7fc6e
SSDeep: 6144:xFoqOPJMiPJSiKHi13K4LArxIu5c+O9uKEW4b:xLyJMiPJKY3zL4iCO9uhW4b
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl 37.40 KB MD5: dc11c3efda599ce669e6db1288e208f1
SHA1: fe3a2e0fc5b5c4a2ac26797e5a6040647625cb9c
SHA256: ed08ed3b4f071e151ffc168c1c9bdccba8036d71b0a6805e76eca32c667aed6b
SSDeep: 768:JLWDrQkzGV3V/gOgbx0669CP6jSPgAuEQOyKOh/DtOb44VVfgp/LE:VW14V/g1bxgMzPq6Oh/Dt4VVfCA
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact 67.31 KB MD5: d710d4cec491e46fa9f9b9f35bda4107
SHA1: 7ae3e2dc99890a576b867999dd98910820d12d28
SHA256: bb49bf61f2f989c88699e8117d91773caa27ac8686df29e83f16585dda062536
SSDeep: 1536:rJFUPo/ZXNMzqGL3ZCROHID5Dq16Qzwibj1XbSmmNJTlR6kxyOA:lUo/ZK3tCROEq16nejZbcNJj/xA
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\KqSpi5awWuXxk.avi 92.23 KB MD5: 6bce922b5670beaf3c74bf01fe4c04f1
SHA1: c8c25e225d17760bbfd31ef5e57b9583b316e54f
SHA256: a50247da4b561cad2d1eb6fdb51fa78f8da8f781c1cedc133a2bc8821b0d1763
SSDeep: 1536:x0a9SQhSDnfhotxCuEwKoHP+HLy/HvTu+tYGmQu2+n+2YHmUvSN1cugmEKbz0bDY:iHfhozIEWryPakYgulnpYLSN1KmEaz0Y
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact 1.67 KB MD5: 7a5d3e8ceaa8bd9d25ad41be3246666b
SHA1: 6734a72b21636a3b8bbaee6a81c872ba572af65c
SHA256: 95d44c08dc8cb9fafe661e79aeb33859909409ee35ecaa76649992645ab6e352
SSDeep: 48:fItQR8HtnWkP+rSppv/JLX3xPEdnYPAkt0o1n0Lq2Ed3:gtW8nj/1XB+nYI+0oGqD
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\aI_uyfA0L\oLlF0_pTp4BI.m4a 54.58 KB MD5: 58714039fc5aa86faf93fedfa325f1ae
SHA1: dd65ebbd93f3ac80951914f1a9707b1003df2098
SHA256: 8d7d731e07d1aeeabf1a512171075ade9e6cf48694755858bd0e36ec6532597d
SSDeep: 1536:zCXehbGzRdPxklsEt/jrBScOqIICJGrYac2HgyKcj2dBj:zCwGNgm8/jrMHICJ9mAR
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 0.99 KB MD5: f116703ed3a3cc106bc3f146beb6a363
SHA1: 5ccb0e88df120364e44ea476ab215aa65e50a956
SHA256: 9baea6d6b6071908f9093655f1f8e7df0398dceaca3073c14d5b34a653ce9d4b
SSDeep: 24:vN8Wyq2ZFhlJmdZlEAdcdc5lPrZfZUHVLR94Zq/IazEXc:vN81q6Fxmd/EIcdc5lIlRwFM
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KGNn.ots 6.14 KB MD5: 00e05dcfdba062833793e06897ce862d
SHA1: 4a526b8fc0ee8453c3260e4db2e99d575d1881eb
SHA256: f857d85564b431290b1c52d8602bf02332844f4ef1eb9f327aae2b5a452e1688
SSDeep: 192:tb4bEA+ZCCLX/9CxW5D6pRqfmpCqCR5Kn:tcEZgCz/uY2RY92n
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\_H Hn5Bs8BWNQr39.ppt 42.69 KB MD5: 50507b9eeff494acf93aa0b18b9b86df
SHA1: 4c5f032e85a574dd05d70a890ad224b2056773b0
SHA256: 0fbf0c025a77520b24a668d0c63bf06f0aed95000531132d5de3f4004b6523b6
SSDeep: 768:CCfzhCk415YNFePv6b90+OFMQxKahnsQfQRaJ3fiZpDXX9PSu+2V1Sop0hSE37fe:XfEZ+NF6v6bWNnhnsQfeaJ3fiZd9r+g9
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ms86E.m4a 48.95 KB MD5: ae00d764b3dbea539814faf5960b39c8
SHA1: 047ce592b479dfd613302839b570a48459f23219
SHA256: 2728489a9ae13468ef6814ca3ea91c553daaa76471c416bc4f13cbdc710111a6
SSDeep: 768:bwMrpaJf0ueCnjoNyq/IY2t3udMUjC33T7bOW2uGjd0FgMqFA2wzwicUGY9oZAUT:sGnuZ2b/IoLmbB2uGj6iMqSwvgUBd
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\Preferred 0.55 KB MD5: 3f12a2279c2bb7d87c3d4538473cbb6d
SHA1: e8d33a8ea9b6beaeb4402c47022f6458615b9283
SHA256: 02f8de746d058d268586e942b1275d8bd4b01320740cdda386979f59b574b4cd
SSDeep: 12:BN9sCXd329lJ8qu/lkLuDIlh863pv2jqr2gnlcousKC:X9xXd329lJ8BpUlq634j6coj
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini 0.64 KB MD5: 04e0c24c5350baf076cc75f7a2cf7a92
SHA1: 7141993d49358836a78ed51d428f5b38b4a61115
SHA256: e8cc1b9f51ac9b7ff2afaaf45c10011f6d3cf0beaa156bef3d5b57894ad42add
SSDeep: 12:I77N6ksjxNg2XJDfAAFxzOy9QNSVMWPbEQGU95gJd4O/Pb0C:k7N6k4N1JDYAFbx1bTGU6B/PR
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uND 5UqeHqMK4LA.mp4 24.74 KB MD5: 4a18a01d64053ee016c9d9a338b95f7b
SHA1: 3fa9cdb685b627ca51ea26788f80aa885e54639f
SHA256: 316a569176a0cf53228f9ba450898c74dd221d283d2932723f0d9f467d319e08
SSDeep: 768:XrdDlcGjULEXzMPcxxrcWqi4lA901Jwc7R04f/clVRsl:XrzKgXE2rc24aGv1KRsl
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Fio9Y6EsL9GS.wav 64.33 KB MD5: 444b6920d1ab19ba0b0c82e4dc8c7e95
SHA1: 7064fe57dc4f358a84185a4255670d7fe2aaf113
SHA256: 2203cec4ac661eb582c8e3a84857de36d8cfcfc51163da3671289d29b8a43ea9
SSDeep: 1536:6etudclacJQJmWZ0OmQWziQNh7nSoJSUGb:ZbalmPHzii7SoEUO
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact 1.68 KB MD5: e9874ddbda27c8b84b4b02262b9a733b
SHA1: 9d6f10398862ca00750a5ec1e6f1495ea1c5a701
SHA256: c8d4c524385db6eb32957dca64b84065b72337d9090774aeb8293794a0ddd6b7
SSDeep: 48:n97M348hEITY96FY60MUAByd/iA1MksOQJM8IutVOD:m348hMB60wiX1MzOQmKOD
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2yxduGc9tbtQvdoZndN.png 91.61 KB MD5: 4af027e8c26de731ef5a19d8e7dcd6bf
SHA1: 8f6f36cacacf0cccd1de6d3953ae2f72bbc1c04b
SHA256: 215109205897ae45e729014551463a03a787866917547f208a8e0ba3908cdadc
SSDeep: 1536:qTSYSwqu4nVGfV9GXdtHYN5EobrcQqViQiO6no3to/D5i4yJRnGVYhXiTYs:qoKUEVK2N5pnc/Vi8tEY4+R2TT
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HWyvWISKUb7g.flv 25.44 KB MD5: 1c8465102d80c76b841e0483b9f4a72f
SHA1: bfffbd4456f3cee50e710433e6c983fb21867bbf
SHA256: cdbc1a0bb67f97f5d2a825ea8132b5bfa1678c1a224942d2b94405cbdc46b070
SSDeep: 768:zgm/wZsVi+FlICZr+YGEjqDxrehXBPZH3SaE:UtsBFVQoYChXlZCx
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FS2a.flv 94.95 KB MD5: d1fcd99d3ae5fc46ea20f6b439d9728b
SHA1: 13734c708e488b3888fb34c91b8fb5265557d05c
SHA256: 6d4bc7019556461f7e143a23d6c5d09aa92cf18868ae9909d767bb5669bc74a3
SSDeep: 1536:18zd9hsNllH2gSSBSNTXDmne1gDo2tJKuWebyyHx5gJvvoLG:1ojaj2gP0meco2KuWOyyRalZ
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lboDsAjdTqAqpr.m4a 8.66 KB MD5: c9105c7eccc828beaefdab6bbf6c21c6
SHA1: 2c1477311c4c9287bcea8d933539ced97e676899
SHA256: 8b6a18bad06c0ccd048e1d38ff56c08559f043769b73e8565a0457066e6ca844
SSDeep: 192:Fex7jKokP/neUhpoW0cqzHciovhxRc0a/4JDuuJvEuwJCEs8:0x76fY1HSfRcyzcG4
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\GzgC55.gif 37.48 KB MD5: bd90039a7b194ac6fe3794d34959b1d8
SHA1: 541fe62ac3654e76c30e25c1ec4ade2fdaa7791e
SHA256: ab6cddf0d75fd54f1483d6e097a4067c2384ce47dfd468f76259c715e80031d1
SSDeep: 768:CauIbW5qSCQ5zfEkWHG+C7g4N+IvgEXCY5K/6bCoDbI7+dxzq3xp2qCVGe8Xg7G:17bW5qSCQ5tWHG+C7gxITCj0bqExzq3Z
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cjblLudFGCMB.png 31.41 KB MD5: 269fcf4159bb3ff46c57656c4de98d01
SHA1: f1d5e9429c556ed0439f41503a855bdee658de95
SHA256: 30c51d1d9aa15e8bab04e3a371a4104132608a04a52d90435d438c1ad6a73e7d
SSDeep: 768:YPpEOIOH6abTd4amjMQMTdBquSNt+YZmsnrsp7KCD5PSFsaXX4:6pzSvKTd6N2RpWEPSFsl
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f 0.59 KB MD5: 891774544cdb0a410219259f849242cb
SHA1: 011bc2e601b11076d9c2ce91e635aabb258633a0
SHA256: 1ae94a461a58adc148b59e16009a24d4e4976ffe92e86fc2f95ee22bc2bd6740
SSDeep: 12:chESGRiartmJXUGzj4IfM+mckNBsQvlUvKZ+oe6aIEC:chESOrtmJxjsNckN9uvKAoB7
False
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi 3.02 MB MD5: 9c43c76650eacc889637dac112389695
SHA1: 6614bf696eab8cda5e63fec4c9d5b6e80fcce6b9
SHA256: 4589c150c1839faf037d3a4ea7658e10fcec3241b546f47951ef25fa5d9d19c8
SSDeep: 24576:6FmX9U24aUfFn2ymMLvCAryh4r6MhrtG88BFzOHObTvNpRBH/vV:6EtkfXjLRGqrM80KHKNpRB/t
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\localstore.rdf 1.78 KB MD5: 410c60d655aa3b3cf15dab6314be7fc5
SHA1: 9b8033092e4a7a77cd91408d690ac4ef1b994aac
SHA256: 0d0eaa81db7b01ca19d42d3519b99f5adc612085f3c68782a213a52e3d00c728
SSDeep: 48:+ni9Hzp3JjMlB/ZPFYg/zhMpldIi7839sDgn+x:tTpoB/tugbhM1T7+9sMs
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\VVk_rvAnTcgN6kmmJ-S.m4a 66.99 KB MD5: 879c5cd47d303388d1d5ad5b3723f22a
SHA1: 1428089cc6ae21087194c1a91f6ca9ed49751b41
SHA256: c34e51eb9b1a7ea9be30a2fd18aead533c8a3e5c5d2327a388952847d61a0123
SSDeep: 1536:j1sa/ttSQPxletg4oLW6GDV+6kOG4QFxkkSwKH/:j1sa/ttR2tiKJl7EkiKf
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gQhG.gif 11.75 KB MD5: 61b4e4fd1bc18ad1cc8fe37dd8a111b2
SHA1: e7203574f3d136383115b9c515955d3a974328ce
SHA256: 6d450ad2dff84dfc9d75128de71aada7e90dfacf8c6e21de9b77561a7022cd51
SSDeep: 192:qz7YV6IHaAtc0pcC2U8VeRXxUZuxxJmCG6dV5C8DGcxUsZ9iweSTclma2fvvcKw3:qzevHjtRpc3U8WhUZuxCCG6djCOGdsZO
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact 1.67 KB MD5: 335000ef9d173d01855159d86088f7c2
SHA1: 86d443b7284d9e84d40c182fb6afd1e8dcdbfcfd
SHA256: 03bb207f6024e779ff7ec826c1b7bb6ecb32c23c91c71bc115dea71f17df460a
SSDeep: 48:Fdk4KianiJlnZliEmiVc047oxSM2TG+6/KVXMD:FdZKimiT/miVx475xlM
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata 5.80 KB MD5: d7505dfb6d734da3e2f62a54503f9b8f
SHA1: 59e962aca5dcb375c7b717ec9b3608bea6e351f3
SHA256: 0b6eca09059106b0313fceb03114d6fa49531cad6026dcab90a8a8ab5a6a1a37
SSDeep: 96:FsfsTEWWHy+oDgvLV/z5lqnH9XaHwNQ9xlF26kRKwrZuKx3WzNI/XZZoOhlWXH:FsG+o2G9aHwN6yXcwr2z2/XjqX
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\euXdiWkWMMlS.wav 83.74 KB MD5: 98b72f06095e9abf6749d59d0cf3af03
SHA1: d530eea71eef7099355ff96b1d69d1f8f5bae2d5
SHA256: 0d5a7e4a81dd974c13ab6ae56cd653a6b1a4c20db7f434897de156e6d7b24f97
SSDeep: 1536:S6avhJmXkV/1oTqSxYPHC3jzLQSXmSgc8sCH2SeoxplMKFdJKt3cs:gJm0voGSAC3jzLT4cVTOxlMcs
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\places.sqlite 10.00 MB MD5: 15aa05735b8b78aaf876a997b1df2e1b
SHA1: aec267ac5425d87fd02375abc7d8b09114626841
SHA256: f60466534f218ecaf48ac02c29d627fc5bfd91fea400651d27203712a73f9f4e
SSDeep: 24576:+uDBc1H7zHaEE3c4S64+sxVa+RcfBEZ+wR1xu/iE107:+h1bU3ZBMawcfBy0G
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\key3.db 16.53 KB MD5: 5cef38e5290c0f61d14090c2bcd3ca47
SHA1: 8e66b75c9414c7598bd4ebb7c5157b44a2036255
SHA256: 94aa60becbbc820b91a9c49e7d2615000f8d759a9fdc893d73f793b326e8121a
SSDeep: 384:AvJHelrndZf2Lg4fIAxD9KhxX6mMFZzak4BpQjCCGYauRy:AvJWeLgcxpDJFZG5pQjCCGYU
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\signons.sqlite 320.53 KB MD5: 5b66034e7f5c83eb2ee76fcb2b2b9281
SHA1: 6ef4a23de9b4b227ba2728495d2a9ed1abb003a9
SHA256: dd1446684c1bcb7e87851e33e5a78b0e2fadf6afef921a6dea3f1d1617efa134
SSDeep: 6144:XRUWgjKyElkx62ksoINVO2YI3i/UzRn+L4QAI3xSkcyEo1CI7wb440Mr+ftUHaP:XR1pH2FzzVPSSR+L40SkPEKibD0MytUS
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-05_5.json 3.49 KB MD5: 9501f21a9a00bb67846472d5c5e88427
SHA1: ef026a94b174dd6f55e8b4b20ab329a37d847748
SHA256: 57130e152c2a54e160966ccef4a52b9c829617e0d30eb98210925eb177881619
SSDeep: 96:B5HlNEAGJk3vt15xkIQXXA87mIWZ+tPQX2uac:B5rGJk3vt15xkxSIWZ+tPQX2Xc
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SNZnJAH8yum.wav 15.19 KB MD5: 4c4095389413abaa16ae3989534a4189
SHA1: daef240f25b52444a062a3363dc07c6df5bab6e1
SHA256: 62d81a2f3356d7511ec2bce7c4628e1e2de8b227910bd8eec8a76c12c9ac1fca
SSDeep: 192:uNspAm5xSSLZr7Q7PdbNNU6zTiDeXlvl3OfWwUe1KkZFaLXsg4WCFqhlquWMTFt:9pb5wSLV7QbdbrUt0dkFa44CFeUsFt
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\MSTuZpty_Rc1sF5.bmp 41.67 KB MD5: eed13a0ddfa8eb0d3472b82942ed4b38
SHA1: e7374ed3bbf7ebbe18ca97f74ec575cfaf66f20b
SHA256: ee07158fb02893d340c63be0b9400a39c620ceafc3ab0064f5aea367b2cf5d10
SSDeep: 768:AQN2if4SwOskzcQaxsVqbCr+JbBKXEzIH901TJQdctIb07g1gZt47xGL+x2Z+E+:AcZwOskzWxstr+vKXbHGxJxtdgWZtcxx
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cQ5f0X_B MzbcM7.avi 71.11 KB MD5: 0bd2d353cfa8d234849ba4dc04ca5b4a
SHA1: 3972cdbefee6d7fa1a0269c27a7f6d4f44d08208
SHA256: 392af25ace0fee8e5561f5dec2e223614244e0b9df53d883831a91be20035f58
SSDeep: 1536:SnGv2WPmd4mlwVvG+feYju2LsLlQkPxCZckKmYXEQ/:lv2MmSGwVvLeWu2gLGkPxnkLYXEQ/
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\compatibility.ini 0.73 KB MD5: 38527ca319e3828c0ddc1db5f0a7cc15
SHA1: 63eddf70c4b6b2e9ac1165c683886260e26d7e0f
SHA256: a95d062c05783dc39b9d61af98c8d2077335a78ff26826e9d4d9af11ff505432
SSDeep: 12:cigWzGruPAPB/XxPJgGKNCdZ2JgsRF3kspwDJDGE9+CTgQyP5RWyvOEhRmhJ5Tdo:tKqAPVhPWGXKga3RpYGxQyeyvOEhg5o
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-16_5.json 3.49 KB MD5: 22cff880c27511a9424acd673369659d
SHA1: 81b32a79ee07bd0fe714b54114d0a01fb17d74aa
SHA256: cf0ce6dcbab3a64c501ca20afbda41ef1e9fca3608f834d5f781b80d002864d6
SSDeep: 96:43oQbh9nZ+fwGIppcoyknMaIq6K7ped5tPQnx:6jhlcIhrlNnbRl7pejtonx
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cg3OQ.mp3 76.36 KB MD5: e0f07a90127834b6b3245adbc3eccfe8
SHA1: 90a269e4c10c6e2159f289facc9d153d614644aa
SHA256: 6582703a9b268a416ac57563445d80ab4c65d9afc1bcd80b1b3cfe28cb355566
SSDeep: 1536:+mKCOc9NpX69IEEo37iQhGZgtMzh9WVD1dgc1e2zk/P/NpaTrkNtA:5mc9bsIEEo37iQhGZcMzh9WVD/Fe2zkQ
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl 1.44 KB MD5: 419f53b5a838b61b50c100efcb5bac29
SHA1: f641b1dc1246e38e409182b0010dcdad8e8536a8
SHA256: e37ab410792f6b082888ef1e5a42dba775cce3543b74374c424cf8b4e7e9ab9e
SSDeep: 24:2yLX+wJPB/KJ0DANwOEs0NmoZrY+bf4m2HF4DIYgK0UN0KDNBNKijHKDoKL531WY:22uwn/QNnEsgmIrlD4m44+KlmKhKqKDT
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.js 3.47 KB MD5: 6279c6f47ba681febd6a2d31fcc65d57
SHA1: ad33993e77dc9859a566bf2c400b80951ca49024
SHA256: 0b1c4af304c4710629551c7eaeac295b7e9221acd42d2a19bebf67ec7e2d46ee
SSDeep: 48:q/MdSjJzaEjAv8d6rZyySEW+sOVADfYxyoHwwZil16MZmz0RkC0QXXY1qYDms:q/M4jJzFAv8+iEW9OVqaf4R3KKXkqYL
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aG8T40Qxf_lp30_qS47I.xlsx 31.02 KB MD5: 97b8e6c9266138aba68c8eb033db39ce
SHA1: 8a74bea6adbe7a2defda0c34edceb6c1c1dee67b
SHA256: 294b5fee4e57a03c44194b91d1ae7b485452b537eed058f02acaf02997062014
SSDeep: 768:kSOZjTcqYgdZQtrKt5uG0uzPm7bjI8UHzPwaH8XahrehDobc:zOFTfitrsoorm7bjI8UHjwyIhoo
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\FS-LIb.flv 56.98 KB MD5: abfdff89a7801f4bfa8fdac232bef7c8
SHA1: 5ba0e4752f66ac28177e287883081de1851d1ef6
SHA256: 6dd1bac119b886273340f1f3f70442f7d2813dc864b1d7d10b60956d17c6a7dc
SSDeep: 768:LyEscEfvXUzYNR5OvMIJ3BzCTNjoCZqesMVin8Tj41N1y9ye6U58MyDtV0impL:LkXUzMRgmNf8M+bD1De6UO1tWimpL
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\rk8AFcHDgHmtg.mp4 56.78 KB MD5: f32b2f429548ee93a675b796c3a8072f
SHA1: adab5b4a058d2e407a7b54128aaddbe075630154
SHA256: 00b237cbef164e1ddd88ade53258118d3da9ea625f7830b22d7aa711ce898e14
SSDeep: 1536:mc6sJKYLkS3YjHAbDQ+IWoRbrft0KLNJhDz4n4kUug:mc6sJrLX3YjQAb2dlU
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xljcThxNugCCh57P.avi 69.97 KB MD5: b38da5bb10433c561c57542720bd24e8
SHA1: e9eb02cb15ac75be242ef403960201e4de0ab2d0
SHA256: cbf17666bb30f0646fc31400d373c026d8b285737860e25b9a333a223fed2f4c
SSDeep: 1536:D8Qnt/VEqTw/T3tnrz5+LSgbH0UFKJQBgWkyF3:gQnVd2t5qXwJykK
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\iOyPas ihlRd7U.mkv 24.53 KB MD5: 5ec9cdfc6305e97acf6fc02fb07a1dc3
SHA1: ec8dc74d4166194645f5cec28979108fc44b5bbf
SHA256: b1fa0db0b9348a8239011277988fd1dd7cc0112b1e67a6ffc956cf12b5a7b043
SSDeep: 768:3/sk32c0EkaKKbAWeXGsIurFsQqv/eMqMdJrcjCqMb:3kE2cLFbASahEJrp
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT 382.03 KB MD5: 02630be5078e2486e53042bf7c16308c
SHA1: 4cac7fa30974c12de7c1b6de4b51028839a74a97
SHA256: 8de33886100682a29d55f45bc48229b8a15375770741fdb8d186363daaec8ddc
SSDeep: 6144:1qjDQwFvzHsgWHpsKYnVg+Dre8p1EpdYu3b2HE0pb7HhJ6oK8XlA6q:1q1dspsKYnVHre8DWB3iDX9XlE
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\0e15476d-d8fe-46ca-8099-ebdcf80f637c 0.98 KB MD5: 0278ff553eaa5703dc9b4a8882b06a78
SHA1: 8846fcf5c20cce4b4fcb059c315fefb2f6689fbe
SHA256: 6066aa88f972d497c7ca62479f4c04661bba089b7cb8bd110ca4769b8a77a2cb
SSDeep: 24:cl9n1mGRSM9h7+afGCZ4MkqqKlRs7yxGjZ6dM:k91C6R4KlR/xNM
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pnn1.bmp 63.56 KB MD5: a51b69b7c43b0f7bc0ca219dd47ac943
SHA1: f84d3f24984cd180db2b2eab9b539a821bc1a827
SHA256: 049cfb1448505b7ce5110ef91df49227681c180192f17a639a6b15fe3c0b47e8
SSDeep: 768:JGEox15x1J32wQjo6JY3IG8b7Bb27o5sPa4o0SNanZI5UJ9TNRmE4pTJNuvmXoLE:AEcJ4jo6sb8c7RPQISKHZ4pN8vn7990
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mnaMfy5O.mp3 20.05 KB MD5: b8b06fb2ebbfa75dff89e386626c799c
SHA1: 4b7b6fde95c720d74f7a8cb7db5febe08a3ace71
SHA256: 6e8cf1577d927841b5ff7d37f6210a551f7ac3d6dbbe8f19ed4aa91301f5cfb5
SSDeep: 384:hNO7TbJwWaqKI1BS+D1euJ3KAW6i0vrIg3f4aUQjw3LxM/vqs1zNWb8U+ePDAXHf:hQ7T2WPKI1BSg1euJ+6iorIEvUQ83Fj4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm 20.68 KB MD5: 93c01e7128143696197ff3668954d38c
SHA1: 254e8c6becdaff5538f4203ad0e693ecea85abc9
SHA256: de76191084a127365d3c4be319ec5f67ef1a63808ec12bd1b579e6f544426d30
SSDeep: 384:ILTcfw0ghZAeBOmi9AtQi2aO9U7y+zc/y926SL+FRZysRPA/zBV7hYRWuc:ILTcBeBtiVU7y+z86SOtA9YRWx
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\n9zuIgG8PG8NzTr-23e1.flv 5.26 KB MD5: 83cdc7c705635a22207114fe79624b75
SHA1: 716b120c5788c61f850f981d0aa869fc042538ef
SHA256: 4e3865514d388107d010f26a020b40312ca1d7e742761fe5a76151e37b654654
SSDeep: 96:FHK3hhTTbVTVLYwIle9+McSW58owE+lqsA0w2JorKHvpMGUzeU3:FHKvTTzLYHqcS0Jh+ldhJsKPp5UqY
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\index.dat 0.58 KB MD5: c6f4bd683dc54cb1fd9cb9b203538e6f
SHA1: 48f346c9a9d918d317a36271896cad8581ca6aa5
SHA256: 264fbf45ef3d909021a2f2ab121b529ebf20a02ad4125eae44506c3db61673e3
SSDeep: 12:SZbrZaw2iSkIawzMuyW9zX6jhu3u1Ls1ez9QXHLZpYEUtCC:SZHZDPIawf76k71eyLZpYTt
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\lRnyKbLLxwSfG7-F7T.m4a 15.96 KB MD5: ea1fb236c0729c4b5b421ae412b1b0bc
SHA1: 76be2e99f7b5b86f30578e3895ae7f9db66679ed
SHA256: 77a6b716f00ff8ee4f71b2b399880a09a8aecf78f8e953e067fef2c698945ffe
SSDeep: 384:u0ZX/aYB8nnwYOd1p6Z2KdqMosafwVGigq/5MhOwSjQ:u8Xi2Mw7d18IZsmigqhXfjQ
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\2be989a0-16a1-424b-9211-51aa3bb43e5d 0.98 KB MD5: a73241725d8abfb3432b10ebf9539631
SHA1: 1f997d21809989e8168b6f31c96f9a80a256f2a2
SHA256: 4ae046283036b16f36b983ce2355d280c8f6acf27033f3fad4a57ff9828e51d2
SSDeep: 24:U2qwTh0oZzFxJOJ0Y85iU/sRnZy7n7WoJqEzyFz060Xdc9dG+Up4q:U2qwTh0oplOGY8h/mU7n7XYEzylp0XdR
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XwlZ4_3gRYpi5hUPw.bmp 78.13 KB MD5: 62cce4da9bf1492ef5d57b591b4f55ba
SHA1: f16e63f7fc19af3f4fe7143e11114961c5d6a023
SHA256: e7a96838e7e96dbcbacbc6111da5ef968bbbaab49724808344d78619818a33dd
SSDeep: 1536:tOFkGYZnYy5WUkZMK5Ft/RnBjd1eeareI8gUW/JFgpFrQXQ8w:AFrYZno/MUlI8gUMCrQk
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\54dYL8epc8labEL-yrrC.gif 44.87 KB MD5: aa426e47802181cfde203b1963ece7ea
SHA1: 812614ec52a2dd143277bde26c60f65e353eef05
SHA256: 71da2eb7e9b6b88f07a3f471b29c641acb867b71399a16a32ab808314a253ab7
SSDeep: 768:H/Z32sZBkFzxRudtPCIppVHFCah4SXWz3LaINS01IBkLTxaQwpKze0nUKkdE:fZ32sZ+FzaPCcFzqqWz3LaINS01hTfys
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\permissions.sqlite 64.53 KB MD5: 2f5a22efe57bb5d9d97053bd63553ab4
SHA1: 66662930261149e2dd368ecc066b0c5759f6e2a3
SHA256: f737777b9bc541b116954d637b742417698a46e41755ea2225df076696b56ba7
SSDeep: 1536:PTHLhfA0I/oedPAl7aJW6PTnYsIlW8SKhfZgxWD1wB:LJA0YP1YgT1TwfZCm4
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\eyw zkgWUdFIyaJTef.ppt 25.74 KB MD5: 201531ac959991f82de13a6cfa66da15
SHA1: 766a6d4cb6f8face776d345a93a64c86ad2314a6
SHA256: e2abbd6bc35bd2deabb8e03883049404105eccead38974b258f51957c56054c6
SSDeep: 768:b14vvcWbVO2/Kwkih3R6f/rlQtkrZnNNPsYcDP:bWvUWbVXiihQfjrZnDPsYIP
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite 512.53 KB MD5: c165d3d6e135e4df41d7cd959cdacc7d
SHA1: 522510dbc8c984b77e809e9eef78ade75c673a39
SHA256: b09aa96233ab0b82d497a6c0ef9faf7695745ab5eb3fedd581da7920428fb5e3
SSDeep: 6144:GFZ0qvnCEzrrorEKHp8PQdh92FaL+b53AY21X28+AOgUrZQhMC6M/wty3Q+sQtXH:GFAEbqd1Lgvm28hOgrCGh7Mgiq3zEAg6
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f 0.61 KB MD5: 9c6a58c9fb0c5266c0cbb85b5dbf81cb
SHA1: 2177373350e0cea3effc3d26cb4bf3625a019b44
SHA256: 1b9a11cd1fba5f4f0483cd0bcabaa08c5c6d97c54c7e56d41606a5f3c8d0e300
SSDeep: 12:ITUxH0fGq7NL4ttjzQlvB/I2MNGQuNse+yywDzmGe7kwTKC:ITUxH0+AgjzIpqN/e+ypmjBP
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\q6c_NQXtn.avi 12.92 KB MD5: ae48318285e88010a299e42ad955affc
SHA1: 399c659c3afe630f3d5896ee22afc51d6814aca4
SHA256: 54444ea451ad471018c197093c1f08c387c69cf391006d5317eb4e8775773032
SSDeep: 384:grVEqwg0FYAGpYYdbYwh7wco66LpgZk8cBL:g640FYFMwhkz66d8kr9
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\sU-kB2TykU.pdf 75.10 KB MD5: 5c14d94d2f10fd9a0b96a41943df6b7f
SHA1: 8afdd89e57d65978b89cd7b46890446d9bfbc1a0
SHA256: 9ab490012a9b1095d602e4b07f08f78b21dc322387676a226d3f592cc6747f11
SSDeep: 1536:Ie6es/xogDyYKxrz6dwFsHLNU6mdh1yhh56Anw1zwRyL8D59SatRta:IeRGxoRYUrojL+6OM56Aw1EyYc+ta
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\prefs.js 4.49 KB MD5: 8b65ba64099b0c470da2fa9dac250985
SHA1: be2cf7679105f658098a8c891c4a09c56fed25d8
SHA256: c0b5cbc7d5456e26199330bb75b0694369e0da50ad5521a1a7511f5d2eaa8760
SSDeep: 96:rHMvVYNE6M/+hRTJsd8hV8cgoCize0pSFuJIvf1ALuW:rHWVPDWhRTJsKscgtiz1Sn4uW
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\NjY6Y3RUANArVC9i6_.pdf 3.17 KB MD5: 224bd8465cc8057e9b337969617ce701
SHA1: 95d9a32ab2fc84573c56c0bf5cf10f236ee9b8e8
SHA256: a5baa5effe73d05588893c1a3168d9016eea9f7442e7fbeed8afdf9a8a173e25
SSDeep: 48:TG63xJbZz3F8/Gxcc/MwSIjfxS8e89OKMoXiE1jScCdfYVJa+s4z1poMscFQq:nz5F8/40oxS8xBvVpIdfYVY+s4zofcuq
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC 0.53 KB MD5: eb778936ecde4c398848bd8c59f72c5e
SHA1: 720d385b93885fff6d43727e1aa5928644bb6d0f
SHA256: 247d17d6a21dd0a05157c096230ad164c7f579b5225730811af95e67698ea258
SSDeep: 12:9PD2x3PvL1YATCoCZqTSkvu1HX1Z0JTGP9zrHeV5Tc+ldnUuC:9KxnL1YATHXWkv41Z0JTGP5rHeVdcanG
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml 0.69 KB MD5: a78c525e643601df085a444bf281e18b
SHA1: fe0f8727ba67130043efaf50af036625f152a4e2
SHA256: e8e7f4aa7ae6a730d9c3553120915167762d6d6e9861b9396f701f5bb7d1da51
SSDeep: 12:7nk4/GNmplKMIPoEhq4tdpov2CO6U4DZ6VhjRBxax/0YimUaatwRXByYd444XpFV:7wmUMhEA4vpov2CO6DZ6DjRGmYiXuRX6
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\marionette.log 0.58 KB MD5: f61f4cba2a0f5248665e168e1d492db0
SHA1: 2c75186395e9cb7905f46bb835d3543f5a0363d8
SHA256: 5e240a955c71acf770933c6d2892fdf57f899162da5d1d2fa4270b64703c749d
SSDeep: 12:FiIuB6bwVhUyWT/V6DM3yhMpTgIJ18eGkdyR6aoBfiq36lxSmw/C:lu0shUymUXWYezaoBfJsxwK
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\aI_uyfA0L\BC9b-07S-O7vcOJ9e.pps 75.05 KB MD5: 0671f081a9e83f66901e077f23e947dc
SHA1: ee9bd346cbd744e935d319b4e19bb66d554d98b5
SHA256: 12e967231c4219d1891adb46e44dd969a9de45574f0bcabb6e24796c73b40f5e
SSDeep: 1536:YWGgpo0fi8BlG1yj5p8zXljx52MImK3ha/V3YrIKPdV03nuSRn8np:YWGgq01lgyOXPQ9hOoV303u4n8p
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bejNW0w.png 66.51 KB MD5: db063cb97caa6a1e8ab0274006274804
SHA1: d2f04fbac40c9009de1735e6de983e0a2c75ab45
SHA256: 2765943e4d5c8c58451013ee401857f4e837971528b5f9ee210d9dcc00dc3d6a
SSDeep: 1536:h9PiLFgavHuMlcsOkBySckl0PpBwrw5Z8SvEgan0errPIe3gy:rPW/VBO8Bc8upWs5Z8Scga5rLIeT
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\l8fxtgGX7q15p s_b.gif 6.34 KB MD5: ae000508ddb160c7d5171f87642a5e1c
SHA1: c772593e5f8f798c5591bdbaa2bf105c5a3163c5
SHA256: 553124be5d6d39039c4737b24e9d907df76a08765bb891e9da0455c2349cfb94
SSDeep: 96:/yeIwyLrt1j2sAOAVwL2LJYiAyMb2t69d/5q/GMsjsgyS/wYOoMsNXPh3z4FvT:/cwyLrt1bAzERpd/5q/3e4YUqXPdz4p
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\downloads.sqlite 96.53 KB MD5: aa92596ef47ee27cdc4776e9ddc20b13
SHA1: 323ff0bf0e67c0c2b2d2b974fc1aed6dda04ca82
SHA256: 94a38e9d8457aa16fc19779fa4c6ee23cb31f28f18c466388c7539630b6e2814
SSDeep: 3072:+Bde8nUV4qluQLFom4X4Xq44y3UQN5K8H:+i8ni4qA4Xqny3UQis
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bArevy9ogsU.jpg 32.90 KB MD5: 3239766b0f87e3440d21aa596d35ac8e
SHA1: 5d2051f0ca06c94d1c32f198a7e240883630d226
SHA256: 1451a58706a34bece9afd9e49b7ee945b71ca33819ef16b8868cb44eefd1af99
SSDeep: 768:1DINIKcLP0HDYJwTCM95UwlGyoaaB0iDdlkhtNOyHyKn:pKkqDYJynXs1lBTo7f
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Xq3c_DFoHTXbnL-jyfH2.avi 8.38 KB MD5: e614b71a9388f519dbb7f2fd47cfd297
SHA1: 286e5a36e0987cd54f74d8c3cc142a0f3288011b
SHA256: 890259c47bc325f240de7dea4b3e95666a5c1f56da566d276d014a1e6d540dcf
SSDeep: 96:0/Kl+vIagzFeOzXBgSlHFwA4FqK8rIMzaK/XxBnAUK4PcGHBnKhXgJVycOFmI3Wr:0Cl+vTOzXeCJ4R8LJZXK4xheBHmnwdZ+
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\TVOje 2c0vMXc8EvuroQ.jpg 93.66 KB MD5: d93d0cb1468e566be028d6c8df28f607
SHA1: c26da4c79940b1b3652d7c0b6d6a793a429ece1e
SHA256: 6d029b07c3e7985b6f69a7b187f8bcf2bbf8a1d705bd4636dd2725be36737c05
SSDeep: 1536:4E1Pz4oFOoO6/SO+yW4bORTx53UFOBht5DOLThmdXn1oRt3ZQ0yEeUW65JV5qm:lDOo/SXWIxRZ7jiBM8t3ZuzUn
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat 32.53 KB MD5: a70001963fa6a91b9e1db28328ec2077
SHA1: 582fb910fcd16c6dd30b666161f34c96aace567d
SHA256: 4cd02d81bd36e16cd291e47e143c8bcaf8770eb5a35df233f00192223db72981
SSDeep: 768:x0ohgL8NDm+hNK+CprBjFaqsZndT4CMNiEWpssE/wHYQLQzCwBn:u2ZD1H4r5FaqgnvP/mJCYn
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\0IjOhW-BzQ.flv 39.75 KB MD5: ddac42f0d2aa1578af9170ca7c7e807c
SHA1: 9993be29d2c8829d8e0a9fa10fec2a98240bd3b4
SHA256: adbdb25b80e0a473531e8bdaf88e8a0cf29ca0b888c54a2ebe54ba38bf6aa569
SSDeep: 768:qKdkpDJrz/WeheLgztOEETkB3C7WG926PGGYZV2J1FbYgD9vQPaf14nLc0:q6gzOeELgztO8A7C2LP5D2no0
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7_yDsf.png 81.66 KB MD5: bbe6eda935523e68288160302de902a6
SHA1: 2b3c8948d1b2f5cc83856e175a99b417c037cdbd
SHA256: 0dcf0627acce39f32eb3c5f0be52c9663593ad491e145434638dc96961a8ba8d
SSDeep: 1536:EuE6IetrrJ0mNp7gSnMMXPfNc99lc6nOeWf/G50ydKxLqyd/2aM6nW:EobqlSnMAcPq6Oe9WyMLqyd/fM6nW
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xdULuq_93VeB4azhBJS.swf 13.14 KB MD5: 1f7f76f8a6d27d1498659d02bafba8a7
SHA1: dc5fc298af3f85f0fe8dcc4069a54c46d628c5f6
SHA256: c614e2560c1ae345d2a3d59c19a6888f53179f148af34481c1ac54063b801351
SSDeep: 384:aKO5rKlpzsuKvxowQZUFZcjNTke2m+hG5uX9:a/Klpt6o1S4t72K5o
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ZEkmYRlBMNQb.wav 7.37 KB MD5: 026ee7c5f18a72008e385d658aedc9ad
SHA1: ea85580de87b2bff9a9de7187ec2e448523bd1af
SHA256: a31f6cd7ed95c5730ec9b398b36e10879242c0548aead4c2af763af8268c9cc9
SSDeep: 192:Ci/80vOBbOhx+jkKasN7z9gsgROtNLgSZt3Atymq1:71GBShAjkw7zmfiLstnq1
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs 3.03 KB MD5: ab9f965135360eeb48fb0a07e7b45f69
SHA1: 383d4ab2825fd98f3efdaffa6b6620549162165e
SHA256: c4f3f5d00c988f4d42035a36e7405a3f47a939995afd86ca5b34ff7088f8e3e7
SSDeep: 48:xl3xOh7ke2JxjmeQFNCyuxBx2ftHU1hy7dV0kDWxN8qn4x1gy9wKgveQ:33Mk1WcyuYt0187PdDNj2EwZX
False
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim 10.00 MB MD5: 64b2c2f958e670cf8293d6a6ed01ec07
SHA1: feaab98ee497f718c27f8ac7c8faaa605ed2cd73
SHA256: 0956b3025baeb25073910e72b919e4a133fd1d938b0e35c516f762716d0cf26a
SSDeep: 196608:KogiYJEwJ1oXgdL+PUl6xqojQRljrffo1feRTC+JO7MAVgqBpiTGWs:oEwJ18yL+cl6ZjeljrffowRxMMGciWs
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx 3.99 MB MD5: bb0208e0e318a0bb90b9ed59758bdd85
SHA1: cac87d7fa6e2e628e129c0b5497efedab748d78e
SHA256: 89c2e1587cd6c2a19cf5326e4b29690b045a789351d632f210204bc69ea375f2
SSDeep: 98304:23QOJFRb+u3laOSXSNMWwsi0qLJHxRMFb6vPkEZuwW5:23ff6ulaOqpVIl6nkEZI5
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\BAFRApab.swf 14.49 KB MD5: c82809e7faa98973ebd17722e254633e
SHA1: dc4853d08d409dc01b4df80d8409f40808105912
SHA256: 6dea094f3231aec5573feb7fd799606733879fa7280e83e5ac9899586eeb61dd
SSDeep: 384:K6rJKyVf80vg1IeFJvBhTbNjPyn1FiGHYSOOSTIUh:K6rhVffg13Bh97GLYVOScUh
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wVdQ7Km JzSr9VkDEHs.m4a 65.64 KB MD5: 1ee9abbab33fb0652e7aba5fe5fb3a26
SHA1: e20c5431f2b458057abcbb73e2210611925ca4d4
SHA256: fd2beed0153c22874ce765055c6f617e102b6bc8b9f7f73325396a5d8fa66d81
SSDeep: 1536:6MuxOQFvCw00Rv18RAF1hAu/36fzXxFyF8FvAxCwxNZD5I2emi7G:6pbCx0x1kAFcu/36rS8BwRxH2l7G
False
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact 1.67 KB MD5: f384e73e69aeb3e62ab740414525588f
SHA1: 9c26802829fa9664e4abd13d0faa7be8d8a45f29
SHA256: 723e6cc191551d63513e3d26e5e140388c45e0b223c4083b48017d08b510c6d8
SSDeep: 48:CuWEcq+yt2oeZq0KAtACmQqF1U7r45ZLhey0dCNt:uEcq+yt2Zq0KAtACmQqwf4rUdCf
False
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\SYNCHIST 0.60 KB MD5: 1b77463a30328fafd68d4342c5bb5831
SHA1: 9b6fc08ee7e172a82ebeb860701962659cd60873
SHA256: 6f38a54166ee5ff8a951cc34e54092db176ed8b6a3539bdfd0a49f34ecfeb056
SSDeep: 12:s+JmiLZGNkKup6Dt0lP7xY3Gk+2zeX1faRs6woaC:giFGXtaPuDleEtwY
False
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\V3mLxa zbY.png 95.92 KB MD5: bc35d1d04cbe072449f350caf90913e5
SHA1: 0e626c3d6d4f7c7e316f82e3b19201039d30850a
SHA256: 377ae942cac6dd8947d2a6cdee6a1d6a096e091467b521b2dfcaa88ad462ebd1
SSDeep: 1536:KSy+lke8urFTCO5z/IqHlU2+z/ClDCVUVLFubDbq8Zc0l0bxTE35+lXdDpHXDzar:O7QpIqHlU5z/ClccKXq2cM0G5KtNHXDK
False
Host Behavior
File (3159)
»
Operation Filename Additional Information Success Count Logfile
Create C:\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$Recycle.Bin\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\$Recycle.Bin\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Config.Msi\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Config.Msi\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Documents and Settings\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Documents and Settings\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\MSOCache\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\MSOCache\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\PerfLogs\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\PerfLogs\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\PerfLogs\Admin\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\PerfLogs\Admin\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Desktop\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Desktop\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files (x86)\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files (x86)\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Recovery\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Recovery\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\System Volume Information\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\System Volume Information\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Users\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\31kwfNFercIrh8w.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\3OQ79xVp.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\54dYL8epc8labEL-yrrC.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Collab\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Collab\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Forms\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Forms\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Flash Player\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Flash Player\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Flash Player\AssetCache\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Flash Player\AssetCache\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Flash Player\AssetCache\D5NTRC6R\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Flash Player\AssetCache\D5NTRC6R\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Headlights\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Headlights\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Linguistics\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Linguistics\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Linguistics\Dictionaries\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Linguistics\Dictionaries\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\LogTransport2\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\LogTransport2\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\A_7eD85g.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\BAFRApab.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bucTb.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\C3VzdO5WAe3dGKJ.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cjblLudFGCMB.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cKlnfg15XrF7bvO0.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cQ5f0X_B MzbcM7.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\dv0fVo_p-eFE zhXhLF.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\euXdiWkWMMlS.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\eyw zkgWUdFIyaJTef.ppt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F4Vtqjr_GT.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\FS-LIb.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gQhG.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HWyvWISKUb7g.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Hzi4Zxo_l.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Identities\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Identities\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\iOyPas ihlRd7U.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\KqSpi5awWuXxk.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ksf2Zca.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\kxPjHZSI.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\l8fxtgGX7q15p s_b.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\lRnyKbLLxwSfG7-F7T.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7Y3F7QB\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7Y3F7QB\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\AddIns\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\AddIns\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Credentials\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Credentials\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Excel\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Excel\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Excel\XLSTART\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Excel\XLSTART\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IME12\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IME12\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IMJP12\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IMJP12\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IMJP8_1\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IMJP8_1\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IMJP9_0\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\IMJP9_0\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\65UX3YG0\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\65UX3YG0\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\AY721QDR\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\AY721QDR\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\DZBKZBIC\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\DZBKZBIC\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\VRLZOZ0E\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\VRLZOZ0E\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MMC\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MMC\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\1033\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\1033\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\MS Project\14\1033\Global.MPT desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\Connections\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\Connections\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\Connections\Pbk\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\Connections\Pbk\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\MSO1033.acl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Office\Recent\index.dat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.srs desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Outlook\Outlook.xml desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\PowerPoint\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\PowerPoint\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Proof\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Proof\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\CREDHIST desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\Preferred desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\02540a10-7eb7-4b20-a8c7-470f8986389c desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\0e15476d-d8fe-46ca-8099-ebdcf80f637c desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\102a7bc8-3f85-4bb4-840a-38257d2965d2 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\2be989a0-16a1-424b-9211-51aa3bb43e5d desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\fbbe72db-afd8-443b-88dd-64b20388700d desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\S-1-5-21-3388679973-3930757225-3770151564-1000\Preferred desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Protect\SYNCHIST desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Speech\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Speech\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Templates\Normal.dotm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\UProof\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\UProof\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Word\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Word\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Word\STARTUP\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Word\STARTUP\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Extensions\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Extensions\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Crash Reports\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Crash Reports\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\addons.json desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-05_5.json desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\bookmarkbackups\bookmarks-2017-06-16_5.json desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cert8.db desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\compatibility.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\content-prefs.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\downloads.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\extensions.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\key3.db desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\localstore.rdf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\marionette.log desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\mimeTypes.rdf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\minidumps\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\minidumps\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\permissions.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\places.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\pluginreg.dat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\prefs.js desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\search.json desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\secmod.db desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.bak desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\sessionstore.js desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\signons.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\times.json desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webapps\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webapps\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webapps\webapps.json desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\webappsstore.sqlite desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\MSTuZpty_Rc1sF5.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\n9zuIgG8PG8NzTr-23e1.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\NjY6Y3RUANArVC9i6_.pdf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\O1UBl.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\q6c_NQXtn.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Qp92YpydVN3.ppt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\sU-kB2TykU.pdf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\vTHnDk1Vq.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\VVk_rvAnTcgN6kmmJ-S.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\VxTdG_8-.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\xdULuq_93VeB4azhBJS.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Xq3c_DFoHTXbnL-jyfH2.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ZEkmYRlBMNQb.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Application Data\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Application Data\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Cookies\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Cookies\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2yxduGc9tbtQvdoZndN.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7l38Ee.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7_yDsf.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9vWvoQ L.csv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\aG8T40Qxf_lp30_qS47I.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bArevy9ogsU.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bejNW0w.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cg3OQ.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Fio9Y6EsL9GS.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FS2a.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\0IjOhW-BzQ.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\aI_uyfA0L\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\aI_uyfA0L\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\aI_uyfA0L\BC9b-07S-O7vcOJ9e.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\aI_uyfA0L\oLlF0_pTp4BI.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\AWhrvcVrBG.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\g50C\rXJA_qzjCfNd.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ihzz.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KGNn.ots desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\L6lBA1XLEg.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\lboDsAjdTqAqpr.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\ceYPdnUpXgCg.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\GzgC55.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\K4 ZY9Ss3auLgf.rtf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\rk8AFcHDgHmtg.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lmm-qJ 7JQjzL9\_H Hn5Bs8BWNQr39.ppt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mnaMfy5O.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ms86E.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pnn1.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SNZnJAH8yum.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\TVOje 2c0vMXc8EvuroQ.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\UezaAtm.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uND 5UqeHqMK4LA.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\V3mLxa zbY.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\v7nq66.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wVdQ7Km JzSr9VkDEHs.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xljcThxNugCCh57P.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XwlZ4_3gRYpi5hUPw.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y2yRLSXnlxA6\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y2yRLSXnlxA6\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y2yRLSXnlxA6\gWOLwd36.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y2yRLSXnlxA6\Kl4_lyvPu9.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YTpsxhMZaez8FTEv0oo.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zdeq0eVhdlZ.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2Sm9WZ0l2f7onKJL.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8GeHPFX.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8Tbx7B-pBn6NMbzl_T.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9BmhyLiEZD4Z5iYIJQLH.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\bKB_nZtKTM64bj dcP.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\C28BS7CIXhL.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\EWsr668SLfcFFyC.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GiGaCPFQvSQmD_.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GMPqv25_nAW6.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\hKETY8zi-t27.ods desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\jcb5UirWcUMr1yC.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Music\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Music\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Pictures\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Pictures\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Videos\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Videos\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QNgt5qUx4DzWZ98Z.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\REm1vJZnEO1nTsLOJmI.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RQ7QxKM2E.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TqvZ5w_CieBDU-relQdw.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TSVzKtbC3DkqVMIEctE.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\T_eeR.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\u1Up38ls2EoECm4jW4Jv.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WqQP3FYQQ9B.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\dGWdLiKUgDcn.doc desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\fS t.csv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\-Lcw.ots desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\0rXwXxt.xls desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\LumcMGtt.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\u3 KpibL_Cn2.odt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\YnsoQaWt5UmFwRBNg\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\YnsoQaWt5UmFwRBNg\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\YnsoQaWt5UmFwRBNg\0xdAi.csv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\YnsoQaWt5UmFwRBNg\3YNLDcHYxnDQv.odt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\YnsoQaWt5UmFwRBNg\44Xh-UVSs3Xq.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\YnsoQaWt5UmFwRBNg\DDwCldJW-h.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\33_nY IlXA\YnsoQaWt5UmFwRBNg\dzW-ogFMI.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fDbA_gZ5YmI.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\4TpkZ4.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\54aB.ots desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\A6N60LJ9RzA1F 6Qh.odt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\BerLwz.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\e5K1Rh.odt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\fUkZlnFyOXj.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\tN81Gy.ppt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\fgpIyKhBhpTTOX\UkDAfzzNy.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\ITB-jVDywpMXP9rQ.xls desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\NiW6wntkMuMZX.xlsx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\PpM6pj0gyXf.odp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\qHP1ctrIcG.ods desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\RtN5p9_PM6GwOZyKf2Y\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\RtN5p9_PM6GwOZyKf2Y\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\RtN5p9_PM6GwOZyKf2Y\Tnp0511HK5l-iV7 ud-.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\RtN5p9_PM6GwOZyKf2Y\zXKGm5KSVgO6rO4u32s.pps desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\S8ccig2ta-sMQibXK5C.pptx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\uZPnCa3f\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\uZPnCa3f\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\uZPnCa3f\1C88iY7CXbuCcRQEw.doc desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\uZPnCa3f\5HjBjZV.xls desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\uZPnCa3f\bQnCz0YdzcXfVN.docx desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\uZPnCa3f\dwp97RIptPP8Z.pdf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\idc20\uZPnCa3f\qwh3PQBq6D.doc desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XdABh-JtHE0SlH_1S_\VyfdbqB-.xls desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Documents\zJ_I.ods desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Links\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Links\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\0wJakY.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\2S6un87aks5ZGWxCnX.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\hPCXmJKBpFdhv9_1A9e\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\hPCXmJKBpFdhv9_1A9e\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\hPCXmJKBpFdhv9_1A9e\43tT.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\hPCXmJKBpFdhv9_1A9e\BxdTB.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\hPCXmJKBpFdhv9_1A9e\gEVGF79rHVKdAlJq.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\hPCXmJKBpFdhv9_1A9e\PtzmK--4h_NuO_d43cZU.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\hPCXmJKBpFdhv9_1A9e\u8QBosWNxQU.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\hPCXmJKBpFdhv9_1A9e\Uh_QqrwzjSUktW8rcGj.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\hPCXmJKBpFdhv9_1A9e\Uihe.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\iEy5.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\jdF1qDWDS\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\jdF1qDWDS\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\jdF1qDWDS\0cU6rhjIGhA5VdmzA5I.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\jdF1qDWDS\K-kh6YGJw2aeD2OG1.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\jdF1qDWDS\MbBeCZw-n.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\jdF1qDWDS\xxRbICPbr9.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\1cXYcbl782Oq80J.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\E0qhewtLXCpiZwJJE.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\EYfOufXEpQuv8L1e2ROf.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\gB9g0apeIjxu.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\nrldfMBryQ22.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\2FTcID.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\4UfTfbz1.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\BuqgUtZMmK6qgMxnbw\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\BuqgUtZMmK6qgMxnbw\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\BuqgUtZMmK6qgMxnbw\PvBCobQLyBKvK.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\BuqgUtZMmK6qgMxnbw\yXc5gm.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\BuqgUtZMmK6qgMxnbw\_okGovI6Tuuczr.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\ggK9JYDEOFadp7.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\RRgfwWk_A9eZ-n IZ.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\WlCO0hg9an49Bwbio.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Jm06CudK_z-e3\wuYyf5V\ZhbOgQM9LpSRumMhv.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\qZpPdlqXlW.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\RxNbO2Gy 4\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\RxNbO2Gy 4\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\RxNbO2Gy 4\olrzAa.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\RxNbO2Gy 4\RRZaIjmYA.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\RxNbO2Gy 4\U9MURLJpxRECZP7.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\WKG T.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\YQGnP5\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\YQGnP5\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\YQGnP5\AHO CWl0XFrNHr.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\YQGnP5\ia1zNGz.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\YQGnP5\TXUEYIeS3.m4a desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z7RVNM70SmISrBblI3y\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z7RVNM70SmISrBblI3y\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z7RVNM70SmISrBblI3y\tYbI.wav desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z7RVNM70SmISrBblI3y\wF_ah.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z7RVNM70SmISrBblI3y\xRLzAjHp5oZCsDrPb0mN.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\My Documents\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\My Documents\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\NetHood\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\NetHood\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\4tMQaYr2E_1-5OipVd_H.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\gjNA.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\hgm_cG.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\0LTIHMIPxsX\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\0LTIHMIPxsX\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\0LTIHMIPxsX\86a_.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\0LTIHMIPxsX\ArDBercm1WgkTAdBgpj.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\0LTIHMIPxsX\NRtddECI4J5El3xrA.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\1lcHdfcZw3y.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\lgNrYekkHg.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\OQxW9rf8khpx.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\VDy6fTdz\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\VDy6fTdz\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\VDy6fTdz\62uf4v89l.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\kiAaCkbB\VDy6fTdz\jGn hL8ZuEW.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\lzLQ D1J.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\7i8sdFmQaJO.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\A2LYhVn.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\F5dPd4vbYcB0P813IZv.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\ObIjtR1x9.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\uo0P7AlmRTZ2w.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\YNmMRwFiy-P6\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\YNmMRwFiy-P6\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\YNmMRwFiy-P6\bZ5eO24J5kEuV8AnETJS.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\YNmMRwFiy-P6\cygtvyn5Gz_blpqUi.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\YNmMRwFiy-P6\IAFOqm03b.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\YNmMRwFiy-P6\k8GGIbaiqjaJtz2.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\PVZb_BHwYy-INWBsD\_CLH5pwk6b1XGOc.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\UR_abhsJwXfuW4T_PK.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1ea7gJ6myqomR3Bsn\xKcm.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1R5d.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3AiN\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3AiN\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3AiN\BLpGl_EQkC-Dlca.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3AiN\C7S1jn.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3AiN\GljnA5puDrRqecP2ilYg.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3AiN\jVa4g5qxzGnZ4M.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3AiN\lvtWgBIT2.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3M2RMArs_pvKDA\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3M2RMArs_pvKDA\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3M2RMArs_pvKDA\mfog 1C C.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3M2RMArs_pvKDA\OkYagVw3.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3M2RMArs_pvKDA\qDutazEIKUUXrBuiw.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3M2RMArs_pvKDA\_JSHpRRRytD3Y7CW6rR.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\r7qrIOJ0TH53YfQ5t81.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\S-L1D-L_n.png desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_Zv-96.gif desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\PrintHood\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\PrintHood\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Recent\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Recent\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Searches\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Searches\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\SendTo\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\SendTo\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Start Menu\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Start Menu\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Templates\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Templates\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-ro4Cvdc\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-ro4Cvdc\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-ro4Cvdc\JX8TaLiOjyF4Q69q.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-ro4Cvdc\NoNiPL.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-ro4Cvdc\uMu2u0aILOYH7_.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\-ro4Cvdc\VRKufQFq9pJVue5.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0D_NEmf.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\bEQHuvp6rKJuR0D.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ChZXTpxmpGN.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\DADkPHt6Imw5kJ8fcd\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\DADkPHt6Imw5kJ8fcd\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\DADkPHt6Imw5kJ8fcd\qoKU.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\DADkPHt6Imw5kJ8fcd\Sc0IdXHhIQ3e6oDZ.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\oiBCNF8lbXA.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\Xz1uS3\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\Xz1uS3\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\Xz1uS3\8dPbI.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\Xz1uS3\ccJcL2.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\Xz1uS3\h7A FPQ.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\Xz1uS3\j00zsN75P- zJVICJ3t.mp4 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\Xz1uS3\JgfHCnj.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\Xz1uS3\MwuJJU.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\66hXC41i-MdpLVqBbxy9\yj4HEKFBbs75YQU kwy3.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\bnL5AtPOyX6Z.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKOly4z-\u 46qB8.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\iVkLuA-t Qo6KUXX.mkv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\JbZzThML19hDq\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\JbZzThML19hDq\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\JbZzThML19hDq\8POMG7Sn.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\JbZzThML19hDq\Dz8w__cr3ZN.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\JbZzThML19hDq\mdcl8 c.avi desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\L_MwSiU_s08qSexricl.flv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5p5NrGJn0jS HALPmcxz\Videos\RElfUFlRE.swf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Application Data\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\AppData\Local\Application Data\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Users\Default\AppData\Local\History\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\History\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Credentials\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Credentials\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\1NBUR4HR\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\1NBUR4HR\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\6ASVN7J7\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\6ASVN7J7\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\D68G7BIJ\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\D68G7BIJ\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\index.dat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\KQMHSVKD\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Feeds Cache\KQMHSVKD\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.bak desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Internet Explorer\brndlog.txt desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\01_Music_auto_rated_at_5_stars.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\02_Music_added_in_the_last_month.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\03_Music_rated_at_4_or_5_stars.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\04_Music_played_in_the_last_month.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\05_Pictures_taken_in_the_last_month.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\06_Pictures_rated_4_or_5_stars.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\07_TV_recorded_in_the_last_week.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\08_Video_rated_at_4_or_5_stars.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\09_Music_played_the_most.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.chk desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb.log desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edb00001.log desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\oeold.xml desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Settings.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Local\Temp\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Temp\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Temporary Internet Files\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Local\Temporary Internet Files\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Roaming\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Credentials\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Credentials\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Crypto\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Crypto\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Crypto\RSA\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Crypto\RSA\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\CREDHIST desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-3111613574-2524581245-2586426736-500\Preferred desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Application Data\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\Application Data\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Contacts\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Contacts\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Contacts\Administrator.contact desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Cookies\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Cookies\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Desktop\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Desktop\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Documents\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Documents\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Music\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Music\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Pictures\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Pictures\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Videos\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Documents\My Videos\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Downloads\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Downloads\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Links\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Links\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Links\Web Slice Gallery.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Autos.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Money.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN Sports.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSN.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\MSN Websites\MSNBC News.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Get Windows Live.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Links\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Links\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Music\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\Music\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\My Documents\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\My Documents\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\NetHood\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\NetHood\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\NTUSER.DAT.LOG1 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\ntuser.ini desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Default\Pictures\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\Pictures\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\PrintHood\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\PrintHood\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Recent\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Recent\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Saved Games\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Saved Games\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Searches\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Searches\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Searches\Everywhere.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\Default\Searches\Indexed Locations.search-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH False 1
Fn
Create C:\Users\Default\SendTo\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\SendTo\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Start Menu\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Start Menu\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Templates\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Default\Templates\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default\Videos\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default\Videos\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Default User\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Default User\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Desktop\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Desktop\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Documents\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Documents\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Music\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Music\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Pictures\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Pictures\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Videos\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Documents\My Videos\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Downloads\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Downloads\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Favorites\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Favorites\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Libraries\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Libraries\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Libraries\RecordedTV.library-ms desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Music\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Public\Music\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Music\Sample Music\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Music\Sample Music\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Music\Sample Music\Kalimba.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Music\Sample Music\Sleep Away.mp3 desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Public\Pictures\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Desert.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Koala.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Recorded TV\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Recorded TV\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Recorded TV\Sample Media\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Recorded TV\Sample Media\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\Public\Videos\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE False 1
Fn
Create C:\Users\Public\Videos\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Videos\Sample Videos\\JDXYUWELWX-DECRYPT.txt desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\Public\Videos\Sample Videos\9c354ca49c354b4621e.lock desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Users\Public\Videos\Sample Videos\Wildlife.wmv desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH True 1
Fn
Create C:\Users\5P5NRG~1\AppData\Local\Temp\\bxmeoengtf.bmp desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
Move C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.jdxyuwelwx source_filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.jdxyuwelwx source_filename = C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\31kwfNFercIrh8w.swf.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\31kwfNFercIrh8w.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\3OQ79xVp.swf.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\3OQ79xVp.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\54dYL8epc8labEL-yrrC.gif.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\54dYL8epc8labEL-yrrC.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts\glob.settings.js, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\addressbook.acrodata, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\A_7eD85g.swf.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\A_7eD85g.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\BAFRApab.swf.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\BAFRApab.swf, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bucTb.gif.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\bucTb.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\C3VzdO5WAe3dGKJ.bmp.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\C3VzdO5WAe3dGKJ.bmp, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cjblLudFGCMB.png.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cjblLudFGCMB.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cKlnfg15XrF7bvO0.gif.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cKlnfg15XrF7bvO0.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cQ5f0X_B MzbcM7.avi.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\cQ5f0X_B MzbcM7.avi, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\dv0fVo_p-eFE zhXhLF.mp4.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\dv0fVo_p-eFE zhXhLF.mp4, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\euXdiWkWMMlS.wav.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\euXdiWkWMMlS.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\eyw zkgWUdFIyaJTef.ppt.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\eyw zkgWUdFIyaJTef.ppt, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F4Vtqjr_GT.wav.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\F4Vtqjr_GT.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\FS-LIb.flv.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\FS-LIb.flv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gQhG.gif.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gQhG.gif, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HWyvWISKUb7g.flv.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\HWyvWISKUb7g.flv, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Hzi4Zxo_l.wav.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Hzi4Zxo_l.wav, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Move C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\VxTdG_8-.png.jdxyuwelwx source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\VxTdG_8-.png, flags = MOVEFILE_REPLACE_EXISTING True 1
Fn
Read C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite size = 540, size_out = 540 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite size = 1048576, size_out = 524288 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\key3.db size = 540, size_out = 540 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\key3.db size = 1048576, size_out = 16384 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\places.sqlite size = 540, size_out = 540 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\places.sqlite size = 1048576, size_out = 1048576 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\signons.sqlite size = 540, size_out = 540 True 1
Fn
Data
Read C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\signons.sqlite size = 1048576, size_out = 327680 True 1
Fn
Data
Write C:\Program Files\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Program Files\Microsoft SQL Server Compact Edition\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\Desktop\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Program Files (x86)\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
Write C:\Users\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\JDXYUWELWX-DECRYPT.txt size = 8650 True 1
Fn
Data
For performance reasons, the remaining 2149 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (43)
»
Operation Key Additional Information Success Count Logfile
Create Key HKEY_LOCAL_MACHINE\SOFTWARE\ex_data\data - True 1
Fn
Create Key HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_CURRENT_USER\Control Panel\International - True 1
Fn
Open Key HKEY_CURRENT_USER\Keyboard Layout\Preload - True 10
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 2
Fn
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data - False 1
Fn
Open Key HKEY_CURRENT_USER\SOFTWARE\keys_data\data - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 - True 2
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters value_name = Domain, data = 0 True 1
Fn
Read Value HKEY_CURRENT_USER\Control Panel\International value_name = LocaleName, data = 101 True 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 1, data = 48 True 2
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 2, data = 48 False 2
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion value_name = productName, data = 87 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = Identifier, data = 73 True 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 3, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 4, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 5, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 6, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 7, data = 48 False 1
Fn
Read Value HKEY_CURRENT_USER\Keyboard Layout\Preload value_name = 8, data = 48 False 1
Fn
Read Value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters value_name = Domain, data = 0 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = ProcessorNameString, data = 73 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 value_name = Identifier, data = 73 True 1
Fn
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\ex_data\data value_name = ext, size = 24, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data value_name = public, size = 276, type = REG_BINARY True 1
Fn
Data
Write Value HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data value_name = private, size = 1688, type = REG_BINARY True 1
Fn
Data
Process (1)
»
Operation Process Additional Information Success Count Logfile
Create C:\Windows\system32\wbem\wmic.exe show_window = SW_HIDE True 1
Fn
Module (9542)
»
Operation Module Additional Information Success Count Logfile
Load advapi32.dll base_address = 0x76f90000 True 6756
Fn
Load shell32.dll base_address = 0x75cc0000 True 1091
Fn
Load mpr.dll base_address = 0x75400000 True 12
Fn
Load wininet.dll base_address = 0x77040000 True 5
Fn
Get Handle c:\windows\syswow64\ntdll.dll base_address = 0x77a40000 True 3
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x76f90000 True 836
Fn
Get Address c:\windows\syswow64\ntdll.dll function = RtlComputeCrc32, address_out = 0x77afffc1 True 2
Fn
Get Address c:\windows\syswow64\advapi32.dll function = CryptGenRandom, address_out = 0x76f9dfc8 True 836
Fn
Get Address c:\windows\syswow64\ntdll.dll function = NtSetInformationFile, address_out = 0x77a5fc28 True 1
Fn
Window (1)
»
Operation Window Name Additional Information Success Count Logfile
Create - class_name = AnaLab_sucks, wndproc_parameter = 0 True 1
Fn
System (564)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 2
Fn
Sleep duration = 1488 milliseconds (1.488 seconds) True 1
Fn
Sleep duration = -1 (infinite) True 1
Fn
Get Time type = System Time, time = 2019-02-22 08:30:26 (UTC) True 15
Fn
Get Time type = System Time, time = 2019-02-22 08:30:27 (UTC) True 13
Fn
Get Time type = System Time, time = 2019-02-22 08:30:28 (UTC) True 23
Fn
Get Time type = System Time, time = 2019-02-22 08:30:29 (UTC) True 35
Fn
Get Time type = System Time, time = 2019-02-22 08:30:30 (UTC) True 20
Fn
Get Time type = System Time, time = 2019-02-22 08:30:31 (UTC) True 5
Fn
Get Time type = System Time, time = 2019-02-22 08:30:32 (UTC) True 3
Fn
Get Time type = System Time, time = 2019-02-22 08:30:33 (UTC) True 5
Fn
Get Time type = System Time, time = 2019-02-22 08:30:34 (UTC) True 8
Fn
Get Time type = System Time, time = 2019-02-22 08:30:35 (UTC) True 5
Fn
Get Time type = System Time, time = 2019-02-22 08:30:36 (UTC) True 11
Fn
Get Time type = System Time, time = 2019-02-22 08:30:37 (UTC) True 7
Fn
Get Time type = System Time, time = 2019-02-22 08:30:38 (UTC) True 11
Fn
Get Time type = System Time, time = 2019-02-22 08:30:39 (UTC) True 23
Fn
Get Time type = System Time, time = 2019-02-22 08:30:40 (UTC) True 15
Fn
Get Time type = System Time, time = 2019-02-22 08:30:41 (UTC) True 1
Fn
Get Time type = System Time, time = 2019-02-22 08:30:42 (UTC) True 20
Fn
Get Time type = System Time, time = 2019-02-22 08:30:43 (UTC) True 23
Fn
Get Time type = System Time, time = 2019-02-22 08:30:44 (UTC) True 24
Fn
Get Time type = System Time, time = 2019-02-22 08:30:45 (UTC) True 4
Fn
Get Time type = System Time, time = 2019-02-22 08:30:46 (UTC) True 4
Fn
Get Time type = Ticks, time = 324154 True 1
Fn
Get Time type = Ticks, time = 325293 True 1
Fn
Get Time type = Ticks, time = 327648 True 1
Fn
Get Time type = Ticks, time = 327742 True 1
Fn
Get Info type = Hardware Information True 2
Fn
Get Info type = Windows Directory, result_out = C:\Windows True 278
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Mutex (2)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\8B5BABB9C36E45085F4C.luck True 1
Fn
Open mutex_name = Global\iyAzNATdi7a94U8TAO7zVm5qzEjzks, desired_access = SYNCHRONIZE False 1
Fn
Network Behavior
HTTP Sessions (1)
»
Information Value
Total Data Sent 240 bytes
Total Data Received 0 bytes
Contacted Host Count 1
Contacted Hosts www.kakaocorp.link
HTTP Session #1
»
Information Value
User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Server Name www.kakaocorp.link
Server Port 80
Data Sent 240
Data Received 0
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = www.kakaocorp.link, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.kakaocorp.link/ False 1
Fn
Process #4: wmic.exe
19 0
»
Information Value
ID #4
File Name c:\windows\syswow64\wbem\wmic.exe
Command Line "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:04:32, Reason: Child Process
Unmonitor End Time: 00:04:40, Reason: Terminated by Timeout
Monitor Duration 00:00:08
OS Process Information
»
Information Value
PID 0x40c
Parent PID 0xbe4 (c:\users\5p5nrgjn0js halpmcxz\desktop\11111.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 424
0x 54C
0x 76C
0x 678
0x 538
0x 720
Region
»
Name Start VA End VA Type Permissions Monitored Dumped YARA Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory rw True False False -
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory rw True False False -
private_0x0000000000030000 0x00030000 0x00031fff Private Memory rw True False False -
pagefile_0x0000000000030000 0x00030000 0x00036fff Pagefile Backed Memory r True False False -
apisetschema.dll 0x00040000 0x00040fff Memory Mapped File rwx False False False -
private_0x0000000000050000 0x00050000 0x0008ffff Private Memory rw True False False -
private_0x0000000000090000 0x00090000 0x000cffff Private Memory rw True False False -
pagefile_0x00000000000d0000 0x000d0000 0x000d3fff Pagefile Backed Memory r True False False -
pagefile_0x00000000000e0000 0x000e0000 0x000e0fff Pagefile Backed Memory r True False False -
locale.nls 0x000f0000 0x00156fff Memory Mapped File r False False False -
pagefile_0x0000000000160000 0x00160000 0x00161fff Pagefile Backed Memory rw True False False -
wmic.exe.mui 0x00170000 0x0017ffff Memory Mapped File rw False False False -
private_0x0000000000180000 0x00180000 0x00180fff Private Memory rw True False False -
private_0x0000000000190000 0x00190000 0x00190fff Private Memory rw True False False -
pagefile_0x00000000001a0000 0x001a0000 0x001a0fff Pagefile Backed Memory r True False False -
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory r True False False -
private_0x00000000001c0000 0x001c0000 0x001fffff Private Memory rw True False False -
wmic.exe 0x00200000 0x00262fff Memory Mapped File rwx True False False -
msxml3r.dll 0x00270000 0x00270fff Memory Mapped File r False False False -
private_0x0000000000280000 0x00280000 0x002bffff Private Memory rw True False False -
private_0x00000000002c0000 0x002c0000 0x002dffff Private Memory - True False False -
pagefile_0x00000000002e0000 0x002e0000 0x002e1fff Pagefile Backed Memory r True False False -
windowsshell.manifest 0x002f0000 0x002f0fff Memory Mapped File r False False False -
pagefile_0x00000000002f0000 0x002f0000 0x002f0fff Pagefile Backed Memory rw True False False -
pagefile_0x0000000000300000 0x00300000 0x00301fff Pagefile Backed Memory r True False False -
index.dat 0x00310000 0x0031ffff Memory Mapped File rw True False False -
private_0x0000000000320000 0x00320000 0x0032ffff Private Memory rw True False False -
index.dat 0x00330000 0x00337fff Memory Mapped File rw True False False -
index.dat 0x00340000 0x0034ffff Memory Mapped File rw True False False -
pagefile_0x0000000000350000 0x00350000 0x00350fff Pagefile Backed Memory r True False False -
private_0x0000000000370000 0x00370000 0x003affff Private Memory rw True False False -
rsaenh.dll 0x003b0000 0x003ebfff Memory Mapped File r False False False -
private_0x00000000003d0000 0x003d0000 0x0040ffff Private Memory rw True False False -
private_0x0000000000430000 0x00430000 0x004affff Private Memory rw True False False -
pagefile_0x00000000004b0000 0x004b0000 0x00637fff Pagefile Backed Memory r True False False -
private_0x0000000000670000 0x00670000 0x0076ffff Private Memory rw True False False -
pagefile_0x0000000000770000 0x00770000 0x008f0fff Pagefile Backed Memory r True False False -
pagefile_0x0000000000900000 0x00900000 0x01cfffff Pagefile Backed Memory r True False False -
sortdefault.nls 0x01d00000 0x01fcefff Memory Mapped File r False False False -
private_0x0000000001fd0000 0x01fd0000 0x021cffff Private Memory rw True False False -
private_0x0000000001fd0000 0x01fd0000 0x020affff Private Memory rw True False False -
private_0x0000000001fe0000 0x01fe0000 0x0201ffff Private Memory rw True False False -
private_0x0000000002070000 0x02070000 0x020affff Private Memory rw True False False -
private_0x00000000020b0000 0x020b0000 0x0216ffff Private Memory rw True False False -
private_0x0000000002190000 0x02190000 0x021cffff Private Memory rw True False False -
private_0x00000000021d0000 0x021d0000 0x0232ffff Private Memory rw True False False -
kernelbase.dll.mui 0x021d0000 0x0228ffff Memory Mapped File rw False False False -
private_0x0000000002290000 0x02290000 0x022cffff Private Memory rw True False False -
private_0x00000000022f0000 0x022f0000 0x0232ffff Private Memory rw True False False -
private_0x0000000002330000 0x02330000 0x024effff Private Memory rw True False False -
private_0x0000000002330000 0x02330000 0x0242ffff Private Memory rw True False False -
private_0x0000000002430000 0x02430000 0x0246ffff Private Memory rw True False False -
private_0x00000000024b0000 0x024b0000 0x024effff Private Memory rw True False False -
private_0x00000000024f0000 0x024f0000 0x026effff Private Memory rw True False False -
private_0x00000000024f0000 0x024f0000 0x0260ffff Private Memory rw True False False -
pagefile_0x00000000024f0000 0x024f0000 0x025cefff Pagefile Backed Memory r True False False -
private_0x00000000025d0000 0x025d0000 0x0260ffff Private Memory rw True False False -
private_0x0000000002630000 0x02630000 0x0266ffff Private Memory rw True False False -
private_0x00000000026b0000 0x026b0000 0x026effff Private Memory rw True False False -
private_0x00000000026f0000 0x026f0000 0x0290ffff Private Memory rw True False False -
private_0x00000000026f0000 0x026f0000 0x0289ffff Private Memory rw True False False -
private_0x0000000002750000 0x02750000 0x0278ffff Private Memory rw True False False -
private_0x0000000002860000 0x02860000 0x0289ffff Private Memory rw True False False -
private_0x00000000028d0000 0x028d0000 0x0290ffff Private Memory rw True False False -
private_0x0000000002910000 0x02910000 0x02d0ffff Private Memory rw True False False -
private_0x0000000002d10000 0x02d10000 0x02d4ffff Private Memory rw True False False -
private_0x0000000002d90000 0x02d90000 0x02dcffff Private Memory rw True False False -
private_0x0000000002ea0000 0x02ea0000 0x02eaffff Private Memory rw True False False -
wbemsvc.dll 0x742a0000 0x742aefff Memory Mapped File rwx False False False -
msvcr90.dll 0x742b0000 0x74352fff Memory Mapped File rwx False False False -
msoxmlmf.dll 0x74360000 0x7436cfff Memory Mapped File rwx False False False -
rpcrtremote.dll 0x74370000 0x7437dfff Memory Mapped File rwx False False False -
dnsapi.dll 0x74480000 0x744c3fff Memory Mapped File rwx False False False -
msxml3.dll 0x744e0000 0x74612fff Memory Mapped File rwx False False False -
wbemcomn.dll 0x74620000 0x7467bfff Memory Mapped File rwx False False False -
wbemprox.dll 0x74680000 0x74689fff Memory Mapped File rwx False False False -
iphlpapi.dll 0x74690000 0x746abfff Memory Mapped File rwx False False False -
framedynos.dll 0x746b0000 0x746e4fff Memory Mapped File rwx False False False -
uxtheme.dll 0x74ef0000 0x74f6ffff Memory Mapped File rwx False False False -
wow64cpu.dll 0x74f80000 0x74f87fff Memory Mapped File rwx False False False -
wow64win.dll 0x74f90000 0x74febfff Memory Mapped File rwx False False False -
wow64.dll 0x74ff0000 0x7502efff Memory Mapped File rwx False False False -
winnsi.dll 0x75030000 0x75036fff Memory Mapped File rwx False False False -
secur32.dll 0x75040000 0x75047fff Memory Mapped File rwx False False False -
wtsapi32.dll 0x75050000 0x7505cfff Memory Mapped File rwx False False False -
ntmarta.dll 0x75060000 0x75080fff Memory Mapped File rwx False False False -
comctl32.dll 0x75090000 0x7522dfff Memory Mapped File rwx False False False -
rsaenh.dll 0x75420000 0x7545afff Memory Mapped File rwx False False False -
cryptsp.dll 0x75460000 0x75475fff Memory Mapped File rwx False False False -
profapi.dll 0x75480000 0x7548afff Memory Mapped File rwx False False False -
cryptbase.dll 0x75590000 0x7559bfff Memory Mapped File rwx False False False -
sspicli.dll 0x755a0000 0x755fffff Memory Mapped File rwx False False False -
msvcrt.dll 0x75660000 0x7570bfff Memory Mapped File rwx False False False -
lpk.dll 0x75710000 0x75719fff Memory Mapped File rwx False False False -
crypt32.dll 0x75720000 0x7583cfff Memory Mapped File rwx False False False -
sechost.dll 0x75a60000 0x75a78fff Memory Mapped File rwx False False False -
gdi32.dll 0x75a80000 0x75b0ffff Memory Mapped File rwx False False False -
rpcrt4.dll 0x75b10000 0x75bfffff Memory Mapped File rwx False False False -
msasn1.dll 0x75c60000 0x75c6bfff Memory Mapped File rwx False False False -
wldap32.dll 0x75c70000 0x75cb4fff Memory Mapped File rwx False False False -
shell32.dll 0x75cc0000 0x76909fff Memory Mapped File rwx False False False -
iertutil.dll 0x76930000 0x76b2afff Memory Mapped File rwx False False False -
msctf.dll 0x76b30000 0x76bfbfff Memory Mapped File rwx False False False -
imm32.dll 0x76c00000 0x76c5ffff Memory Mapped File rwx False False False -
clbcatq.dll 0x76c60000 0x76ce2fff Memory Mapped File rwx False False False -
urlmon.dll 0x76cf0000 0x76e25fff Memory Mapped File rwx False False False -
ole32.dll 0x76e30000 0x76f8bfff Memory Mapped File rwx False False False -
advapi32.dll 0x76f90000 0x7702ffff Memory Mapped File rwx False False False -
nsi.dll 0x77030000 0x77035fff Memory Mapped File rwx False False False -
wininet.dll 0x77040000 0x77134fff Memory Mapped File rwx False False False -
user32.dll 0x771d0000 0x772cffff Memory Mapped File rwx False False False -
ws2_32.dll 0x77300000 0x77334fff Memory Mapped File rwx False False False -
shlwapi.dll 0x77350000 0x773a6fff Memory Mapped File rwx False False False -
kernel32.dll 0x773b0000 0x774bffff Memory Mapped File rwx False False False -
oleaut32.dll 0x774c0000 0x7754efff Memory Mapped File rwx False False False -
usp10.dll 0x77550000 0x775ecfff Memory Mapped File rwx False False False -
kernelbase.dll 0x775f0000 0x77635fff Memory Mapped File rwx False False False -
private_0x0000000077640000 0x77640000 0x77739fff Private Memory rwx True False False -
private_0x0000000077740000 0x77740000 0x7785efff Private Memory rwx True False False -
ntdll.dll 0x77860000 0x77a08fff Memory Mapped File rwx False False False -
ntdll.dll 0x77a40000 0x77bbffff Memory Mapped File rwx False False False -
private_0x000000007efa7000 0x7efa7000 0x7efa9fff Private Memory rw True False False -
private_0x000000007efaa000 0x7efaa000 0x7efacfff Private Memory rw True False False -
private_0x000000007efad000 0x7efad000 0x7efaffff Private Memory rw True False False -
pagefile_0x000000007efb0000 0x7efb0000 0x7efd2fff Pagefile Backed Memory r True False False -
private_0x000000007efd5000 0x7efd5000 0x7efd7fff Private Memory rw True False False -
private_0x000000007efd8000 0x7efd8000 0x7efdafff Private Memory rw True False False -
private_0x000000007efdb000 0x7efdb000 0x7efddfff Private Memory rw True False False -
private_0x000000007efde000 0x7efde000 0x7efdefff Private Memory rw True False False -
private_0x000000007efdf000 0x7efdf000 0x7efdffff Private Memory rw True False False -
private_0x000000007efe0000 0x7efe0000 0x7ffdffff Private Memory r True False False -
pagefile_0x000000007efe0000 0x7efe0000 0x7f0dffff Pagefile Backed Memory r True False False -
private_0x000000007f0e0000 0x7f0e0000 0x7ffdffff Private Memory r True False False -
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory r True False False -
private_0x000000007fff0000 0x7fff0000 0x7fffffeffff Private Memory r True False False -
Host Behavior
COM (2)
»
Operation Class Interface Additional Information Success Count Logfile
Create WBEMLocator IWbemLocator cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Create F6D90F12-9C73-11D3-B32E-00C04F990BB4 2933BF95-7B36-11D2-B20E-00C04F983E60 cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Registry (5)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging, data = 48 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Logging Directory, data = 37 True 1
Fn
Read Value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM value_name = Log File Max Size, data = 54 True 1
Fn
Module (3)
»
Operation Module Additional Information Success Count Logfile
Load C:\Windows\system32\kernel32.dll base_address = 0x773b0000 True 1
Fn
Get Handle c:\windows\syswow64\wbem\wmic.exe base_address = 0x200000 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = SetThreadUILanguage, address_out = 0x773da84f True 1
Fn
System (6)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = XDUWTFONO True 1
Fn
Get Time type = System Time, time = 2019-02-22 08:30:47 (UTC) True 1
Fn
Get Time type = Ticks, time = 324591 True 1
Fn
Get Time type = Local Time, time = 2019-02-22 19:30:49 (Local Time) True 1
Fn
Get Info type = System Directory, result_out = C:\Windows\system32 True 2
Fn
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image