Information | Value |
---|---|
ID | #1 |
File Name | c:\users\5jghkoaofdp\desktop\crypt.exe |
Command Line | "C:\Users\5JgHKoaOfdp\Desktop\Crypt.exe" |
Initial Working Directory | C:\Users\5JgHKoaOfdp\Desktop\ |
Monitor | Start Time: 00:00:23, Reason: Analysis Target |
Unmonitor | End Time: 00:03:13, Reason: Terminated by Timeout |
Monitor Duration | 00:02:50 |
Information | Value |
---|---|
PID | 0xaf8 |
Parent PID | 0x3f8 (c:\windows\explorer.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | FIVAUF\5JgHKoaOfdp |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
AFC
0x
B00
0x
B04
0x
B08
0x
B64
0x
0
0x
7B0
0x
808
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
crypt.exe | 0x00140000 | 0x001b3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000001c0000 | 0x001c0000 | 0x001dffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000001c0000 | 0x001c0000 | 0x001cffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000001d0000 | 0x001d0000 | 0x001d3fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000001f0000 | 0x001f0000 | 0x001fefff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000200000 | 0x00200000 | 0x0023ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000340000 | 0x00340000 | 0x00343fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000350000 | 0x00350000 | 0x00350fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000360000 | 0x00360000 | 0x00361fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000380000 | 0x00380000 | 0x00380fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000390000 | 0x00390000 | 0x0039ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000003a0000 | 0x003a0000 | 0x003affff | Private Memory | - |
|
|||
private_0x00000000003b0000 | 0x003b0000 | 0x003bffff | Private Memory | - |
|
|||
private_0x00000000003c0000 | 0x003c0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x003d0000 | 0x0044dfff | Memory Mapped File | Readable |
|
|||
private_0x0000000000450000 | 0x00450000 | 0x0045ffff | Private Memory | - |
|
|||
private_0x0000000000460000 | 0x00460000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000560000 | 0x00560000 | 0x0056ffff | Private Memory | - |
|
|||
private_0x0000000000570000 | 0x00570000 | 0x0057ffff | Private Memory | - |
|
|||
private_0x0000000000580000 | 0x00580000 | 0x00580fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000590000 | 0x00590000 | 0x00590fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000005a0000 | 0x005a0000 | 0x005dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000005e0000 | 0x005e0000 | 0x005effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000005f0000 | 0x005f0000 | 0x005f0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000005f0000 | 0x005f0000 | 0x005f3fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000600000 | 0x00600000 | 0x0060ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000610000 | 0x00610000 | 0x006affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000006b0000 | 0x006b0000 | 0x006effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000006f0000 | 0x006f0000 | 0x006f3fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000700000 | 0x00700000 | 0x0070ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000710000 | 0x00710000 | 0x00897fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000008a0000 | 0x008a0000 | 0x00a20fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000a30000 | 0x00a30000 | 0x01e2ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001e30000 | 0x01e30000 | 0x01f2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001f30000 | 0x01f30000 | 0x01f3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001f40000 | 0x01f40000 | 0x01f4ffff | Private Memory | - |
|
|||
private_0x0000000001f50000 | 0x01f50000 | 0x01f5ffff | Private Memory | - |
|
|||
private_0x0000000001f60000 | 0x01f60000 | 0x01f63fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001f70000 | 0x01f70000 | 0x01f7ffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000001f80000 | 0x01f80000 | 0x01fbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001fc0000 | 0x01fc0000 | 0x01ffffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002000000 | 0x02000000 | 0x02003fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002010000 | 0x02010000 | 0x0201ffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000002020000 | 0x02020000 | 0x0401ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004020000 | 0x04020000 | 0x0411ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x04120000 | 0x043f4fff | Memory Mapped File | Readable |
|
|||
private_0x0000000004400000 | 0x04400000 | 0x0455ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004400000 | 0x04400000 | 0x044f0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000004500000 | 0x04500000 | 0x04505fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004510000 | 0x04510000 | 0x0451ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004510000 | 0x04510000 | 0x04510fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004520000 | 0x04520000 | 0x0452ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004520000 | 0x04520000 | 0x04530fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004530000 | 0x04530000 | 0x0453ffff | Private Memory | Readable, Writable |
|
|||
tzres.dll | 0x04540000 | 0x04541fff | Memory Mapped File | Readable |
|
|||
private_0x0000000004540000 | 0x04540000 | 0x0454ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004550000 | 0x04550000 | 0x0455ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004560000 | 0x04560000 | 0x0465ffff | Private Memory | Readable, Writable |
|
|||
comctl32.dll | 0x04660000 | 0x046e2fff | Memory Mapped File | Readable |
|
|||
private_0x0000000004660000 | 0x04660000 | 0x0473ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004660000 | 0x04660000 | 0x046fffff | Private Memory | Readable, Writable |
|
|||
mscorrc.dll | 0x04660000 | 0x046c0fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000046d0000 | 0x046d0000 | 0x046d2fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000046e0000 | 0x046e0000 | 0x046e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000046f0000 | 0x046f0000 | 0x046fffff | Private Memory | Readable, Writable |
|
|||
tzres.dll.mui | 0x04700000 | 0x04707fff | Memory Mapped File | Readable |
|
|||
private_0x0000000004700000 | 0x04700000 | 0x0472ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004700000 | 0x04700000 | 0x0470ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000004710000 | 0x04710000 | 0x0471ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000004720000 | 0x04720000 | 0x0472ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004730000 | 0x04730000 | 0x0473ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004740000 | 0x04740000 | 0x0483ffff | Private Memory | Readable, Writable |
|
|||
~fontcache-system.dat | 0x04840000 | 0x048e4fff | Memory Mapped File | Readable |
|
|||
private_0x00000000048f0000 | 0x048f0000 | 0x049effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000049f0000 | 0x049f0000 | 0x04ee1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
~fontcache-fontface.dat | 0x04ef0000 | 0x05eeffff | Memory Mapped File | Readable |
|
|||
private_0x0000000005ef0000 | 0x05ef0000 | 0x05f6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005f70000 | 0x05f70000 | 0x06212fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000006220000 | 0x06220000 | 0x0631ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000006320000 | 0x06320000 | 0x063c1fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000006320000 | 0x06320000 | 0x06320fff | Pagefile Backed Memory | Readable |
|
|||
version.dll | 0x70df0000 | 0x70df7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
windowscodecs.dll | 0x70e00000 | 0x70f4cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x70f50000 | 0x70f5dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x70f60000 | 0x70f8efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwrite.dll | 0x70f90000 | 0x71101fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.runtime.remoting.ni.dll | 0x71110000 | 0x711d4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.windows.forms.ni.dll | 0x711e0000 | 0x71e25fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.core.ni.dll | 0x71e30000 | 0x724d2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.ni.dll | 0x724e0000 | 0x72e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscorlib.ni.dll | 0x72e70000 | 0x73f04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74040000 | 0x74057fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.drawing.ni.dll | 0x74060000 | 0x741f1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x74200000 | 0x74217fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74220000 | 0x742fafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apphelp.dll | 0x74300000 | 0x74398fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bcrypt.dll | 0x743a0000 | 0x743bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shcore.dll | 0x743c0000 | 0x74435fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clrjit.dll | 0x74440000 | 0x744bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
microsoft.visualbasic.ni.dll | 0x744c0000 | 0x74698fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel.appcore.dll | 0x746a0000 | 0x746a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcr120_clr0400.dll | 0x746b0000 | 0x74786fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clr.dll | 0x74790000 | 0x74e2afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoreei.dll | 0x74e30000 | 0x74eadfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoree.dll | 0x74eb0000 | 0x74f05fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bcryptprimitives.dll | 0x74f10000 | 0x74f62fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x74f70000 | 0x74f78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74f80000 | 0x74f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x74fb0000 | 0x75027fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
combase.dll | 0x75040000 | 0x7518dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75190000 | 0x75297fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x754c0000 | 0x755b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x755c0000 | 0x755e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x755f0000 | 0x7572ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75730000 | 0x757e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x757f0000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x75950000 | 0x75a1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75be0000 | 0x75c1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75c60000 | 0x75ce6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75d40000 | 0x75d80fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x75e30000 | 0x75f7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75f80000 | 0x7712cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdiplus.dll | 0x77130000 | 0x7727cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x77280000 | 0x77305fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x773a0000 | 0x7745dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x77480000 | 0x77488fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x77490000 | 0x774d8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x774e0000 | 0x77547fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77550000 | 0x776b7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007ebd0000 | 0x7ebd0000 | 0x7ebdffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x000000007ebe0000 | 0x7ebe0000 | 0x7ec2ffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x000000007ec3a000 | 0x7ec3a000 | 0x7ec3cfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ec3d000 | 0x7ec3d000 | 0x7ec3ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007ec40000 | 0x7ec40000 | 0x7ed3ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x000000007ed40000 | 0x7ed40000 | 0x7ed62fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007ed63000 | 0x7ed63000 | 0x7ed63fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ed64000 | 0x7ed64000 | 0x7ed66fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ed67000 | 0x7ed67000 | 0x7ed69fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ed6a000 | 0x7ed6a000 | 0x7ed6cfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ed6d000 | 0x7ed6d000 | 0x7ed6dfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7ff9d524ffff | Private Memory | Readable |
|
|||
ntdll.dll | 0x7ff9d5250000 | 0x7ff9d53f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00007ff9d53fa000 | 0x7ff9d53fa000 | 0x7ffffffeffff | Private Memory | Readable |
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\microsoft\hash | 0.05 KB (50 bytes) |
MD5:
79570daf5afe49ef71c9148c51aa1dda
SHA1: b6a11a5f191391aca1095932d387945c9ef934a3 SHA256: a963f08069a8ba118efd65291347f46968be1e5a02bb81036ed3584ea972f0e3 |
|
|
c:\users\5jghkoaofdp\documents\-spm6vjb.odt.lime | 62.45 KB (63952 bytes) |
MD5:
b4d942f4683ba6b39b7cce37c902355b
SHA1: a66b7f2d457ac42df6587b1831ecadaeaae35e56 SHA256: a44f8fcfa0d42cf77ef27e2ce5acf0ad9b4ae77ec6f5be9de07f78ac14ec11ce |
|
|
c:\users\5jghkoaofdp\documents\0u2ya.docx.lime | 11.69 KB (11968 bytes) |
MD5:
2546d9ba9be02db58e8fe966ab91caea
SHA1: c0ebdbc21ddb63954919b3a45b392151fbc9f16b SHA256: 1efd55214870714732c1e9503d42c853f342603c93207dbe729325729689ef2b |
|
|
c:\users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf.lime | 1.33 KB (1360 bytes) |
MD5:
4919359f1310c4aefcda111370faf616
SHA1: 6b7f727a9b5a7f2de9f5494d8cce8678cd9d4ca8 SHA256: de60cda7106e04857a224b2c139381dc5907348f8465827ad0366ea471ccbf64 |
|
|
c:\users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx.lime | 92.20 KB (94416 bytes) |
MD5:
424c59058aaca748e44049c9abc42f85
SHA1: 62f42f357977e8edb15a956b472846fd42cf756f SHA256: bbf01e9b2887fadc026683f02a469d7f991fac5240fc3777ecf3f6f3b1e0cb96 |
|
|
c:\users\5jghkoaofdp\documents\aeghbubms5ntl.pptx.lime | 68.31 KB (69952 bytes) |
MD5:
815ee7a3f7a76c7f3b38c1ae17fcd72e
SHA1: 8abce056fbccf6c09114555e172441aa16c67561 SHA256: 2189fcee260e07ef63e22ce138ade649ed24c8d061e292d7f64593b93e2a928b |
|
|
c:\users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx.lime | 85.77 KB (87824 bytes) |
MD5:
862921b589b1174597317f170cbab044
SHA1: 9fe9f87c32d73f2054d4fe01b35d096b0f6e3a47 SHA256: bd1b4d09a8585e5676e94e24ffb2ebd2be748da757059de0792829119d1bf1ba |
|
|
c:\users\5jghkoaofdp\documents\desktop.ini.lime | 0.41 KB (416 bytes) |
MD5:
c9b46817038fb05173f74b2790bbc4ce
SHA1: cc9f85de2a7c64983b76b792c886127d138a5aed SHA256: db5d72c549b2858b34b9b5e3c30992eddabea01e5932f4c96f85fff201341613 |
|
|
c:\users\5jghkoaofdp\documents\erhcl a2gbl1at.docx.lime | 48.88 KB (50048 bytes) |
MD5:
8a71b4f4b4ad2e149140cb2b622b1fad
SHA1: 88449cd7ef630459459cca28010d9ca8afe14b34 SHA256: 515ff8c559e9c6e7954935a84d186ab4d02babe1ba2aabf27f31bc230828bfeb |
|
|
c:\users\5jghkoaofdp\documents\eyedf199l.xlsx.lime | 90.39 KB (92560 bytes) |
MD5:
ae2cdd9a7f32633b027bd575d0f113dc
SHA1: 53cb828326932fff1ad9caea8f57461806bb230e SHA256: bea704f52a0f00d060ac9941e436d630e7cada31f56fb73e48af2218d2411796 |
|
|
c:\users\5jghkoaofdp\documents\g 5zx6m5n.docx.lime | 14.73 KB (15088 bytes) |
MD5:
94bec26d56d482bd139bdfb85b01cec0
SHA1: a9dc1a26b2b735e470a74a18e40944eb7b4bd7ce SHA256: 85cbd08116d0556bf80968bdae8afba8d4e59270cee8f0c4d8ca0097661246bc |
|
|
c:\users\5jghkoaofdp\documents\gmur.xlsx.lime | 78.11 KB (79984 bytes) |
MD5:
00921b3dd8f8a0b4c3c838ce320f8d51
SHA1: 5d5dd5fed4d0390fe22f9e93247b43b68f7ef5c6 SHA256: 9ef6930900b28d361eaa83d4cd61d1525e143c3ccffc312a22644d23aa27f4a4 |
|
|
c:\users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx.lime | 61.45 KB (62928 bytes) |
MD5:
b2c1aba23191532fc0d783f69e75770f
SHA1: 4858c75da24b0b7dfd769f7b3da5d4405b6fc45c SHA256: 3d4def9f5b6a66da1060a8388b8d0119ebd8d0a56c4091682ede7fe757adb9db |
|
|
c:\users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt.lime | 19.61 KB (20080 bytes) |
MD5:
43785acb2b4829ee93a6166f488f3f43
SHA1: dc663c05346efb28562d5a1c7fc5c82a2cab90ca SHA256: 9a4d4bffaa3f4693a95905f1d125f721d3926beb00104f4b035c6b54d8c60714 |
|
|
c:\users\5jghkoaofdp\documents\oczespochpv.csv.lime | 97.41 KB (99744 bytes) |
MD5:
b7246b6277c064427412b2b3f7ce6ffc
SHA1: d55113611d99fcf8132db6c89e38a7035fb4b7c5 SHA256: c6a0f5d5f54b84da2cde0afe2ed7cde7095f06df136891752e06bec52fd7cd01 |
|
|
c:\users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx.lime | 1.67 KB (1712 bytes) |
MD5:
5ff36f203bba5b322f5b8687bfc8f0a2
SHA1: f0c3ca41a1e38db91f05d0bd1a007d3294ed2770 SHA256: 5957d364d5e8c1b48c1b42eeb3fa02f4d4c5c3e2f1829a182d2a5445b576abe7 |
|
|
c:\users\5jghkoaofdp\documents\x7nab3sx5u.pptx.lime | 94.19 KB (96448 bytes) |
MD5:
db0cc0cdc6760daae4c33c0948512fb6
SHA1: 43fcfa1a53d7bc16eb97c3f98fc7241c186d6659 SHA256: 8f9a92d8c392f354ee9843901e1f5d0fd331f6056f1e3528118caa998ec2b9b9 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps.lime | 25.73 KB (26352 bytes) |
MD5:
eda419c37b32c3b4aa1b721cb678a437
SHA1: 82d30c13eee7e1277275b27a50bb7dfacdb8cc9d SHA256: 9dbeee248a82d89fc500ef79880ab80c3b3d8a95cb60c8866ec1bd13bc317b91 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps.lime | 2.14 KB (2192 bytes) |
MD5:
846a4dddd2a1dd6c856e3040ff20f2bf
SHA1: f40041b3f0a9f0d460112b99798a88b002695f16 SHA256: 30012a509d48b4fa6da6e0e0b242526de79aaa8cbe373971c02ac7f10d58e540 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\dupiwyyc2jp.docx.lime | 57.05 KB (58416 bytes) |
MD5:
3de5fba903cec3f1edbd740b43e4c9f0
SHA1: 1a0cb04b9f174a09eb689fd29cd48343a10634c8 SHA256: 0ad60be3f262f563d7fbebba20b4f7cb87c04e2e4c5e4de572b83266220a0cf9 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\gtn-k.odt.lime | 80.55 KB (82480 bytes) |
MD5:
f341d44e54207d2b5ecafa488e0d6d41
SHA1: 42d2bd5e141cb52a34ea655dbf88e39ba694cad5 SHA256: b5868ee3bca2076893a61add47be36d73e56868bf2aa8129431eaddafc11bc59 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\mt8ryidfz3cr.pptx.lime | 55.09 KB (56416 bytes) |
MD5:
df4afaf4f93aaceb0d4e62cef5a86cf4
SHA1: abc7b577d51e6d8223fde047b95fdc56becb5f20 SHA256: 9216bc5e02ff640e2cd85f6dc7035a0ba6ea016b074346d374f65c47880cb038 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nadn7qwb885nzat o.odp.lime | 86.08 KB (88144 bytes) |
MD5:
f15adc0f50a7dc19f47f0d00b75ed444
SHA1: 516a82381412d27d61ca16b172cef47848ac2a27 SHA256: 64e84454898b46715d6c573f812a36236bf4585e169553cf2bb5af036339e916 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\nuvav.rtf.lime | 41.34 KB (42336 bytes) |
MD5:
ae505c67a1f9c6807e2e64ebdff8c37b
SHA1: f91536a2dc4a9e9fb00953b0dd87555dd9b835c7 SHA256: f424568ed0e0742e9f7045cafaf42a9e10cc5dbb2e0d538ca8cd700ce50d4892 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\u2 jrsbzpir7oxwwq.pptx.lime | 72.94 KB (74688 bytes) |
MD5:
17e53bd42e9e3784a675460c04ebc5bc
SHA1: 21f73a8d3364d9f59d75732826a391b73a94da27 SHA256: 1b2790b749c9dc3c85a06d557e2962b01d220bf277274aba2bce80225f2178a7 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\w anjoz7.doc.lime | 14.30 KB (14640 bytes) |
MD5:
056b121ba3acf890e659c167d6a07df3
SHA1: a3c1943bce25a355e41fb1abb3708ec6ad56df55 SHA256: 50fb1fa37546a0765205d0424199bf5c8159c1b33cb537d5d3e35e830aec6097 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\vksw t\77jqfti.csv.lime | 68.53 KB (70176 bytes) |
MD5:
1a58904a8f4ba4b6ff21bfa0a818100e
SHA1: afe3e1fb048518682ae7eabe0f3f877de3c3759b SHA256: 727add00ffb70858d8200cc3978111b36952698bf1651bc52c987d6391245f1d |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\vksw t\9bweefny0rpp.ods.lime | 31.14 KB (31888 bytes) |
MD5:
31f5d82dd9b4998635e79cac53e84cd8
SHA1: 8e959e4f97c1a0816fb8aa4af2fa4d78648ffa00 SHA256: d4711d2201a585572de2ca9791b17db939b9abffb6f56abc46c556f73c05d497 |
|
|
c:\users\5jghkoaofdp\documents\my shapes\desktop.ini.lime | 0.22 KB (224 bytes) |
MD5:
543aa4d0bab6eb92f144852b9321c9b2
SHA1: e5073a14c3b2a9140d4d16009dc228818f9137ac SHA256: b4c49666006e8249df4923c13cfe489feb472ea5350dc96c9c552a7cd902884a |
|
|
c:\users\5jghkoaofdp\documents\my shapes\favorites.vssx.lime | 0.02 KB (16 bytes) |
MD5:
b89066756566fcf59d882699f2aed3a3
SHA1: 7341b43d325c1971d0caabc3dd8d361a2020c668 SHA256: 1179b80a694dc4fc5e4f87ad86f8bb625ec972d54c1da2f97b51d3c259c3abb8 |
|
|
c:\users\5jghkoaofdp\documents\my shapes\_private\folder.ico.lime | 29.23 KB (29936 bytes) |
MD5:
7c0bc7cc02efbf4681b564565419920e
SHA1: 65312a2bd1539f3aa2702dbf0ae4e665a27581fc SHA256: 356a2f5864d5e933d3044ff8d1b970bd1a0d2e9c664745a9bc92582fc221fb13 |
|
|
c:\users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst.lime | 265.02 KB (271376 bytes) |
MD5:
3147acf6ff86361711af9cd9666eb006
SHA1: d15c599e256a7d53ffae0f60d0b2a7411124ddc4 SHA256: 7cda96a618d8c66d7f42d9a569683b30986c6ad6caf88f7e1940f11a6b87b93a |
|
|
c:\users\5jghkoaofdp\pictures\8yzc.gif.lime | 47.28 KB (48416 bytes) |
MD5:
26adc1f9ab71097bd0197bee8a3ce9e0
SHA1: 817fc246afcab2a188fd1a160465e0d368c42d19 SHA256: d91c3eb862790256ec19c1b161c5e0fba291212fe3918c54c7ac7fc0d7109499 |
|
|
c:\users\5jghkoaofdp\pictures\97qmvfp-n9t7b4u.png.lime | 65.88 KB (67456 bytes) |
MD5:
8464ff4b3e9f397ccf609b1a41ad44d5
SHA1: 02b899ed7ef44eaaaea793469d898fc191498790 SHA256: 57dd4d4511a75a6999d4e0dd7410a21003c11a5f3a3b097905fdae9831b8f889 |
|
|
c:\users\5jghkoaofdp\pictures\9pzhjofdzk0fqc8d56gx.bmp.lime | 26.36 KB (26992 bytes) |
MD5:
ddf1569c4ee4980e9f06a0ab99fc9a78
SHA1: 75a85b1d0bd23ab66caf64c251da2af78809c293 SHA256: 97cc8af117df3c2143929e739a288dcd74ac549c59dac5bc3d4e615206fb5812 |
|
|
c:\users\5jghkoaofdp\pictures\auoxltyrvw31 biyhvn.png.lime | 44.50 KB (45568 bytes) |
MD5:
57786d413b451721be96c2ddbab09113
SHA1: 9b28d33d86a94aa351138e10073bdb2fc79f70eb SHA256: 6e8aa604822738992563e086227bab934c8a672c4f787c4f4849de32597c1a9f |
|
|
c:\users\5jghkoaofdp\pictures\hoshp.gif.lime | 97.02 KB (99344 bytes) |
MD5:
d2befa51c32e29e1b649063ca7df518a
SHA1: 02bbb9921b9d89493f11067bf3cde44027875a5b SHA256: 4fd2643d374ec75b8e9d82def8992c62d8130871e2104a7d5a5bbbfd3c40a0a0 |
|
|
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\cn2.bmp.lime | 5.53 KB (5664 bytes) |
MD5:
4165af98fa053b0ee858800fdea6bf2b
SHA1: cc4f196f2c84e8341319a9d160b59e1ef8cc7b75 SHA256: 37b69b47f658dff4332165ccaa4cfa88d83cc13c0502fee6a512d5ae46e1c0a5 |
|
|
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\eemvu3dk.bmp.lime | 24.06 KB (24640 bytes) |
MD5:
b7a5dafa65e2e3fa682f5465eb1b0916
SHA1: 62ce2237261b73c50cff867af65cab8cd538454e SHA256: 6a59dc100b1eaee7d56d79938e985486549ebd0b6b0917da24fe39571ea22573 |
|
|
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\fnzhhkemnjg.gif.lime | 19.50 KB (19968 bytes) |
MD5:
273d2cab40ee021cef924385e9f4c715
SHA1: e9788c8741af89cc2abc5ce89840cb45dc6fe459 SHA256: 04a68085ad7d4195d1f82b683a8801a78efe5bc170386553eedc12a772336b41 |
|
|
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\nr6dmjkjcntfscqr.gif.lime | 55.36 KB (56688 bytes) |
MD5:
5f2dc9ccbe05c735697196fa730a5295
SHA1: 1a4b13b00ce7944428fe442e64ab917cf379fac1 SHA256: ac617690e7e57582c5f49af08ee04a6ced2a8b3082576c3eca0295a9b1a9b6cb |
|
|
c:\users\5jghkoaofdp\pictures\bglkocslaas0zqepqxl\qkgeynbdljnjdcbmjb.gif.lime | 45.47 KB (46560 bytes) |
MD5:
4f0d0c36301c73cf775da773e984b771
SHA1: 6a0424d118d3a53091d507ac8e29e67b2b433b63 SHA256: d32a53331826fce9e18511db91f521bb5cc09964d78e290add6f8591fbb6e76f |
|
|
c:\users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\b4tjitd_nyk uv.bmp.lime | 99.69 KB (102080 bytes) |
MD5:
f8a8e6adf87e50988f6afe69041bf3bc
SHA1: a19758a519ee1988e175c104406249dbfd899819 SHA256: e994ef93dcc6b432041411aab490fbdf22f7258987f4140a7fd20e9d8c219a95 |
|
|
c:\users\5jghkoaofdp\pictures\cglz_jmc_lob0ujffp\dc394objo9c.bmp.lime | 35.89 KB (36752 bytes) |
MD5:
b5291809b8a3d6841d00a129a3668c31
SHA1: 2263a7b583f32b506984163065c41aa5736506fb SHA256: ba0a44b2bc81d19046e1e05ae96a55702829e8c74d9ea559fc6d3bca964566f3 |
|
|
c:\users\5jghkoaofdp\music\c-56as7eiall.mp3.lime | 24.48 KB (25072 bytes) |
MD5:
f8d5cb7a00e83a49149d4622021fa5b7
SHA1: ecf37d0aa1bb699abb4b6f1bfb1ba5ebc43e1172 SHA256: 3f9c4be52001bdc0622ab3e8b33131d749f02a8e80773babce9d699958965bc1 |
|
|
c:\users\5jghkoaofdp\music\desktop.ini.lime | 0.50 KB (512 bytes) |
MD5:
bbecdaa0d5d5dff70246d8e481a133ae
SHA1: 59464008c26a95368fb4cfc3e78e6726e45ac9ba SHA256: 2a52121b8b48b82524a604eb11e4387e009828454101301bf9082b72508c616a |
|
|
c:\users\5jghkoaofdp\music\gru-m3d0ihjq.wav.lime | 89.11 KB (91248 bytes) |
MD5:
fbd8c5a14f99ea11a20c1ff956261d27
SHA1: 6002af7f5e9928336c5fb4694afc2ac381a01331 SHA256: d1947ab433b644e42b7ab6cdb566a7dc835578180b0822277ea04ff4b4ed6608 |
|
|
c:\users\5jghkoaofdp\music\od32to.mp3.lime | 18.06 KB (18496 bytes) |
MD5:
41fb7d419423fe05675a472228237edf
SHA1: 1c2a9a43891bcd3d57dea5d1b7c469dea590ef67 SHA256: 424ed283f523ee782bbb8ff96eaae18a66f3b05a5b5135a69ef8de7ed755deaf |
|
|
c:\users\5jghkoaofdp\music\q0ua0ahepdpsiaueq0.mp3.lime | 33.09 KB (33888 bytes) |
MD5:
c11b3421e93e99a9f4e8588c9e6d19cd
SHA1: bd9c49df024f11fe5696c90eb0a4ba6eab851455 SHA256: e280296785805f92d2ef712b1d496a23c86ff294d3b9d7557349b31423fb6ba0 |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\ggnh.m4a.lime | 4.73 KB (4848 bytes) |
MD5:
2f83fe33b0187cc874874dee35b83c00
SHA1: 32fdcfabc4f858ff7ad973a5a08fba06ae33d4d4 SHA256: dc3735b311a07d5212c839e07f472f08d8a8f60eceef76383e043aefde3c2b69 |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\gqfyfnbufhd0b2hnpcm.wav.lime | 84.66 KB (86688 bytes) |
MD5:
3b2c8cc031100456b9b0ffb630df0ab6
SHA1: 2ad64c5d4e7359842e2148b78c442bb2c15fa92c SHA256: ea72462195205f5f53848347d49a13d5f980fc8ef624334a204a42dcde841d14 |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\gwcyviwii.mp3.lime | 31.67 KB (32432 bytes) |
MD5:
9a63c489b44c5bcaec8f54223f9d1ddc
SHA1: d87aba4cffead69f90729f35cd99848ba58eed43 SHA256: 71f256e963cc4efa21b3ca27d9c5ed2ee9523efd012d162869e4dbb60ca77475 |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\kz2m.mp3.lime | 81.66 KB (83616 bytes) |
MD5:
232e3e201518c574f55948d982da7262
SHA1: acbab8ba8b246e038e2ee4cd39f48e10146589f4 SHA256: 621e4d05e90a7da85ecff96f71cc85cdb6a0c215a21a7801796e19a20a6db720 |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\qvxpyewmyw121.wav.lime | 96.69 KB (99008 bytes) |
MD5:
30b1cbcca53c3afbf7739e9b5c485620
SHA1: 6e7632974f0e8ef95663c011a7921b105d0009d6 SHA256: bcded786bc9f0f036c7760a25e425e9deb362c1265d59a3ba3b6545e3aab7d52 |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\sy3cpsu.m4a.lime | 82.53 KB (84512 bytes) |
MD5:
71e60381304f1802e946ff866646cd28
SHA1: 7b52b959b53f7c79a597872fda5285b0a7612a44 SHA256: 483972808aa0b1d792e66d2201c5b78067c217835d495b625da7baf1a06a4a54 |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\ufkl.wav.lime | 85.83 KB (87888 bytes) |
MD5:
b495fd88db772adac97d11470dd8a8bd
SHA1: b284b1a5203fcd4db7af7b5d58eb529b9bd50b15 SHA256: 73442b4eb6caeccdfd967382166bd31b245fd660a136241f477c2a605b7393fb |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\uxkqt2i9x6pc8.wav.lime | 39.28 KB (40224 bytes) |
MD5:
2ce61dd19d7c10d95f54fba753b61738
SHA1: ac1089615d1750d344b7ec76b6ea4dc499875ba0 SHA256: a380013c0f1dd0c0d85144a283a881ac09ef175646a0c67663d768fd5dfb950c |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\vw e9ij.mp3.lime | 85.11 KB (87152 bytes) |
MD5:
7a87d1bc45fc6d5b99bfa3abe234568a
SHA1: de332830980ece74917caa8434af0a68e943b235 SHA256: 57ce3032a943cbadbee69a59aeb817f1acebeec309fb0bb580065cd0354c2eb6 |
|
|
c:\users\5jghkoaofdp\music\_wgbp3qw\yotflh9s-- h9v.wav.lime | 28.77 KB (29456 bytes) |
MD5:
5d5703232f6c7e693d45a9080797fce7
SHA1: 23df6e3bd71165c4c4e106f377ec448f0e84a8b5 SHA256: da7d529409b523b4216ee38f38541f39f648e29b3da4846ed443957e0e847775 |
|
|
c:\users\5jghkoaofdp\videos\40y6k2fub.avi.lime | 95.66 KB (97952 bytes) |
MD5:
5ba848a370ecbc1d9392edc6eac9ef5b
SHA1: dde681e2c6ad9a32e576e64321df1dcac08a692e SHA256: af95427274472be2882fff49284ab5a3eac5ede0f94da6648c7339b629594945 |
|
|
c:\users\5jghkoaofdp\desktop\2-lzf_caeytdih8ls.avi.lime | 84.27 KB (86288 bytes) |
MD5:
7736005a93c48d4f5792444a73c22b5c
SHA1: aaa9c36387a59e1f1cb8e91ede7f9c320a00efc9 SHA256: 92b0d410d7d6398e758576b05db4888a2711138f6f0a06bf58ddc9198bbfc236 |
|
|
c:\users\5jghkoaofdp\desktop\2kzlcfwdx.mkv.lime | 67.55 KB (69168 bytes) |
MD5:
3f72b45f772ab924e75bd7338e5a8f93
SHA1: 3ffe94a87675650f531ed2659cf33e276fa28034 SHA256: 86c13c0f9ff470e4f33fc7ec54c386e2f0f1871b4243b204125507a92d6d71f2 |
|
|
c:\users\5jghkoaofdp\desktop\6l2vjzd4y qgt3nzdwl.wav.lime | 94.81 KB (97088 bytes) |
MD5:
91d0b4f5783581561a077f8f92b3141a
SHA1: 6147e5c1bf5e5854614d0860a930541b3bd13c0a SHA256: 24839805f0ecab51b4ca4ec822fd6fc436a1efee638ec9fa0d78e8049563e19a |
|
|
c:\users\5jghkoaofdp\desktop\6s fhiyfbc68fla.flv.lime | 34.31 KB (35136 bytes) |
MD5:
5736547bcb17855352e15fa8a8cf0da8
SHA1: f098feb70877d38ced438ee66153f493e248bf0f SHA256: b5f360c039a2d602364df75508f673b2821af174ea595822405d62d693011c48 |
|
|
c:\users\5jghkoaofdp\desktop\7huc np.mkv.lime | 98.38 KB (100736 bytes) |
MD5:
da7cb2f1323a5a5708599b5d07b641ec
SHA1: f61222d95ff46b88b9f29322f7a5763527bfebb0 SHA256: 1a5c0cdcd3f33a0184d467c99c9837721f0857358187bdd10589ae23d7d23ace |
|
|
c:\users\5jghkoaofdp\desktop\makfq5zaptizrce7iru.ods.lime | 54.59 KB (55904 bytes) |
MD5:
88831cd5bfab6063eaacddee7e5c6938
SHA1: f9d5013d07ae92624abd6562e8419c166a123bcb SHA256: a07ba284e07f3c583e34972e57d8c5654396224169d3da853520c17402f409d8 |
|
|
c:\users\5jghkoaofdp\desktop\mv3nggj4w65.png.lime | 23.56 KB (24128 bytes) |
MD5:
65b2b016d015d7f31a9818d6f03daa3d
SHA1: 61341e31998a1faa5153037cfddae14c34248d20 SHA256: a613402abe1b7b0b647c9051b2399363463e072c10cc0bace9749318cc302f97 |
|
|
c:\users\5jghkoaofdp\desktop\wvjrcaiyskl.jpg.lime | 20.16 KB (20640 bytes) |
MD5:
be0e7a5ab911465203ec7f5487da93e5
SHA1: 8dc5d60e704a256ffc8571c6d80a75cdf89e8c14 SHA256: f3c16f8c60c2fb20fc0197d73375f282b376ba8836ee0a418760fbc7062aecb7 |
|
|
c:\users\5jghkoaofdp\desktop\xcdhr9fnegvb5d0.pdf.lime | 3.33 KB (3408 bytes) |
MD5:
b8f3165a278ec51a42def26e8d173a8b
SHA1: 79ce39666cceb936f4716a46d148f25b222ceb68 SHA256: fe0ae165145e455fff3ebd83a651d9bf07341b479dc9fdefd93517245e123c6d |
|
|
c:\users\5jghkoaofdp\desktop\c opbv-sts\hv1siahr-wdxqnisdtes.m4a.lime | 41.38 KB (42368 bytes) |
MD5:
237ddb41e9949baeb6693976da0830ea
SHA1: 06a03690a1af6bd7f5fadb302a280a25024ae48d SHA256: efb821296eed29cbdccc6425afa105c2bff2dea737615d4f4d2ff92b02038ba3 |
|
|
c:\users\5jghkoaofdp\desktop\rsvw596pft9dfxj qf8\7mq72ddmzjhmf.jpg.lime | 74.06 KB (75840 bytes) |
MD5:
9b4d9414327de03c6621157276c20c03
SHA1: 3f4ffc64a14c8511feca0f2241393d0683d5c1ed SHA256: 98d0f7a708417bbc365ac91078f7170c2da6cec0fc60b0cc5a08227ed372984e |
|
|
c:\users\5jghkoaofdp\desktop\#decryptor.exe | 393.00 KB (402432 bytes) |
MD5:
067c61ebc26990537ed9c52908cc6025
SHA1: 00df5ad324626992fd83ecfca84b7297bbbfaa26 SHA256: 60ef3c12e67a01d4445dc3bfac5545fc85b94e33c6c806a681186a5e1ed58561 |
|
|
c:\users\5jghkoaofdp\desktop\#decryptor.exe | 393.00 KB (402437 bytes) |
MD5:
a0e0875ab72ff05e04a2b928a30da0f8
SHA1: 8b0e48e33f8c824b55227b7b504f84ccb996136b SHA256: 0ae0c749e69b33ad8fd3b14820a46bc39eae027a75fddc791dccb16b449a2bfc |
|
|
c:\users\5jghkoaofdp\desktop\#background.png | 29.08 KB (29775 bytes) |
MD5:
292cc611f0a5c4acd4cb5dd1fab236f6
SHA1: 7e89c27d5cd44cd53b8ab6c8c08aab6ce0bc07fe SHA256: cfaca5d62f7d5ea934b3a80069c3de24b062c6fc7d696f2514dd587bf86ebcca |
|
|
c:\users\5jghkoaofdp\documents\-spm6vjb.odt | 62.44 KB (63938 bytes) |
MD5:
58393dcbf626cfa2e64abf5f28575be8
SHA1: db10c994113b5425ff93b59581a5c9c46aaabf33 SHA256: 4bf873910a64441ccaeacdf8852d1b07f0c6c469c8cfb30394f133e51fa22a86 |
|
|
c:\users\5jghkoaofdp\documents\0u2ya.docx | 11.68 KB (11958 bytes) |
MD5:
a320cd9c75e3083bf63fb92c7649ae6b
SHA1: f630cf75c0ef711b159af4c02fdbde959cffe1bb SHA256: 406b291294e6c4c1cc2decbe675545637cdb8c133c87981c4c64e77c64a9bda9 |
|
|
c:\users\5jghkoaofdp\documents\7wwg1y1tq2o4xif.pdf | 1.33 KB (1359 bytes) |
MD5:
fb6f7a95eb2466d83942f7c860d0ef92
SHA1: 5ea740cdcd863e75c1956671fd51ee1162a195cf SHA256: c1d0c9c9b48e9e14473f247bb4e690c6d06d998a23736a9c5e2ccd731e7792df |
|
|
c:\users\5jghkoaofdp\documents\9tmo3uu8-scl.xlsx | 92.20 KB (94414 bytes) |
MD5:
18cc57d055dbd0f5941e23419aa65ab0
SHA1: 0f7166e2dcf95cffcf647a2b333b315c3935a2ab SHA256: d32ef1ff293d8fb074e59a5a9e467a733fbc624bfbcb2a9a9790611e8f7540f8 |
|
|
c:\users\5jghkoaofdp\documents\aeghbubms5ntl.pptx | 68.30 KB (69943 bytes) |
MD5:
d1cf1130d18e6e4c74d3bfabb2b92f21
SHA1: 88874850a50903aae0caed235f60af3dc455a512 SHA256: 8a7c1123605a784568aa1e4cf62f3a256ea92417822c24eedf7ce27bc2e02158 |
|
|
c:\users\5jghkoaofdp\documents\c94gq1vfwvfbcdgwkd_.docx | 85.76 KB (87821 bytes) |
MD5:
7ad8bc3380511b4925e6395d3fcfa9b2
SHA1: bbb28eea7616ab36b23d6251cc24a225d88b279d SHA256: 15c7a555d745149508e5d327dfe1139ea7b1d860da904e2c014f4e97248489b2 |
|
|
c:\users\5jghkoaofdp\documents\desktop.ini | 0.39 KB (402 bytes) |
MD5:
ecf88f261853fe08d58e2e903220da14
SHA1: f72807a9e081906654ae196605e681d5938a2e6c SHA256: cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844 |
|
|
c:\users\5jghkoaofdp\documents\erhcl a2gbl1at.docx | 48.87 KB (50041 bytes) |
MD5:
a7b21e63df46e1fb905b2a522b7344d8
SHA1: 62c19701ef52142244eb102156dd39592777cd7e SHA256: 1057f4a6ee8945b5b62a519f2083f3b59cc3f8e311481e348b098468a0815126 |
|
|
c:\users\5jghkoaofdp\documents\eyedf199l.xlsx | 90.38 KB (92552 bytes) |
MD5:
a96f62abda1c6e0b69ea17b84a75e4ba
SHA1: d7a6de0a918d918fae62b5771741b0efa317ff6b SHA256: ed7d8f2de672435bee20e565ab6e5976af4a74758bf2092b6cf236a01d0c74a2 |
|
|
c:\users\5jghkoaofdp\documents\g 5zx6m5n.docx | 14.73 KB (15083 bytes) |
MD5:
7fcd1501bb1e6377cfc477ac38c6cd6a
SHA1: b702e0777e4cc9886593859d41e1be0b2af85781 SHA256: 8e3c9160ca415a81f42630372690914b8bf8573acdf356074dc75d3e47a5d296 |
|
|
c:\users\5jghkoaofdp\documents\gmur.xlsx | 78.11 KB (79981 bytes) |
MD5:
997cb45da07305a5295adadce04410e6
SHA1: 0336a5e1609006d5fda1de11a43ad59f6b350afb SHA256: ab9e36a1aecbf6ad45a86034a161f115a8b4f031e8bec177f46e30d421aadb31 |
|
|
c:\users\5jghkoaofdp\documents\h2pcxtbbfd di.xlsx | 61.44 KB (62916 bytes) |
MD5:
b5d11377e240c9d4182487819bb696e5
SHA1: 558b695cc95730f732c8ddf3f7ed973c55b6981b SHA256: aa037a1aeb4fbd6ab534fe2fe774fc71d0f03ca79b5a1b6d972b9042763557a6 |
|
|
c:\users\5jghkoaofdp\documents\iydmli-q8mf8cj.ppt | 19.60 KB (20068 bytes) |
MD5:
89a101f6735aebaeb9f2f37bcb7c35a4
SHA1: 96dec5a6c017ddd0e7b3286507ca03679c18b8b0 SHA256: 70c616a305d92876229444b03d2787e15060de5f05eb19f10d3752366db99fa9 |
|
|
c:\users\5jghkoaofdp\documents\o9jfc-djnb qx4.pptx | 26.77 KB (27412 bytes) |
MD5:
a4fa2518874f45be4ea728dd59e06469
SHA1: 82a9792fe24d414d390cf6369866d6c2a2d8c2f7 SHA256: d3a44d490722d497c7235ccaa833fd5671d7841413c1d32d36817dbb10b6509b |
|
|
c:\users\5jghkoaofdp\documents\oczespochpv.csv | 97.40 KB (99738 bytes) |
MD5:
a6dd475d55ae89c0c495742667cf04c9
SHA1: 4486320b73acfc1cf4252b7c3f6aa0c6a848fc2b SHA256: 04c473b3899dfc95ac0675156eed6e91581a6e3b335ff95217a5b8177a6fe076 |
|
|
c:\users\5jghkoaofdp\documents\oojiqe2ti5vbxcbhng2.docx | 1.66 KB (1702 bytes) |
MD5:
927100c1e43af166a66ee4c719e986cb
SHA1: f0e74f7a3bb23214f26ea45c5f0b01f36e25c3ec SHA256: 7c4667ca8b873156623e4a119071b383b7dedeb3e08cbef83aec421f8a135039 |
|
|
c:\users\5jghkoaofdp\documents\wvqxspnlmsl.xlsx | 88.29 KB (90406 bytes) |
MD5:
9e597634dd83f188f7c54793ea7911fc
SHA1: e0d16a8f056927b5ccb1c71bc6704743693a3c25 SHA256: e3663a81a83b566044a2b5d0161e9f999e212457451fedebad7fa690eca372d8 |
|
|
c:\users\5jghkoaofdp\documents\x7nab3sx5u.pptx | 94.18 KB (96442 bytes) |
MD5:
2ddc0f8eb8daf54320413c3827ca96f8
SHA1: 5e20b75ea989cb07f8c4660f8f8b1fe993d0630e SHA256: e817aa9e9feb2cf9ab35ba5901f1dfd21a8c39b3da500445e836f3700a251489 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\0r-udw4thkiupl-orh_.odt | 94.90 KB (97180 bytes) |
MD5:
f100080dc8c3ad3c4b3f107a423a3bf9
SHA1: c40ee4d57022abf161f1ed3a7698e854279dc938 SHA256: 162f9044fc4e24728ae4e3cad7751f7d863cc00f78d2580922a782868af94eaa |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\b37k-lfrwivyw.pps | 25.73 KB (26344 bytes) |
MD5:
a246d5fca5d699a98740cc3261a36f1f
SHA1: bf2848ae0818f8390b4cc0556c4a47978665654a SHA256: a8daddf7d9bf5c4fb1aad39a1fe4ecb4345a37e8f3f2900c011096a4f5043232 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\pvdit6.pdf | 39.51 KB (40454 bytes) |
MD5:
52ce1e0b7ce3bc2061c3131c7c0b1f6f
SHA1: aeea0a492c9be1f442267b6d80c375e957705e3a SHA256: 69310ae8f6f9562a68bc46aae8f37fcf21a15c60f068c13fe9adca43a2bfc07f |
|
|
c:\users\5jghkoaofdp\documents\my shapes\desktop.ini | 0.21 KB (216 bytes) |
MD5:
14967ba849b93421843b52d7e50b75a8
SHA1: 523e3329eaf92f12918c1ceaee8b575e74e88318 SHA256: 88c8875112fe06eeb89c4b53bab11c72f6db6ad6621fbc94c29e0ac50f83cb06 |
|
|
c:\users\5jghkoaofdp\documents\my shapes\favorites.vssx | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\users\5jghkoaofdp\documents\my shapes\_private\folder.ico | 29.22 KB (29926 bytes) |
MD5:
5130ee1b914d382af41ff3a35eb151b8
SHA1: 81ad3e1731197926cc36fa9d12a1b224b6b82f5c SHA256: baaf97e8e0606daecc8c3271b73b91b1d8b1f2e521ae677480b0a3f87173eb39 |
|
|
c:\users\5jghkoaofdp\documents\outlook files\cjeijc.diuv@div.com.pst | 265.00 KB (271360 bytes) |
MD5:
ca76558a6946bce314bad215edd2ad25
SHA1: 52930ef4033d72843f561d9f2d0a02d27fdf3dbf SHA256: cf63f7457bda0006f06cd6716b75216b6a759671ee82787baeb28f1a7a921e8c |
|
|
c:\users\5jghkoaofdp\pictures\8yzc.gif | 47.27 KB (48401 bytes) |
MD5:
32c698f3bc99e6ee641f8d19fbd32533
SHA1: c63afa5a10f4034a3bd3c2f24caa0b4839e6d5ba SHA256: 6e6fb90bc296c80d98f9c69c60b6fc5a7c3c8aaa6dc04547e0656002bef29caa |
|
|
c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a.lime | 86.42 KB (88496 bytes) |
MD5:
bc321946df2fb79b64c3fd4e4e4946e6
SHA1: 3d97b8fd35439ef2969a0cd93d966d1e7e908de1 SHA256: 03da487ed31144fba421d1e0456526c29ddfd99decd8b3923a4d3500cc940626 |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Microsoft\hash | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\desktop.ini.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\Od32To.mp3.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg.Lime | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\NTUSER.DAT | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL | 1 |
Fn
|
|
Create Directory | C:\Microsoft | - | 1 |
Fn
|
|
Get Info | C:\Microsoft\ | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Microsoft | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Microsoft\hash | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents | type = file_attributes | 116 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\desktop.ini | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\desktop.ini | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\desktop.ini | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX | type = file_attributes | 18 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn | type = file_attributes | 26 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7 | type = file_attributes | 15 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T | type = file_attributes | 14 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Pictures | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes | type = file_attributes | 18 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private | type = file_attributes | 10 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Videos | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks | type = file_attributes | 6 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook | type = file_attributes | 6 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Outlook Files | type = file_attributes | 4 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures | type = file_attributes | 36 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\GhM3IdiNT.gif | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl | type = file_attributes | 28 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP | type = file_attributes | 10 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music | type = file_attributes | 30 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\desktop.ini | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\desktop.ini | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\desktop.ini.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\desktop.ini | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Od32To.mp3.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3 | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3 | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\EQRSjs.wav | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw | type = file_attributes | 59 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Videos | type = file_attributes | 12 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop | type = file_attributes | 56 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\m6MihhsYl_M5kam0.swf | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\ViLLuBaagV2DSJK7a.png | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\gnOVeG6HPj.doc | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs | type = file_attributes | 10 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\3zph\3gLjWk8Dnbmky\_epX.png | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\3zph\3gLjWk8Dnbmky | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8 | type = file_attributes | 8 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp | type = file_attributes | 6 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\Crypt.exe.config | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | type = file_type | 6 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | type = file_attributes | 3 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\Crypt.exe | type = file_attributes | 1 |
Fn
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt | size = 63938, size_out = 63938 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx | size = 11958, size_out = 11958 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf | size = 4096, size_out = 1359 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx | size = 94414, size_out = 94414 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx | size = 69943, size_out = 69943 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx | size = 87821, size_out = 87821 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\desktop.ini | size = 4096, size_out = 402 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx | size = 50041, size_out = 50041 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx | size = 92552, size_out = 92552 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx | size = 15083, size_out = 15083 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx | size = 79981, size_out = 79981 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx | size = 62916, size_out = 62916 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt | size = 20068, size_out = 20068 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv | size = 99738, size_out = 99738 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx | size = 4096, size_out = 1702 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx | size = 96442, size_out = 96442 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps | size = 26344, size_out = 26344 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt | size = 82476, size_out = 82476 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx | size = 56410, size_out = 56410 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp | size = 88134, size_out = 88134 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf | size = 42329, size_out = 42329 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx | size = 74682, size_out = 74682 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc | size = 14639, size_out = 14639 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv | size = 70163, size_out = 70163 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods | size = 31883, size_out = 31883 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini | size = 4096, size_out = 216 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico | size = 29926, size_out = 29926 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 | size = 6184, size_out = 6184 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2 | size = 271360, size_out = 271360 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif | size = 48401, size_out = 48401 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png | size = 67452, size_out = 67452 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp | size = 26990, size_out = 26990 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png | size = 45565, size_out = 45565 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif | size = 99332, size_out = 99332 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp | size = 24639, size_out = 24639 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif | size = 19957, size_out = 19957 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif | size = 56673, size_out = 56673 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif | size = 46555, size_out = 46555 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp | size = 36744, size_out = 36744 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 | size = 25058, size_out = 25058 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\desktop.ini | size = 4096, size_out = 504 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav | size = 91234, size_out = 91234 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 | size = 18495, size_out = 18495 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3 | size = 33877, size_out = 33877 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a | size = 4841, size_out = 4841 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav | size = 86679, size_out = 86679 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 | size = 32419, size_out = 32419 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 | size = 83604, size_out = 83604 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav | size = 98993, size_out = 98993 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a | size = 84500, size_out = 84500 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav | size = 40223, size_out = 40223 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 | size = 87150, size_out = 87150 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav | size = 29447, size_out = 29447 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi | size = 97945, size_out = 97945 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi | size = 86280, size_out = 86280 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv | size = 69165, size_out = 69165 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav | size = 97086, size_out = 97086 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv | size = 35126, size_out = 35126 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv | size = 100724, size_out = 100724 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods | size = 55899, size_out = 55899 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png | size = 24118, size_out = 24118 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg | size = 20631, size_out = 20631 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf | size = 4096, size_out = 3393 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a | size = 42356, size_out = 42356 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg | size = 75837, size_out = 75837 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 402432, size_out = 402432 | 1 |
Fn
Data
|
|
Write | C:\Microsoft\hash | size = 50 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime | size = 63952 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime | size = 11968 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime | size = 1360 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime | size = 94416 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime | size = 69952 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime | size = 87824 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime | size = 416 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime | size = 50048 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime | size = 92560 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime | size = 15088 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime | size = 79984 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime | size = 62928 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime | size = 20080 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime | size = 99744 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime | size = 1712 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime | size = 96448 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime | size = 26352 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime | size = 2192 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx.Lime | size = 58416 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt.Lime | size = 82480 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx.Lime | size = 56416 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp.Lime | size = 88144 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf.Lime | size = 42336 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx.Lime | size = 74688 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc.Lime | size = 14640 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv.Lime | size = 70176 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\9bwEefny0rpp.ods.Lime | size = 31888 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime | size = 224 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime | size = 16 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime | size = 29936 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime | size = 271376 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime | size = 48416 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png.Lime | size = 67456 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp.Lime | size = 26992 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\auOxLTYRVw31 BiYhvN.png.Lime | size = 45568 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif.Lime | size = 99344 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp.Lime | size = 5664 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp.Lime | size = 24640 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif.Lime | size = 19968 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif.Lime | size = 56688 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif.Lime | size = 46560 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp.Lime | size = 102080 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp.Lime | size = 36752 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3.Lime | size = 25072 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\desktop.ini.Lime | size = 512 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav.Lime | size = 91248 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\Od32To.mp3.Lime | size = 18496 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\Q0Ua0AHEpDpsIaUeq0.mp3.Lime | size = 33888 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a.Lime | size = 4848 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav.Lime | size = 86688 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3.Lime | size = 32432 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3.Lime | size = 83616 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav.Lime | size = 99008 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a.Lime | size = 84512 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav.Lime | size = 87888 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav.Lime | size = 40224 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3.Lime | size = 87152 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav.Lime | size = 29456 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi.Lime | size = 97952 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi.Lime | size = 86288 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\2kZLcFwdX.mkv.Lime | size = 69168 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav.Lime | size = 97088 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv.Lime | size = 35136 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\7huc nP.mkv.Lime | size = 100736 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods.Lime | size = 55904 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png.Lime | size = 24128 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg.Lime | size = 20640 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\xCdHr9FnegVb5D0.pdf.Lime | size = 3408 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a.Lime | size = 42368 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\RSvw596pfT9dfXj QF8\7mq72DdMZjhMf.jpg.Lime | size = 75840 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 402432 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 4096 | 98 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 1029 | 1 |
Fn
Data
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\desktop.ini | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\dupIwyYc2Jp.docx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\gTN-k.odt | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\mT8RyiDfz3cr.pptx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nAdn7QwB885NzAt O.odp | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\nuvaV.rtf | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\U2 jrSbzpiR7OxWWq.pptx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\w anjoZ7.doc | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\Vksw T\77jQfTI.csv | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\97QMvfP-n9T7b4U.png | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\9pzHJofdZk0Fqc8d56gX.bmp | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\GhM3IdiNT.gif | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\hosHP.gif | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\cn2.bmp | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\eEmVU3Dk.bmp | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\FnZhHkemnJG.gif | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\NR6dMjKJCnTfSCqR.gif | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\bGLKOcSLaAs0zqepqxl\qKgeyNbDLJNjdCbMJb.gif | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\B4tjiTd_NYk uV.bmp | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\cGLZ_jmC_lOB0ujFfP\DC394OBjo9C.bmp | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\C-56aS7eiAlL.mp3 | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\desktop.ini | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\GrU-M3D0ihjQ.wav | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\Od32To.mp3 | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\EQRSjs.wav | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\GGnH.m4a | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gQfYFnBUFHd0b2hNpcm.wav | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\gWCYViWIi.mp3 | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\kz2M.mp3 | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\QvxPYeWmyW121.wav | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\SY3CPSU.m4a | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UfKL.wav | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\UXKqt2i9X6PC8.wav | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\vW e9IJ.mp3 | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\_wGbp3Qw\yOtFLh9S-- H9v.wav | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Videos\40Y6k2FUB.avi | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\2-Lzf_caeYTdiH8Ls.avi | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\6L2VJzd4y qgt3nZDwL.wav | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\6s FhIyFBc68flA.flv | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\m6MihhsYl_M5kam0.swf | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\mAKFQ5ZAPTIzrcE7IrU.ods | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\mV3NggJ4W65.png | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\ViLLuBaagV2DSJK7a.png | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\wVjrCaIySkl.jpg | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\gnOVeG6HPj.doc | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\HV1SiahR-wDxQNIsDtes.m4a | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\c OpBv-sTs\3zph\3gLjWk8Dnbmky\_epX.png | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | - | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - | 1 |
Fn
|
|
Open Key | HKEY_LOCAL_MACHINE\Software\ConsoleApplication1\ConsoleApplication1\1.0.0.0 | - | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | comctl32.dll | base_address = 0x77280000 | 1 |
Fn
|
|
Get Handle | comctl32.dll | base_address = 0x0 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x75e30000 | 1 |
Fn
|
|
Get Handle | c:\users\5jghkoaofdp\desktop\crypt.exe | base_address = 0x140000 | 8 |
Fn
|
|
Get Handle | c:\windows\syswow64\comctl32.dll | base_address = 0x77280000 | 14 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x7431bdea | 1 |
Fn
|
Operation | Window Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 32966158 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 32966278 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 32966358 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551608, new_long = 393242 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551608, new_long = 393242 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551600, new_long = 41943040 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551596, new_long = 589825 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 32966398 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 328064 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 | 1 |
Fn
|
Information | Value |
---|---|
ID | #2 |
File Name | c:\users\5jghkoaofdp\desktop\#decryptor.exe |
Command Line | "C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe" |
Initial Working Directory | C:\Users\5JgHKoaOfdp\Desktop\ |
Monitor | Start Time: 00:01:31, Reason: Modified File |
Unmonitor | End Time: 00:03:13, Reason: Terminated by Timeout |
Monitor Duration | 00:01:42 |
Information | Value |
---|---|
PID | 0x9ec |
Parent PID | 0x3f8 (c:\windows\explorer.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | FIVAUF\5JgHKoaOfdp |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
9E4
0x
9DC
0x
3B4
0x
0
0x
60C
0x
4E0
0x
944
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
#decryptor.exe | 0x00fb0000 | 0x01017fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000001020000 | 0x01020000 | 0x0103ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001020000 | 0x01020000 | 0x0102ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000001030000 | 0x01030000 | 0x01033fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001040000 | 0x01040000 | 0x01040fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001050000 | 0x01050000 | 0x0105efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001060000 | 0x01060000 | 0x0109ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000010a0000 | 0x010a0000 | 0x0119ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000011a0000 | 0x011a0000 | 0x011a3fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000011b0000 | 0x011b0000 | 0x011b0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000011c0000 | 0x011c0000 | 0x011c1fff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x011d0000 | 0x0124dfff | Memory Mapped File | Readable |
|
|||
private_0x0000000001250000 | 0x01250000 | 0x01250fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001260000 | 0x01260000 | 0x01260fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000001270000 | 0x01270000 | 0x0127ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000001280000 | 0x01280000 | 0x0128ffff | Private Memory | - |
|
|||
private_0x0000000001290000 | 0x01290000 | 0x0129ffff | Private Memory | - |
|
|||
private_0x00000000012a0000 | 0x012a0000 | 0x012affff | Private Memory | - |
|
|||
private_0x00000000012b0000 | 0x012b0000 | 0x012bffff | Private Memory | - |
|
|||
private_0x00000000012c0000 | 0x012c0000 | 0x012cffff | Private Memory | - |
|
|||
private_0x00000000012d0000 | 0x012d0000 | 0x012d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000012e0000 | 0x012e0000 | 0x012e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000012f0000 | 0x012f0000 | 0x0132ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001330000 | 0x01330000 | 0x01330fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001330000 | 0x01330000 | 0x01333fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001340000 | 0x01340000 | 0x01343fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001350000 | 0x01350000 | 0x0135ffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000001360000 | 0x01360000 | 0x0136ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001370000 | 0x01370000 | 0x013affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000013b0000 | 0x013b0000 | 0x013bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000013c0000 | 0x013c0000 | 0x013cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000013d0000 | 0x013d0000 | 0x0144ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000013d0000 | 0x013d0000 | 0x013dffff | Private Memory | - |
|
|||
private_0x00000000013e0000 | 0x013e0000 | 0x013effff | Private Memory | - |
|
|||
tzres.dll | 0x013f0000 | 0x013f1fff | Memory Mapped File | Readable |
|
|||
private_0x00000000013f0000 | 0x013f0000 | 0x013f3fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001400000 | 0x01400000 | 0x01402fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001410000 | 0x01410000 | 0x01410fff | Pagefile Backed Memory | Readable, Writable |
|
|||
tzres.dll.mui | 0x01420000 | 0x01427fff | Memory Mapped File | Readable |
|
|||
private_0x0000000001420000 | 0x01420000 | 0x01423fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001430000 | 0x01430000 | 0x01430fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001440000 | 0x01440000 | 0x0144ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001450000 | 0x01450000 | 0x0145ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001460000 | 0x01460000 | 0x014fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001500000 | 0x01500000 | 0x0153ffff | Private Memory | Readable, Writable |
|
|||
user32.dll.mui | 0x01540000 | 0x01544fff | Memory Mapped File | Readable |
|
|||
private_0x0000000001550000 | 0x01550000 | 0x0155ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001560000 | 0x01560000 | 0x01560fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001560000 | 0x01560000 | 0x01563fff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x0000000001570000 | 0x01570000 | 0x01572fff | Pagefile Backed Memory | Readable |
|
|||
windowsshell.manifest | 0x01580000 | 0x01580fff | Memory Mapped File | Readable |
|
|||
private_0x0000000001580000 | 0x01580000 | 0x0158ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001590000 | 0x01590000 | 0x0168ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001690000 | 0x01690000 | 0x01817fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001820000 | 0x01820000 | 0x019a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000019b0000 | 0x019b0000 | 0x02daffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002db0000 | 0x02db0000 | 0x02eaffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002eb0000 | 0x02eb0000 | 0x04eaffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004eb0000 | 0x04eb0000 | 0x04faffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x04fb0000 | 0x05284fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000005290000 | 0x05290000 | 0x05380fff | Pagefile Backed Memory | Readable |
|
|||
comctl32.dll | 0x05390000 | 0x05412fff | Memory Mapped File | Readable |
|
|||
private_0x0000000005390000 | 0x05390000 | 0x054dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005390000 | 0x05390000 | 0x0548ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000005490000 | 0x05490000 | 0x05491fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000054a0000 | 0x054a0000 | 0x054affff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000054a0000 | 0x054a0000 | 0x054a0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000054b0000 | 0x054b0000 | 0x054bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054b0000 | 0x054b0000 | 0x054b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054b0000 | 0x054b0000 | 0x054b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054b0000 | 0x054b0000 | 0x054b4fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054b0000 | 0x054b0000 | 0x054b7fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054c0000 | 0x054c0000 | 0x054c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054c0000 | 0x054c0000 | 0x054c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054d0000 | 0x054d0000 | 0x054dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054e0000 | 0x054e0000 | 0x054e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054e0000 | 0x054e0000 | 0x054effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054f0000 | 0x054f0000 | 0x05507fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054f0000 | 0x054f0000 | 0x054fffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000054f0000 | 0x054f0000 | 0x054f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005510000 | 0x05510000 | 0x05510fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005530000 | 0x05530000 | 0x0553ffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000005540000 | 0x05540000 | 0x0570ffff | Private Memory | Readable, Writable |
|
|||
~fontcache-system.dat | 0x05540000 | 0x055e4fff | Memory Mapped File | Readable |
|
|||
private_0x00000000055f0000 | 0x055f0000 | 0x056effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005700000 | 0x05700000 | 0x0570ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000005710000 | 0x05710000 | 0x05c01fff | Pagefile Backed Memory | Readable, Writable |
|
|||
~fontcache-fontface.dat | 0x05c10000 | 0x06c0ffff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000006c10000 | 0x06c10000 | 0x0700bfff | Pagefile Backed Memory | Readable |
|
|||
staticcache.dat | 0x07010000 | 0x07e7ffff | Memory Mapped File | Readable |
|
|||
mscorrc.dll | 0x07e80000 | 0x07ee0fff | Memory Mapped File | Readable |
|
|||
private_0x0000000007ef0000 | 0x07ef0000 | 0x07f6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000007f70000 | 0x07f70000 | 0x08070fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000007f70000 | 0x07f70000 | 0x080d1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
comctl32.dll | 0x70c00000 | 0x70de5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x70df0000 | 0x70df7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwrite.dll | 0x70f90000 | 0x71101fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.runtime.remoting.ni.dll | 0x71110000 | 0x711d4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.windows.forms.ni.dll | 0x711e0000 | 0x71e25fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.core.ni.dll | 0x71e30000 | 0x724d2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.ni.dll | 0x724e0000 | 0x72e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscorlib.ni.dll | 0x72e70000 | 0x73f04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msls31.dll | 0x73f60000 | 0x73f90fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x73fa0000 | 0x73fb3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
riched20.dll | 0x73fc0000 | 0x7403ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.drawing.ni.dll | 0x74060000 | 0x741f1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x74200000 | 0x74217fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74220000 | 0x742fafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apphelp.dll | 0x74300000 | 0x74398fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shcore.dll | 0x743c0000 | 0x74435fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clrjit.dll | 0x74440000 | 0x744bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
microsoft.visualbasic.ni.dll | 0x744c0000 | 0x74698fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel.appcore.dll | 0x746a0000 | 0x746a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcr120_clr0400.dll | 0x746b0000 | 0x74786fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clr.dll | 0x74790000 | 0x74e2afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoreei.dll | 0x74e30000 | 0x74eadfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoree.dll | 0x74eb0000 | 0x74f05fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bcryptprimitives.dll | 0x74f10000 | 0x74f62fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x74f70000 | 0x74f78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74f80000 | 0x74f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x74fb0000 | 0x75027fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
combase.dll | 0x75040000 | 0x7518dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75190000 | 0x75297fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x754c0000 | 0x755b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x755c0000 | 0x755e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x755f0000 | 0x7572ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75730000 | 0x757e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x757f0000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x75950000 | 0x75a1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75be0000 | 0x75c1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75c60000 | 0x75ce6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75d40000 | 0x75d80fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x75e30000 | 0x75f7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75f80000 | 0x7712cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdiplus.dll | 0x77130000 | 0x7727cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x77280000 | 0x77305fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x773a0000 | 0x7745dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x77480000 | 0x77488fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x77490000 | 0x774d8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x774e0000 | 0x77547fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77550000 | 0x776b7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007f47d000 | 0x7f47d000 | 0x7f47ffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007f480000 | 0x7f480000 | 0x7f48ffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x000000007f490000 | 0x7f490000 | 0x7f4dffff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x000000007f4e0000 | 0x7f4e0000 | 0x7f5dffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x000000007f5e0000 | 0x7f5e0000 | 0x7f602fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f605000 | 0x7f605000 | 0x7f605fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007f606000 | 0x7f606000 | 0x7f606fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007f607000 | 0x7f607000 | 0x7f609fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007f60a000 | 0x7f60a000 | 0x7f60cfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007f60d000 | 0x7f60d000 | 0x7f60ffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7ff9d524ffff | Private Memory | Readable |
|
|||
ntdll.dll | 0x7ff9d5250000 | 0x7ff9d53f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00007ff9d53fa000 | 0x7ff9d53fa000 | 0x7ffffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 5 entries are omitted.
The remaining entries can be found in flog.txt. |
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\5jghkoaofdp\documents\my new app.accdb | 340.00 KB (348160 bytes) |
MD5:
c45d578f9e9a1266af3cc6e5e97ba22c
SHA1: 6c88ea4d469d67607c080ff382d00a99b1d1848f SHA256: 540d34f9fdd75b168b375af16a03fb56931cc091f3307e93b4c00ec425005b44 |
|
|
c:\users\5jghkoaofdp\documents\opm-kssufbhrnfhi.pptx | 73.42 KB (75177 bytes) |
MD5:
7e44c83622cf642a687436b19bbdf7c5
SHA1: 5257ebcbfe67babe8da4af6a572ba0b5f1ebf35b SHA256: 6495949d27728f9ab2513312a2372533c3d6d129fbe1a97c43f91aebd3e36de9 |
|
|
c:\users\5jghkoaofdp\documents\sbskabnlrtuf_m3v.pps | 30.60 KB (31339 bytes) |
MD5:
ede2a099d42c2e374add4cf4ed6d8a66
SHA1: 9fac5bd2d032ac39299e49a47fb09cb5dd81d0ca SHA256: 7efc6b3cee4c81707c2b7cf4debe15932f70e2a0e347dc9ca6a78056f1d17665 |
|
|
c:\users\5jghkoaofdp\documents\vuzmaoyqtk9.xlsx | 17.26 KB (17675 bytes) |
MD5:
97b5850dcd3d927977faeef6ec644fc0
SHA1: 2af6bec46ea945bf863fedf9a49a54b869398c7e SHA256: 76427017d90f9a394db4b8c58bec354b8b41e7864edfd50e0228116a38c6cdc5 |
|
|
c:\users\5jghkoaofdp\documents\vy83cxy9y.pptx | 51.37 KB (52600 bytes) |
MD5:
1d8a7b969ceffa682c848fc0b28a2d22
SHA1: 701ae2a769a783b87e2b46193b13b1f6d5af6742 SHA256: 6b5310ad5e9a05d2d15893db1024d69735f09319d52f5f5f90f6c67763b63ce4 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ghgjaavctako.odp | 5.10 KB (5221 bytes) |
MD5:
133115af56e424faf213adbd499d2a62
SHA1: 4eed0715e868fe993aecfd668632e0d29813361a SHA256: b432cea438644d72e9b27f52704db1bfc26b5fb3d3922f23ef042ab553fc5b38 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\miqzp.pps | 2.14 KB (2190 bytes) |
MD5:
ac96e352209a62467275e902ac3351e6
SHA1: 09fb35368d6f79f3e89b345df2d4f44337f00a08 SHA256: 761cea0b1c9d61215a481c300ddf15a3427be7b5f32ba8564edec23becf097bb |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\sjkbeubnh7w9.doc | 75.55 KB (77360 bytes) |
MD5:
c70ea899fb2f0ebe752b448cddb37ea9
SHA1: c25aaa40c4e8c2b1f0d0db77f960ba0b80c70060 SHA256: c44f4fd12538fe0d64d47517d212ba3aaa1fdad1588afaf198ab5161646e4b21 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\sqfvqa7ma39tieo.pps | 25.36 KB (25965 bytes) |
MD5:
8848697dc3f2d84ce39e5cc9dd05aa48
SHA1: 714c58ac882aeadffdad48d6824aa1ddf4862f07 SHA256: f88e6e581e1d51fb0e1eeb4db2246f92a5d885fe6d6e6ef24adaf4b93cc04774 |
|
|
c:\users\5jghkoaofdp\documents\kaaornrraztx\ao-nff kn\bwmjpnluzwsovw5ida\hdvr7lfi7ye7\lksfxnysxlvz37r4o.ppt | 50.26 KB (51471 bytes) |
MD5:
cb36d07465657ab460d8553a2391194a
SHA1: 5c6b28582292b1e7684a31f931f428c981f444cb SHA256: 2022cb33b3c14bf23a99a7bc1052d3fb8c2b51b0ade81c1b8063bd3cefd819a1 |
|
|
c:\users\5jghkoaofdp\documents\onenote notebooks\my notebook\quick notes.one | 353.54 KB (362024 bytes) |
MD5:
8225e9a335045f929e70f16497be6a6e
SHA1: 967a519bee766ec649faa21cf2d5641a5c858353 SHA256: 7420b80abec64b239c7823ab16d3b00914c10e1b35a50350391ba96cc579e81a |
|
|
c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\ittew9vaxdbq.m4a | 86.41 KB (88483 bytes) |
MD5:
9c6d979affdd7860884bb04c98d10afa
SHA1: b0fedebe8cd378113eab7e494f560583c16e57fe SHA256: 325dcda1b80ee42747d77d69ee1a91c512ac806099b440df64f942a18724446b |
|
|
c:\users\5jghkoaofdp\music\fedb6bw2fnxwe\lbl5mdka70eza0p4h.wav | 84.50 KB (86525 bytes) |
MD5:
b53e14cc282779545cf989170687d987
SHA1: 0e7841b54bd3dd81d48fd2aeb211d15030b799f5 SHA256: 17e53cb0c9bd954dddb7d5c56fa4d4c464b5fddb6f8245d586f3cfab73e0358a |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My New App.accdb | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Create | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | type = file_type | 2 |
Fn
|
|
Get Info | C:\Windows\SYSTEM32\RichEd20.DLL | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe.config | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents | type = file_attributes | 148 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\desktop.ini | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My New App.accdb | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX | type = file_attributes | 42 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7 | type = file_attributes | 12 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Pictures | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes | type = file_attributes | 18 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private | type = file_attributes | 10 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook | type = file_attributes | 4 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Outlook Files | type = file_attributes | 10 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures | type = file_attributes | 10 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe | type = file_attributes | 10 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime | type = size, size_out = 0 | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav | type = file_type | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime | type = file_attributes | 2 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\AppData\Local | type = file_attributes | 6 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\AppData\Local\EmieSiteList | type = file_attributes | 6 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\AppData\Local\EmieUserList | type = file_attributes | 6 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\AppData\Local\Google | type = file_attributes | 6 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\AppData\Local\Google\Chrome | type = file_attributes | 6 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\AppData\Local\Google\Chrome\User Data | type = file_attributes | 2 |
Fn
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 4096, size_out = 4096 | 98 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 4096, size_out = 1029 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 1019, size_out = 0 | 1 |
Fn
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 4096, size_out = 0 | 1 |
Fn
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime | size = 63952, size_out = 63952 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime | size = 11968, size_out = 11968 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime | size = 4096, size_out = 1360 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime | size = 94416, size_out = 94416 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime | size = 69952, size_out = 69952 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime | size = 87824, size_out = 87824 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime | size = 4096, size_out = 416 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime | size = 50048, size_out = 50048 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime | size = 92560, size_out = 92560 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime | size = 15088, size_out = 15088 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime | size = 79984, size_out = 79984 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime | size = 62928, size_out = 62928 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime | size = 20080, size_out = 20080 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime | size = 348176, size_out = 348176 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime | size = 27424, size_out = 27424 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime | size = 99744, size_out = 99744 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime | size = 4096, size_out = 1712 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime | size = 75184, size_out = 75184 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps.Lime | size = 31344, size_out = 31344 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime | size = 17680, size_out = 17680 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime | size = 52608, size_out = 52608 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime | size = 90416, size_out = 90416 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime | size = 96448, size_out = 96448 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime | size = 97184, size_out = 97184 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime | size = 26352, size_out = 26352 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime | size = 5232, size_out = 5232 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime | size = 4096, size_out = 2192 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime | size = 77376, size_out = 77376 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime | size = 25968, size_out = 25968 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime | size = 40464, size_out = 40464 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime | size = 4096, size_out = 224 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime | size = 4096, size_out = 16 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime | size = 29936, size_out = 29936 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime | size = 271376, size_out = 271376 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime | size = 48416, size_out = 48416 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime | size = 86528, size_out = 86528 | 1 |
Fn
Data
|
|
Read | - | size = 100720, size_out = 100720 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt | size = 63938 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx | size = 11958 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf | size = 1359 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx | size = 94414 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx | size = 69943 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx | size = 87821 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\desktop.ini | size = 402 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx | size = 50041 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx | size = 92552 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx | size = 15083 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx | size = 79981 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx | size = 62916 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt | size = 20068 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\My New App.accdb | size = 348160 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx | size = 27412 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv | size = 99738 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx | size = 1702 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx | size = 75177 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\sbSKABnlrTuf_M3v.pps | size = 31339 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx | size = 17675 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx | size = 52600 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx | size = 90406 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx | size = 96442 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt | size = 97180 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps | size = 26344 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp | size = 5221 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps | size = 2190 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc | size = 77360 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps | size = 25965 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt | size = 51471 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf | size = 40454 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini | size = 216 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico | size = 29926 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one | size = 362024 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst | size = 271360 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif | size = 48401 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a | size = 88483 | 1 |
Fn
Data
|
|
Write | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav | size = 86525 | 1 |
Fn
Data
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\-sPM6vJb.odt.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\0u2YA.docx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\7wwG1Y1tq2o4XiF.pdf.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\9TMo3uu8-Scl.xlsx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\AEghbUBMs5NTL.pptx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\c94gQ1vFwVFBcDGwkD_.docx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\desktop.ini.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\erHcl A2gBL1aT.docx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\eYeDf199l.xlsx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\G 5ZX6m5N.docx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\gMur.xlsx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\h2PCXTBBfD dI.xlsx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\IYDMli-q8mF8cJ.ppt.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\My New App.accdb.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\o9Jfc-DjnB qX4.pptx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\OCZESPOCHPv.csv.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\oOjIQe2Ti5VBxCBHnG2.docx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\Opm-KSsufbHrNFHI.pptx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\VUzmAoyqtk9.xlsx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\vy83CXY9Y.pptx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\wvqxSPNlMSl.xlsx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\x7naB3SX5u.pptx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\0r-uDW4THkIUpl-oRh_.odt.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\B37K-LfrWIVyw.pps.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\ghGjaAvcTAKO.odp.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\MIQzp.pps.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\sJKbeUBnH7w9.doc.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\SqfVqA7Ma39tIEO.pps.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\lKSFxnySxlvz37R4o.ppt.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\KaaOrNRraztX\AO-nFf kn\BWmJPNLUzWsoVW5iDA\hDVR7Lfi7YE7\pvDIt6.pdf.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\My Shapes\desktop.ini.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\My Shapes\Favorites.vssx.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\My Shapes\_private\folder.ico.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\OneNote Notebooks\My Notebook\Quick Notes.one.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Documents\Outlook Files\cjeijc.diuv@div.com.pst.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Pictures\8YzC.gif.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\ittEW9VaXDBQ.m4a.Lime | - | 1 |
Fn
|
|
Delete | C:\Users\5JgHKoaOfdp\Music\Fedb6bw2FnxWe\lBl5MdKA70EZa0p4H.wav.Lime | - | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - | 1 |
Fn
|
|
Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - | 1 |
Fn
|
|
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | - | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = #Decryptor, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | value_name = Anchor Underline, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | value_name = Anchor Underline, data = yes, type = REG_SZ | 1 |
Fn
|
|
Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = #Decryptor, data = C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe, size = 88, type = REG_SZ | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | comctl32.dll | base_address = 0x77280000 | 1 |
Fn
|
|
Load | RichEd20.DLL | base_address = 0x73fc0000 | 1 |
Fn
|
|
Get Handle | comctl32.dll | base_address = 0x0 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x75e30000 | 1 |
Fn
|
|
Get Handle | c:\users\5jghkoaofdp\desktop\#decryptor.exe | base_address = 0xfb0000 | 30 |
Fn
|
|
Get Handle | c:\windows\syswow64\comctl32.dll | base_address = 0x77280000 | 178 |
Fn
|
|
Get Filename | RichEd20.DLL | process_name = c:\users\5jghkoaofdp\desktop\#decryptor.exe, file_name_orig = C:\Windows\SYSTEM32\RichEd20.DLL, size = 260 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x7431bdea | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\comctl32.dll | function = ImageList_WriteEx, address_out = 0x0 | 23 |
Fn
|
Operation | Window Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Decrypt | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Enter the key: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Key | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | How to buy your file ? | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | ? | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | https://www.youtube.com/watch?v=Ji9IwPId5Uk | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Message | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - | class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Bictoins | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Send 100$ to this bitcoins adress: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Time | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Destruction de fichier prevue le | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Decrypt | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327118 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327238 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551608, new_long = 0 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551600, new_long = 46661632 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551596, new_long = 327681 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327278 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 131752 | 1 |
Fn
|
|
Set Attribute | Enter the key: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 | 1 |
Fn
|
|
Set Attribute | Enter the key: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327358 | 1 |
Fn
|
|
Set Attribute | Enter the key: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66230 | 1 |
Fn
|
|
Set Attribute | Key | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237568 | 1 |
Fn
|
|
Set Attribute | Key | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327438 | 1 |
Fn
|
|
Set Attribute | Key | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66232 | 1 |
Fn
|
|
Set Attribute | How to buy your file ? | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | How to buy your file ? | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327478 | 1 |
Fn
|
|
Set Attribute | How to buy your file ? | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66234 | 1 |
Fn
|
|
Set Attribute | ? | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237440 | 1 |
Fn
|
|
Set Attribute | ? | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327558 | 1 |
Fn
|
|
Set Attribute | ? | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66236 | 1 |
Fn
|
|
Set Attribute | https://www.youtube.com/watch?v=Ji9IwPId5Uk | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 | 1 |
Fn
|
|
Set Attribute | https://www.youtube.com/watch?v=Ji9IwPId5Uk | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327598 | 1 |
Fn
|
|
Set Attribute | https://www.youtube.com/watch?v=Ji9IwPId5Uk | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66238 | 1 |
Fn
|
|
Set Attribute | - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 | 1 |
Fn
|
|
Set Attribute | - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327638 | 1 |
Fn
|
|
Set Attribute | - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66240 | 1 |
Fn
|
|
Set Attribute | Message | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | Message | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89327678 | 1 |
Fn
|
|
Set Attribute | Message | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66242 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1945902605 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340198 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66244 | 1 |
Fn
|
|
Set Attribute | Bictoins | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | Bictoins | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340718 | 1 |
Fn
|
|
Set Attribute | Bictoins | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66246 | 1 |
Fn
|
|
Set Attribute | Send 100$ to this bitcoins adress: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 | 1 |
Fn
|
|
Set Attribute | Send 100$ to this bitcoins adress: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340438 | 1 |
Fn
|
|
Set Attribute | Send 100$ to this bitcoins adress: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66248 | 1 |
Fn
|
|
Set Attribute | 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237568 | 1 |
Fn
|
|
Set Attribute | 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340038 | 1 |
Fn
|
|
Set Attribute | 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66250 | 1 |
Fn
|
|
Set Attribute | Time | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | Time | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340238 | 1 |
Fn
|
|
Set Attribute | Time | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66252 | 1 |
Fn
|
|
Set Attribute | Destruction de fichier prevue le | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237664 | 1 |
Fn
|
|
Set Attribute | Destruction de fichier prevue le | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340758 | 1 |
Fn
|
|
Set Attribute | Destruction de fichier prevue le | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66254 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1999119598 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340278 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66256 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1999119598 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340478 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66258 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002237440 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340518 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 66260 | 1 |
Fn
|
|
Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340558 | 1 |
Fn
|
|
Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1949416938 | 1 |
Fn
|
|
Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 89340598 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 | 15 |
Fn
|
|
Read | virtual_key_code = VK_RBUTTON, result_out = 1 | 75 |
Fn
|
|
Read | virtual_key_code = VK_MBUTTON, result_out = 0 | 110 |
Fn
|
|
Read | virtual_key_code = VK_XBUTTON1, result_out = 0 | 110 |
Fn
|
|
Read | virtual_key_code = VK_XBUTTON2, result_out = 0 | 110 |
Fn
|
|
Read | virtual_key_code = VK_LBUTTON, result_out = 0 | 53 |
Fn
|
|
Read | virtual_key_code = VK_LBUTTON, result_out = 18446744073709551489 | 6 |
Fn
|
|
Read | virtual_key_code = VK_LBUTTON, result_out = 1 | 37 |
Fn
|
|
Read | virtual_key_code = VK_LBUTTON, result_out = 18446744073709551488 | 13 |
Fn
|
|
Read | virtual_key_code = VK_SHIFT, result_out = 1 | 11 |
Fn
|
|
Read | virtual_key_code = VK_CONTROL, result_out = 18446744073709551488 | 9 |
Fn
|
|
Read | virtual_key_code = VK_MENU, result_out = 0 | 11 |
Fn
|
|
Read | virtual_key_code = VK_CONTROL, result_out = 0 | 2 |
Fn
|
|
Read | virtual_key_code = VK_RBUTTON, result_out = 0 | 35 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Sleep | duration = 100 milliseconds (0.100 seconds) | 1 |
Fn
|
|
Sleep | duration = 10 milliseconds (0.010 seconds) | 1 |
Fn
|
Information | Value |
---|---|
ID | #3 |
File Name | c:\users\5jghkoaofdp\desktop\#decryptor.exe |
Command Line | "C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe" |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:02:29, Reason: Autostart |
Unmonitor | End Time: 00:03:13, Reason: Terminated by Timeout |
Monitor Duration | 00:00:44 |
Information | Value |
---|---|
PID | 0x3c0 |
Parent PID | 0x62c (c:\windows\explorer.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | FIVAUF\5JgHKoaOfdp |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
77C
0x
5C8
0x
5E0
0x
5D8
0x
8B8
0x
8BC
0x
8C0
0x
8C8
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
#decryptor.exe | 0x00990000 | 0x009f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000a00000 | 0x00a00000 | 0x00a1ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000a00000 | 0x00a00000 | 0x00a0ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000a10000 | 0x00a10000 | 0x00a13fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000a30000 | 0x00a30000 | 0x00a3efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000a40000 | 0x00a40000 | 0x00a7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a80000 | 0x00a80000 | 0x00b7ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000b80000 | 0x00b80000 | 0x00b83fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000b90000 | 0x00b90000 | 0x00b90fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000ba0000 | 0x00ba0000 | 0x00ba1fff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00bb0000 | 0x00c2dfff | Memory Mapped File | Readable |
|
|||
private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000c40000 | 0x00c40000 | 0x00c4ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000c60000 | 0x00c60000 | 0x00c6ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000c70000 | 0x00c70000 | 0x00c7ffff | Private Memory | - |
|
|||
private_0x0000000000c80000 | 0x00c80000 | 0x00c8ffff | Private Memory | - |
|
|||
private_0x0000000000c90000 | 0x00c90000 | 0x00c9ffff | Private Memory | - |
|
|||
private_0x0000000000ca0000 | 0x00ca0000 | 0x00caffff | Private Memory | - |
|
|||
private_0x0000000000cb0000 | 0x00cb0000 | 0x00cbffff | Private Memory | - |
|
|||
private_0x0000000000cc0000 | 0x00cc0000 | 0x00cc0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000cd0000 | 0x00cd0000 | 0x00cd0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ce0000 | 0x00ce0000 | 0x00d1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000d20000 | 0x00d20000 | 0x00e1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000e20000 | 0x00e20000 | 0x00ebffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ec0000 | 0x00ec0000 | 0x00edffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000ec0000 | 0x00ec0000 | 0x00ec0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000ec0000 | 0x00ec0000 | 0x00ec3fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000ed0000 | 0x00ed0000 | 0x00edffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ee0000 | 0x00ee0000 | 0x00eeffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000000ef0000 | 0x00ef0000 | 0x00efffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000f00000 | 0x00f00000 | 0x00ffffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001000000 | 0x01000000 | 0x0103ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001040000 | 0x01040000 | 0x01043fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001050000 | 0x01050000 | 0x0105ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001060000 | 0x01060000 | 0x0106ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001070000 | 0x01070000 | 0x011f7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001200000 | 0x01200000 | 0x01380fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001390000 | 0x01390000 | 0x0278ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002790000 | 0x02790000 | 0x0288ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002890000 | 0x02890000 | 0x0289ffff | Private Memory | - |
|
|||
private_0x00000000028a0000 | 0x028a0000 | 0x028affff | Private Memory | - |
|
|||
comctl32.dll | 0x028b0000 | 0x02932fff | Memory Mapped File | Readable |
|
|||
tzres.dll | 0x028b0000 | 0x028b1fff | Memory Mapped File | Readable |
|
|||
private_0x00000000028b0000 | 0x028b0000 | 0x028bffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000028c0000 | 0x028c0000 | 0x028c2fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000028d0000 | 0x028d0000 | 0x028d0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
tzres.dll.mui | 0x028e0000 | 0x028e7fff | Memory Mapped File | Readable |
|
|||
private_0x00000000028e0000 | 0x028e0000 | 0x0291ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002920000 | 0x02920000 | 0x02923fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002930000 | 0x02930000 | 0x02933fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002940000 | 0x02940000 | 0x02940fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002950000 | 0x02950000 | 0x0295ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002960000 | 0x02960000 | 0x0495ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x04960000 | 0x04c34fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000004c40000 | 0x04c40000 | 0x04d30fff | Pagefile Backed Memory | Readable |
|
|||
~fontcache-system.dat | 0x04d40000 | 0x04de4fff | Memory Mapped File | Readable |
|
|||
user32.dll.mui | 0x04df0000 | 0x04df4fff | Memory Mapped File | Readable |
|
|||
private_0x0000000004e00000 | 0x04e00000 | 0x04e0ffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000004e10000 | 0x04e10000 | 0x04ffffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004e10000 | 0x04e10000 | 0x04f0ffff | Private Memory | Readable, Writable |
|
|||
micross.ttf | 0x04f10000 | 0x04fb2fff | Memory Mapped File | Readable |
|
|||
mscorrc.dll | 0x04f10000 | 0x04f70fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000004f80000 | 0x04f80000 | 0x04f80fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000004f80000 | 0x04f80000 | 0x04f83fff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x0000000004f90000 | 0x04f90000 | 0x04f92fff | Pagefile Backed Memory | Readable |
|
|||
windowsshell.manifest | 0x04fa0000 | 0x04fa0fff | Memory Mapped File | Readable |
|
|||
private_0x0000000004fa0000 | 0x04fa0000 | 0x04faffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004fb0000 | 0x04fb0000 | 0x04fb1fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000004fc0000 | 0x04fc0000 | 0x04fcffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004fc0000 | 0x04fc0000 | 0x04fc0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004fd0000 | 0x04fd0000 | 0x04fdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004fd0000 | 0x04fd0000 | 0x04fd0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004fd0000 | 0x04fd0000 | 0x04fd0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004fd0000 | 0x04fd0000 | 0x04fd4fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004fd0000 | 0x04fd0000 | 0x04fd7fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004fe0000 | 0x04fe0000 | 0x04fe0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004ff0000 | 0x04ff0000 | 0x04ffffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005000000 | 0x05000000 | 0x050fffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000005100000 | 0x05100000 | 0x055f1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000005100000 | 0x05100000 | 0x05100fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005100000 | 0x05100000 | 0x05106fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005110000 | 0x05110000 | 0x05127fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005130000 | 0x05130000 | 0x05130fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005140000 | 0x05140000 | 0x0517ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005180000 | 0x05180000 | 0x0527ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005280000 | 0x05280000 | 0x052bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000052c0000 | 0x052c0000 | 0x053bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000053c0000 | 0x053c0000 | 0x053fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005400000 | 0x05400000 | 0x054fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005500000 | 0x05500000 | 0x0553ffff | Private Memory | Readable, Writable |
|
|||
~fontcache-fontface.dat | 0x05600000 | 0x065fffff | Memory Mapped File | Readable |
|
|||
private_0x0000000006600000 | 0x06600000 | 0x069fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000006a00000 | 0x06a00000 | 0x06afffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000006b00000 | 0x06b00000 | 0x06efbfff | Pagefile Backed Memory | Readable |
|
|||
staticcache.dat | 0x06f00000 | 0x07d6ffff | Memory Mapped File | Readable |
|
|||
private_0x0000000007d70000 | 0x07d70000 | 0x07deffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000007df0000 | 0x07df0000 | 0x07ef0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000007df0000 | 0x07df0000 | 0x07f51fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000007f60000 | 0x07f60000 | 0x0805ffff | Private Memory | Readable, Writable |
|
|||
shcore.dll | 0x70e10000 | 0x70e85fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x70e90000 | 0x71075fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x71080000 | 0x71087fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msls31.dll | 0x71090000 | 0x710c0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x710d0000 | 0x710e3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
riched20.dll | 0x710f0000 | 0x7116ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwrite.dll | 0x71170000 | 0x712e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.runtime.remoting.ni.dll | 0x712f0000 | 0x713b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x713c0000 | 0x713d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.windows.forms.ni.dll | 0x713e0000 | 0x72025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.drawing.ni.dll | 0x72030000 | 0x721c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clrjit.dll | 0x721d0000 | 0x7224cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
microsoft.visualbasic.ni.dll | 0x72250000 | 0x72428fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.core.ni.dll | 0x72430000 | 0x72ad2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
system.ni.dll | 0x72ae0000 | 0x7346cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x73470000 | 0x7354afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel.appcore.dll | 0x73550000 | 0x73558fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscorlib.ni.dll | 0x73560000 | 0x745f4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcr120_clr0400.dll | 0x74600000 | 0x746d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clr.dll | 0x746e0000 | 0x74d7afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoreei.dll | 0x74d80000 | 0x74dfdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apphelp.dll | 0x74e00000 | 0x74e98fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscoree.dll | 0x74ea0000 | 0x74ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bcryptprimitives.dll | 0x74f00000 | 0x74f52fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x74f60000 | 0x74f68fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74f70000 | 0x74f8cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x74f90000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x750b0000 | 0x75160fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75170000 | 0x751e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdiplus.dll | 0x751f0000 | 0x7533cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x755c0000 | 0x756c7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x756d0000 | 0x7580ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x75810000 | 0x75895fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x758a0000 | 0x75996fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x759a0000 | 0x75a6efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75ab0000 | 0x75b36fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x75be0000 | 0x75d2efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x75d30000 | 0x75dedfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x75df0000 | 0x75e14fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75f30000 | 0x75f6dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x76120000 | 0x76160fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x76170000 | 0x7731cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
combase.dll | 0x77320000 | 0x7746dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x77470000 | 0x774b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x774c0000 | 0x77527fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x77530000 | 0x77538fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007fdc1000 | 0x7fdc1000 | 0x7fdc3fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007fdc4000 | 0x7fdc4000 | 0x7fdc6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007fdc7000 | 0x7fdc7000 | 0x7fdc9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007fdca000 | 0x7fdca000 | 0x7fdccfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007fdcd000 | 0x7fdcd000 | 0x7fdcffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007fdd0000 | 0x7fdd0000 | 0x7fddffff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x000000007fde0000 | 0x7fde0000 | 0x7fe2ffff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x000000007fe30000 | 0x7fe30000 | 0x7ff2ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x000000007ff30000 | 0x7ff30000 | 0x7ff52fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007ff55000 | 0x7ff55000 | 0x7ff57fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ff58000 | 0x7ff58000 | 0x7ff5afff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ff5b000 | 0x7ff5b000 | 0x7ff5dfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ff5e000 | 0x7ff5e000 | 0x7ff5efff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ff5f000 | 0x7ff5f000 | 0x7ff5ffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7ff8927dffff | Private Memory | Readable |
|
|||
ntdll.dll | 0x7ff8927e0000 | 0x7ff892989fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00007ff89298a000 | 0x7ff89298a000 | 0x7ffffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 4 entries are omitted.
The remaining entries can be found in flog.txt. |
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | type = file_type | 2 |
Fn
|
|
Get Info | C:\Windows\SYSTEM32\RichEd20.DLL | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe.config | type = file_attributes | 1 |
Fn
|
|
Get Info | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | type = file_attributes | 1 |
Fn
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 4096, size_out = 4096 | 98 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 4096, size_out = 1029 | 1 |
Fn
Data
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 1019, size_out = 0 | 1 |
Fn
|
|
Read | C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe | size = 4096, size_out = 0 | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - | 1 |
Fn
|
|
Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - | 1 |
Fn
|
|
Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | - | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = #Decryptor, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | value_name = Anchor Underline, data = 0, type = REG_SZ | 1 |
Fn
|
|
Read Value | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main | value_name = Anchor Underline, data = yes, type = REG_SZ | 1 |
Fn
|
|
Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = #Decryptor, data = C:\Users\5JgHKoaOfdp\Desktop\#Decryptor.exe, size = 88, type = REG_SZ | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Load | comctl32.dll | base_address = 0x75810000 | 1 |
Fn
|
|
Load | RichEd20.DLL | base_address = 0x710f0000 | 1 |
Fn
|
|
Get Handle | comctl32.dll | base_address = 0x0 | 1 |
Fn
|
|
Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x75be0000 | 2 |
Fn
|
|
Get Handle | c:\users\5jghkoaofdp\desktop\#decryptor.exe | base_address = 0x990000 | 36 |
Fn
|
|
Get Handle | c:\windows\syswow64\comctl32.dll | base_address = 0x75810000 | 163 |
Fn
|
|
Get Filename | RichEd20.DLL | process_name = c:\users\5jghkoaofdp\desktop\#decryptor.exe, file_name_orig = C:\Windows\SYSTEM32\RichEd20.DLL, size = 260 | 1 |
Fn
|
|
Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x74e1bdea | 2 |
Fn
|
|
Get Address | c:\windows\syswow64\comctl32.dll | function = ImageList_WriteEx, address_out = 0x0 | 12 |
Fn
|
Operation | Window Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
Create | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Decrypt | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Enter the key: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Key | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | How to buy your file ? | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | ? | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | https://www.youtube.com/watch?v=Ji9IwPId5Uk | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Message | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - | class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Bictoins | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Send 100$ to this bitcoins adress: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Time | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Destruction de fichier prevue le | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | Decrypt | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, wndproc_parameter = 0 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 | 2 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790478 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790598 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551608, new_long = 0 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551600, new_long = 46661632 | 1 |
Fn
|
|
Set Attribute | #Lime Decryptor | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551596, new_long = 327681 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790638 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65956 | 1 |
Fn
|
|
Set Attribute | Enter the key: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 | 1 |
Fn
|
|
Set Attribute | Enter the key: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790718 | 1 |
Fn
|
|
Set Attribute | Enter the key: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65958 | 1 |
Fn
|
|
Set Attribute | Key | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172032 | 1 |
Fn
|
|
Set Attribute | Key | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790798 | 1 |
Fn
|
|
Set Attribute | Key | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65960 | 1 |
Fn
|
|
Set Attribute | How to buy your file ? | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 | 1 |
Fn
|
|
Set Attribute | How to buy your file ? | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790838 | 1 |
Fn
|
|
Set Attribute | How to buy your file ? | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65962 | 1 |
Fn
|
|
Set Attribute | ? | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002171904 | 1 |
Fn
|
|
Set Attribute | ? | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790918 | 1 |
Fn
|
|
Set Attribute | ? | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65964 | 1 |
Fn
|
|
Set Attribute | https://www.youtube.com/watch?v=Ji9IwPId5Uk | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 | 1 |
Fn
|
|
Set Attribute | https://www.youtube.com/watch?v=Ji9IwPId5Uk | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790958 | 1 |
Fn
|
|
Set Attribute | https://www.youtube.com/watch?v=Ji9IwPId5Uk | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65966 | 1 |
Fn
|
|
Set Attribute | - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 | 1 |
Fn
|
|
Set Attribute | - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81790998 | 1 |
Fn
|
|
Set Attribute | - Add money to your paypal account (=120) - Create bitcoin account - - With your bitcoins account, send the money to our adress | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65968 | 1 |
Fn
|
|
Set Attribute | Message | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 | 1 |
Fn
|
|
Set Attribute | Message | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81791038 | 1 |
Fn
|
|
Set Attribute | Message | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65970 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1896816141 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803998 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.RichEdit20W.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65972 | 1 |
Fn
|
|
Set Attribute | Bictoins | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 | 1 |
Fn
|
|
Set Attribute | Bictoins | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803798 | 1 |
Fn
|
|
Set Attribute | Bictoins | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65974 | 1 |
Fn
|
|
Set Attribute | Send 100$ to this bitcoins adress: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 | 1 |
Fn
|
|
Set Attribute | Send 100$ to this bitcoins adress: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803398 | 1 |
Fn
|
|
Set Attribute | Send 100$ to this bitcoins adress: | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65976 | 1 |
Fn
|
|
Set Attribute | 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172032 | 1 |
Fn
|
|
Set Attribute | 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803838 | 1 |
Fn
|
|
Set Attribute | 1PNh6dmaUtv96C7ezTdUqVvfWBUYuCBbUM | class_name = WindowsForms10.EDIT.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65978 | 1 |
Fn
|
|
Set Attribute | Time | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 | 1 |
Fn
|
|
Set Attribute | Time | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803878 | 1 |
Fn
|
|
Set Attribute | Time | class_name = WindowsForms10.Window.8.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65980 | 1 |
Fn
|
|
Set Attribute | Destruction de fichier prevue le | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002172128 | 1 |
Fn
|
|
Set Attribute | Destruction de fichier prevue le | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803758 | 1 |
Fn
|
|
Set Attribute | Destruction de fichier prevue le | class_name = WindowsForms10.STATIC.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65982 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1971397870 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803278 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65984 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1971397870 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803478 | 1 |
Fn
|
|
Set Attribute | - | class_name = WindowsForms10.msctls_progress32.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65986 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 2002171904 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81804038 | 1 |
Fn
|
|
Set Attribute | Decrypt | class_name = WindowsForms10.BUTTON.app.0.2bf8098_r11_ad1, index = 18446744073709551604, new_long = 65988 | 1 |
Fn
|
|
Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 1960951274 | 1 |
Fn
|
|
Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.2bf8098_r11_ad1, index = 18446744073709551612, new_long = 81803318 | 1 |
Fn
|
|
Set Attribute | .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.2bf8098.0, index = 18446744073709551612, new_long = 1960951274 | 1 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 | 3 |
Fn
|
|
Read | virtual_key_code = VK_RBUTTON, result_out = 0 | 9 |
Fn
|
|
Read | virtual_key_code = VK_MBUTTON, result_out = 0 | 9 |
Fn
|
|
Read | virtual_key_code = VK_XBUTTON1, result_out = 0 | 9 |
Fn
|
|
Read | virtual_key_code = VK_XBUTTON2, result_out = 0 | 9 |
Fn
|
|
Read | virtual_key_code = VK_LBUTTON, result_out = 1 | 8 |
Fn
|
Operation | Additional Information | Success | Count | Logfile |
---|---|---|---|---|
Get Cursor | x_out = 1362, y_out = 468 | 2 |
Fn
|
|
Sleep | duration = 100 milliseconds (0.100 seconds) | 1 |
Fn
|
|
Sleep | duration = -1 (infinite) | 1 |
Fn
|
This feature requires an online-connection to the VMRay backend.
An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".