fb136c8360d1a5ab80f61109c55c5a788aa1d8796d1e75aca8c1a762b598d3f4 (SHA256)
sstojx.exe
Windows Exe (x86-32)
Created at 2019-02-18 17:18:00
Notifications (2/2)
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: sstojx.exe
13189
12
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\sstojx.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\sstojx.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:29, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:29, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe5c |
| Parent PID | 0x57c (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E60
0x
E64
0x
E68
0x
C94
0x
C90
0x
CC0
0x
CBC
0x
CB0
0x
CA4
0x
C9C
0x
D0
0x
B18
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x0003ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x001c0000 | 0x0027dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x002fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| sstojx.exe | 0x00400000 | 0x0041bfff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000420000 | 0x00420000 | 0x0045ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000490000 | 0x00490000 | 0x00490fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004b0000 | 0x004b0000 | 0x005affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005b0000 | 0x005b0000 | 0x006affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x00837fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000840000 | 0x00840000 | 0x009c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009d0000 | 0x009d0000 | 0x01dcffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001dd0000 | 0x01dd0000 | 0x01ebffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001dd0000 | 0x01dd0000 | 0x01dd0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001de0000 | 0x01de0000 | 0x01de0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001df0000 | 0x01df0000 | 0x01df0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e15fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001e00000 | 0x01e00000 | 0x01e07fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e00fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e10000 | 0x01e10000 | 0x01e10fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000001e10000 | 0x01e10000 | 0x01e1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001e10000 | 0x01e10000 | 0x01e17fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000001e20000 | 0x01e20000 | 0x01e27fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000001e20000 | 0x01e20000 | 0x01e20fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001e30000 | 0x01e30000 | 0x01e30fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e30000 | 0x01e30000 | 0x01e45fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001e30000 | 0x01e30000 | 0x01e37fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001e40000 | 0x01e40000 | 0x01e40fff | Private Memory | rwx |
|
|
|
- |
| counters.dat | 0x01e40000 | 0x01e40fff | Memory Mapped File | rw |
|
|
|
|
| private_0x0000000001e50000 | 0x01e50000 | 0x01e50fff | Private Memory | rw |
|
|
|
- |
| crypt32.dll.mui | 0x01e60000 | 0x01e69fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000001e60000 | 0x01e60000 | 0x01e60fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e70000 | 0x01e70000 | 0x01e70fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000001e80000 | 0x01e80000 | 0x01e81fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e90000 | 0x01e90000 | 0x01e90fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001ea0000 | 0x01ea0000 | 0x01ea0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01ebffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x01ec0000 | 0x021f6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002200000 | 0x02200000 | 0x022fffff | Private Memory | rw |
|
|
|
- |
| crypt32.dll | 0x02300000 | 0x02474fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002300000 | 0x02300000 | 0x02300fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002300000 | 0x02300000 | 0x02302fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002310000 | 0x02310000 | 0x0234ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002310000 | 0x02310000 | 0x02410fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002310000 | 0x02310000 | 0x02310fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002310000 | 0x02310000 | 0x0240ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002320000 | 0x02320000 | 0x02320fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002320000 | 0x02320000 | 0x02420fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002350000 | 0x02350000 | 0x0244ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002410000 | 0x02410000 | 0x02410fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002450000 | 0x02450000 | 0x02450fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002460000 | 0x02460000 | 0x0249ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024a0000 | 0x024a0000 | 0x0259ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025b0000 | 0x025b0000 | 0x025b1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | rw |
|
|
|
- |
| mpr.dll.mui | 0x025f0000 | 0x025f0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002610000 | 0x02610000 | 0x02610fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002610000 | 0x02610000 | 0x02613fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02720fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02621fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x02730fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x02740fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x02646fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002650000 | 0x02650000 | 0x02650fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002650000 | 0x02650000 | 0x02750fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002730000 | 0x02730000 | 0x02830fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002740000 | 0x02740000 | 0x02840fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002750000 | 0x02750000 | 0x02850fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002760000 | 0x02760000 | 0x02860fff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x02870000 | 0x0294efff | Memory Mapped File | r |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x74260000 | 0x7426efff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x74270000 | 0x74279fff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x74280000 | 0x7428efff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x74290000 | 0x7429ffff | Memory Mapped File | rwx |
|
|
|
- |
| davhlpr.dll | 0x742a0000 | 0x742aafff | Memory Mapped File | rwx |
|
|
|
- |
| davclnt.dll | 0x742b0000 | 0x742c9fff | Memory Mapped File | rwx |
|
|
|
- |
| ntlanman.dll | 0x742d0000 | 0x742e1fff | Memory Mapped File | rwx |
|
|
|
- |
| winsta.dll | 0x742f0000 | 0x74333fff | Memory Mapped File | rwx |
|
|
|
- |
| drprov.dll | 0x74340000 | 0x74348fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x74350000 | 0x74366fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74370000 | 0x7439efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x743a0000 | 0x743bafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x743c0000 | 0x743d2fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x743e0000 | 0x74603fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74610000 | 0x7462cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x746b0000 | 0x74740fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x75180000 | 0x7518efff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75310000 | 0x766cefff | Memory Mapped File | rwx |
|
|
|
- |
| windows.storage.dll | 0x76790000 | 0x76c6cfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77170000 | 0x77259fff | Memory Mapped File | rwx |
|
|
|
- |
| powrprof.dll | 0x77260000 | 0x772a3fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77300000 | 0x7738cfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007feaa000 | 0x7feaa000 | 0x7feacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007fead000 | 0x7fead000 | 0x7feaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffc57b4ffff | Private Memory | r |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 68 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | 1.02 KB |
MD5:
c5bd34015ac57a84007e9c559e2f1a02
SHA1: 92420bec59724dcaa43ac5a33b41fff99ec93bd1 SHA256: bd2cc14da979da0d213b3a73a5431f4314f8bcd3949138c92cd9b8747104dba4 SSDeep: 24:4r1KWTQvzXJ0495fvF69KSWQwiUzomN1OkyY5bl1R3qWb:4hKW0vGzEdQwToo1Okl5bl1Hb |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4 | 1.86 KB |
MD5:
9ea4d6e59726d014b7b1eba50c8dcaa7
SHA1: fa609e5486120647ad8dec30804f0498bb95ee58 SHA256: 60dead15a7e6897305d4e4ece5a4db90623a407f3c28bd6de38b903883fe6e8f SSDeep: 48:ztaRCno3tKE1lLdX73zYh6zSbzCBnKdz1bu:zwCno3tKE1lLdXfYhHfCBCs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | 3.44 MB |
MD5:
90458d9e87bf0cf09da9d3eae3632c2a
SHA1: a612c7d744fe88130c79821fda756d0b7135ad71 SHA256: 1162d50a64963b51e584a39e43d7131ec769258bb222bb3533e5369819d0060b SSDeep: 98304:gO5mgjVktRlqFtAy83hJLdoaFxTygxcoiX3M0iCt:HmCaI3AjxpcoinM0iY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | 5.99 KB |
MD5:
453bc487233d552cb84f454e69fb0c3f
SHA1: e2b2a3cf605477f3015fa41cd561300493aaaf00 SHA256: 26300eae6674f4e515fcfc95bd5e1a3d8e7c9b109fd36f460cec79027c075ca1 SSDeep: 96:wjuZCCXkqG42+3br+Mm1vDPCdD5V9ykB5IJ/S6Rjvou0J+M2MsQHeNm/TFtYg1:zMCXh+X1TCB5ny65Gou0J+M9dPFJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ghU7s.docx | 60.82 KB |
MD5:
3ddb330f8b0bf0e0bdc14467d73daa94
SHA1: 6661d1dc9bad8807677acf69a47bfe691747c4d5 SHA256: 844b4e02730cf469d0859865b6580647e579b375ecb4aea7a79a47309175dbce SSDeep: 1536:tVqgPK3zhsM5W5Odc9y70HrKqbiMUumHgBGNvibjA:tUgAzb5sj406gmHg8A4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json | 0.58 KB |
MD5:
45881bc696cb6bd3c550effe50752a01
SHA1: 4f3acbc0371f9c9f758fcdcc0022924e59f78c5a SHA256: 0e3eb36382a68271240bd4c8152e2a3ced62275c8b8e5edd95c49e595825d4e4 SSDeep: 12:+X8xNwjOsCLsEGh/wFVHesmzFG/cod34cMAg/9gNCwGx10C:e2uqsBh/wVHizYPd1Mzb1t |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | 0.60 KB |
MD5:
dc9cd1b0e0abc2b5dcbb5299051ace70
SHA1: 77fc7c2f358efcad53d099ba4ceed9ffc5b0d6a8 SHA256: 7bb5e1fc31c3b40e15806a6ee4c908ce2fc4eb6f1469b839822be71b6776e51f SSDeep: 12:Ia61uTCoEvAKInNJRXI/EML6JT68lCj0RS2byWhu3SbVk7hwsxWNvYC:dsh7v5qRYcM2ZjHOyFkbxWNp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db | 96.53 KB |
MD5:
11e44452791bc8347058375cc36463b5
SHA1: 5612fc24504d2c027ee27f7e226516743bdf7298 SHA256: 0c1310d4b6290f84a11695818e4851f80fc2357da14b690fc9926f11a8e8e3dc SSDeep: 3072:K7i4DtJED6O3Ww4ouR7ys7/iGjyKAvLpjsO4huELH:KFDO3CpR7yIiGjVAOOuuaH |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | 337.11 KB |
MD5:
9115a88191bb28e1058a4ac21d18366c
SHA1: 254a11e93df278dd2fb297a10ca2b01d23b043fb SHA256: fa561dd84e639426f0b0d34d99bf80dd7b341c889055093889f3d9aaf5f98810 SSDeep: 6144:BmjZeuMJ1dYqaPN2MAvkEEdxnW62Zb6tXteXkct8zjkIT0I/dwpgE4nvp:MAdZSN2MAvkdxnWdJ6tXteUwIn/Wq |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | 6.41 KB |
MD5:
63520abe3642d60af37f729879426884
SHA1: 5006d50e0df27b0ded8b3a331896b94de44f3ffd SHA256: 2f25129292a1778b36ee8869d90debb3bff57e4dfe9e56d8e457f9aeddc0816b SSDeep: 192:7N1H61HvKcHTtiu6RhRfcNWgOmwFCW/aIDjV:mTL6Rh1cE4W/aMjV |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | 11.17 KB |
MD5:
e36d4d4d004ad58d424b68f59db4fc3e
SHA1: 845634efa186a6890ff902124c449a01af4d32cf SHA256: f2d8dbae4dea4b6a9613b040515d5728c958ddc0de75ca46a159e2f07991cdcb SSDeep: 192:o+BDpiRrjjcYJPdMmdWEihr+KV+/WGVqdCdQAmFFmB/ISzRrQ4de2D:rBDpcHjccPd30DvcWGVqd+9AE |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | 558.05 KB |
MD5:
54484b27c2b2a368b547b45cbae03714
SHA1: e6185f48c9669e30b6e8a19052b864ad322997c5 SHA256: 042ebc50f937411ed94948f07990385d422d0d67f64bbeff5e2808bc5922de12 SSDeep: 12288:cXWiyc09mW5ZLUQfpb06zvZk09WL5ehZGbz80UetJZw07/Rn2a:cP0sW5ZLUQ106zvy09WL5OMtHV7/ca |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox | 5.56 KB |
MD5:
fce5d09d70a0f95b9e4a5f0f3e3ebd82
SHA1: 07861bdd20c9b6d9f8d287887dc93266c7a53fdd SHA256: 61905ee3dc0de83b2f15a63cdb55a2faec3ae88a7a814e8d19b6a6bd8f4937b0 SSDeep: 96:mAh3qNM3wJsSo7lHjgBcCOnRxRBJ5dQFh4xV5fPA8E0dS7WrNect8S9HLR36UJar:mAh3qNM3wJF2lDg5Ms/EAz0dSCMG5HXa |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4 | 5.53 KB |
MD5:
a35a580c3ede6dad211a0f0715d8caca
SHA1: 0cef1cf45e3ff58e68fdefb4e8f4cc9925e8ce04 SHA256: 1641d54545e2bedd85201e8fde4cb5b6e627387fa9b40ff52f317be26bc9da45 SSDeep: 96:1B1F3uPJZpP1bmyE21/hQiX/EdGvrBSkJ+zWdpu+guyA6+B4BXSCx:fneBZrnE2/jPEGBh6uyA6+B4BXSCx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | 250.88 KB |
MD5:
2a3d22220203d568cf8d8cc0af7e24f3
SHA1: 38ef56af7d10bc3b8518d5ab90dd9179eb8d2a03 SHA256: d8af66f702f71f530b1c3365785967a3b44fd1efd9a84c41d5a658775b0743a6 SSDeep: 3072:WLR1d4WmPcMA4JSxa3JjL1qLJV/a7zHuV5TvE+H0e5M/iTWfsnUkW9XmvPJrzr48:WtgWoFBuOAphUsTWfsnUsknG5J |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | 1.57 MB |
MD5:
911d3a57b0c356f59448d2be7b4baded
SHA1: 895d4b6b5e69c341a88fae514a60671a3a80c979 SHA256: 251a88a7e37559776663f965229f1222d07ff4b82a446808a10024b59c892fe1 SSDeep: 24576:FhwEcJ/ChaJzUUpvMS2kf49QCL3K1AvXLggrrIL61cTqWI6UfwyM/LZTl5KnCR:Fu3E0JzUPF049p3KEXLgEIquUfwnp6I |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | 944.81 KB |
MD5:
87ff0c4304ec34c5e886662420b1e650
SHA1: 103c7cf693467c2af24149407540649c49cc88ac SHA256: c8341e91c707d2f8ad997265dec06cc9e5b2fe7be318a43dbdc4dba3a3461416 SSDeep: 24576:glf+YASULHvJB+GQpsR0ASa1/4pkbM0NCViaNC6zBk0:glf+YCxB+GmsRVSc/4ik8aNCqBz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | 893.37 KB |
MD5:
b8e41f141bf337a68aeaf52b52adfbec
SHA1: 8f58325e9d74877cf7dfb89dd9acbc93720b86d0 SHA256: 62ba71232e5864ed54b079b838771749a528c6ac63a4adde6c7b813e85eeb546 SSDeep: 24576:KP/BQQsH8H5bpQ/ohRJO4Emh9XthJv/9w:KP/SC5bpDh/DVhbvu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\I3aPKS.wav | 5.20 KB |
MD5:
897b9a4aeed05921bc59bc8e09768882
SHA1: 4ca94a3ba257746173902a7a12accbbf7c63fc7f SHA256: 191c20c05be80d1f7408ac737d2c7b0504d062e812bdf0dfc0b7c72526d04fe8 SSDeep: 96:q6LeNQ/PoTHKGVJUXbMomAwIgvl4EYwMfDkplEmwrIC/C6IbsYuvp3GAm:q6lXKJULMomA1gvlP6DksxICa6qsY7 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | 7.72 KB |
MD5:
9335719834288f9fde4fbc3f66a26099
SHA1: 50b8c74f6297923db47c516df2cd8bdfc57b794f SHA256: c8eb914c6fc1c5d1ec0c9a93c3413ec082607cb8b2eac46285a03fcb275ff2a7 SSDeep: 192:RFf6Nte5EyS1SvMTeySOgzArzaQiYX7N7mY+:Wby7vvzIi6N5+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | 4.67 KB |
MD5:
75d2f20e53e62531a79396c037819ab8
SHA1: 3059d8ffe7acdeb0c6bb8334e1e888e12278e5f1 SHA256: 1ba7e52a0c216f6c61017db8b54b944cd69f1ea5cd215531d56072f92a38ec07 SSDeep: 96:M7rxbB45lU27i1Cy6OmRvlEhdZsvWNNeClppWzHt8CGKF0X0D5V8bQs:MZVyU8i1CL9I/zlppWLt8Cld5yQs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json | 6.32 KB |
MD5:
b3205ca1d7076cf61788706f344f0326
SHA1: c5d445e9b8a211a1cb5f1f2b86270bceb061e55b SHA256: 790da1395c41a3230a40d72a75c517e2df0b4f29b1be678081a166a1577626af SSDeep: 192:rp3UL0jkLN8xEGY0vBlHOdQBXl1Y74gOT72Qz6:93UL0jfY0vDOda11YKPi |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.57 KB |
MD5:
101b2571019b00a2fb11d26659c5ee15
SHA1: 80815e03490d916c11dcf66aa5ebfb00c6bc98fe SHA256: a0d4c4a87bb6d9e533b37357aaa93502bcc9b3b26aaebd7bd3bff628ac889028 SSDeep: 12:FKGup/vZ4TG/fgnBjFgnQ79ul7sS7EJIXRfb7UvksvBT0C:MpnZeG/ydF9uBsSjFmBZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | 18.85 KB |
MD5:
a631a6ab84bc99e89f264eb67be331f2
SHA1: 157f1f1fe7cb24a471724150aeb0648777e11eaf SHA256: d0d909b11f5d0146ae4ddc2b486b34649191cad11655f68cca8c1aaceac13ca2 SSDeep: 384:IiZD2ae81vGlns85lcHsvNyv34Uza7Vf6PGO1Lv3QkM8MkCZjs0:IW2an4ls85lcpteyOORfLMTkCC0 |
|
|
| C:\\TITWMVJL-DECRYPT.txt | 8.35 KB |
MD5:
41ea6243a9f7232c8dbe20d7c8c90702
SHA1: d309a71daf0bb4d358621c065dceec120407e11f SHA256: 5259f5841c99184467b6b55d75c4efa5322a1e14c6465a77b0d4b7bbeb7d8cbb SSDeep: 192:Sb7hfZasJhYVqp1324eYa5r26hL8W0olGPLnUTMIZ+rc:+7hB7gVeGrYa5r2qCAYdIZz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | 124.53 KB |
MD5:
3ea3c74e4b006684ed2c2d8571d94498
SHA1: 2bd5e03751a23709e98fb1592d418f3f5e019a5d SHA256: b70e0c5429d07c32a300570793d3f18dfa6e3a8774a2a27f4e8989f931872bf5 SSDeep: 3072:ygbPgvDPEI25KDp2+YFgGdo4xCaO/KaMYjS:ywPgDIcE+YgMo4x0/l3jS |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json | 197.21 KB |
MD5:
e0a4e60bbcae00bb8c945337d5d7c153
SHA1: ff2da25853a4a0b65d834f7942e356aaed639667 SHA256: f0414e9782f2fa64be4be8ca1948f4c2fd48e479fe7f7d9d5fe0312f9cc800e7 SSDeep: 3072:POZdk5qJZhxb1W14P2fknLDGaHF7OD+IOk3XrYrM5HuWSJn/UtVWjHkDILiEOTjU:PO8EZX14a2g7ODck3pXSN//DJhOfG7t |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gzz6xbjl_LfVIYqAtg7n.gif | 29.05 KB |
MD5:
be1d8b12b3fd1baba1d0d0cc02332273
SHA1: 868761da31fb1f7c093f8aceccbbfbbc6cd92410 SHA256: d180fc52cf9cf0dc01b4803ecfb54394c0dda3d09b6fd6418ad8f76626bde89f SSDeep: 768:k7H26+d9l5yOpiu8HNRQ/73EbSY2lo5UfNV/Gu:k7Hp+d91V2Q/7UymENlJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | 0.55 KB |
MD5:
782a49d9cbbbd5645bf2f388f4e3cd1f
SHA1: 7f789139dc4c744524a1bdd97474b55a27bfa31f SHA256: c7bb9cffdacdeddb4eb70911f5aa61852ad606b7986065ff0817716a0db1d5ed SSDeep: 12:aAbcwGD5OgCEB9OXdZAZ7BobBSm1kBNhIsMEf9GU4Q/E6awjCC:anwGVKEBQXOBssJIsMiSmlac |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | 953.65 KB |
MD5:
89084e1ded9ae60b14a1a80c20e13dc5
SHA1: 65ca2f7be597a151ce0a037121b2131dcfb94e74 SHA256: 127e9abb188dbc90e8a5768e0f3ba0606b4c55188f6f676663c80ac591cf7384 SSDeep: 24576:ws7fxuldqRigaUIW85+ZIKyiMyrT0XtEJLsgibjuFGkPGO3X:DwdqkbW85+ZIK55TSuJmjuFGyGO3X |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | 1.40 MB |
MD5:
508fe7546dadbc93759c66f3aaef8998
SHA1: 7c8ae496c491504b93e45b57a71aebf727b5e89f SHA256: a801d45fd9c4724905ea4cd954aa0a77ffc9ce114e0959b1a9e7bf300a21d7fb SSDeep: 24576:NGS2KuqdyNnDEY75yKg+poMgu+OBWQZM+byLHP:NGiuzNt7AKXdBFZHeLHP |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | 2.86 KB |
MD5:
4c3d302de07ef807f0beef7903d9a1d0
SHA1: 4f9378b0dd81aa7844dc547e0940f6494b8b501f SHA256: 95774f975de78427e4d0527aec48076c5d3e7314121b3dbb76d72e3b15af89aa SSDeep: 48:ifwA1bZukQUmMfkM4IFFD+9WvBEPhK5GphOCXHyb8BvCdHspBPDCzqZSW6OBDIPR:ifwAVuBmn4GF5+PhbhBHpodHOBrC99cM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | 3.03 KB |
MD5:
091c44d0e8002752dfdbf67e01a96192
SHA1: 4f36a435971d47194406d0abbf872b52221ac153 SHA256: 161bf7ce6d1411eee383227c418064ba04c1a8060d9ee7db03daf0563e192bb5 SSDeep: 48:U65S0ZYv/fzrZnuIcQw5tRVoJ3gwUO+RR+zCG+iu1Asw4wTaXADWnTyUfQu7LDjv:UfuebrdcQCRZBYq1h9wTOnTyUou7nL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | 192.53 KB |
MD5:
b381637db3999d36ae523e4951e30c03
SHA1: fd8afb161f9d8747e82bffe9c5282fad4e962f0b SHA256: 66daebe83bb1606fd7d8c4a29a92e0d3ca98edd26256048bb1c36935d6aba9e1 SSDeep: 6144:gGjkLEYV+UnP+LeXjGMNaKJCtHbyTsXU9OBIWbMH:gGjkLIUPyGITHbyTgU94Iv |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | 2.25 MB |
MD5:
d600135740d5ecb34962efe18bfa1f8a
SHA1: 3988157f7ab55577abedbed17c89d9c84a0c9747 SHA256: 9121f1e8b51d9f647f68fb553c50d60fb6b7f21a17449739d3e4e2885b7060b0 SSDeep: 49152:a7Mbo5K+h7OjK2L6oZ9VyvXFCX3CzwovQTSwW8nh:ajarLdV6oXSzeOwWEh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YWEQ2GxGpdUwK8PTk.mp3 | 37.43 KB |
MD5:
92be15c7e679092e293bc39e5c7cc452
SHA1: 3490f7cdc6323d3f41901dbb1300ae99724b714f SHA256: f1b5b3449167f6614b6ce42658054a7dce9d6e8f3061fad27c35ffbf906aa273 SSDeep: 768:PJL+GP7NhLVXTd6dlnaDTrc7cDa5hytmGpE61PS1pJPuIaKVED:Pd+qNhLVXZ6d9aL6cW5hvGpEmSfJPWo+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4 | 5.58 KB |
MD5:
f6e070b8ff1cb49297d88372dd01a2c9
SHA1: 21d89a5fb821aa85d5db00edc636ba26545d5f23 SHA256: b8b5e0747c6f64fa458bbfe14d7074aa9e8cbd6ce8712272fd48d287c2fa28b1 SSDeep: 96:aJchcvcKibMv0nc774v3YJmiSj5XtnJY20Ml0U51NL0BY0X9uEP6XJPT:igcvcKibf3v3YJa5nh0ALR0BYKc9JPT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | 0.55 KB |
MD5:
251eb22aea666e80f481ba12e515ab61
SHA1: 4c597de0aab1d629a04e82f5443136d6098a7232 SHA256: debc88e26898446855143d6311548f3a5354eea87962353e74fe7694322a164d SSDeep: 12:nQ56/NMhv+BumNhoW8OcHFk+Rfq/EI/dTYneVCKmgOBC:QBv6AW8Xlk//EI/dTWymgO4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini | 0.73 KB |
MD5:
2274baa76726f72030b733d01b9301b6
SHA1: 0739165eeea58fabc93d1f79ad4f0e6bc75f0db8 SHA256: 2697b78f8fdf12810120d496a03f76df0a6834e35401b5e801a3295312095bd1 SSDeep: 12:UFUTMzbtl2Rtsn+4wrR2fRvsXr89k8tx67EA0eKjnzt+2N3dlCD+22SzeN6z8E4r:cUTMzb6Rts+4w12fRveGtM7ExBnY2N39 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aZf9Wm.avi | 39.62 KB |
MD5:
1ec5cca669e7476e873387471e9c623e
SHA1: bc1b46054463719a44ec8f459ca15a08c750a77a SHA256: c3c76a0df1c246f1794e0a37a381a4668a60561867325b0fbe529d5561150f01 SSDeep: 768:ZlGcYu8C0F4gNkHlzYFjC7vdhfT3mOwimjIRKDo2b8ZznkPMu5Z:ZlGcndS4gNml5FhrujrAbkPMuZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | 11.64 KB |
MD5:
42383d16eb93bcf7b36a63a7a0e8191b
SHA1: b78696cca14e7c2a82fee21f8bb5dc75718aeeb8 SHA256: 6888f10c05861b287957e5fc01748d41bf0a17e1167d71c9ba24db65ff3e9f9c SSDeep: 192:CFhCQwbn2SiF55y7ohc73kWGpLL1j/rOOGE5fmE7JysujkRMSYY+PZEzWtJeY7y6:CLCQwbn2572ohcWpLL1j/StGfmEV+bS2 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox | 3.53 KB |
MD5:
0847bedd8805cee8dc4d91d2d85a2d6f
SHA1: 6c686bc1e5a14abaca168457c626cfff992fef72 SHA256: e154729a9f83340703848be723b27345c5906fc936e8efeb93df21b24e45fb51 SSDeep: 96:ivBI/teVUPiSQi31HC5WtNRDd9eV4sIwSt5eG68rwsmMB:ivB0teVUac31C4LWG6KwsmMB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | 3.53 MB |
MD5:
c100f1b03c9ccbbfb2b341e3f27c1722
SHA1: 1221a0c5f162885d3fb143b4c64c63fe63257e4b SHA256: 03fefa56d4a82090ae5c3d8473f49f2c88107d1560a4c507f2ab89834995c039 SSDeep: 98304:6C+1UlrS4ogVbdL7Z0CmkCH9/pFwH6DjHQa8eLR:hlHogRdL7ZpCH9/pvDzq8R |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | 2.12 MB |
MD5:
5d57b1e6ee954f2d35387b14714becf8
SHA1: cdf518db091e40a5fdf6830703d843dec7590b14 SHA256: d37203685e92630178b0a93dfe7d5e14263bc022c3271134df378af80c2c6d9d SSDeep: 49152:/XLFOoUv2vNn86aZ2frP6l1IdO9wASFntrPEWNeN:vLUfvin86aZWrP6MdO9w35PEWU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | 0.98 KB |
MD5:
113b2b163de22a069051fdf2e4e3e96c
SHA1: 99cd24dd6b366bcb084472589d6807d524610729 SHA256: ff05ec2acc8aa24ba83257bde1e94628cdd93c8b2416b373ad6ad407cc5b77d8 SSDeep: 24:7sDSL/ptnXXaUZonTtELFZ9Wa8JOuXmWvSp:IDq/jXLLz0Mzp |
|
|
| C:\Recovery\WindowsRE\Winre.wim | 10.00 MB |
MD5:
958be337fd3ea5ee610ca39c44d588f5
SHA1: 65e068d3bc98cdcc5fe710ba104610abd25d65a1 SHA256: 7feec20b8321819dd6e0436c9a62f07f2d31bd00c8cca17d77c736149168e2ae SSDeep: 196608:yweI6QP0NugCFllvMJMyRRW1pcfF2Q4U0DLgywFXBnHtykX6:FSo0OlGJ5A1pcf0QF0PXwFRnHtM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | 6.82 KB |
MD5:
4909ebf1aae5bbf893689db8f0607eae
SHA1: 32482331d20d2cff948a167a97829a8b0afd2f22 SHA256: 04bae06e78a03cb7bc6eedcbd03c4a0d86974e0efc7265dd4037e143671315be SSDeep: 192:Co+DJtmEY3RZNHG9GUjqX6KiavpSuW++yK5LSKT9th:Co+TYBzGAPqKimSMw9t9th |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4 | 6.07 KB |
MD5:
df4c9dbe6e03aa441f907342c56f2646
SHA1: 2f92f7f6dc2e977eb76cb31f4b07665c4f97e16e SHA256: 6a2298f5cfe01140b82c180a98f99b13cf07ed33986fe0e50c1372706322cc30 SSDeep: 96:8+bAmJ4I/BYcH6sr4rhdi3tMaeRy3EbSRJYhWyi3MtK7k5SgOdBFkTlTB3P:bReSz6s0bi3tMBRTKJYhW+15OFEn |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419 | 0.54 KB |
MD5:
505157af78b58a0f9ddf7a18803ccee6
SHA1: cdab41ccf6e52f684cc7d5a547a209dc7a2da58c SHA256: fd868b7fc480be110e239e3d613d9886e37ff71ddfb626de55d7891af7d46e61 SSDeep: 12:j3ik2WyskEqV1DiDbmhxzfLTaZoJR92uqdSxqiwFbWQpUFt6+J+C:dbkEqVl2izkohNqdSdwpkt/Z |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-f0 chr8O.ppt | 86.84 KB |
MD5:
e161313753522b713102d894487f61e4
SHA1: 8b5e6dd066c347d1ed9eb926b5310d1ef08afddc SHA256: 5310f76996043368aa9a1629ee3fa3fa378e2336ff136f018ac7d9db974146d9 SSDeep: 1536:KmzKa/itsiXj++yl8zNSalj2W612s3kCov9XsVrjUShbgKYD:Kmi67l8znlir1YCov98VrjUShuD |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | 213.01 KB |
MD5:
d5828fa13f5730aeaa0c1fb1474e8b11
SHA1: fb30a56ef43ff2187cbcfda74b753796d4a70b22 SHA256: 8140af3807db23f68d23974517c4a41e03dcd20f4f2e6cb223864d4983425f68 SSDeep: 3072:rFft7tj0H8Y6HST/VfwHxe7KseSZ2rGFr13a0PTrYwVtLs9wPiCKuPcNOE9coYiX:rteH6yTwk78SB13a0PXLVNmJOYYib+Do |
|
|
| C:\$Recycle.Bin\S-1-5-18\d2ca4a09d2ca4deb61a.lock | 0.00 KB |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3:: |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4 | 5.68 KB |
MD5:
fc8d82a6f6fb5850a7c0b0fdd71b5029
SHA1: 7ddfbe511e4c240fa4e50c33b63a237da0d71b2a SHA256: 3b81b1ee20718ba26a06657721905eb0e1eb2ad93cb8a8f2face2c811378363a SSDeep: 96:swal/LgGqw0nQFc2/RVV7b0l4F4w38YJ5kgDDJQnd2h69i3rbwCHFNb5GxcS:1CzgGqwQcXXko0YNJSsh68bBFmxp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | 9.50 KB |
MD5:
f64612ae46f870efaed0e5007c5bd0a5
SHA1: f3ea526b23893e6ac5015dbbdc0ee0b732db7a1a SHA256: f4027fb5d011d5db293b6153871b54d0539d352a6c28c6f5ee1632b7950a279d SSDeep: 192:1NnJW+NFoe1wLJWiiKIuAnP0hdS7I9YB5U9XlWJ5h6KLyB7wPYsP:1NJWmFoe1QJcuM6g6IfJ5hdLyBBO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | 483.68 KB |
MD5:
93a6ed03cc75aa57ce88fdaccb017d08
SHA1: bf3d85d4c3779e1e3986971050331cc7ce678aeb SHA256: 1088c2fcfdb293a5ece7f7a0c12bf26a612ede334c9391b2e2757ef809d11c61 SSDeep: 12288:WrVxBVQ6lY6VGeZss7F/2pO1RTk/wEze4fal2nZNfAA:W5xNpQAtsuUwMi6zp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | 545.48 KB |
MD5:
725af4e102ee86d2f70fb79af740ea1e
SHA1: 994cb6cf0947c551269d3ccb09ef4d2822afde5c SHA256: 6179ba3a2f666446b44f48f587695135919e2e1a24c6738b88ae29233d8c149c SSDeep: 12288:hTb2rQ2St4gRz/UQZCdBJzMTRBXmUKbrkIHcOQQGUw6517txbu:hDyATTZCkBWhPFiPUw6LC |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4 | 0.59 KB |
MD5:
4bdd36ae02922ed51c880faaeebcf819
SHA1: 011afb10de1bbbaa07ccf9fec745841bbd2906b1 SHA256: 01564d558dbe937d3f78548e02ccbf0b538f83347ce038de7e1da1cd718dce1f SSDeep: 12:Y4A4cO4TYzTcmFsgpPSRyv95fPzxheIjuSlZWfep5WpBxufYPhCvwC:Yb3OeWAmNRSY95jxAIjvlZFWrkQ8R |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | 262.90 KB |
MD5:
c1e3d4fc2a75a57f637866b40c012c4d
SHA1: e119f185a3f7fbef25dc7fa30d2d74121005563a SHA256: d6013efd25d5d7a7f14a00c8b3eb26f7b7ac98db9c6f87349bf060e1f354a47e SSDeep: 6144:ly699lvZRAyXVHMxGbI5Co+x8H6TfplEueyLKXe09YRfJl+V2baLsujE:ly699lVHFbIx+jWyCYPlrnV |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | 245.97 KB |
MD5:
90be88b4ecc9ad0a75657f87acffcc59
SHA1: 430f763fb9b2405d87e3df413458a9b2bba6ff8f SHA256: b24a2c868c626d86b9065b0391ce7405b95e511055c0cf7084d0438c43a6ba49 SSDeep: 6144:zVynXF1W09wmDGaIek6WXvjaorkPPV6HK+TT:zV6F179wqtkpfjiVsK+P |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | 0.98 KB |
MD5:
99c80b9d2b6e2ab202181e2164fbfd64
SHA1: 069de9f39f000b730547182a8aac89de1bda68f0 SHA256: 5582a8c1eaf6b6931e06b1d5b2121d781136635262e89b397217522354d6a0c4 SSDeep: 24:FLtcNDGDFS7dAhOSuuiBcxXc2xRMS+4hzohfxp4NM2X:FyhGDo7ekSuuiBcxbjqkoJxp4N7X |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gR1CBuQqpVYIz.png | 21.07 KB |
MD5:
a14a5d6e425afe402ab624beffec3082
SHA1: 637c09b3bbf7d518717d805a7a42ece906e354c4 SHA256: 42bae14c122370db25cc3f535f21085aa55e33f4acb1d94365b6d758b89b2724 SSDeep: 384:iwGi95W+gxdeBNpEMp1V7M8r66SQ+zH459fZsPixf22I/X1Jm7L6/ty3NaAON3fS:N3W+gxdkMmh5h42O1Jm7LR3N2bXrw |
|
|
| C:\Recovery\WindowsRE\ReAgent.xml | 1.54 KB |
MD5:
15b381144a0f0c80dec72f446913966f
SHA1: 76369016af4a80a306706cb2cf7460d4c81e4c9f SHA256: 5353fb98f0f6fe63ed8fdacf8bb4d6ac9b5daf0b47f8bb12710e4c1f18a47175 SSDeep: 48:jiYRvEIAkjzgI43P1xhwQ+hmqZWbg1F53:24vEIZjd4iQ+hpZWbgL53 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aUzcWrREsGrojnF9hAS.mkv | 79.26 KB |
MD5:
a65daabd438eb7d81d8d739e09abd162
SHA1: 93ba23c78307528dfd77dce2e4935fdad2791fdb SHA256: b46f5665e2ccbc1ea49deb841e12c198c89d372f6438fa5a2a108795cabf7360 SSDeep: 1536:zuOks6KMVMxaq+mLrteJAPXmqf12IeEZ8XgxHGAR2PsbAEdyVCfdL6EBqkun:z9km9xbJRfD2Iec8wcA1bDdjBqL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | 0.98 KB |
MD5:
ed04de2cb5ada43dce21a8c921863784
SHA1: 61a0c68a92d90ceed674f7199cd30a9309bca474 SHA256: 4c04ad762f06d2e277f58133e493597e97919a6324bb77c23f3a79aea6221c8f SSDeep: 24:/+1KyKz/Hn/Qr+xK2UBumZ3+uw3mf5WcS+RluJ+t7Qz6dG:tyg/H/E+xK2UB/Y3WSMwJ+tOx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | 5.30 KB |
MD5:
3b5b747c948ed61fad24065c36f5682c
SHA1: b1a7f692c1a9a95a64450f31a13238aceb5b2082 SHA256: f69ec502b6558296303d10f877ea562c438f7b6fcad3b3bb03320dc074800604 SSDeep: 96:6PGYMADi26GFCeQ4uyMyfTfzEAROTf66HUUjqPEKogYRNYaT7LwNloZlK4268qek:IGYMCseKVyjPOT6mUAoYRNYaT7yloL7Z |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | 1.15 MB |
MD5:
f9972f83f9e9f97df33af4b844e5ebbb
SHA1: 219a018f6fa376d477dee5d030a05d1e29f68b65 SHA256: 3b777f5e8afe9f2140178cf54f8b440290b3439ad343c67ed438a46af05fea9b SSDeep: 24576:cpCTQcEJ3defMvgK7+EnCebAxNi0kezxo8AZInFNP0dXX9MdeARx5QNns:cYTQcED37+EnCwANxzxDAZcTsd9cLR4a |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | 4.75 KB |
MD5:
9b159aa98c7028a4f6c12901670edd25
SHA1: 06aa74ee8927ce2466d19b7213db3eff6f09df32 SHA256: a5b4074d2a1e783ac464a7939b98596d17065a44ad5722507dc0631a3afdb906 SSDeep: 96:xXODNuYCh75V0uzV1WtXrbTd3ZIviyIAP4VASG5bFvrpmedXAVfyimrNr:xXOg975VotXnTGIA75hzpmrfBmrx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | 288.15 KB |
MD5:
3fb172daea1506063a8c59e6bd1f88e9
SHA1: 214f2553c080880daeb7a79e8f0115409dcfe2b2 SHA256: 8788f9ec610d98a20fe81895fb8d95c614cd2132913c77be13347927cc1527e9 SSDeep: 6144:I3+cphBRVwc/wk/uO/of2T9oBB9q5xr9qVFEWOHU8mWHDP9VDaY8sVkS:fkBHwrWpI3KtsXHO08hHBxz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | 0.98 KB |
MD5:
bc5895b378def93a5aa24ca8a4748bbe
SHA1: fd2fc902d5301d9804eb6f24457187cb1202109e SHA256: 40db1ce11a49c827288b5dea1f4b6d5990d8755e29a2b914977438568cb9d6af SSDeep: 24:EQUeZ2GOS3X1r1ldnYGJZ+pMcymwfbNljn8odI6:ELeZHOaMGqKjn7dI6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | 0.55 KB |
MD5:
7aa6c172cbdfab73a9d35719a53ce673
SHA1: 06527e1ffcae07013b39c70dea3b4d2cf0397af9 SHA256: 1cd851b49ac2d44d4401f04a12eaf0b487d21fca32b52e9ee92fa0cc5e941d89 SSDeep: 12:QdIpOBpBpv72WOjMZcHVzYlCGjHQrWTlTCXxM1CpHDE8ufTHcxxk1024kbZzxwfC:QMOBpBpCMeZYlJHQCTRwxM1CpHg8QT8y |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | 1.96 MB |
MD5:
030855ac5199187c9b4c578274a84f98
SHA1: d707f529ac84b81384c5f893763a166448bc57fb SHA256: 7c4ea5c9b36447ef94d233757eeee860b890629430be32ec0494760a152d2b6a SSDeep: 49152:xVhmr8ve9Lv1uplB/y7XoniWp30WUVZY4XApe/x5:TveNUpP/sXCiWSWmFXApe/x5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\H0n8vfZP F84hgjL.gif | 13.14 KB |
MD5:
c55cbe4d90cdde23d7cfd401924c059e
SHA1: 28b2dd38313e246099407116756cc7c34db586aa SHA256: dc5279c0ec240f2535b5242a8fc5a254138e04381dbbc05bcf82e07a680621a5 SSDeep: 192:u8W+O60zoGOj86pjn0pLK5Fx3TJ61Hkhr9aGnLxn0ilDXFaCo8ES66Y+HlDX9LNf:uOUkprELq3TJeE9agx0oaA/Y+HzkBeD |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\KZcK3fz60H0aS.mp3 | 40.95 KB |
MD5:
f7cd9786916eedd24e5f11b779153659
SHA1: 33529f148ca1ce80c3548f05b5a6bf95de78b089 SHA256: 5647ac7e89e5fe8e703418d725184824fe721e6741a981c7ce62282c9355ac26 SSDeep: 768:17fo9a+Z3DkuSSi4G7Z/naugFYrL36nf/8vw50DxJh8D+jj8ByDGTM:17fo8+Z3DkzFbdP6f1y/8ByKTM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iBxnpfNq.swf | 71.26 KB |
MD5:
7c708cfc1886f838620740a9dd8dcb0f
SHA1: 43304758b572cf16af036b89be5960207c1f0f38 SHA256: 5e072987aa905b5ca045271ad6897fdc2d8c0d56efcb14ad361a2b374eada0ff SSDeep: 1536:kWL8kOjmWugayVQ0CaSYBc1KKGqmGP3KMSNiaehNSk216vDy:kWL8kYmWOaSf1QqRP6MciakYku |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | 141.87 KB |
MD5:
f75f2a3ea6dc33d486169c552bb6b0fd
SHA1: 59b0f12aa824047875557e4f2e20c801f0cf32ff SHA256: 42ff0d1108b343f4eb1d513dc6d7f66cda548b46b341610cac8899285a950641 SSDeep: 3072:BX4bDvCn8c+Jq4xzwQtB7wfftgkB+W6tcV72ziJWeb9EMf:Bd8/5wKBUffSdDanf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hIy5P_SVmm4d C3.xlsx | 20.71 KB |
MD5:
67dd6002e54180769d3e6b06a4560ae8
SHA1: 09e36b591f66432238993039b409ceb582725a12 SHA256: e64fb38eb2cdcf9a65add344efc59ac3d479b4c349c7a45f0bb32f78dcd7e38f SSDeep: 384:NLK64tqGPDsd83Yrd6rZOBfcgDz+w4Lm+S/8J0kJJZcbh+epIEvRfc8XZ9hkJci:A6WqGPDBIp6rQcgGm+PKEJZi+etJU8+f |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | 16.94 KB |
MD5:
b1b3bba969c829b74fa4bac15c74242f
SHA1: 54670584ba4e15d2a60ab502540029dde12c0d67 SHA256: 561150ac4669a44c726ed43a42e3a119998850c7b8e3e46dbfd6e68c4d86f1f5 SSDeep: 384:0z9srguiV/XUMhs9mu40iP92siz61755GO8uXcyiEgYcj:0BsrcV/89pdtLk5dtSB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | 1.21 MB |
MD5:
ba7391b538329ad9e2d5a65e75ddb8da
SHA1: df364cbc4075f7ea5a323669ff96379351eb0c77 SHA256: 511b16166ec2d28dbd552613d0c65a96c16f7e9e915011ba741f152346879145 SSDeep: 24576:F8+JLeItFd41UQ4E9sUOzqSPCALdIyinfXt16/:F53nW4EaqKZL2F16/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | 1.39 MB |
MD5:
f1c86284ec3d92e40c97e16c3adb79d8
SHA1: c9265927bd7d2f07d6b19063e373531fe627f8a8 SHA256: 19244df6058a5815b5557ed23829e99dedfae3495afb472b56c321340996bd31 SSDeep: 24576:PwpHPGJf9OFRUwPF2DcDMau1XLYzyn2Ee2FUJ+h1JvVISSsVwcOGeNBf:opeJf9MRbPF2AJOXczOF9PnISZapbf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1tGr2j OogF6b.swf | 55.32 KB |
MD5:
7a80f7869a7d56141a19ccd4887d8a5a
SHA1: 25f710410ab104497d3c4e8abeaba070d7778caa SHA256: 67f0f342a3df6d58c2235433b454d71f7eaeafb3fd11af6a15a7a441960a4774 SSDeep: 1536:/PEFr2N36KekqLuqjqWpQbG9bTmKbB3QS6S:/ir2veU6z6bG9vV3QS6S |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\14mifZbi6U7g.bmp | 63.94 KB |
MD5:
db5a85a502342a81f31031cb8e0eaf42
SHA1: 3a6167292a6346fd1d53f4f0f709480792b749b6 SHA256: 9a317026c3bc4e6dacbb34b407b146b83290f40a2776d82c14e1cdea2cb37de0 SSDeep: 1536:ZM/A9Ct4iH8p1Bmli2S8/pqEsUq/bRMBFlS:ZuAficPBmI2S8//nq/3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml | 252.43 KB |
MD5:
68d61d4a7abd40f789d2d1bfb55f51d7
SHA1: 6cb8d07434e3ab6551772b6b5608ef2ca69d1645 SHA256: 0914832a9e0d171d746f5e69a6af11f4345e2ce5df1212ead6b96a896563dbe2 SSDeep: 6144:b3uDHxz1CFTTEtCCQYBXmbE1otdMfrqaUjvhdk/7ecRfN+d:DAxzGT51c/1otdqhU1tA4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | 527.49 KB |
MD5:
45da9d204c48e3ab30e3eacb13471ce3
SHA1: 367e409fafc834ec26b6c878da5d2e5cc322561a SHA256: 2454be6b6c475bfced74ae9561f9281235b20e559c525c7c030357cab1ccdded SSDeep: 12288:jDVooiUJmM79MlL6t8BM+669B190hrc5wXhE9xFy9bHZwQp:lodyWlL6StjRKAwady5HZzp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\B8CDRg.xls | 65.49 KB |
MD5:
192d6949ab82fbc83dc7b86449f81cd4
SHA1: 5d0cea76be293b41578b85bc28298ede952e6d3b SHA256: 99c5e519121e984cce0b7b93d4455aa0961a2d6cf3e20e119defdd6f45973a15 SSDeep: 1536:Lr5jjh2imdp5VdtvWIYnxk7NAUvhsw7HSWJSHlcd8oLlf68z:HBIiODbAk7+Ghsw7Hh76KlFz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | 107.90 KB |
MD5:
c748790ee6751c32203123fc9c1e1abe
SHA1: 018e342ca1dbb4f60fe50cc919322576de6fefc3 SHA256: 16097d8f934002df38fa1c634afe12806a008532cc1f0a06217da8da2aa7be68 SSDeep: 3072:cs2dGj+tpO7S8LlO28XEy56lJgTAf26ew3:oQYpO7S8L26i4Zj |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | 290.58 KB |
MD5:
47b540dd42bfd5adadc1dc2e843d6d48
SHA1: 7aa3beb6fc02896580085a49cbe65523cf4ff0b0 SHA256: c9dcccf3a2b0db911415ad9bb2a91d75a5ffa55a6f7400f98e8fa7b3fc53c2f3 SSDeep: 6144:9zywnO82d5SfF64ln9zuq3xoscvdSUlKnkItoocILuUwN14mY:9uawW9hbcxkPKn9NlY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | 0.62 KB |
MD5:
9c1f6b03ecf11e50babc1b9afb016444
SHA1: d35e8202a7272aa8592e1ae548bc244561385a14 SHA256: 052c31e7c28de42797fed57b975e772b5734971d986261c602bea14922647bed SSDeep: 12:AhyFZp2bEJZR3e1yImwaYWX5urfelobVXh/Tbie6K+SNv4nh6xYZC:MyFZY4JrPIlWX5urC+dTbiLKbNmhcYg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | 326.31 KB |
MD5:
e2a0711dcfa3255176e109c4f293d5fb
SHA1: 12ed31512fd617eeee9a058a3024d0a6e5e5b3e8 SHA256: 68a3c5cc11d14b1a3c778ad757147e782c49a0a7b58f9eb5ac697cb4e46d16e6 SSDeep: 6144:wc2PyKy7rvdLSAJ1yztDwW6ZYXqAuVnkD4YsmzwW4fyjc8v4JUW3o9jb:ey/7bdLvGztS6Xqdkckwpfyjc8QJUJNb |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | 6.58 KB |
MD5:
6a48b6b345e5a03152ab94c1000a440d
SHA1: b2d486625229988e4d3f00203d5632c9f2f1175c SHA256: af360d784e36fcfe0faa33b7b45c344da6bdb59a4e94f74a9326767cbbdad491 SSDeep: 192:EmeIRawjUMYyYpCTqsrUEtg+q/wMzU7VzqyI:EnI9rPTqoNq4MzU7FqJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | 512.53 KB |
MD5:
d11fbfc32965561f72dc4cb4300806a5
SHA1: e713994683728a063911a375a8a93056f17c5cfa SHA256: fb0a76ba935d699fb4c9b11b2744ff969ff7673fcc5539eb6962965dab8604d9 SSDeep: 12288:Dyoe5OEr8N5SNBI3KNLsyREK/wbZ/Fy5cI8Zi2ysa+6YjP:DyTME4N5iI+nByZ9y+ihsjjP |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | 246.08 KB |
MD5:
b7458d8dd22d53d1590edd9e7ef92aa7
SHA1: 4f68ea271390bc121e25e359f38be377e046a96b SHA256: 7adccc408e735e0d876ea0f5d0bc93f464e61ad34d3ca1a5a8725982f46991c7 SSDeep: 6144:UIEthRS9Uqys3Te0pHQs25KYoci7w1z+yJP+QqwCywvzZS:9zUPKTrHQDi7Sz+aP41vQ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | 249.76 KB |
MD5:
329e4218877ad727467c296d783dcc0d
SHA1: 491ed65fb52e3955360db962987a7b5126607ef0 SHA256: 40aadff73768db372d34db4b055497515cc24947befa7c135a4739513db31d8a SSDeep: 6144:BRYcVtpIadlxL4q7U4dO1mvuuo2ZCfM0cxU8GDR32PUcIIpNU:Bltpl/L4j40auN6xxvGN8UcIQNU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC | 0.56 KB |
MD5:
9f3e1f8db8b624873bf7899ad95ea39a
SHA1: ba8c4ce0a1c93b355243ac02136dcfb1d53b66ea SHA256: ce316f9a44b21ec6114172fa18e834bf44cf364a6ca456e0d738d43504ae1af1 SSDeep: 12:lWH648mvdF2uu8ixevyNpz39Y2xdZYpSktZ7YhnlDfsEU5CC:lWa48mvWu+Jy26pSi8hlTsEK |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | 1.67 MB |
MD5:
4cf510b39a62c30aa6228a6b19110a1e
SHA1: 56fb3d826106a9c8eae02e98053220f1556395a6 SHA256: ba8679ffa4eefd4fc6dea7a925fd848c8d86a7335cafbce9279f0f76f59f29e5 SSDeep: 49152:Bv3Ndo+i+fL06vobV+JxaH1fkURnRXyLj6eUeW3v0F5:lbIKFvob4UH1Mt63e3F5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | 0.97 KB |
MD5:
5a8462b73c0b60eeb1938a148ecd69e5
SHA1: d96563ace6a2dd373624087361d19edb8bf839e7 SHA256: 3cb0aae48f25ea35154fc8dd8758fc97542209f68198b8124787223c311832d7 SSDeep: 24:sT9g7ociSiLyaYbWpA01ofjLZucktOLhH+rkAXnwQpc5P:6VS4yTbUofRuHtSlAXnwQy5P |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4 | 5.70 KB |
MD5:
39c1ca3aedc1f06bdcc0e8bec3a36d9e
SHA1: 01eec901e753e94d505aaa45cfc16c195bd8c034 SHA256: a7609cce50df55c04dfdeca50410bdd2733808efde54e24953a31c4c3c4d42d6 SSDeep: 96:MOk8nykXJMTOEM3U6AH/RacclEXTBj/P2t2BMdXyrdTL3G7bjB1wjlMHKw+ee:ZhHXJMXM3U6AH/RRclQ/S2BgYTCbVayO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | 2.94 MB |
MD5:
3a8f8159d215bc57dfccf83ee15c52cf
SHA1: 7e8aebf7d9fe28803db8b77a1e04383f6a1871eb SHA256: 778ab4219fc7833bcabd793e7ab371eed7dbe7cda11332f0a73df83b17520574 SSDeep: 49152:3BxsvNmsPDUAcn+yhYvDnhcgtIrI3wHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VR/:3B4m4Lc+ymWgunA3cimUVxV05aJE2fKs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | 759.95 KB |
MD5:
0eda1e165b1c8d4b9b09ec0759754430
SHA1: 039c332c4b06a3d372cea2c5c54686e07b8e2941 SHA256: 8f7218a7dbf6a94d8abda68ad7e7b477ae7950bbd59c86662e3fd4af7fd0e071 SSDeep: 12288:S/ttkqdtUwQUs/31brou2d3NuN3J582IBDMBJVEESwFLwu7FwrmPA8Elp:S/teqd9QQu2d3NIqU7LSwFMuKqo8EH |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | 18.94 KB |
MD5:
558b97054e624974013ca455e1b883b2
SHA1: 7ef280f538bd8409c478b51f22f1837e508575e0 SHA256: 0a9fc4246120fa0a2f8a244bcf6c23326e10b8e1d97841a8d41ee8bbc0e83797 SSDeep: 384:QVKOc33XfkEL0+fzvbBfYAoKmFMzbZ0xXdEKbPlCms5u6LcnzMcyRsp:QUvj0orVf+MzexNEKbNCb5XkzMcyRw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\MlklbQx-e.bmp | 68.38 KB |
MD5:
97656f5b54ce4d95a7a0599d85d650a9
SHA1: 97f4aa263f206c5bd29697a94ce7d227832e6217 SHA256: 0e607332dc10490b77dc43f758092839b3f1b16ecf8a428d5704a2f033a0a40c SSDeep: 1536:0nDBT6Ux+YwtzGN1U1Kfhoh1Y7w5FWnoT4X2fYAiF:0nFLuzs1U2O334mfY3F |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | 4.46 KB |
MD5:
3c5ff38a14fa24979c0b1c764c542f84
SHA1: 80db8d7384cdb4ca16ee255cfb51befdde3f042d SHA256: 1c4cb6767cbef7df244401d633162276d29d822f047529a934548878124e0b42 SSDeep: 96:+rqTMbXTy7Ex6G3oczyqrvDhrvXmmUhayi8V7DsVOKrsnPB6:+GTMBnptr7hb2vha927OOesnPB6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | 903.54 KB |
MD5:
a855ebeb5c731f83bd7d228347987b27
SHA1: 6e56f77bd18a8baf00a60393e8316fd66143729a SHA256: 8cf7dfccbe83f570f97e37fe58ebff69f56e7722d482e21e7cf07c3a6fc6c127 SSDeep: 12288:I2IHgWHoZbX1P206816YCgcLC5URSnG5s8SZc4Tn9u4XvtFX3up5VsYW0O597s0x:d9WU16YYvSOSKkuqlssiOKw8C4hL3Ckc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | 1.15 KB |
MD5:
9e19905351dc34cc37a2ef9047d54455
SHA1: b0c32316e25cf5f0a9d338b2ad5e5b91a6714cfd SHA256: 786dce8feb4b6a8bd344bec86fefab6f05e8b3391bb222c27cad34b3a356c8a7 SSDeep: 24:8FiH8hqv6elAuzUZUbk9xZkDA8haanExDlbTBxtYB4gmp:lzvBpkj58M1xZbLtkXO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | 0.94 KB |
MD5:
37ef66f1e4bde81eab5f1b464d311a12
SHA1: 061624674a99c1df1f5c7583190af5e02b1c97de SHA256: b6ff53afd5376925dce242ffd6fd48477463127ec0529141dda5b159a5619e93 SSDeep: 12:wR2FfbwJhsMml6U12O1/TM8Jg3nCg7YbYPzACrSzpv0ZFQN4z31DWYzYf3USbCuX:wRSPMuYIYPzXrSNv0ZFQNUcUe8a |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | 721.31 KB |
MD5:
f8ef8a6a86c8094635d13182956e83e5
SHA1: 65f0c1c4f085cfc7c3604d6231f48f3aed9e09b4 SHA256: 459bcd6729bc835611450cf575ad36ac83c743c2a2d4065d29339db106c6d370 SSDeep: 12288:8dCCZVhFojYM+YESS6P2hUxeQnHN4jjXI6dQm6YZvjmCP:8fZVhentESS7hUxeQnt8rI4hmCP |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.58 KB |
MD5:
4a188383d2b50b8c7848617f547e7637
SHA1: d3445b23fbfa88b65ca980524c086ad9a7d2c9c9 SHA256: b9d975da97732842dc5561496a25e139de923c86b8de2aea03813125b64dadf0 SSDeep: 12:3SJmw2atKsAe1HDI31jmQG36WZcH4u1AbWKNE64TcXi/EC:3SJm5atZtDI31j1G3PZcH4u1mZSQSl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | 5.59 KB |
MD5:
ce8ac8def3c9fb53729e935a4685d99c
SHA1: bff1ef4bd68b6d280d4f6697ec60abbdda338135 SHA256: 060b668c2ab254f99f7c60b87af9fbfc2800f3b157d5ccd34957a95307a50366 SSDeep: 96:fwB7FCzXG4M+pMmJyvmsC9qnmljoctS+dmqMjzqnM7Lv7aX2fY6:fwBZCzm+Omt8ml8cQwlnMXeX2fb |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | 6.03 KB |
MD5:
afa5fea680d9a386035df23ebfcf46ce
SHA1: fe9fea72b65ad9e127c5a803baeaff206c017ebd SHA256: ade76d4ad0c883c02cf3db7fbfbdbde5c97d6d31dd2a3c6ed075960fc5411767 SSDeep: 96:X7t4atj/uKHx+B0zomo7JYB16LmmA6lMhPG+a9+bXu1ejgkl/tG4:X7tNtjHOJu0Lmz6mt1SHkJk4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json | 0.55 KB |
MD5:
5cd829f64d8ad9afca550d105a66fab3
SHA1: 2e2231650a906793b9e1129bc431fe07dead7610 SHA256: 5dbfdca03cb3ca0833b1a88664ad427cb13e89e87de090ffd680f2bb98455eb1 SSDeep: 12:q31xkz9jc6UZLVV+Z8gNv8yJT91eEWpuPppRQvvko1opObNT0mqwYPfWPVflCC:q3EZc6UZhwZDi8J1s6pOkNpOemq3uVNX |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | 0.74 KB |
MD5:
b86a0d6a44da5570a7f1f733bee2597c
SHA1: 034605aa5fe1c8b1d9bdd7d9e2a69acfa695bf6b SHA256: 8d24c071ea8df7b39ff0d86c8225a4edbf88cb588185ed9475b538b45e92226c SSDeep: 12:/lwF9UrGUxi8u4X0PhGYaKxklPrnHP0TbKAOCGEGJIcC:KXUrGUMe0ZklTnv0f0Ol |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\021Ad.ods | 37.62 KB |
MD5:
fd4a3a7c9305393bac7ade10a711c2a2
SHA1: 6fbef95ceb318abb0d17d9421fc3766245b7bcb2 SHA256: 676354d38a09ad993524bdd3f3f37c5540464de8d7af77d7cf329ae401a00b3e SSDeep: 768:2PzMxWlsZcEi5U5XpK0fOz8ylu8DcySc6y3r49cjw8Q2M:2PzMxWlNZOBc0cLuryj3wt2M |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | 511.32 KB |
MD5:
0275cefdc6da099aa0c4fc57ea63996b
SHA1: 86885f9aa6183d4c9b2987de30ac516490400f1d SHA256: d4e0daeddae6fc2c0fec3cbfcddc1d09f24eb96c89332e3fe0280d2c2661aae1 SSDeep: 12288:VfCHGDHQ+m330RnMQPJFRkOijBFFhEJi+:Vfz0RihyX+t |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7ciDl.jpg | 91.24 KB |
MD5:
d92f015df63f3cd307df245e58cad2f1
SHA1: 744c6c8cf58aa208bdd26e57d93588d0a5d5f788 SHA256: 979aa8ad07bb4f743741785ed33974d4e1c8255f5a965b0e097ba013dd641537 SSDeep: 1536:D2hzGhV8q5JAyZ/Yu/fNI/rn2iOZG3ACZjj+Ow2n7NM+MNlbSWatfla5E:D2whVbwyZg8fNI/Cint+h2WN0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\HcoyADAi5Sbnxpj.mkv | 18.87 KB |
MD5:
8098cefb1198206a26be9a4b34c125bd
SHA1: 9f6d39c7b9a63fbb3be85ec22b1eda22619e8a9c SHA256: fb9a0311ad301ff010ec745a99c2edb45b810c59fa6df420e1fe7d49be3b21f1 SSDeep: 384:r7HRG4O7J021oF+stT8KY+mJQdRMqxQOoV+tY91NipUzoKCHNFrDjA9LYfh:PHXO7JH6ICAKz96PqYhipUzoLD3eLYfh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | 1.04 MB |
MD5:
55445c1c5ea1032b2a8962435ad5f747
SHA1: 51c28de0e216793baf207e411dc9abbe16aed88b SHA256: 66ceb15be03de3ea200f8cade06df9eae433eeb3dfe58e562e5db29cec31586d SSDeep: 24576:ZfHUJOSyjUZowIPlDIsurUUeel4UO5V+DjUBLxedFSOvs+Psuhi:FHJScOIdc9of1M0O0+1hi |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | 0.98 KB |
MD5:
e81d3658e2699d090cd9b55ba941d1c2
SHA1: a84b1373376f7f7c539905f7e8c434c810e41393 SHA256: e7ba1f78e69ad0dccbb9bf62605d044cca7436a488484bb8fb93897b1c2dbad4 SSDeep: 24:aVonJOX3EOWHm6ofpa6R2WIM/acLoG5ChGUk+:aunJ4TWHm6UyWIV2DChGUk+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | 0.69 KB |
MD5:
5b1c31060ccc856c62696d1f02e81d63
SHA1: ebe68583f779d8729d8d7b92294317cff91574f8 SHA256: a8ab5042c1d666b8ee506c645db1423c4be225a78ba826f743a86f21ac313687 SSDeep: 12:GN7ACJQv7b12Uh8Zc1AusCZg/lVBErBuYYYyMrA6KQ5Bc3rwd4uC7A37TWXS0C:GN8C4/12UiqMlVaBuRYprA6KQLKvuC7g |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | 594.40 KB |
MD5:
99b5b1ab88577ad783af4073a636bfaa
SHA1: d0c529e9ff2b3f1d72a6bce953ead3ed6a43c442 SHA256: 8da9b2ba37d2b7a1bbf86972970cc11de1e2105330654f17f05bfe45ff86a184 SSDeep: 12288:y70pTPJ7jS6U1YOSDTChGUdd9iisAtjoaeDjemR7BZtVLHRVTggAt/3:yYP735OSDTOG44bmjeDjectVLHzTdAt/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JBi-kk0FV6SxVr.png | 12.42 KB |
MD5:
eec24fd5d149aee6442866a13eb91f55
SHA1: 60cbf6e480adcbd2d9cbfb14c80276b9c8452d4e SHA256: 3273f582317ac081d373a5c884d64a6ae644a2bd009f01024be9804c825e3183 SSDeep: 192:MhPD95n97yuA6ShmpJAjbnunwGJLLWLHHAdYIYCD2JU/Gq85D2O85tMPv3+cBL:sx5+haJCopJLLWLnmY/qE5H85tWvucBL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json | 0.66 KB |
MD5:
23c6214b1b22f2cf81d9b929606ce329
SHA1: 86f6826cb1f194daf1b439c368ba75daa3b1d6a4 SHA256: 8f3bbc809f0898a7b6b9dc969f13c4d3bdb17a137cd8f2f94e804f5f95a4f2f6 SSDeep: 12:bNaJGeK2MLGs+Y/I/BYu3pV9rSyT52OHLUq358ItdKgvCxb7OVb37efoC:hxeNiGC/aZZToOQq3aQMQc6Lw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | 6.17 KB |
MD5:
bcd295a6fa787ca30b8b9266c46a85f8
SHA1: 63d330744c16f83c4803a6e2b604ffc04f1d6e71 SHA256: 21e4a688d2456302662a343a46c371835ca396ac363395bdfa8c217884fbee98 SSDeep: 192:sFoidaJnAFQP0fEBn103c2d+0gMHgoWj87H:syidaJnh7103c251AosU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | 0.98 KB |
MD5:
056bd5c39cb18eed273086900eda3ac2
SHA1: fa39231defb7b3bec862220597fb5ee4e70e48b3 SHA256: 0cbc1fd6f341623e0512f5bbb7bccceb2dd61e8b88f455eb7e5a40749d9f3f3f SSDeep: 12:34pRiFxlLMpZcPG7PuTvFN7vlz4QgH5qG8Bgfi0xHz42xv6kMFaZHf638araMFUL:xJsmrr+PZy6frcaZHiDNHj1ZHBc/wAJT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4 | 6.56 KB |
MD5:
e80731be1b14bf09a18c432aa5ec94f6
SHA1: 99e9b76d44e131f6725c30fddc05792870245b13 SHA256: ec230e5e269d0ad382d73bfd12de9fd6295158d22adecc52c75542bbf8e69472 SSDeep: 192:pKxNlBXFpX+I2jkfJAzTaNTujbtL8wrjoYdNF3:pUlXd2winETufmwdNF3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | 4.12 KB |
MD5:
6a181389fdd79c2e15b5cb096f341358
SHA1: b1b06af33bde624f3d2b49121c14c5b452d065e4 SHA256: ba6efce8c6b7985ec75df1d9b4e34bfbdb6c2856d97b974d73ee114cac3c682d SSDeep: 96:FHdxqJZcgom4zipOID5nt/rgRuvO8kVsw2sJAlp/hDd/tTw:FHdxq8goc3v/rgRuvLqp2AU5xtTw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json | 450.04 KB |
MD5:
1078198e76c8547593c5dbf3c76d5e61
SHA1: 54e07d771e9758db6ab8f09d99776f1b588f4d93 SHA256: edca53ce5c9cc6f0457cdffc2f6ea1601ad8ed2fc26c66a6548652a6d6332079 SSDeep: 12288:YPjvcq22B/+iVLjcCgibaoKQyUD/XjgDCc7:YPIY/3PcbHkL0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json | 1.32 KB |
MD5:
20cf1314e6cfd570762a9aa14131f573
SHA1: 282ba5868b613580d9b3ad869634bd8fcb37b4b7 SHA256: aad2ae6dd3055ce57d3983a3a14829293baf081d683f9c3d0b3b3b1363ca3e2e SSDeep: 24:CvrES5/Ij2Q1g672CAMIOTkCnEafZpydQr/3TXC18obH46T13J8AnbYL+NHHE52l:CzZ5/Ij2ZgTPpfJTXFoTgAnbbHHEk31 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | 2.79 MB |
MD5:
901ef5da144a0ff5038f9c494e0ec90f
SHA1: cee1d604f0a3aae11f92a43d1bcc81d726cfc93c SHA256: a3b03a578eed6c68508388e0636cf425e7f2c18af468c0b9503c3c02e5634706 SSDeep: 49152:EUF1SKSVSna2UjJ7EAO/cLf68wy9yxKrOUURBgmai2prm:AKSmIEGJwLx9DBam |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | 264.83 KB |
MD5:
f087e6a0ca1ba2c5511499beb3968ec8
SHA1: 2c85fc9a3248e9a9a54db8919b1a801b5238739a SHA256: db34dea96742bd927723ca00177626dccdf7de34184043964d7f47db03df5672 SSDeep: 6144:zbRPmmy07i/pNx2GYJx5jqzAjGcUiBnDmwvBEZJR8lo:zczq6pyGYD52zA6cUi19BEZJ+m |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4 | 5.40 KB |
MD5:
8049021d00e47c1ad038457d332a69fc
SHA1: f538668ebcfb2e7b513ceded9bfef28616d30251 SHA256: 0dcb02bbfebb3c43aec31d47120737c409a9b6fd762eaeb25e7acd1700fbd1eb SSDeep: 96:2fXZxmXNCKfWSFTwElpiXBFpInVXJ4L4casFjFwRNihQWhcubK6n2vsD6/tzBVMK:KXZxqsXowElpsBD+XKL4cxFjFbhnhTbO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | 475.72 KB |
MD5:
848544fd7af04fc7506d499c52beef23
SHA1: ba8433eb8628c810c0a32ed4295e1c58badb4a7b SHA256: 12d57efffe0aa7db4def4f2e3d0df548c2ffc83b3db1c8a14cf29ebe64d6b236 SSDeep: 12288:9N9xVbVagbctdRcPbO0ktld9E/ki7w0+l3AfBKX/OEYRS2qWAKsAM:9rxzaidzOvhE/H7Ul3AfBKFYRS2nuf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json | 27.83 KB |
MD5:
29bc02e66101ac06307509c98b1acc96
SHA1: baac2b9c3826d771fa12825e776c9d1287fcbfb3 SHA256: af931b29b1895fb229cfa55aeb0e6d5eec9c2401531933685537c8d9c50bb2fc SSDeep: 384:wcMaNw7oAyXWpym4m6sB9wEgmaNsw0YWurMz+8d6dbrkzg6ZQDB6Sn+JH/yNU8Iu:qaW3ym9B9wFL0YW9L8db4s6Zgv+JHqNF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | 549.47 KB |
MD5:
e3498458e5427488a5b655d242a1ab93
SHA1: a29ac0f45ae25645386bf89b0824352f80954aa7 SHA256: c129ca22f9c0df6e4f7bf2953c1e12bfa198fcaea6b3ed1482e198209ccd395a SSDeep: 12288:RrGgiID09yZI7q80eec1rKfwGd1QkyinutNX5dKfRTuTWU3JTe29zvSe:RagiID0kIceec1rKoUByKEJG5KTWU3J7 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite | 224.53 KB |
MD5:
dde18d86087d4ed1bd6e54940487d56f
SHA1: 1ef7a920589f98f8ebd6eaf35eeae051a720114c SHA256: 71de80ecff05a1c8e189455df35530234ef3b03ae24fa43a16cf5d0eb0b3c48c SSDeep: 6144:yJXGLT4zAADrc7K+QhXyylmPuuBi4nKgp+bz6Q:cGL0zAAQK+ne+u+i4K80z6Q |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | 648.90 KB |
MD5:
96e27b31e870ee4a985fbd975675dce7
SHA1: a581e712378a9aa4728bc15256f10f880cce43a5 SHA256: e84db35c0fa1cdb087e8e2c8756985353571db2bb6abd62b45110e88b4111f54 SSDeep: 12288:hodjyujKa+Fg0aZdJI/dFwHGghpDnTombO0U9JCLDfr0ms41JH1OoJDq8OqcA5Du:AGaCaNIl+7DnLxOELDfomxVO+Dq1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | 196.53 KB |
MD5:
cfd9a1399c335e9ef7212c7e344995cf
SHA1: c984780f7a29ee65e4bc736a75b0c18fbaebd028 SHA256: 18ecd704106ea8524c3d68ce9c3ef4f82dd5d71090286d668922df401e42030c SSDeep: 3072:KUjtetUfv4JsQZqNxRw6Ruowl6KA35tgGg04U3lNQsjQnlZDn4VS2UYIIwsY:JSJkbuJl6KO5dMiHfj0yS2UYzBY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | 37.37 KB |
MD5:
f98c6d451e5037d3509218c8d78e3cf5
SHA1: 2d727691bb07a80010112dfb4f8206043e45959d SHA256: 3ef68d1eb3f62a5c37549518c0f785014d8752097b939f0cf5aa048dc6780400 SSDeep: 768:QPxdb1D1XUSaY1634Y0p34izEyM9+GJdjfQMrf9bYmb35/NA1wrEhV:ixdhF0Yww3c97dEMNDN/ZyV |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | 371.63 KB |
MD5:
f36be3f0a8c0bdff901dd990b34a53e7
SHA1: 2fa06ab454c5e62ad9a45be2794f41bdec98542a SHA256: efd3d9e37122e0ca1ddf5bede08e9a38c67e759563f3a70a424361861fd853ea SSDeep: 6144:ukzdwU2kii644B+2QZF1f8ltihKw1nwREoBazE4QQtO1ru5hOAZtJc7IgJ1Hb1kx:ukGZkOGWq0RcI4QQt8S5oAKpF9GEpQ91 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini | 0.71 KB |
MD5:
d1c7b43a87e7c884cd89a001a264271a
SHA1: c8515ea65b1ad68398ebea1dfcf5c5fbb85a6bcb SHA256: e1d055ebdebc5f79c6b1c4a623794f14a54f6094cde1341ee0a6ffed56d63ca2 SSDeep: 12:n8RIUqbJWmNu01+urVpI9bbC5XM6hWuRtqyFXeYqeJ07wB0dEC:nmIUq80trViZ+5c6wcFXDqeYTf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | 278.65 KB |
MD5:
e56575d6bd291fade084bed36f77d770
SHA1: cd076171b69e29ec9ec347fd72a2251dadb51407 SHA256: c152ccaf067dfd98999e2f463f8d023163f760a3de32a6de43ff1abe786bf848 SSDeep: 6144:IsecPZhDalOFk1ZYBlx56SNxygLm0Pk4lHYE/80wPS:IYfaXYB9lm0Pb6E/803 |
|
|
| C:\Recovery\WindowsRE\boot.sdi | 3.02 MB |
MD5:
d4fa94790de1bda7518a16862859948a
SHA1: da220a6e6a58cf46624032033092524467c1aae2 SHA256: a755bd025560732718aa624efa75a3a9c72ce33ad3639b642d8728133f784f17 SSDeep: 24576:BO1uGXNpMd/Dm4WaYdX1ho2dRP++AjMFAqnF+TtBH/vk:BO1uON+d/Dmn9dno2r+sEtB/s |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | 524.55 KB |
MD5:
711f5d7ad1f03ebcc886cd87963a46ba
SHA1: 726034d719b042bf8d21ad51cfaaaf8d6f55873f SHA256: 800ac53e2463a5588c50ddf5d7f79fb02cad4eb67acec3a80e5509bb8a72ce99 SSDeep: 12288:Q+Zg/zcmOs4WdL26GBRW1utY5bFBPPxB2hH7dO3HS:2LzOsFLm34bFVPxB2hBd |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JYaG7q.mp3 | 72.23 KB |
MD5:
a3fdb7a37e6edd490f672e271a743fc3
SHA1: 1d6e65a30af27c27fcbb8127f85648c363a90075 SHA256: 018dd737f0a9b7a0c85f230653025ab5e602291a38dd5cf0a7484557e62b91a8 SSDeep: 1536:ouIwIpvq4fvfbCJvnTvtgg9CsbBV//0h/lk/z9C59B12K+Z7s:ouIwRain7F9hP/sNIC59qKT |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | 1.02 KB |
MD5:
c5bd34015ac57a84007e9c559e2f1a02
SHA1: 92420bec59724dcaa43ac5a33b41fff99ec93bd1 SHA256: bd2cc14da979da0d213b3a73a5431f4314f8bcd3949138c92cd9b8747104dba4 SSDeep: 24:4r1KWTQvzXJ0495fvF69KSWQwiUzomN1OkyY5bl1R3qWb:4hKW0vGzEdQwToo1Okl5bl1Hb |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4 | 1.86 KB |
MD5:
9ea4d6e59726d014b7b1eba50c8dcaa7
SHA1: fa609e5486120647ad8dec30804f0498bb95ee58 SHA256: 60dead15a7e6897305d4e4ece5a4db90623a407f3c28bd6de38b903883fe6e8f SSDeep: 48:ztaRCno3tKE1lLdX73zYh6zSbzCBnKdz1bu:zwCno3tKE1lLdXfYhHfCBCs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | 3.44 MB |
MD5:
90458d9e87bf0cf09da9d3eae3632c2a
SHA1: a612c7d744fe88130c79821fda756d0b7135ad71 SHA256: 1162d50a64963b51e584a39e43d7131ec769258bb222bb3533e5369819d0060b SSDeep: 98304:gO5mgjVktRlqFtAy83hJLdoaFxTygxcoiX3M0iCt:HmCaI3AjxpcoinM0iY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | 5.99 KB |
MD5:
453bc487233d552cb84f454e69fb0c3f
SHA1: e2b2a3cf605477f3015fa41cd561300493aaaf00 SHA256: 26300eae6674f4e515fcfc95bd5e1a3d8e7c9b109fd36f460cec79027c075ca1 SSDeep: 96:wjuZCCXkqG42+3br+Mm1vDPCdD5V9ykB5IJ/S6Rjvou0J+M2MsQHeNm/TFtYg1:zMCXh+X1TCB5ny65Gou0J+M9dPFJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ghU7s.docx | 60.82 KB |
MD5:
3ddb330f8b0bf0e0bdc14467d73daa94
SHA1: 6661d1dc9bad8807677acf69a47bfe691747c4d5 SHA256: 844b4e02730cf469d0859865b6580647e579b375ecb4aea7a79a47309175dbce SSDeep: 1536:tVqgPK3zhsM5W5Odc9y70HrKqbiMUumHgBGNvibjA:tUgAzb5sj406gmHg8A4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json | 0.58 KB |
MD5:
45881bc696cb6bd3c550effe50752a01
SHA1: 4f3acbc0371f9c9f758fcdcc0022924e59f78c5a SHA256: 0e3eb36382a68271240bd4c8152e2a3ced62275c8b8e5edd95c49e595825d4e4 SSDeep: 12:+X8xNwjOsCLsEGh/wFVHesmzFG/cod34cMAg/9gNCwGx10C:e2uqsBh/wVHizYPd1Mzb1t |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | 0.60 KB |
MD5:
dc9cd1b0e0abc2b5dcbb5299051ace70
SHA1: 77fc7c2f358efcad53d099ba4ceed9ffc5b0d6a8 SHA256: 7bb5e1fc31c3b40e15806a6ee4c908ce2fc4eb6f1469b839822be71b6776e51f SSDeep: 12:Ia61uTCoEvAKInNJRXI/EML6JT68lCj0RS2byWhu3SbVk7hwsxWNvYC:dsh7v5qRYcM2ZjHOyFkbxWNp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db | 96.53 KB |
MD5:
11e44452791bc8347058375cc36463b5
SHA1: 5612fc24504d2c027ee27f7e226516743bdf7298 SHA256: 0c1310d4b6290f84a11695818e4851f80fc2357da14b690fc9926f11a8e8e3dc SSDeep: 3072:K7i4DtJED6O3Ww4ouR7ys7/iGjyKAvLpjsO4huELH:KFDO3CpR7yIiGjVAOOuuaH |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | 337.11 KB |
MD5:
9115a88191bb28e1058a4ac21d18366c
SHA1: 254a11e93df278dd2fb297a10ca2b01d23b043fb SHA256: fa561dd84e639426f0b0d34d99bf80dd7b341c889055093889f3d9aaf5f98810 SSDeep: 6144:BmjZeuMJ1dYqaPN2MAvkEEdxnW62Zb6tXteXkct8zjkIT0I/dwpgE4nvp:MAdZSN2MAvkdxnWdJ6tXteUwIn/Wq |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | 6.41 KB |
MD5:
63520abe3642d60af37f729879426884
SHA1: 5006d50e0df27b0ded8b3a331896b94de44f3ffd SHA256: 2f25129292a1778b36ee8869d90debb3bff57e4dfe9e56d8e457f9aeddc0816b SSDeep: 192:7N1H61HvKcHTtiu6RhRfcNWgOmwFCW/aIDjV:mTL6Rh1cE4W/aMjV |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | 11.17 KB |
MD5:
e36d4d4d004ad58d424b68f59db4fc3e
SHA1: 845634efa186a6890ff902124c449a01af4d32cf SHA256: f2d8dbae4dea4b6a9613b040515d5728c958ddc0de75ca46a159e2f07991cdcb SSDeep: 192:o+BDpiRrjjcYJPdMmdWEihr+KV+/WGVqdCdQAmFFmB/ISzRrQ4de2D:rBDpcHjccPd30DvcWGVqd+9AE |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | 558.05 KB |
MD5:
54484b27c2b2a368b547b45cbae03714
SHA1: e6185f48c9669e30b6e8a19052b864ad322997c5 SHA256: 042ebc50f937411ed94948f07990385d422d0d67f64bbeff5e2808bc5922de12 SSDeep: 12288:cXWiyc09mW5ZLUQfpb06zvZk09WL5ehZGbz80UetJZw07/Rn2a:cP0sW5ZLUQ106zvy09WL5OMtHV7/ca |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox | 5.56 KB |
MD5:
fce5d09d70a0f95b9e4a5f0f3e3ebd82
SHA1: 07861bdd20c9b6d9f8d287887dc93266c7a53fdd SHA256: 61905ee3dc0de83b2f15a63cdb55a2faec3ae88a7a814e8d19b6a6bd8f4937b0 SSDeep: 96:mAh3qNM3wJsSo7lHjgBcCOnRxRBJ5dQFh4xV5fPA8E0dS7WrNect8S9HLR36UJar:mAh3qNM3wJF2lDg5Ms/EAz0dSCMG5HXa |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4 | 5.53 KB |
MD5:
a35a580c3ede6dad211a0f0715d8caca
SHA1: 0cef1cf45e3ff58e68fdefb4e8f4cc9925e8ce04 SHA256: 1641d54545e2bedd85201e8fde4cb5b6e627387fa9b40ff52f317be26bc9da45 SSDeep: 96:1B1F3uPJZpP1bmyE21/hQiX/EdGvrBSkJ+zWdpu+guyA6+B4BXSCx:fneBZrnE2/jPEGBh6uyA6+B4BXSCx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | 250.88 KB |
MD5:
2a3d22220203d568cf8d8cc0af7e24f3
SHA1: 38ef56af7d10bc3b8518d5ab90dd9179eb8d2a03 SHA256: d8af66f702f71f530b1c3365785967a3b44fd1efd9a84c41d5a658775b0743a6 SSDeep: 3072:WLR1d4WmPcMA4JSxa3JjL1qLJV/a7zHuV5TvE+H0e5M/iTWfsnUkW9XmvPJrzr48:WtgWoFBuOAphUsTWfsnUsknG5J |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | 1.57 MB |
MD5:
911d3a57b0c356f59448d2be7b4baded
SHA1: 895d4b6b5e69c341a88fae514a60671a3a80c979 SHA256: 251a88a7e37559776663f965229f1222d07ff4b82a446808a10024b59c892fe1 SSDeep: 24576:FhwEcJ/ChaJzUUpvMS2kf49QCL3K1AvXLggrrIL61cTqWI6UfwyM/LZTl5KnCR:Fu3E0JzUPF049p3KEXLgEIquUfwnp6I |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | 944.81 KB |
MD5:
87ff0c4304ec34c5e886662420b1e650
SHA1: 103c7cf693467c2af24149407540649c49cc88ac SHA256: c8341e91c707d2f8ad997265dec06cc9e5b2fe7be318a43dbdc4dba3a3461416 SSDeep: 24576:glf+YASULHvJB+GQpsR0ASa1/4pkbM0NCViaNC6zBk0:glf+YCxB+GmsRVSc/4ik8aNCqBz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | 893.37 KB |
MD5:
b8e41f141bf337a68aeaf52b52adfbec
SHA1: 8f58325e9d74877cf7dfb89dd9acbc93720b86d0 SHA256: 62ba71232e5864ed54b079b838771749a528c6ac63a4adde6c7b813e85eeb546 SSDeep: 24576:KP/BQQsH8H5bpQ/ohRJO4Emh9XthJv/9w:KP/SC5bpDh/DVhbvu |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\I3aPKS.wav | 5.20 KB |
MD5:
897b9a4aeed05921bc59bc8e09768882
SHA1: 4ca94a3ba257746173902a7a12accbbf7c63fc7f SHA256: 191c20c05be80d1f7408ac737d2c7b0504d062e812bdf0dfc0b7c72526d04fe8 SSDeep: 96:q6LeNQ/PoTHKGVJUXbMomAwIgvl4EYwMfDkplEmwrIC/C6IbsYuvp3GAm:q6lXKJULMomA1gvlP6DksxICa6qsY7 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | 7.72 KB |
MD5:
9335719834288f9fde4fbc3f66a26099
SHA1: 50b8c74f6297923db47c516df2cd8bdfc57b794f SHA256: c8eb914c6fc1c5d1ec0c9a93c3413ec082607cb8b2eac46285a03fcb275ff2a7 SSDeep: 192:RFf6Nte5EyS1SvMTeySOgzArzaQiYX7N7mY+:Wby7vvzIi6N5+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | 4.67 KB |
MD5:
75d2f20e53e62531a79396c037819ab8
SHA1: 3059d8ffe7acdeb0c6bb8334e1e888e12278e5f1 SHA256: 1ba7e52a0c216f6c61017db8b54b944cd69f1ea5cd215531d56072f92a38ec07 SSDeep: 96:M7rxbB45lU27i1Cy6OmRvlEhdZsvWNNeClppWzHt8CGKF0X0D5V8bQs:MZVyU8i1CL9I/zlppWLt8Cld5yQs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json | 6.32 KB |
MD5:
b3205ca1d7076cf61788706f344f0326
SHA1: c5d445e9b8a211a1cb5f1f2b86270bceb061e55b SHA256: 790da1395c41a3230a40d72a75c517e2df0b4f29b1be678081a166a1577626af SSDeep: 192:rp3UL0jkLN8xEGY0vBlHOdQBXl1Y74gOT72Qz6:93UL0jfY0vDOda11YKPi |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.57 KB |
MD5:
101b2571019b00a2fb11d26659c5ee15
SHA1: 80815e03490d916c11dcf66aa5ebfb00c6bc98fe SHA256: a0d4c4a87bb6d9e533b37357aaa93502bcc9b3b26aaebd7bd3bff628ac889028 SSDeep: 12:FKGup/vZ4TG/fgnBjFgnQ79ul7sS7EJIXRfb7UvksvBT0C:MpnZeG/ydF9uBsSjFmBZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | 18.85 KB |
MD5:
a631a6ab84bc99e89f264eb67be331f2
SHA1: 157f1f1fe7cb24a471724150aeb0648777e11eaf SHA256: d0d909b11f5d0146ae4ddc2b486b34649191cad11655f68cca8c1aaceac13ca2 SSDeep: 384:IiZD2ae81vGlns85lcHsvNyv34Uza7Vf6PGO1Lv3QkM8MkCZjs0:IW2an4ls85lcpteyOORfLMTkCC0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | 124.53 KB |
MD5:
3ea3c74e4b006684ed2c2d8571d94498
SHA1: 2bd5e03751a23709e98fb1592d418f3f5e019a5d SHA256: b70e0c5429d07c32a300570793d3f18dfa6e3a8774a2a27f4e8989f931872bf5 SSDeep: 3072:ygbPgvDPEI25KDp2+YFgGdo4xCaO/KaMYjS:ywPgDIcE+YgMo4x0/l3jS |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json | 197.21 KB |
MD5:
e0a4e60bbcae00bb8c945337d5d7c153
SHA1: ff2da25853a4a0b65d834f7942e356aaed639667 SHA256: f0414e9782f2fa64be4be8ca1948f4c2fd48e479fe7f7d9d5fe0312f9cc800e7 SSDeep: 3072:POZdk5qJZhxb1W14P2fknLDGaHF7OD+IOk3XrYrM5HuWSJn/UtVWjHkDILiEOTjU:PO8EZX14a2g7ODck3pXSN//DJhOfG7t |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gzz6xbjl_LfVIYqAtg7n.gif | 29.05 KB |
MD5:
be1d8b12b3fd1baba1d0d0cc02332273
SHA1: 868761da31fb1f7c093f8aceccbbfbbc6cd92410 SHA256: d180fc52cf9cf0dc01b4803ecfb54394c0dda3d09b6fd6418ad8f76626bde89f SSDeep: 768:k7H26+d9l5yOpiu8HNRQ/73EbSY2lo5UfNV/Gu:k7Hp+d91V2Q/7UymENlJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | 0.55 KB |
MD5:
782a49d9cbbbd5645bf2f388f4e3cd1f
SHA1: 7f789139dc4c744524a1bdd97474b55a27bfa31f SHA256: c7bb9cffdacdeddb4eb70911f5aa61852ad606b7986065ff0817716a0db1d5ed SSDeep: 12:aAbcwGD5OgCEB9OXdZAZ7BobBSm1kBNhIsMEf9GU4Q/E6awjCC:anwGVKEBQXOBssJIsMiSmlac |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | 953.65 KB |
MD5:
89084e1ded9ae60b14a1a80c20e13dc5
SHA1: 65ca2f7be597a151ce0a037121b2131dcfb94e74 SHA256: 127e9abb188dbc90e8a5768e0f3ba0606b4c55188f6f676663c80ac591cf7384 SSDeep: 24576:ws7fxuldqRigaUIW85+ZIKyiMyrT0XtEJLsgibjuFGkPGO3X:DwdqkbW85+ZIK55TSuJmjuFGyGO3X |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | 1.40 MB |
MD5:
508fe7546dadbc93759c66f3aaef8998
SHA1: 7c8ae496c491504b93e45b57a71aebf727b5e89f SHA256: a801d45fd9c4724905ea4cd954aa0a77ffc9ce114e0959b1a9e7bf300a21d7fb SSDeep: 24576:NGS2KuqdyNnDEY75yKg+poMgu+OBWQZM+byLHP:NGiuzNt7AKXdBFZHeLHP |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | 2.86 KB |
MD5:
4c3d302de07ef807f0beef7903d9a1d0
SHA1: 4f9378b0dd81aa7844dc547e0940f6494b8b501f SHA256: 95774f975de78427e4d0527aec48076c5d3e7314121b3dbb76d72e3b15af89aa SSDeep: 48:ifwA1bZukQUmMfkM4IFFD+9WvBEPhK5GphOCXHyb8BvCdHspBPDCzqZSW6OBDIPR:ifwAVuBmn4GF5+PhbhBHpodHOBrC99cM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | 3.03 KB |
MD5:
091c44d0e8002752dfdbf67e01a96192
SHA1: 4f36a435971d47194406d0abbf872b52221ac153 SHA256: 161bf7ce6d1411eee383227c418064ba04c1a8060d9ee7db03daf0563e192bb5 SSDeep: 48:U65S0ZYv/fzrZnuIcQw5tRVoJ3gwUO+RR+zCG+iu1Asw4wTaXADWnTyUfQu7LDjv:UfuebrdcQCRZBYq1h9wTOnTyUou7nL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | 192.53 KB |
MD5:
b381637db3999d36ae523e4951e30c03
SHA1: fd8afb161f9d8747e82bffe9c5282fad4e962f0b SHA256: 66daebe83bb1606fd7d8c4a29a92e0d3ca98edd26256048bb1c36935d6aba9e1 SSDeep: 6144:gGjkLEYV+UnP+LeXjGMNaKJCtHbyTsXU9OBIWbMH:gGjkLIUPyGITHbyTgU94Iv |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | 2.25 MB |
MD5:
d600135740d5ecb34962efe18bfa1f8a
SHA1: 3988157f7ab55577abedbed17c89d9c84a0c9747 SHA256: 9121f1e8b51d9f647f68fb553c50d60fb6b7f21a17449739d3e4e2885b7060b0 SSDeep: 49152:a7Mbo5K+h7OjK2L6oZ9VyvXFCX3CzwovQTSwW8nh:ajarLdV6oXSzeOwWEh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YWEQ2GxGpdUwK8PTk.mp3 | 37.43 KB |
MD5:
92be15c7e679092e293bc39e5c7cc452
SHA1: 3490f7cdc6323d3f41901dbb1300ae99724b714f SHA256: f1b5b3449167f6614b6ce42658054a7dce9d6e8f3061fad27c35ffbf906aa273 SSDeep: 768:PJL+GP7NhLVXTd6dlnaDTrc7cDa5hytmGpE61PS1pJPuIaKVED:Pd+qNhLVXZ6d9aL6cW5hvGpEmSfJPWo+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4 | 5.58 KB |
MD5:
f6e070b8ff1cb49297d88372dd01a2c9
SHA1: 21d89a5fb821aa85d5db00edc636ba26545d5f23 SHA256: b8b5e0747c6f64fa458bbfe14d7074aa9e8cbd6ce8712272fd48d287c2fa28b1 SSDeep: 96:aJchcvcKibMv0nc774v3YJmiSj5XtnJY20Ml0U51NL0BY0X9uEP6XJPT:igcvcKibf3v3YJa5nh0ALR0BYKc9JPT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | 0.55 KB |
MD5:
251eb22aea666e80f481ba12e515ab61
SHA1: 4c597de0aab1d629a04e82f5443136d6098a7232 SHA256: debc88e26898446855143d6311548f3a5354eea87962353e74fe7694322a164d SSDeep: 12:nQ56/NMhv+BumNhoW8OcHFk+Rfq/EI/dTYneVCKmgOBC:QBv6AW8Xlk//EI/dTWymgO4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini | 0.73 KB |
MD5:
2274baa76726f72030b733d01b9301b6
SHA1: 0739165eeea58fabc93d1f79ad4f0e6bc75f0db8 SHA256: 2697b78f8fdf12810120d496a03f76df0a6834e35401b5e801a3295312095bd1 SSDeep: 12:UFUTMzbtl2Rtsn+4wrR2fRvsXr89k8tx67EA0eKjnzt+2N3dlCD+22SzeN6z8E4r:cUTMzb6Rts+4w12fRveGtM7ExBnY2N39 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aZf9Wm.avi | 39.62 KB |
MD5:
1ec5cca669e7476e873387471e9c623e
SHA1: bc1b46054463719a44ec8f459ca15a08c750a77a SHA256: c3c76a0df1c246f1794e0a37a381a4668a60561867325b0fbe529d5561150f01 SSDeep: 768:ZlGcYu8C0F4gNkHlzYFjC7vdhfT3mOwimjIRKDo2b8ZznkPMu5Z:ZlGcndS4gNml5FhrujrAbkPMuZ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | 11.64 KB |
MD5:
42383d16eb93bcf7b36a63a7a0e8191b
SHA1: b78696cca14e7c2a82fee21f8bb5dc75718aeeb8 SHA256: 6888f10c05861b287957e5fc01748d41bf0a17e1167d71c9ba24db65ff3e9f9c SSDeep: 192:CFhCQwbn2SiF55y7ohc73kWGpLL1j/rOOGE5fmE7JysujkRMSYY+PZEzWtJeY7y6:CLCQwbn2572ohcWpLL1j/StGfmEV+bS2 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox | 3.53 KB |
MD5:
0847bedd8805cee8dc4d91d2d85a2d6f
SHA1: 6c686bc1e5a14abaca168457c626cfff992fef72 SHA256: e154729a9f83340703848be723b27345c5906fc936e8efeb93df21b24e45fb51 SSDeep: 96:ivBI/teVUPiSQi31HC5WtNRDd9eV4sIwSt5eG68rwsmMB:ivB0teVUac31C4LWG6KwsmMB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | 3.53 MB |
MD5:
c100f1b03c9ccbbfb2b341e3f27c1722
SHA1: 1221a0c5f162885d3fb143b4c64c63fe63257e4b SHA256: 03fefa56d4a82090ae5c3d8473f49f2c88107d1560a4c507f2ab89834995c039 SSDeep: 98304:6C+1UlrS4ogVbdL7Z0CmkCH9/pFwH6DjHQa8eLR:hlHogRdL7ZpCH9/pvDzq8R |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | 2.12 MB |
MD5:
5d57b1e6ee954f2d35387b14714becf8
SHA1: cdf518db091e40a5fdf6830703d843dec7590b14 SHA256: d37203685e92630178b0a93dfe7d5e14263bc022c3271134df378af80c2c6d9d SSDeep: 49152:/XLFOoUv2vNn86aZ2frP6l1IdO9wASFntrPEWNeN:vLUfvin86aZWrP6MdO9w35PEWU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | 0.98 KB |
MD5:
113b2b163de22a069051fdf2e4e3e96c
SHA1: 99cd24dd6b366bcb084472589d6807d524610729 SHA256: ff05ec2acc8aa24ba83257bde1e94628cdd93c8b2416b373ad6ad407cc5b77d8 SSDeep: 24:7sDSL/ptnXXaUZonTtELFZ9Wa8JOuXmWvSp:IDq/jXLLz0Mzp |
|
|
| C:\Recovery\WindowsRE\Winre.wim | 10.00 MB |
MD5:
958be337fd3ea5ee610ca39c44d588f5
SHA1: 65e068d3bc98cdcc5fe710ba104610abd25d65a1 SHA256: 7feec20b8321819dd6e0436c9a62f07f2d31bd00c8cca17d77c736149168e2ae SSDeep: 196608:yweI6QP0NugCFllvMJMyRRW1pcfF2Q4U0DLgywFXBnHtykX6:FSo0OlGJ5A1pcf0QF0PXwFRnHtM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | 6.82 KB |
MD5:
4909ebf1aae5bbf893689db8f0607eae
SHA1: 32482331d20d2cff948a167a97829a8b0afd2f22 SHA256: 04bae06e78a03cb7bc6eedcbd03c4a0d86974e0efc7265dd4037e143671315be SSDeep: 192:Co+DJtmEY3RZNHG9GUjqX6KiavpSuW++yK5LSKT9th:Co+TYBzGAPqKimSMw9t9th |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4 | 6.07 KB |
MD5:
df4c9dbe6e03aa441f907342c56f2646
SHA1: 2f92f7f6dc2e977eb76cb31f4b07665c4f97e16e SHA256: 6a2298f5cfe01140b82c180a98f99b13cf07ed33986fe0e50c1372706322cc30 SSDeep: 96:8+bAmJ4I/BYcH6sr4rhdi3tMaeRy3EbSRJYhWyi3MtK7k5SgOdBFkTlTB3P:bReSz6s0bi3tMBRTKJYhW+15OFEn |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419 | 0.54 KB |
MD5:
505157af78b58a0f9ddf7a18803ccee6
SHA1: cdab41ccf6e52f684cc7d5a547a209dc7a2da58c SHA256: fd868b7fc480be110e239e3d613d9886e37ff71ddfb626de55d7891af7d46e61 SSDeep: 12:j3ik2WyskEqV1DiDbmhxzfLTaZoJR92uqdSxqiwFbWQpUFt6+J+C:dbkEqVl2izkohNqdSdwpkt/Z |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-f0 chr8O.ppt | 86.84 KB |
MD5:
e161313753522b713102d894487f61e4
SHA1: 8b5e6dd066c347d1ed9eb926b5310d1ef08afddc SHA256: 5310f76996043368aa9a1629ee3fa3fa378e2336ff136f018ac7d9db974146d9 SSDeep: 1536:KmzKa/itsiXj++yl8zNSalj2W612s3kCov9XsVrjUShbgKYD:Kmi67l8znlir1YCov98VrjUShuD |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | 213.01 KB |
MD5:
d5828fa13f5730aeaa0c1fb1474e8b11
SHA1: fb30a56ef43ff2187cbcfda74b753796d4a70b22 SHA256: 8140af3807db23f68d23974517c4a41e03dcd20f4f2e6cb223864d4983425f68 SSDeep: 3072:rFft7tj0H8Y6HST/VfwHxe7KseSZ2rGFr13a0PTrYwVtLs9wPiCKuPcNOE9coYiX:rteH6yTwk78SB13a0PXLVNmJOYYib+Do |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4 | 5.68 KB |
MD5:
fc8d82a6f6fb5850a7c0b0fdd71b5029
SHA1: 7ddfbe511e4c240fa4e50c33b63a237da0d71b2a SHA256: 3b81b1ee20718ba26a06657721905eb0e1eb2ad93cb8a8f2face2c811378363a SSDeep: 96:swal/LgGqw0nQFc2/RVV7b0l4F4w38YJ5kgDDJQnd2h69i3rbwCHFNb5GxcS:1CzgGqwQcXXko0YNJSsh68bBFmxp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | 9.50 KB |
MD5:
f64612ae46f870efaed0e5007c5bd0a5
SHA1: f3ea526b23893e6ac5015dbbdc0ee0b732db7a1a SHA256: f4027fb5d011d5db293b6153871b54d0539d352a6c28c6f5ee1632b7950a279d SSDeep: 192:1NnJW+NFoe1wLJWiiKIuAnP0hdS7I9YB5U9XlWJ5h6KLyB7wPYsP:1NJWmFoe1QJcuM6g6IfJ5hdLyBBO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | 483.68 KB |
MD5:
93a6ed03cc75aa57ce88fdaccb017d08
SHA1: bf3d85d4c3779e1e3986971050331cc7ce678aeb SHA256: 1088c2fcfdb293a5ece7f7a0c12bf26a612ede334c9391b2e2757ef809d11c61 SSDeep: 12288:WrVxBVQ6lY6VGeZss7F/2pO1RTk/wEze4fal2nZNfAA:W5xNpQAtsuUwMi6zp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | 545.48 KB |
MD5:
725af4e102ee86d2f70fb79af740ea1e
SHA1: 994cb6cf0947c551269d3ccb09ef4d2822afde5c SHA256: 6179ba3a2f666446b44f48f587695135919e2e1a24c6738b88ae29233d8c149c SSDeep: 12288:hTb2rQ2St4gRz/UQZCdBJzMTRBXmUKbrkIHcOQQGUw6517txbu:hDyATTZCkBWhPFiPUw6LC |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4 | 0.59 KB |
MD5:
4bdd36ae02922ed51c880faaeebcf819
SHA1: 011afb10de1bbbaa07ccf9fec745841bbd2906b1 SHA256: 01564d558dbe937d3f78548e02ccbf0b538f83347ce038de7e1da1cd718dce1f SSDeep: 12:Y4A4cO4TYzTcmFsgpPSRyv95fPzxheIjuSlZWfep5WpBxufYPhCvwC:Yb3OeWAmNRSY95jxAIjvlZFWrkQ8R |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | 262.90 KB |
MD5:
c1e3d4fc2a75a57f637866b40c012c4d
SHA1: e119f185a3f7fbef25dc7fa30d2d74121005563a SHA256: d6013efd25d5d7a7f14a00c8b3eb26f7b7ac98db9c6f87349bf060e1f354a47e SSDeep: 6144:ly699lvZRAyXVHMxGbI5Co+x8H6TfplEueyLKXe09YRfJl+V2baLsujE:ly699lVHFbIx+jWyCYPlrnV |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | 245.97 KB |
MD5:
90be88b4ecc9ad0a75657f87acffcc59
SHA1: 430f763fb9b2405d87e3df413458a9b2bba6ff8f SHA256: b24a2c868c626d86b9065b0391ce7405b95e511055c0cf7084d0438c43a6ba49 SSDeep: 6144:zVynXF1W09wmDGaIek6WXvjaorkPPV6HK+TT:zV6F179wqtkpfjiVsK+P |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | 0.98 KB |
MD5:
99c80b9d2b6e2ab202181e2164fbfd64
SHA1: 069de9f39f000b730547182a8aac89de1bda68f0 SHA256: 5582a8c1eaf6b6931e06b1d5b2121d781136635262e89b397217522354d6a0c4 SSDeep: 24:FLtcNDGDFS7dAhOSuuiBcxXc2xRMS+4hzohfxp4NM2X:FyhGDo7ekSuuiBcxbjqkoJxp4N7X |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gR1CBuQqpVYIz.png | 21.07 KB |
MD5:
a14a5d6e425afe402ab624beffec3082
SHA1: 637c09b3bbf7d518717d805a7a42ece906e354c4 SHA256: 42bae14c122370db25cc3f535f21085aa55e33f4acb1d94365b6d758b89b2724 SSDeep: 384:iwGi95W+gxdeBNpEMp1V7M8r66SQ+zH459fZsPixf22I/X1Jm7L6/ty3NaAON3fS:N3W+gxdkMmh5h42O1Jm7LR3N2bXrw |
|
|
| C:\Recovery\WindowsRE\ReAgent.xml | 1.54 KB |
MD5:
15b381144a0f0c80dec72f446913966f
SHA1: 76369016af4a80a306706cb2cf7460d4c81e4c9f SHA256: 5353fb98f0f6fe63ed8fdacf8bb4d6ac9b5daf0b47f8bb12710e4c1f18a47175 SSDeep: 48:jiYRvEIAkjzgI43P1xhwQ+hmqZWbg1F53:24vEIZjd4iQ+hpZWbgL53 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aUzcWrREsGrojnF9hAS.mkv | 79.26 KB |
MD5:
a65daabd438eb7d81d8d739e09abd162
SHA1: 93ba23c78307528dfd77dce2e4935fdad2791fdb SHA256: b46f5665e2ccbc1ea49deb841e12c198c89d372f6438fa5a2a108795cabf7360 SSDeep: 1536:zuOks6KMVMxaq+mLrteJAPXmqf12IeEZ8XgxHGAR2PsbAEdyVCfdL6EBqkun:z9km9xbJRfD2Iec8wcA1bDdjBqL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | 0.98 KB |
MD5:
ed04de2cb5ada43dce21a8c921863784
SHA1: 61a0c68a92d90ceed674f7199cd30a9309bca474 SHA256: 4c04ad762f06d2e277f58133e493597e97919a6324bb77c23f3a79aea6221c8f SSDeep: 24:/+1KyKz/Hn/Qr+xK2UBumZ3+uw3mf5WcS+RluJ+t7Qz6dG:tyg/H/E+xK2UB/Y3WSMwJ+tOx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | 5.30 KB |
MD5:
3b5b747c948ed61fad24065c36f5682c
SHA1: b1a7f692c1a9a95a64450f31a13238aceb5b2082 SHA256: f69ec502b6558296303d10f877ea562c438f7b6fcad3b3bb03320dc074800604 SSDeep: 96:6PGYMADi26GFCeQ4uyMyfTfzEAROTf66HUUjqPEKogYRNYaT7LwNloZlK4268qek:IGYMCseKVyjPOT6mUAoYRNYaT7yloL7Z |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | 1.15 MB |
MD5:
f9972f83f9e9f97df33af4b844e5ebbb
SHA1: 219a018f6fa376d477dee5d030a05d1e29f68b65 SHA256: 3b777f5e8afe9f2140178cf54f8b440290b3439ad343c67ed438a46af05fea9b SSDeep: 24576:cpCTQcEJ3defMvgK7+EnCebAxNi0kezxo8AZInFNP0dXX9MdeARx5QNns:cYTQcED37+EnCwANxzxDAZcTsd9cLR4a |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | 4.75 KB |
MD5:
9b159aa98c7028a4f6c12901670edd25
SHA1: 06aa74ee8927ce2466d19b7213db3eff6f09df32 SHA256: a5b4074d2a1e783ac464a7939b98596d17065a44ad5722507dc0631a3afdb906 SSDeep: 96:xXODNuYCh75V0uzV1WtXrbTd3ZIviyIAP4VASG5bFvrpmedXAVfyimrNr:xXOg975VotXnTGIA75hzpmrfBmrx |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | 288.15 KB |
MD5:
3fb172daea1506063a8c59e6bd1f88e9
SHA1: 214f2553c080880daeb7a79e8f0115409dcfe2b2 SHA256: 8788f9ec610d98a20fe81895fb8d95c614cd2132913c77be13347927cc1527e9 SSDeep: 6144:I3+cphBRVwc/wk/uO/of2T9oBB9q5xr9qVFEWOHU8mWHDP9VDaY8sVkS:fkBHwrWpI3KtsXHO08hHBxz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | 0.98 KB |
MD5:
bc5895b378def93a5aa24ca8a4748bbe
SHA1: fd2fc902d5301d9804eb6f24457187cb1202109e SHA256: 40db1ce11a49c827288b5dea1f4b6d5990d8755e29a2b914977438568cb9d6af SSDeep: 24:EQUeZ2GOS3X1r1ldnYGJZ+pMcymwfbNljn8odI6:ELeZHOaMGqKjn7dI6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | 0.55 KB |
MD5:
7aa6c172cbdfab73a9d35719a53ce673
SHA1: 06527e1ffcae07013b39c70dea3b4d2cf0397af9 SHA256: 1cd851b49ac2d44d4401f04a12eaf0b487d21fca32b52e9ee92fa0cc5e941d89 SSDeep: 12:QdIpOBpBpv72WOjMZcHVzYlCGjHQrWTlTCXxM1CpHDE8ufTHcxxk1024kbZzxwfC:QMOBpBpCMeZYlJHQCTRwxM1CpHg8QT8y |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | 1.96 MB |
MD5:
030855ac5199187c9b4c578274a84f98
SHA1: d707f529ac84b81384c5f893763a166448bc57fb SHA256: 7c4ea5c9b36447ef94d233757eeee860b890629430be32ec0494760a152d2b6a SSDeep: 49152:xVhmr8ve9Lv1uplB/y7XoniWp30WUVZY4XApe/x5:TveNUpP/sXCiWSWmFXApe/x5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\H0n8vfZP F84hgjL.gif | 13.14 KB |
MD5:
c55cbe4d90cdde23d7cfd401924c059e
SHA1: 28b2dd38313e246099407116756cc7c34db586aa SHA256: dc5279c0ec240f2535b5242a8fc5a254138e04381dbbc05bcf82e07a680621a5 SSDeep: 192:u8W+O60zoGOj86pjn0pLK5Fx3TJ61Hkhr9aGnLxn0ilDXFaCo8ES66Y+HlDX9LNf:uOUkprELq3TJeE9agx0oaA/Y+HzkBeD |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\KZcK3fz60H0aS.mp3 | 40.95 KB |
MD5:
f7cd9786916eedd24e5f11b779153659
SHA1: 33529f148ca1ce80c3548f05b5a6bf95de78b089 SHA256: 5647ac7e89e5fe8e703418d725184824fe721e6741a981c7ce62282c9355ac26 SSDeep: 768:17fo9a+Z3DkuSSi4G7Z/naugFYrL36nf/8vw50DxJh8D+jj8ByDGTM:17fo8+Z3DkzFbdP6f1y/8ByKTM |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iBxnpfNq.swf | 71.26 KB |
MD5:
7c708cfc1886f838620740a9dd8dcb0f
SHA1: 43304758b572cf16af036b89be5960207c1f0f38 SHA256: 5e072987aa905b5ca045271ad6897fdc2d8c0d56efcb14ad361a2b374eada0ff SSDeep: 1536:kWL8kOjmWugayVQ0CaSYBc1KKGqmGP3KMSNiaehNSk216vDy:kWL8kYmWOaSf1QqRP6MciakYku |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | 141.87 KB |
MD5:
f75f2a3ea6dc33d486169c552bb6b0fd
SHA1: 59b0f12aa824047875557e4f2e20c801f0cf32ff SHA256: 42ff0d1108b343f4eb1d513dc6d7f66cda548b46b341610cac8899285a950641 SSDeep: 3072:BX4bDvCn8c+Jq4xzwQtB7wfftgkB+W6tcV72ziJWeb9EMf:Bd8/5wKBUffSdDanf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hIy5P_SVmm4d C3.xlsx | 20.71 KB |
MD5:
67dd6002e54180769d3e6b06a4560ae8
SHA1: 09e36b591f66432238993039b409ceb582725a12 SHA256: e64fb38eb2cdcf9a65add344efc59ac3d479b4c349c7a45f0bb32f78dcd7e38f SSDeep: 384:NLK64tqGPDsd83Yrd6rZOBfcgDz+w4Lm+S/8J0kJJZcbh+epIEvRfc8XZ9hkJci:A6WqGPDBIp6rQcgGm+PKEJZi+etJU8+f |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | 16.94 KB |
MD5:
b1b3bba969c829b74fa4bac15c74242f
SHA1: 54670584ba4e15d2a60ab502540029dde12c0d67 SHA256: 561150ac4669a44c726ed43a42e3a119998850c7b8e3e46dbfd6e68c4d86f1f5 SSDeep: 384:0z9srguiV/XUMhs9mu40iP92siz61755GO8uXcyiEgYcj:0BsrcV/89pdtLk5dtSB |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | 1.21 MB |
MD5:
ba7391b538329ad9e2d5a65e75ddb8da
SHA1: df364cbc4075f7ea5a323669ff96379351eb0c77 SHA256: 511b16166ec2d28dbd552613d0c65a96c16f7e9e915011ba741f152346879145 SSDeep: 24576:F8+JLeItFd41UQ4E9sUOzqSPCALdIyinfXt16/:F53nW4EaqKZL2F16/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | 1.39 MB |
MD5:
f1c86284ec3d92e40c97e16c3adb79d8
SHA1: c9265927bd7d2f07d6b19063e373531fe627f8a8 SHA256: 19244df6058a5815b5557ed23829e99dedfae3495afb472b56c321340996bd31 SSDeep: 24576:PwpHPGJf9OFRUwPF2DcDMau1XLYzyn2Ee2FUJ+h1JvVISSsVwcOGeNBf:opeJf9MRbPF2AJOXczOF9PnISZapbf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1tGr2j OogF6b.swf | 55.32 KB |
MD5:
7a80f7869a7d56141a19ccd4887d8a5a
SHA1: 25f710410ab104497d3c4e8abeaba070d7778caa SHA256: 67f0f342a3df6d58c2235433b454d71f7eaeafb3fd11af6a15a7a441960a4774 SSDeep: 1536:/PEFr2N36KekqLuqjqWpQbG9bTmKbB3QS6S:/ir2veU6z6bG9vV3QS6S |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\14mifZbi6U7g.bmp | 63.94 KB |
MD5:
db5a85a502342a81f31031cb8e0eaf42
SHA1: 3a6167292a6346fd1d53f4f0f709480792b749b6 SHA256: 9a317026c3bc4e6dacbb34b407b146b83290f40a2776d82c14e1cdea2cb37de0 SSDeep: 1536:ZM/A9Ct4iH8p1Bmli2S8/pqEsUq/bRMBFlS:ZuAficPBmI2S8//nq/3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml | 252.43 KB |
MD5:
68d61d4a7abd40f789d2d1bfb55f51d7
SHA1: 6cb8d07434e3ab6551772b6b5608ef2ca69d1645 SHA256: 0914832a9e0d171d746f5e69a6af11f4345e2ce5df1212ead6b96a896563dbe2 SSDeep: 6144:b3uDHxz1CFTTEtCCQYBXmbE1otdMfrqaUjvhdk/7ecRfN+d:DAxzGT51c/1otdqhU1tA4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | 527.49 KB |
MD5:
45da9d204c48e3ab30e3eacb13471ce3
SHA1: 367e409fafc834ec26b6c878da5d2e5cc322561a SHA256: 2454be6b6c475bfced74ae9561f9281235b20e559c525c7c030357cab1ccdded SSDeep: 12288:jDVooiUJmM79MlL6t8BM+669B190hrc5wXhE9xFy9bHZwQp:lodyWlL6StjRKAwady5HZzp |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\B8CDRg.xls | 65.49 KB |
MD5:
192d6949ab82fbc83dc7b86449f81cd4
SHA1: 5d0cea76be293b41578b85bc28298ede952e6d3b SHA256: 99c5e519121e984cce0b7b93d4455aa0961a2d6cf3e20e119defdd6f45973a15 SSDeep: 1536:Lr5jjh2imdp5VdtvWIYnxk7NAUvhsw7HSWJSHlcd8oLlf68z:HBIiODbAk7+Ghsw7Hh76KlFz |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | 107.90 KB |
MD5:
c748790ee6751c32203123fc9c1e1abe
SHA1: 018e342ca1dbb4f60fe50cc919322576de6fefc3 SHA256: 16097d8f934002df38fa1c634afe12806a008532cc1f0a06217da8da2aa7be68 SSDeep: 3072:cs2dGj+tpO7S8LlO28XEy56lJgTAf26ew3:oQYpO7S8L26i4Zj |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | 290.58 KB |
MD5:
47b540dd42bfd5adadc1dc2e843d6d48
SHA1: 7aa3beb6fc02896580085a49cbe65523cf4ff0b0 SHA256: c9dcccf3a2b0db911415ad9bb2a91d75a5ffa55a6f7400f98e8fa7b3fc53c2f3 SSDeep: 6144:9zywnO82d5SfF64ln9zuq3xoscvdSUlKnkItoocILuUwN14mY:9uawW9hbcxkPKn9NlY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | 0.62 KB |
MD5:
9c1f6b03ecf11e50babc1b9afb016444
SHA1: d35e8202a7272aa8592e1ae548bc244561385a14 SHA256: 052c31e7c28de42797fed57b975e772b5734971d986261c602bea14922647bed SSDeep: 12:AhyFZp2bEJZR3e1yImwaYWX5urfelobVXh/Tbie6K+SNv4nh6xYZC:MyFZY4JrPIlWX5urC+dTbiLKbNmhcYg |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | 326.31 KB |
MD5:
e2a0711dcfa3255176e109c4f293d5fb
SHA1: 12ed31512fd617eeee9a058a3024d0a6e5e5b3e8 SHA256: 68a3c5cc11d14b1a3c778ad757147e782c49a0a7b58f9eb5ac697cb4e46d16e6 SSDeep: 6144:wc2PyKy7rvdLSAJ1yztDwW6ZYXqAuVnkD4YsmzwW4fyjc8v4JUW3o9jb:ey/7bdLvGztS6Xqdkckwpfyjc8QJUJNb |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | 6.58 KB |
MD5:
6a48b6b345e5a03152ab94c1000a440d
SHA1: b2d486625229988e4d3f00203d5632c9f2f1175c SHA256: af360d784e36fcfe0faa33b7b45c344da6bdb59a4e94f74a9326767cbbdad491 SSDeep: 192:EmeIRawjUMYyYpCTqsrUEtg+q/wMzU7VzqyI:EnI9rPTqoNq4MzU7FqJ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | 512.53 KB |
MD5:
d11fbfc32965561f72dc4cb4300806a5
SHA1: e713994683728a063911a375a8a93056f17c5cfa SHA256: fb0a76ba935d699fb4c9b11b2744ff969ff7673fcc5539eb6962965dab8604d9 SSDeep: 12288:Dyoe5OEr8N5SNBI3KNLsyREK/wbZ/Fy5cI8Zi2ysa+6YjP:DyTME4N5iI+nByZ9y+ihsjjP |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | 246.08 KB |
MD5:
b7458d8dd22d53d1590edd9e7ef92aa7
SHA1: 4f68ea271390bc121e25e359f38be377e046a96b SHA256: 7adccc408e735e0d876ea0f5d0bc93f464e61ad34d3ca1a5a8725982f46991c7 SSDeep: 6144:UIEthRS9Uqys3Te0pHQs25KYoci7w1z+yJP+QqwCywvzZS:9zUPKTrHQDi7Sz+aP41vQ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | 249.76 KB |
MD5:
329e4218877ad727467c296d783dcc0d
SHA1: 491ed65fb52e3955360db962987a7b5126607ef0 SHA256: 40aadff73768db372d34db4b055497515cc24947befa7c135a4739513db31d8a SSDeep: 6144:BRYcVtpIadlxL4q7U4dO1mvuuo2ZCfM0cxU8GDR32PUcIIpNU:Bltpl/L4j40auN6xxvGN8UcIQNU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC | 0.56 KB |
MD5:
9f3e1f8db8b624873bf7899ad95ea39a
SHA1: ba8c4ce0a1c93b355243ac02136dcfb1d53b66ea SHA256: ce316f9a44b21ec6114172fa18e834bf44cf364a6ca456e0d738d43504ae1af1 SSDeep: 12:lWH648mvdF2uu8ixevyNpz39Y2xdZYpSktZ7YhnlDfsEU5CC:lWa48mvWu+Jy26pSi8hlTsEK |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | 1.67 MB |
MD5:
4cf510b39a62c30aa6228a6b19110a1e
SHA1: 56fb3d826106a9c8eae02e98053220f1556395a6 SHA256: ba8679ffa4eefd4fc6dea7a925fd848c8d86a7335cafbce9279f0f76f59f29e5 SSDeep: 49152:Bv3Ndo+i+fL06vobV+JxaH1fkURnRXyLj6eUeW3v0F5:lbIKFvob4UH1Mt63e3F5 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | 0.97 KB |
MD5:
5a8462b73c0b60eeb1938a148ecd69e5
SHA1: d96563ace6a2dd373624087361d19edb8bf839e7 SHA256: 3cb0aae48f25ea35154fc8dd8758fc97542209f68198b8124787223c311832d7 SSDeep: 24:sT9g7ociSiLyaYbWpA01ofjLZucktOLhH+rkAXnwQpc5P:6VS4yTbUofRuHtSlAXnwQy5P |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4 | 5.70 KB |
MD5:
39c1ca3aedc1f06bdcc0e8bec3a36d9e
SHA1: 01eec901e753e94d505aaa45cfc16c195bd8c034 SHA256: a7609cce50df55c04dfdeca50410bdd2733808efde54e24953a31c4c3c4d42d6 SSDeep: 96:MOk8nykXJMTOEM3U6AH/RacclEXTBj/P2t2BMdXyrdTL3G7bjB1wjlMHKw+ee:ZhHXJMXM3U6AH/RRclQ/S2BgYTCbVayO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | 2.94 MB |
MD5:
3a8f8159d215bc57dfccf83ee15c52cf
SHA1: 7e8aebf7d9fe28803db8b77a1e04383f6a1871eb SHA256: 778ab4219fc7833bcabd793e7ab371eed7dbe7cda11332f0a73df83b17520574 SSDeep: 49152:3BxsvNmsPDUAcn+yhYvDnhcgtIrI3wHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VR/:3B4m4Lc+ymWgunA3cimUVxV05aJE2fKs |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | 759.95 KB |
MD5:
0eda1e165b1c8d4b9b09ec0759754430
SHA1: 039c332c4b06a3d372cea2c5c54686e07b8e2941 SHA256: 8f7218a7dbf6a94d8abda68ad7e7b477ae7950bbd59c86662e3fd4af7fd0e071 SSDeep: 12288:S/ttkqdtUwQUs/31brou2d3NuN3J582IBDMBJVEESwFLwu7FwrmPA8Elp:S/teqd9QQu2d3NIqU7LSwFMuKqo8EH |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | 18.94 KB |
MD5:
558b97054e624974013ca455e1b883b2
SHA1: 7ef280f538bd8409c478b51f22f1837e508575e0 SHA256: 0a9fc4246120fa0a2f8a244bcf6c23326e10b8e1d97841a8d41ee8bbc0e83797 SSDeep: 384:QVKOc33XfkEL0+fzvbBfYAoKmFMzbZ0xXdEKbPlCms5u6LcnzMcyRsp:QUvj0orVf+MzexNEKbNCb5XkzMcyRw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\MlklbQx-e.bmp | 68.38 KB |
MD5:
97656f5b54ce4d95a7a0599d85d650a9
SHA1: 97f4aa263f206c5bd29697a94ce7d227832e6217 SHA256: 0e607332dc10490b77dc43f758092839b3f1b16ecf8a428d5704a2f033a0a40c SSDeep: 1536:0nDBT6Ux+YwtzGN1U1Kfhoh1Y7w5FWnoT4X2fYAiF:0nFLuzs1U2O334mfY3F |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | 4.46 KB |
MD5:
3c5ff38a14fa24979c0b1c764c542f84
SHA1: 80db8d7384cdb4ca16ee255cfb51befdde3f042d SHA256: 1c4cb6767cbef7df244401d633162276d29d822f047529a934548878124e0b42 SSDeep: 96:+rqTMbXTy7Ex6G3oczyqrvDhrvXmmUhayi8V7DsVOKrsnPB6:+GTMBnptr7hb2vha927OOesnPB6 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | 903.54 KB |
MD5:
a855ebeb5c731f83bd7d228347987b27
SHA1: 6e56f77bd18a8baf00a60393e8316fd66143729a SHA256: 8cf7dfccbe83f570f97e37fe58ebff69f56e7722d482e21e7cf07c3a6fc6c127 SSDeep: 12288:I2IHgWHoZbX1P206816YCgcLC5URSnG5s8SZc4Tn9u4XvtFX3up5VsYW0O597s0x:d9WU16YYvSOSKkuqlssiOKw8C4hL3Ckc |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | 1.15 KB |
MD5:
9e19905351dc34cc37a2ef9047d54455
SHA1: b0c32316e25cf5f0a9d338b2ad5e5b91a6714cfd SHA256: 786dce8feb4b6a8bd344bec86fefab6f05e8b3391bb222c27cad34b3a356c8a7 SSDeep: 24:8FiH8hqv6elAuzUZUbk9xZkDA8haanExDlbTBxtYB4gmp:lzvBpkj58M1xZbLtkXO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | 0.94 KB |
MD5:
37ef66f1e4bde81eab5f1b464d311a12
SHA1: 061624674a99c1df1f5c7583190af5e02b1c97de SHA256: b6ff53afd5376925dce242ffd6fd48477463127ec0529141dda5b159a5619e93 SSDeep: 12:wR2FfbwJhsMml6U12O1/TM8Jg3nCg7YbYPzACrSzpv0ZFQN4z31DWYzYf3USbCuX:wRSPMuYIYPzXrSNv0ZFQNUcUe8a |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | 721.31 KB |
MD5:
f8ef8a6a86c8094635d13182956e83e5
SHA1: 65f0c1c4f085cfc7c3604d6231f48f3aed9e09b4 SHA256: 459bcd6729bc835611450cf575ad36ac83c743c2a2d4065d29339db106c6d370 SSDeep: 12288:8dCCZVhFojYM+YESS6P2hUxeQnHN4jjXI6dQm6YZvjmCP:8fZVhentESS7hUxeQnt8rI4hmCP |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | 0.58 KB |
MD5:
4a188383d2b50b8c7848617f547e7637
SHA1: d3445b23fbfa88b65ca980524c086ad9a7d2c9c9 SHA256: b9d975da97732842dc5561496a25e139de923c86b8de2aea03813125b64dadf0 SSDeep: 12:3SJmw2atKsAe1HDI31jmQG36WZcH4u1AbWKNE64TcXi/EC:3SJm5atZtDI31j1G3PZcH4u1mZSQSl |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | 5.59 KB |
MD5:
ce8ac8def3c9fb53729e935a4685d99c
SHA1: bff1ef4bd68b6d280d4f6697ec60abbdda338135 SHA256: 060b668c2ab254f99f7c60b87af9fbfc2800f3b157d5ccd34957a95307a50366 SSDeep: 96:fwB7FCzXG4M+pMmJyvmsC9qnmljoctS+dmqMjzqnM7Lv7aX2fY6:fwBZCzm+Omt8ml8cQwlnMXeX2fb |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | 6.03 KB |
MD5:
afa5fea680d9a386035df23ebfcf46ce
SHA1: fe9fea72b65ad9e127c5a803baeaff206c017ebd SHA256: ade76d4ad0c883c02cf3db7fbfbdbde5c97d6d31dd2a3c6ed075960fc5411767 SSDeep: 96:X7t4atj/uKHx+B0zomo7JYB16LmmA6lMhPG+a9+bXu1ejgkl/tG4:X7tNtjHOJu0Lmz6mt1SHkJk4 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json | 0.55 KB |
MD5:
5cd829f64d8ad9afca550d105a66fab3
SHA1: 2e2231650a906793b9e1129bc431fe07dead7610 SHA256: 5dbfdca03cb3ca0833b1a88664ad427cb13e89e87de090ffd680f2bb98455eb1 SSDeep: 12:q31xkz9jc6UZLVV+Z8gNv8yJT91eEWpuPppRQvvko1opObNT0mqwYPfWPVflCC:q3EZc6UZhwZDi8J1s6pOkNpOemq3uVNX |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | 0.74 KB |
MD5:
b86a0d6a44da5570a7f1f733bee2597c
SHA1: 034605aa5fe1c8b1d9bdd7d9e2a69acfa695bf6b SHA256: 8d24c071ea8df7b39ff0d86c8225a4edbf88cb588185ed9475b538b45e92226c SSDeep: 12:/lwF9UrGUxi8u4X0PhGYaKxklPrnHP0TbKAOCGEGJIcC:KXUrGUMe0ZklTnv0f0Ol |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\021Ad.ods | 37.62 KB |
MD5:
fd4a3a7c9305393bac7ade10a711c2a2
SHA1: 6fbef95ceb318abb0d17d9421fc3766245b7bcb2 SHA256: 676354d38a09ad993524bdd3f3f37c5540464de8d7af77d7cf329ae401a00b3e SSDeep: 768:2PzMxWlsZcEi5U5XpK0fOz8ylu8DcySc6y3r49cjw8Q2M:2PzMxWlNZOBc0cLuryj3wt2M |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | 511.32 KB |
MD5:
0275cefdc6da099aa0c4fc57ea63996b
SHA1: 86885f9aa6183d4c9b2987de30ac516490400f1d SHA256: d4e0daeddae6fc2c0fec3cbfcddc1d09f24eb96c89332e3fe0280d2c2661aae1 SSDeep: 12288:VfCHGDHQ+m330RnMQPJFRkOijBFFhEJi+:Vfz0RihyX+t |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7ciDl.jpg | 91.24 KB |
MD5:
d92f015df63f3cd307df245e58cad2f1
SHA1: 744c6c8cf58aa208bdd26e57d93588d0a5d5f788 SHA256: 979aa8ad07bb4f743741785ed33974d4e1c8255f5a965b0e097ba013dd641537 SSDeep: 1536:D2hzGhV8q5JAyZ/Yu/fNI/rn2iOZG3ACZjj+Ow2n7NM+MNlbSWatfla5E:D2whVbwyZg8fNI/Cint+h2WN0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\HcoyADAi5Sbnxpj.mkv | 18.87 KB |
MD5:
8098cefb1198206a26be9a4b34c125bd
SHA1: 9f6d39c7b9a63fbb3be85ec22b1eda22619e8a9c SHA256: fb9a0311ad301ff010ec745a99c2edb45b810c59fa6df420e1fe7d49be3b21f1 SSDeep: 384:r7HRG4O7J021oF+stT8KY+mJQdRMqxQOoV+tY91NipUzoKCHNFrDjA9LYfh:PHXO7JH6ICAKz96PqYhipUzoLD3eLYfh |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | 1.04 MB |
MD5:
55445c1c5ea1032b2a8962435ad5f747
SHA1: 51c28de0e216793baf207e411dc9abbe16aed88b SHA256: 66ceb15be03de3ea200f8cade06df9eae433eeb3dfe58e562e5db29cec31586d SSDeep: 24576:ZfHUJOSyjUZowIPlDIsurUUeel4UO5V+DjUBLxedFSOvs+Psuhi:FHJScOIdc9of1M0O0+1hi |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | 0.98 KB |
MD5:
e81d3658e2699d090cd9b55ba941d1c2
SHA1: a84b1373376f7f7c539905f7e8c434c810e41393 SHA256: e7ba1f78e69ad0dccbb9bf62605d044cca7436a488484bb8fb93897b1c2dbad4 SSDeep: 24:aVonJOX3EOWHm6ofpa6R2WIM/acLoG5ChGUk+:aunJ4TWHm6UyWIV2DChGUk+ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | 0.69 KB |
MD5:
5b1c31060ccc856c62696d1f02e81d63
SHA1: ebe68583f779d8729d8d7b92294317cff91574f8 SHA256: a8ab5042c1d666b8ee506c645db1423c4be225a78ba826f743a86f21ac313687 SSDeep: 12:GN7ACJQv7b12Uh8Zc1AusCZg/lVBErBuYYYyMrA6KQ5Bc3rwd4uC7A37TWXS0C:GN8C4/12UiqMlVaBuRYprA6KQLKvuC7g |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | 594.40 KB |
MD5:
99b5b1ab88577ad783af4073a636bfaa
SHA1: d0c529e9ff2b3f1d72a6bce953ead3ed6a43c442 SHA256: 8da9b2ba37d2b7a1bbf86972970cc11de1e2105330654f17f05bfe45ff86a184 SSDeep: 12288:y70pTPJ7jS6U1YOSDTChGUdd9iisAtjoaeDjemR7BZtVLHRVTggAt/3:yYP735OSDTOG44bmjeDjectVLHzTdAt/ |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JBi-kk0FV6SxVr.png | 12.42 KB |
MD5:
eec24fd5d149aee6442866a13eb91f55
SHA1: 60cbf6e480adcbd2d9cbfb14c80276b9c8452d4e SHA256: 3273f582317ac081d373a5c884d64a6ae644a2bd009f01024be9804c825e3183 SSDeep: 192:MhPD95n97yuA6ShmpJAjbnunwGJLLWLHHAdYIYCD2JU/Gq85D2O85tMPv3+cBL:sx5+haJCopJLLWLnmY/qE5H85tWvucBL |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json | 0.66 KB |
MD5:
23c6214b1b22f2cf81d9b929606ce329
SHA1: 86f6826cb1f194daf1b439c368ba75daa3b1d6a4 SHA256: 8f3bbc809f0898a7b6b9dc969f13c4d3bdb17a137cd8f2f94e804f5f95a4f2f6 SSDeep: 12:bNaJGeK2MLGs+Y/I/BYu3pV9rSyT52OHLUq358ItdKgvCxb7OVb37efoC:hxeNiGC/aZZToOQq3aQMQc6Lw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | 6.17 KB |
MD5:
bcd295a6fa787ca30b8b9266c46a85f8
SHA1: 63d330744c16f83c4803a6e2b604ffc04f1d6e71 SHA256: 21e4a688d2456302662a343a46c371835ca396ac363395bdfa8c217884fbee98 SSDeep: 192:sFoidaJnAFQP0fEBn103c2d+0gMHgoWj87H:syidaJnh7103c251AosU |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | 0.98 KB |
MD5:
056bd5c39cb18eed273086900eda3ac2
SHA1: fa39231defb7b3bec862220597fb5ee4e70e48b3 SHA256: 0cbc1fd6f341623e0512f5bbb7bccceb2dd61e8b88f455eb7e5a40749d9f3f3f SSDeep: 12:34pRiFxlLMpZcPG7PuTvFN7vlz4QgH5qG8Bgfi0xHz42xv6kMFaZHf638araMFUL:xJsmrr+PZy6frcaZHiDNHj1ZHBc/wAJT |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4 | 6.56 KB |
MD5:
e80731be1b14bf09a18c432aa5ec94f6
SHA1: 99e9b76d44e131f6725c30fddc05792870245b13 SHA256: ec230e5e269d0ad382d73bfd12de9fd6295158d22adecc52c75542bbf8e69472 SSDeep: 192:pKxNlBXFpX+I2jkfJAzTaNTujbtL8wrjoYdNF3:pUlXd2winETufmwdNF3 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | 4.12 KB |
MD5:
6a181389fdd79c2e15b5cb096f341358
SHA1: b1b06af33bde624f3d2b49121c14c5b452d065e4 SHA256: ba6efce8c6b7985ec75df1d9b4e34bfbdb6c2856d97b974d73ee114cac3c682d SSDeep: 96:FHdxqJZcgom4zipOID5nt/rgRuvO8kVsw2sJAlp/hDd/tTw:FHdxq8goc3v/rgRuvLqp2AU5xtTw |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json | 450.04 KB |
MD5:
1078198e76c8547593c5dbf3c76d5e61
SHA1: 54e07d771e9758db6ab8f09d99776f1b588f4d93 SHA256: edca53ce5c9cc6f0457cdffc2f6ea1601ad8ed2fc26c66a6548652a6d6332079 SSDeep: 12288:YPjvcq22B/+iVLjcCgibaoKQyUD/XjgDCc7:YPIY/3PcbHkL0 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json | 1.32 KB |
MD5:
20cf1314e6cfd570762a9aa14131f573
SHA1: 282ba5868b613580d9b3ad869634bd8fcb37b4b7 SHA256: aad2ae6dd3055ce57d3983a3a14829293baf081d683f9c3d0b3b3b1363ca3e2e SSDeep: 24:CvrES5/Ij2Q1g672CAMIOTkCnEafZpydQr/3TXC18obH46T13J8AnbYL+NHHE52l:CzZ5/Ij2ZgTPpfJTXFoTgAnbbHHEk31 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | 2.79 MB |
MD5:
901ef5da144a0ff5038f9c494e0ec90f
SHA1: cee1d604f0a3aae11f92a43d1bcc81d726cfc93c SHA256: a3b03a578eed6c68508388e0636cf425e7f2c18af468c0b9503c3c02e5634706 SSDeep: 49152:EUF1SKSVSna2UjJ7EAO/cLf68wy9yxKrOUURBgmai2prm:AKSmIEGJwLx9DBam |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | 264.83 KB |
MD5:
f087e6a0ca1ba2c5511499beb3968ec8
SHA1: 2c85fc9a3248e9a9a54db8919b1a801b5238739a SHA256: db34dea96742bd927723ca00177626dccdf7de34184043964d7f47db03df5672 SSDeep: 6144:zbRPmmy07i/pNx2GYJx5jqzAjGcUiBnDmwvBEZJR8lo:zczq6pyGYD52zA6cUi19BEZJ+m |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4 | 5.40 KB |
MD5:
8049021d00e47c1ad038457d332a69fc
SHA1: f538668ebcfb2e7b513ceded9bfef28616d30251 SHA256: 0dcb02bbfebb3c43aec31d47120737c409a9b6fd762eaeb25e7acd1700fbd1eb SSDeep: 96:2fXZxmXNCKfWSFTwElpiXBFpInVXJ4L4casFjFwRNihQWhcubK6n2vsD6/tzBVMK:KXZxqsXowElpsBD+XKL4cxFjFbhnhTbO |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | 475.72 KB |
MD5:
848544fd7af04fc7506d499c52beef23
SHA1: ba8433eb8628c810c0a32ed4295e1c58badb4a7b SHA256: 12d57efffe0aa7db4def4f2e3d0df548c2ffc83b3db1c8a14cf29ebe64d6b236 SSDeep: 12288:9N9xVbVagbctdRcPbO0ktld9E/ki7w0+l3AfBKX/OEYRS2qWAKsAM:9rxzaidzOvhE/H7Ul3AfBKFYRS2nuf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json | 27.83 KB |
MD5:
29bc02e66101ac06307509c98b1acc96
SHA1: baac2b9c3826d771fa12825e776c9d1287fcbfb3 SHA256: af931b29b1895fb229cfa55aeb0e6d5eec9c2401531933685537c8d9c50bb2fc SSDeep: 384:wcMaNw7oAyXWpym4m6sB9wEgmaNsw0YWurMz+8d6dbrkzg6ZQDB6Sn+JH/yNU8Iu:qaW3ym9B9wFL0YW9L8db4s6Zgv+JHqNF |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | 549.47 KB |
MD5:
e3498458e5427488a5b655d242a1ab93
SHA1: a29ac0f45ae25645386bf89b0824352f80954aa7 SHA256: c129ca22f9c0df6e4f7bf2953c1e12bfa198fcaea6b3ed1482e198209ccd395a SSDeep: 12288:RrGgiID09yZI7q80eec1rKfwGd1QkyinutNX5dKfRTuTWU3JTe29zvSe:RagiID0kIceec1rKoUByKEJG5KTWU3J7 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite | 224.53 KB |
MD5:
dde18d86087d4ed1bd6e54940487d56f
SHA1: 1ef7a920589f98f8ebd6eaf35eeae051a720114c SHA256: 71de80ecff05a1c8e189455df35530234ef3b03ae24fa43a16cf5d0eb0b3c48c SSDeep: 6144:yJXGLT4zAADrc7K+QhXyylmPuuBi4nKgp+bz6Q:cGL0zAAQK+ne+u+i4K80z6Q |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | 648.90 KB |
MD5:
96e27b31e870ee4a985fbd975675dce7
SHA1: a581e712378a9aa4728bc15256f10f880cce43a5 SHA256: e84db35c0fa1cdb087e8e2c8756985353571db2bb6abd62b45110e88b4111f54 SSDeep: 12288:hodjyujKa+Fg0aZdJI/dFwHGghpDnTombO0U9JCLDfr0ms41JH1OoJDq8OqcA5Du:AGaCaNIl+7DnLxOELDfomxVO+Dq1 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | 196.53 KB |
MD5:
cfd9a1399c335e9ef7212c7e344995cf
SHA1: c984780f7a29ee65e4bc736a75b0c18fbaebd028 SHA256: 18ecd704106ea8524c3d68ce9c3ef4f82dd5d71090286d668922df401e42030c SSDeep: 3072:KUjtetUfv4JsQZqNxRw6Ruowl6KA35tgGg04U3lNQsjQnlZDn4VS2UYIIwsY:JSJkbuJl6KO5dMiHfj0yS2UYzBY |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | 37.37 KB |
MD5:
f98c6d451e5037d3509218c8d78e3cf5
SHA1: 2d727691bb07a80010112dfb4f8206043e45959d SHA256: 3ef68d1eb3f62a5c37549518c0f785014d8752097b939f0cf5aa048dc6780400 SSDeep: 768:QPxdb1D1XUSaY1634Y0p34izEyM9+GJdjfQMrf9bYmb35/NA1wrEhV:ixdhF0Yww3c97dEMNDN/ZyV |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | 371.63 KB |
MD5:
f36be3f0a8c0bdff901dd990b34a53e7
SHA1: 2fa06ab454c5e62ad9a45be2794f41bdec98542a SHA256: efd3d9e37122e0ca1ddf5bede08e9a38c67e759563f3a70a424361861fd853ea SSDeep: 6144:ukzdwU2kii644B+2QZF1f8ltihKw1nwREoBazE4QQtO1ru5hOAZtJc7IgJ1Hb1kx:ukGZkOGWq0RcI4QQt8S5oAKpF9GEpQ91 |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini | 0.71 KB |
MD5:
d1c7b43a87e7c884cd89a001a264271a
SHA1: c8515ea65b1ad68398ebea1dfcf5c5fbb85a6bcb SHA256: e1d055ebdebc5f79c6b1c4a623794f14a54f6094cde1341ee0a6ffed56d63ca2 SSDeep: 12:n8RIUqbJWmNu01+urVpI9bbC5XM6hWuRtqyFXeYqeJ07wB0dEC:nmIUq80trViZ+5c6wcFXDqeYTf |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | 278.65 KB |
MD5:
e56575d6bd291fade084bed36f77d770
SHA1: cd076171b69e29ec9ec347fd72a2251dadb51407 SHA256: c152ccaf067dfd98999e2f463f8d023163f760a3de32a6de43ff1abe786bf848 SSDeep: 6144:IsecPZhDalOFk1ZYBlx56SNxygLm0Pk4lHYE/80wPS:IYfaXYB9lm0Pb6E/803 |
|
|
| C:\Recovery\WindowsRE\boot.sdi | 3.02 MB |
MD5:
d4fa94790de1bda7518a16862859948a
SHA1: da220a6e6a58cf46624032033092524467c1aae2 SHA256: a755bd025560732718aa624efa75a3a9c72ce33ad3639b642d8728133f784f17 SSDeep: 24576:BO1uGXNpMd/Dm4WaYdX1ho2dRP++AjMFAqnF+TtBH/vk:BO1uON+d/Dmn9dno2r+sEtB/s |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | 524.55 KB |
MD5:
711f5d7ad1f03ebcc886cd87963a46ba
SHA1: 726034d719b042bf8d21ad51cfaaaf8d6f55873f SHA256: 800ac53e2463a5588c50ddf5d7f79fb02cad4eb67acec3a80e5509bb8a72ce99 SSDeep: 12288:Q+Zg/zcmOs4WdL26GBRW1utY5bFBPPxB2hH7dO3HS:2LzOsFLm34bFVPxB2hBd |
|
|
| C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JYaG7q.mp3 | 72.23 KB |
MD5:
a3fdb7a37e6edd490f672e271a743fc3
SHA1: 1d6e65a30af27c27fcbb8127f85648c363a90075 SHA256: 018dd737f0a9b7a0c85f230653025ab5e602291a38dd5cf0a7484557e62b91a8 SSDeep: 1536:ouIwIpvq4fvfbCJvnTvtgg9CsbBV//0h/lk/z9C59B12K+Z7s:ouIwRain7F9hP/sNIC59qKT |
|
|
Host Behavior
File (3016)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-18\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-18\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Config.Msi\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Config.Msi\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Documents and Settings\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Documents and Settings\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\PerfLogs\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\PerfLogs\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files (x86)\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files (x86)\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Recovery\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Recovery\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Recovery\WindowsRE\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Recovery\WindowsRE\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Recovery\WindowsRE\boot.sdi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Recovery\WindowsRE\ReAgent.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Recovery\WindowsRE\Winre.wim | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\System Volume Information\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\System Volume Information\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-f0 chr8O.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\021Ad.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\14mifZbi6U7g.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1tGr2j OogF6b.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YWEQ2GxGpdUwK8PTk.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7ciDl.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Collab\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Collab\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Forms\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Forms\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\NAHQNPMN\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\AssetCache\NAHQNPMN\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Flash Player\NativeCache\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Headlights\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Headlights\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Linguistics\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Linguistics\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\Logs\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aUzcWrREsGrojnF9hAS.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aZf9Wm.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\B8CDRg.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ghU7s.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gR1CBuQqpVYIz.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gzz6xbjl_LfVIYqAtg7n.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\H0n8vfZP F84hgjL.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\HcoyADAi5Sbnxpj.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hIy5P_SVmm4d C3.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\I3aPKS.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iBxnpfNq.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Identities\{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JBi-kk0FV6SxVr.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JYaG7q.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\KZcK3fz60H0aS.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DQQHJZ8C\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DQQHJZ8C\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\AddIns\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\AddIns\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Credentials\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Credentials\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel\XLSTART\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Excel\XLSTART\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MMC\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MMC\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\PowerPoint\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\PowerPoint\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Proof\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Proof\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Speech\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Speech\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\1033\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\SmartArt Graphics\1033\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Normal.dotm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Basic Flowchart.xltx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Process Map for Cross-Functional Flowchart.xltx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Stock symbols comparison.xltm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Welcome to Excel.xltx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Vault\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Vault\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Word\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Word\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Word\STARTUP\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Word\STARTUP\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\MlklbQx-e.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Extensions\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Extensions\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\events\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\events\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp\WINNT_x86-msvc\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp\WINNT_x86-msvc\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\minidumps\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\minidumps\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\search.json.mozlz4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionCheckpoints.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\upgrade.js-20170518000419 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata-v2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.files\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.files\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata-v2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\journals\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\journals\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\times.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\xulstore.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\profiles.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\OQRDlux1AASf2Yv.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\pflL.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\qcfzOGJP.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\rJahNObUwfw7QQrXIp.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\RqVYRuX.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\RzsjBZcZllXZJRVXtlY.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sd227.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\RootTools\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\RootTools\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Skype\RootTools\roottools.conf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java\Deployment\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Sun\Java\Deployment\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\u5MvgM3W2.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\uy9N7OujPEEHlg4 _s.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\w- GEi38ff.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\XLIMCYCuHSCE.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\YkS_oztkhnLjlc1Hk2.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\_vK0r9b9nfmo8rr.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Application Data\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Application Data\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\Aclviho ASldjfl.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\asdlfk poopvy.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\chucu jadnvk.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\lulcit amkdfe.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Contacts\sikvnb huvuib.contact | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Cookies\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Cookies\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\0U1FYet.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\3 e7J3Up.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\30BtK.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\4TOB.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\51laWAqjIaVoS044Fk.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\A-RD78l7Qlc9J.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\a0bCx0.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\AzOBY.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\ckyl-mx28Ax_IC5.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\CtBf.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\dbem3dR4dg5q7gd.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\DcpD3_p9.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\DmLPbKA PbBQzkgM.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\eAcGdn.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\7Vis L VfHrcV53y.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\ahKkwxcyM.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\alhA3aUz\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\alhA3aUz\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\alhA3aUz\Ck wqS.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\alhA3aUz\rF0F83OeRTkaj.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\BNufPFwfyiVdnSt5.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\iS9EkW\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\iS9EkW\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\iS9EkW\binhcrzS3ARBF.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\iS9EkW\frzRNZlwLH3r.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\iS9EkW\HXpQea.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\iS9EkW\Rm7mUg-xRozimEV7t.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\iS9EkW\S7Vw5e-7gWds.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\iS9EkW\Why0.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\fpvESJ\q0Z1ufk8.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\G9sQ-F5KGugZIDvv.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\jZOzv1.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\x5 95.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\f_RDBNJa3K3oZw0f\Zs7Lv7v2QS.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\HhfN1hggoxlCjbyE9V5.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\m0a8-U9niTiMmRaq5uy.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\NDJwvg.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\NHxpQXj.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\NwZQ.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\ONmHCIawZAQ6l.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\RXVJC.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\SJKpPG7Gi7Gg_.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\VRacl0_hrlFRcTffeaIO\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\VRacl0_hrlFRcTffeaIO\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\VRacl0_hrlFRcTffeaIO\sZ8kphpTDvI.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\VRacl0_hrlFRcTffeaIO\ZztZ.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\xF SpMo9nNE7h.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\XPkX.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\y2_-Obbq4hv4 Y.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\YIZKTZac3L5eFR7x.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\yu-0 63fuWb.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Desktop\Z_MqB_.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\275UOAN6kkvFlZMLH.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\5DbxKRWN.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\5EgiP9Nox7h.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\94_Hb-8K5E.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\GhzE5QHKEIrI\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\GhzE5QHKEIrI\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\GhzE5QHKEIrI\4KhSQHfpuUM.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\O6IXT45vrI.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\3M1hZqKtYrnXF.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\3_9Haky2wfv1A.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\8K_dM0xOUIdny.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\3tz7peEsTvuM\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\3tz7peEsTvuM\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\3tz7peEsTvuM\-oOIqjsx.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\3tz7peEsTvuM\3f6.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\3tz7peEsTvuM\H2oUzN2O5wyQpegn.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\3tz7peEsTvuM\jB1KmBPKOsPd5n.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\3tz7peEsTvuM\wKYC4P0MQNEcrxpHkE.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\3tz7peEsTvuM\xyZt08shq3IZ.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\0PJbRt.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\eUDfQARDF6x.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\cJVF42pEm2_iaxQ8x.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\6hr7PuTfGJYnsw.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\7tuUT_3cI-UJwB\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\7tuUT_3cI-UJwB\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\7tuUT_3cI-UJwB\fOjRhg2hhyTl9f.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\7tuUT_3cI-UJwB\fTVPj4GiPQZC6V3o4.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\7tuUT_3cI-UJwB\JsURb8PXUUyeqY.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\7tuUT_3cI-UJwB\Pi5DLycnMA-.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\7tuUT_3cI-UJwB\wlly.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\7tuUT_3cI-UJwB\ZgaaFByxvb.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\c548WJ5bDz2QDCDTDVr.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\VOUJwwsAq6X.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\xsjJQe16kOCXU29WGcCJ.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\fV1MCunDF-l\xZw b4g_JOTbFhsht.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\GQLgktaZ.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\mgfIrqsWdR.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\piHuZRAz9dNWq\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\piHuZRAz9dNWq\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\piHuZRAz9dNWq\-BS4mF.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\piHuZRAz9dNWq\iRG4QnoO.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\oT6owYuaL\vtDv KkQvZ_mFSwACuc.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\UiqWmFHO_sEKaTitan.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\8BuD32sh60PWiwp\XN6 EA.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\u1aeOBLb_6Tqy6I\PGPibvMt.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\uXcvp3mK09d\ZNcrgZDa54J.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\VST Y0uLtO6PgOIQ1J0Z.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\9BBF2RyCvM\vW_oXWtlIV.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\aIz1pjrpDB7p-TmwYt.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\AVyoVSF.ots | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Database1.accdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\eYhWJ RqdozFpqHroL5W.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\H K80AC.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\iIXvH.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\jAgptK-j5gW.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\JXW3nsm.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Music\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Music\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Pictures\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Pictures\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\_private\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\_private\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Videos\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\My Videos\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\OneNote Notebooks\My Notebook\Quick Notes.one | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Outlook Files\lcfkj@kiekc.df.pst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\QC3dt.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\rlNIYIXIjsW.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\T1cl1qp.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\TmFS9Ckm0dkXXbzGD5.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\UeCPKGD3se3f1.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\vJwuNaFee.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\XvytobGD.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Documents\Z7ACw4QJjvpy.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Downloads\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Downloads\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Bing.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Links\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Favorites\Links\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Links\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Links\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\0VWyNHahluafpdFSUYC.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\1Jvic71.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\2kfHC5FToJZjQ_2Uuks.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\bf8bO.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\HMjA43nguHpnFAxjSxa.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\lvEA9qdqTLwYH-_S9b.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\5Svb7CtHnlv9cG.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\9PsjFY-F PSzjx.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\Eb1Q7fUwCA2DHE.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\fPu5rMcj8Fp4K1.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\J-oNhvvRbn azz.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\LjY8Q.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\OxXKE7MmkWg9dzN.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\RNgrw.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\sSxPZkKuqdeph\uPotTL6igW.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\ttZsnsx-5qu7lA.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\u-oADGwEFEJixX.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\a-jg.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\bYWQ.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\CwOfBeLcuC8N.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\Dg d.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\iBXXygv.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\qwBF.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\sEcflb.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Music\VpI4NfJ\Zver54ov-SCrdXAJ.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\My Documents\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\My Documents\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NetHood\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NetHood\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.dat.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\ntuser.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\OneDrive\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\OneDrive\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\3PVHyEjKu.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\7vyfk2YzGvFDhoGguhe\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\7vyfk2YzGvFDhoGguhe\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\7vyfk2YzGvFDhoGguhe\9r4DL.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\7vyfk2YzGvFDhoGguhe\emJ3ZNvJOxwkrKOed0kc.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\7vyfk2YzGvFDhoGguhe\v2h uSr5.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Camera Roll\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\HqptcqKhb rKrn.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\Saved Pictures\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\h1Bf6lmj.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\o6NGpRJy.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\3DbDWjZltZQ\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\3DbDWjZltZQ\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\3DbDWjZltZQ\3UaE2H4hje.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\3DbDWjZltZQ\6eApIP HV.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\3DbDWjZltZQ\pGm56TTUh5c hWZu.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\3DbDWjZltZQ\qD wcp2Y53LlgRglr8_t.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\9JLzUbTiz6\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\9JLzUbTiz6\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\9JLzUbTiz6\lPkOLyg3SygPqM.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\9JLzUbTiz6\zmN-bRUBdO1_f9B32.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\BCXVw0NtX.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\EXjve3jGvH0u_m.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\3fMls7\KwBNqPqafvMJVN.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\nStrFlun.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\dp__bieng9\t dlC.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\mZwy6pg ON\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\mZwy6pg ON\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\mZwy6pg ON\a 0e_Zi0AwJ3T.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\mZwy6pg ON\wx1pEowPOYWi\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\mZwy6pg ON\wx1pEowPOYWi\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\mZwy6pg ON\wx1pEowPOYWi\b4Lpcrx.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\N5MNejrqSH2rgwdQdper.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\PSUCe_di5jRXKawO3C60.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\rB7m3FfliMS_mI8U6Mp.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\V_u2\r7lDY-Y1hTWn\_4Hkn.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\y1mF\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\y1mF\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\y1mF\ozCtv44EA.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Pictures\y1mF\Z5FgCbIeuCS.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\PrintHood\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\PrintHood\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Recent\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Recent\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Saved Games\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Saved Games\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\Everywhere.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Searches\Indexed Locations.search-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\SendTo\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\SendTo\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Start Menu\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Start Menu\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Templates\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Templates\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\4_IDTqB ZlS-w7.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\8h2T0TOTp1FE793l0V5z.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\1sEw_wY8.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\EX_3P8.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\FkeyX3zUJmV7_VQl.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\Jsd4BSiqfKBc1.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\KyZTn6pjXDziIBU471.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\1m--rBjd9UI99dS.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\8aYToX1.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\e1GFB.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\8_KuX\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\8_KuX\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\8_KuX\61CNZp0_g.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\8_KuX\Gy7DNsp.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\8_KuX\hM005B.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\8_KuX\lAlb8NgT1Hf h_.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\8_KuX\rHtdv.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\8_KuX\UjvYO54xgHAwG5p6N.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\8_KuX\yZ6Zvf__RXgl8iu3.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\LKAlvv468QzU1uc\pFJx7JDxO1-0GIQE\ABspsBD.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\nBDgucKgi.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\pT-rl7dzeiGs9hwF4kXK\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\pT-rl7dzeiGs9hwF4kXK\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\pT-rl7dzeiGs9hwF4kXK\KPqlCrGF.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\QJlG0ayf3eEvs\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\QJlG0ayf3eEvs\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\QJlG0ayf3eEvs\g3W5BQOIYhiNTGdOr8.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\QJlG0ayf3eEvs\rt_f3WaKPJuK49r_W.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\QJlG0ayf3eEvs\t7mOwgHt0Gu9bIDN.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\QJlG0ayf3eEvs\Z6WO.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\CIiHmnxMn6Ps\Videos\XszTLjK GHoiKt1rd\ffP1p0bC-Op3oB\r1Vi6EXgtM3SX.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Application Data\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Application Data\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\History\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\History\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Temp\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Temp\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Temporary Internet Files\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Local\Temporary Internet Files\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Application Data\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Application Data\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Cookies\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Cookies\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Desktop\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Desktop\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Music\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Music\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Pictures\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Pictures\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Videos\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Documents\My Videos\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Downloads\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Downloads\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Favorites\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Favorites\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Links\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Links\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Music\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Music\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\My Documents\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\My Documents\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\NetHood\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\NetHood\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TM.blf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000001.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\NTUSER.DAT{77a2c7ed-26f0-11e5-80da-e41d2d741090}.TMContainer00000000000000000002.regtrans-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Default\Pictures\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Pictures\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\PrintHood\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\PrintHood\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Recent\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Recent\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Saved Games\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Saved Games\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\SendTo\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\SendTo\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Start Menu\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Start Menu\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Templates\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Templates\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default\Videos\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default\Videos\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Default User\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Default User\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\AccountPictures\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\AccountPictures\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Desktop\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Desktop\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Music\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Music\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Pictures\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Pictures\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Videos\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Documents\My Videos\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Downloads\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Downloads\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Libraries\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Libraries\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Libraries\RecordedTV.library-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, FILE_FLAG_WRITE_THROUGH |
|
1 | |
| Create | C:\Users\Public\Music\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Music\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Videos\\TITWMVJL-DECRYPT.txt | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\Public\Videos\d2ca4a09d2ca4deb61a.lock | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\CIIHMN~1\AppData\Local\Temp\\bxmeoengtf.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Move | C:\Recovery\WindowsRE\boot.sdi.titwmvjl | source_filename = C:\Recovery\WindowsRE\boot.sdi, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Recovery\WindowsRE\ReAgent.xml.titwmvjl | source_filename = C:\Recovery\WindowsRE\ReAgent.xml, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Recovery\WindowsRE\Winre.wim.titwmvjl | source_filename = C:\Recovery\WindowsRE\Winre.wim, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-f0 chr8O.ppt.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-f0 chr8O.ppt, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\021Ad.ods.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\021Ad.ods, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\14mifZbi6U7g.bmp.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\14mifZbi6U7g.bmp, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1tGr2j OogF6b.swf.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\1tGr2j OogF6b.swf, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YWEQ2GxGpdUwK8PTk.mp3.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\4YWEQ2GxGpdUwK8PTk.mp3, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7ciDl.jpg.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\7ciDl.jpg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aUzcWrREsGrojnF9hAS.mkv.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aUzcWrREsGrojnF9hAS.mkv, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aZf9Wm.avi.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\aZf9Wm.avi, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\B8CDRg.xls.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\B8CDRg.xls, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ghU7s.docx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\ghU7s.docx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gR1CBuQqpVYIz.png.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gR1CBuQqpVYIz.png, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gzz6xbjl_LfVIYqAtg7n.gif.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\gzz6xbjl_LfVIYqAtg7n.gif, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\H0n8vfZP F84hgjL.gif.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\H0n8vfZP F84hgjL.gif, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\HcoyADAi5Sbnxpj.mkv.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\HcoyADAi5Sbnxpj.mkv, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hIy5P_SVmm4d C3.xlsx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\hIy5P_SVmm4d C3.xlsx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\I3aPKS.wav.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\I3aPKS.wav, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iBxnpfNq.swf.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\iBxnpfNq.swf, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JBi-kk0FV6SxVr.png.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JBi-kk0FV6SxVr.png, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JYaG7q.mp3.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\JYaG7q.mp3, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\KZcK3fz60H0aS.mp3.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\KZcK3fz60H0aS.mp3, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\AccessCache.accdb, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Access\System.mdw, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1462094071-1423818996-289466292-1000\83aa4cc77f591dfc2374580bbd95f6ba_427a1946-e0ff-4097-8c9e-ca2c1e22780b, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\MS Project\16\en-US\Global.MPT, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\MSO1033.acl, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Office\Recent\index.dat, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\OneNote\16.0\Preferences.dat, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.srs, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Outlook\Outlook.xml, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\CREDHIST, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\04cd465a-248d-4abd-853a-5cb67fe43510, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\15d22704-736b-416f-a36b-857f2a5d2a7e, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\496f2c5b-a90f-4380-b805-3bf6ac63451b, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\5b8a3202-35dc-4437-b5d7-374f5e872415, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\60b22e29-462b-4858-9592-1724c7ae07dd, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\d7746ecf-458e-4e71-8557-8ac80457022a, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\S-1-5-21-1462094071-1423818996-289466292-1000\Preferred, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Protect\SYNCHIST, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Calendar insights.xltm, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Cashflow analysis.xltm, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\Email Insights.xltm, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001103[[fn=Headlines]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001104[[fn=Feathered]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001105[[fn=Crop]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001106[[fn=Badge]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Move | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\profiles.ini.titwmvjl | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\profiles.ini, flags = MOVEFILE_REPLACE_EXISTING |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite | size = 1048576, size_out = 524288 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite | size = 1048576, size_out = 196608 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db | size = 1048576, size_out = 16384 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite | size = 540, size_out = 540 |
|
1 | |
| Read | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite | size = 1048576, size_out = 1048576 |
|
1 | |
| Write | C:\Program Files\\TITWMVJL-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Program Files (x86)\\TITWMVJL-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\\TITWMVJL-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\\TITWMVJL-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\\TITWMVJL-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\\TITWMVJL-DECRYPT.txt | size = 8546 |
|
1 | |
| Write | C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\\TITWMVJL-DECRYPT.txt | size = 8546 |
|
1 | |
|
For performance reasons, the remaining 2012 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (43)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\ex_data\data | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Control Panel\International | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Keyboard Layout\Preload | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Keyboard Layout\Preload | - |
|
9 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\keys_data\data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | - |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | value_name = Domain, data = 0 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\International | value_name = LocaleName, data = 101 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 1, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 2, data = 48 |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = productName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = ProcessorNameString, data = 73 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = Identifier, data = 73 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 1, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 3, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 4, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 5, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 6, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 7, data = 48 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Keyboard Layout\Preload | value_name = 8, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters | value_name = Domain, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = ProcessorNameString, data = 73 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = Identifier, data = 73 |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\ex_data\data | value_name = ext, size = 20, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data | value_name = public, size = 276, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\SOFTWARE\keys_data\data | value_name = private, size = 1688, type = REG_BINARY |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\wbem\wmic.exe | show_window = SW_HIDE |
|
1 |
Module (8794)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x776b0000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x77550000 |
|
6186 | |
| Load | shell32.dll | base_address = 0x75310000 |
|
1039 | |
| Load | mpr.dll | base_address = 0x74350000 |
|
12 | |
| Load | wininet.dll | base_address = 0x743e0000 |
|
17 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x776b0000 |
|
3 | |
| Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x77550000 |
|
766 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlComputeCrc32, address_out = 0x776d6b10 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGenRandom, address_out = 0x77570df0 |
|
766 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtSetInformationFile, address_out = 0x77718e50 |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = AnaLab_sucks, wndproc_parameter = 0 |
|
1 |
System (532)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = LHNIWSJ |
|
2 | |
| Sleep | duration = 1337 milliseconds (1.337 seconds) |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:12 (UTC) |
|
10 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:13 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:14 (UTC) |
|
15 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:15 (UTC) |
|
23 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:17 (UTC) |
|
25 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:18 (UTC) |
|
17 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:19 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:23 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:24 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:25 (UTC) |
|
12 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:26 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:27 (UTC) |
|
6 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:28 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:29 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:30 (UTC) |
|
4 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:31 (UTC) |
|
7 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:32 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:33 (UTC) |
|
4 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:34 (UTC) |
|
3 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:35 (UTC) |
|
9 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:36 (UTC) |
|
8 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:37 (UTC) |
|
5 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:38 (UTC) |
|
2 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:39 (UTC) |
|
14 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:40 (UTC) |
|
15 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:41 (UTC) |
|
31 | |
| Get Time | type = System Time, time = 2019-02-18 17:19:42 (UTC) |
|
21 | |
| Get Time | type = Ticks, time = 182875 |
|
1 | |
| Get Time | type = Ticks, time = 184390 |
|
1 | |
| Get Time | type = Ticks, time = 190546 |
|
1 | |
| Get Time | type = Ticks, time = 190687 |
|
1 | |
| Get Info | type = Hardware Information |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
262 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 |
Mutex (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\8A5BA8BEE36925045F5C.luck |
|
1 | |
| Open | mutex_name = Global\iyAzNATdi7a94U8TAO7zVm5qzEjzks, desired_access = SYNCHRONIZE |
|
1 |
Network Behavior
HTTP Sessions (2)
| Information | Value |
|---|---|
| Total Data Sent | 501 bytes |
| Total Data Received | 3 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | www.kakaocorp.link |
HTTP Session #1
| Information | Value |
|---|---|
| User Agent | Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
| Server Name | www.kakaocorp.link |
| Server Port | 80 |
| Data Sent | 240 |
| Data Received | 3 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = HTTP, server_name = www.kakaocorp.link, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = /, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_AUTO_REDIRECT, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = www.kakaocorp.link/ |
|
1 | |
| Query HTTP Info | flags = HTTP_QUERY_STATUS_CODE, size_out = 3 |
|
1 | |
| Close Session | - |
|
1 |
HTTP Session #2
| Information | Value |
|---|---|
| User Agent | Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
| Server Name | www.kakaocorp.link |
| Server Port | 443 |
| Data Sent | 261 |
| Data Received | 0 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko, access_type = INTERNET_OPEN_TYPE_DIRECT |
|
1 | |
| Open Connection | protocol = HTTP, server_name = www.kakaocorp.link, server_port = 443 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP/1.1, target_resource = static/imgs/amme.bmp, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Send HTTP Request | headers = Content-Type: multipart/form-data, url = www.kakaocorp.link/static/imgs/amme.bmp |
|
1 | |
| Close Session | - |
|
2 |
Process #2: wmic.exe
17
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\wbem\wmic.exe |
| Command Line | "C:\Windows\system32\wbem\wmic.exe" shadowcopy delete |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:01:38, Reason: Child Process |
| Unmonitor | End Time: 00:01:51, Reason: Self Terminated |
| Monitor Duration | 00:00:13 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x36c |
| Parent PID | 0xe5c (c:\users\ciihmnxmn6ps\desktop\sstojx.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
538
0x
4F0
0x
564
0x
D6C
0x
D74
0x
A6C
0x
A44
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| wmic.exe | 0x00960000 | 0x009c3fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000e10000 | 0x00e10000 | 0x04e0ffff | Pagefile Backed Memory | - |
|
|
|
- |
| private_0x0000000004e10000 | 0x04e10000 | 0x04e2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004e10000 | 0x04e10000 | 0x04e1ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000004e20000 | 0x04e20000 | 0x04e23fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004e30000 | 0x04e30000 | 0x04e31fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004e30000 | 0x04e30000 | 0x04e30fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004e40000 | 0x04e40000 | 0x04e53fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004e60000 | 0x04e60000 | 0x04e9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004ea0000 | 0x04ea0000 | 0x04edffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004ee0000 | 0x04ee0000 | 0x04ee3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000004ef0000 | 0x04ef0000 | 0x04ef0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004f00000 | 0x04f00000 | 0x04f01fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004f10000 | 0x04f10000 | 0x04f4ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004f50000 | 0x04f50000 | 0x04f50fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004f60000 | 0x04f60000 | 0x04f63fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004f70000 | 0x04f70000 | 0x04f7ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x04f80000 | 0x0503dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005040000 | 0x05040000 | 0x0507ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005080000 | 0x05080000 | 0x050bffff | Private Memory | rw |
|
|
|
- |
| msxml3r.dll | 0x050c0000 | 0x050c0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000050d0000 | 0x050d0000 | 0x050effff | Private Memory | - |
|
|
|
- |
| private_0x00000000050f0000 | 0x050f0000 | 0x051effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000051f0000 | 0x051f0000 | 0x0522ffff | Private Memory | rw |
|
|
|
- |
| ole32.dll | 0x05230000 | 0x05318fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005230000 | 0x05230000 | 0x0529ffff | Private Memory | rw |
|
|
|
- |
| imm32.dll | 0x05230000 | 0x05259fff | Memory Mapped File | r |
|
|
|
- |
| wmic.exe.mui | 0x05230000 | 0x0523ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005240000 | 0x05240000 | 0x05240fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005250000 | 0x05250000 | 0x05250fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005260000 | 0x05260000 | 0x05260fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005260000 | 0x05260000 | 0x05263fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005270000 | 0x05270000 | 0x0527cfff | Pagefile Backed Memory | rw |
|
|
|
- |
| wmiutils.dll.mui | 0x05270000 | 0x05274fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005290000 | 0x05290000 | 0x0529ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000052a0000 | 0x052a0000 | 0x0530ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000052a0000 | 0x052a0000 | 0x052dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005300000 | 0x05300000 | 0x0530ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005320000 | 0x05320000 | 0x0532ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x05330000 | 0x05666fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005670000 | 0x05670000 | 0x0575ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005670000 | 0x05670000 | 0x0574ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005670000 | 0x05670000 | 0x056fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005670000 | 0x05670000 | 0x056affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000056b0000 | 0x056b0000 | 0x056effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000056f0000 | 0x056f0000 | 0x056fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005700000 | 0x05700000 | 0x0573ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005740000 | 0x05740000 | 0x0574ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005750000 | 0x05750000 | 0x0575ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005760000 | 0x05760000 | 0x058dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005760000 | 0x05760000 | 0x058cffff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x05760000 | 0x0583efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005840000 | 0x05840000 | 0x0587ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005880000 | 0x05880000 | 0x058bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000058c0000 | 0x058c0000 | 0x058cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000058d0000 | 0x058d0000 | 0x058dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000058e0000 | 0x058e0000 | 0x05a5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000058e0000 | 0x058e0000 | 0x05997fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000059a0000 | 0x059a0000 | 0x059dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000059e0000 | 0x059e0000 | 0x05a1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005a50000 | 0x05a50000 | 0x05a5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005a60000 | 0x05a60000 | 0x05e5ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000005e60000 | 0x05e60000 | 0x05fe7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000005ff0000 | 0x05ff0000 | 0x06170fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000006180000 | 0x06180000 | 0x0757ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000007580000 | 0x07580000 | 0x0767ffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x5baa0000 | 0x5baa7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x5bab0000 | 0x5bb22fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x5bb30000 | 0x5bb7efff | Memory Mapped File | rwx |
|
|
|
- |
| wmiutils.dll | 0x732f0000 | 0x7330dfff | Memory Mapped File | rwx |
|
|
|
- |
| fastprox.dll | 0x73380000 | 0x7343bfff | Memory Mapped File | rwx |
|
|
|
- |
| wbemsvc.dll | 0x73500000 | 0x73510fff | Memory Mapped File | rwx |
|
|
|
- |
| ucrtbase.dll | 0x73520000 | 0x735fbfff | Memory Mapped File | rwx |
|
|
|
- |
| vcruntime140.dll | 0x73600000 | 0x73614fff | Memory Mapped File | rwx |
|
|
|
- |
| msoxmlmf.dll | 0x73620000 | 0x7362dfff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x738a0000 | 0x739fffff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x73bb0000 | 0x73e70fff | Memory Mapped File | rwx |
|
|
|
- |
| msxml3.dll | 0x73e80000 | 0x7400ffff | Memory Mapped File | rwx |
|
|
|
- |
| wbemcomn.dll | 0x74010000 | 0x74075fff | Memory Mapped File | rwx |
|
|
|
- |
| wbemprox.dll | 0x74080000 | 0x7408cfff | Memory Mapped File | rwx |
|
|
|
- |
| framedynos.dll | 0x74090000 | 0x740cefff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x740d0000 | 0x740d7fff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x740e0000 | 0x7410ffff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74370000 | 0x7439efff | Memory Mapped File | rwx |
|
|
|
- |
| bcrypt.dll | 0x743a0000 | 0x743bafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x743c0000 | 0x743d2fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x743e0000 | 0x74603fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74610000 | 0x7462cfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74630000 | 0x746a4fff | Memory Mapped File | rwx |
|
|
|
- |
| bcryptprimitives.dll | 0x74750000 | 0x747a8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x747b0000 | 0x747b9fff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x747c0000 | 0x747ddfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x74a00000 | 0x74aabfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel.appcore.dll | 0x74ab0000 | 0x74abbfff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x74d30000 | 0x74d8bfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x74da0000 | 0x74de3fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x74df0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x74f10000 | 0x74f3afff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x74f40000 | 0x7502ffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75030000 | 0x7517cfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75190000 | 0x75305fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76c70000 | 0x76daffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76f20000 | 0x76fddfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76fe0000 | 0x77061fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x770c0000 | 0x770c6fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x770d0000 | 0x77161fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77170000 | 0x77259fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x772b0000 | 0x772f2fff | Memory Mapped File | rwx |
|
|
|
- |
| shcore.dll | 0x77300000 | 0x7738cfff | Memory Mapped File | rwx |
|
|
|
- |
| combase.dll | 0x77390000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x77550000 | 0x775cafff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776b0000 | 0x77828fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007e744000 | 0x7e744000 | 0x7e746fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e747000 | 0x7e747000 | 0x7e749fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e74a000 | 0x7e74a000 | 0x7e74cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e74d000 | 0x7e74d000 | 0x7e74ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007e750000 | 0x7e750000 | 0x7e84ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x000000007e850000 | 0x7e850000 | 0x7e872fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007e875000 | 0x7e875000 | 0x7e875fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e876000 | 0x7e876000 | 0x7e876fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e877000 | 0x7e877000 | 0x7e879fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e87a000 | 0x7e87a000 | 0x7e87cfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007e87d000 | 0x7e87d000 | 0x7e87ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfc57b4ffff | Private Memory | r |
|
|
|
- |
| pagefile_0x00007dfc57b50000 | 0x7dfc57b50000 | 0x7ffc57b4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| ntdll.dll | 0x7ffc57b50000 | 0x7ffc57d11fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00007ffc57d12000 | 0x7ffc57d12000 | 0x7ffffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
COM (7)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | F6D90F12-9C73-11D3-B32E-00C04F990BB4 | 2933BF95-7B36-11D2-B20E-00C04F983E60 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | EB87E1BD-3233-11D2-AEC9-00C04FB68820 | EB87E1BC-3233-11D2-AEC9-00C04FB68820 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli\ms_409 |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\LHNIWSJ\ROOT\CIMV2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy |
|
1 |
Registry (5)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory, data = 37 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Log File Max Size, data = 54 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\wbem\wmic.exe | base_address = 0x960000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = LHNIWSJ |
|
1 | |
| Get Time | type = Local Time, time = 2019-02-19 04:19:52 (Local Time) |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 |
