1.exe
Windows Exe (x86-32)
Created at 2019-07-04T17:39:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: 1.exe
5352
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\1.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\1.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:28, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc48 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2E8
0x
A88
0x
F64
0x
4C4
0x
F84
0x
F78
0x
8F4
0x
CC8
0x
2D0
0x
260
0x
D9C
0x
C58
0x
AEC
0x
D20
0x
A98
0x
CF4
0x
FA0
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 1.exe | 0x009B0000 | 0x009C4FFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\Desktop\1.exe | 67.00 KB |
MD5:
2ab38a18e49cce095d672abfaa210cf6
SHA1: ea07f27bff4c4706a84f723e3e75b1e47f9d8196 SHA256: 00ac3af56227e8ed3df43457297c72e2f91ad04fb1c7553df377ed7f8875b31c SSDeep: 1536:mkGB8nHbKUvryElSpi8jCZGcqDKlKnr8d7kuggk9TdoRH:mFBMHRvrAjCZmKcnr8w/i |
|
|
| \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-0115].[fileisafe@tuta.io].actin | 41.97 KB |
MD5:
927b1e3dd1355872b4746a86c6ea0c00
SHA1: 6c82ee36eb5ad6e8c84be4493fd3ebe3180ad5fa SHA256: e95c05f098b2d8e6d7c491f01b0367c57ce5f9bb4302e691a5fa75654e1f0cf7 SSDeep: 768:/+l2zBmNISS7grqXFeCGiR3aBZhXSuOiu0Wn4/6R2bNjUzJZkC:4CkhigrIPGC3aBHOx0K410rN |
|
|
| \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id[B4197730-0115].[fileisafe@tuta.io].actin | 6.16 KB |
MD5:
e0a16d0e737d6bdf1f1c5f35bf863f7d
SHA1: a1a983c141a385ed9323828c72dd178aab04d58d SHA256: b82450ae0dcd17d00b72791a2d309220161e005d321dbd36abfa2d91bb838dcd SSDeep: 96:QtcvKBRQJNdxeizdFJ/D2DUKiVq2ZY9Vq02efdzfxockJsUR7ssKBEokJQqRsei4:+oJTdfb2DRqMVqPefUc5UR7sVCBPgA3 |
|
|
| \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd.id[B4197730-0115].[fileisafe@tuta.io].actin | 578 bytes |
MD5:
3b0388479f3bb0273b72e986d0c1b72c
SHA1: 03b3ef9d5ebcd8b0816dd7a6b98e219a18e51723 SHA256: 33dec986b6d3bcbaa6b11734b449d000d26e8890fa327d2d4a1599b407246491 SSDeep: 12:wA3xh6wBtuMlhMaO3QczQ3QCv+HL+GQ5PpyXMZuryEAjwIf:wARXlqeh3QCmZg43rPAX |
|
|
| \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | 386 bytes |
MD5:
e3d60bc1f05ae482d12bbb116cee0156
SHA1: 44bd05d54b2dd6292562a14b03ab9d0f04c84923 SHA256: e468c6158f71b4184f3be8bef2aefa6df8e0be38f5140f37c9931addfc429107 SSDeep: 6:oNMXBGePxexJ2V8gPqVuZfYVOgqPz2ral91PVJyFZliYDEcbwRSQ:oC8ePxeT2V80q0iQgqbZryEAjwV |
|
|
| \\?\C:\588bce7c90097ed212\1025\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 7.63 KB |
MD5:
4039e044417375c3bfffb791b3f76327
SHA1: 5cfb19ba10ed542c1dc96175fe99a5e13fff657b SHA256: 4aa8ae181e565a3804cc0a53be21cdf0b840654cd37d2bb9a43de51afbfe4d8a SSDeep: 192:OLu90oK+nXmMG+1+6GFtBoIW8QVdVd098t4Ae:NioK+n7G+1OGdVLqAe |
|
|
| \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 59.66 KB |
MD5:
31a92905bf0f87f80c2573541c6970b0
SHA1: fade4bdfea148538018ae60c7e897b22ecab14d7 SHA256: ad444abded218d29de01488c4550e5da75def88ebeb7a4e5982e6d77252ac49d SSDeep: 1536:fWzgV4xcWpc/6ZrB+xx7pq8ixo4PUpovVEucGJcKH:OMyx5aQB+nQ8ixfPUpoVpcGJFH |
|
|
| \\?\C:\588bce7c90097ed212\1028\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 14.10 KB |
MD5:
334ec36b55668d7d8d8a7074f4c9e8fe
SHA1: 39da7e518ef2e5eff302fb2120e0acd46f6331ea SHA256: 4ee2ecd99a1a8de160b0cc96aa516d15a9ab260ffb689d061479242d571ff45d SSDeep: 384:sFULtwx9MSJ1Gr4uhNQjGhM7x6TSt8edjzFOAX:sF0OH5uhOIM4St8edjzFOi |
|
|
| \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 79.33 KB |
MD5:
0038c30737662b377554cfa68870ec94
SHA1: e0a1b878c617012aeddfe250f9626e48b99245ef SHA256: b5bc5d8a1b43e6ac77c88d4b911de607da932d012d7e2dd0410cc4d6f787b924 SSDeep: 1536:yYEppcwFtgGMKhmMoAT3KNTe/oPvuXGNdQT8zjvo/JgFP5z284B:yxLTgyfb3KNTe/SC6dQT8Ho/Jg2 |
|
|
| \\?\C:\588bce7c90097ed212\1031\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.58 KB |
MD5:
4b289a3207a2e188468360161e4e1db5
SHA1: 23cbac79abc8cb3a1233d59fc03e567a1bfdcdcd SHA256: e32f2e8079249d29b7985cb5bf8fa0d541ef258b3f6b5d047bbdf12a4980420f SSDeep: 48:+6WYq3PM9JL3Sp4C1YDmGy9/eZl8N7+c78EwnLUPlsnk/l7r+cu74sNzpBPkDw8c:u4S+C2Dmewgc7NwnTEM2sJP1L+3NgAe |
|
|
| \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 80.67 KB |
MD5:
27b18f9bfee541724e62d133ef2cb3ba
SHA1: 9276e3082788ba083be06ed509a5e7478ac54d97 SHA256: 415404b8b199fcf3e951d181912c2b1e87242dc770bb92a8cfa3d69840f09292 SSDeep: 1536:yF7tokmwZziaTsMw6nss0bzJ34x0/DwMtYjRgxcuF/1ImQUY:yNPmwZF7sH/dTD1atgxcuF/1ImQUY |
|
|
| \\?\C:\588bce7c90097ed212\1031\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.60 KB |
MD5:
838ab9b8dd9e42858931ed799265a026
SHA1: 208c4fd3a6b678c5484a448e2fb956ae19427fb3 SHA256: 941ac640ee3c8de9c53f5345c972fa34ed727c7eb3a4c231eb90bfdd4fb2212e SSDeep: 384:JiOGh32w+HhOhbx2ZTU5DJIQ5+HvRnWq/CL365WzeUqQ0jWeCu5vQgdpeuyFy1ti:jy27OhfDqPPRnWq/CLZcWeCqQSpeBUti |
|
|
| \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 84.52 KB |
MD5:
ef8125c1f20489c1e83dad2cf6343179
SHA1: 9f9c81268fc8862aeead1a23de3ba7f3717abef2 SHA256: 89c499669f6cc26e257fd9a688bfb75c4af5f5778019409eaedbbfcd1fcdb09a SSDeep: 1536:LRDdkfpb0xo2G/XjPxR9w/SJPq+v88cz7DQOUeIeH3gZH/pEZk9QlDj0PGSGzVAS:LEWrqTPTaYC+v1u7DQOUeLH0EZkKxIPa |
|
|
| \\?\C:\588bce7c90097ed212\1033\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.36 KB |
MD5:
c1d007291edb38311a96e61123b87da0
SHA1: 9f0625987346c57426b14e2121381eefc881e1e3 SHA256: 0ed9276c6b3993b38f0f681e9e211299f2dbb9776c607d542de22f9e75d43bcb SSDeep: 96:sC9TLmoyAJIkvT0au9r9J3MtVetYB0zgPOksHmAe:sC9TLmsRvT0aux/3M8YBs1kCmAe |
|
|
| \\?\C:\588bce7c90097ed212\1033\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 17.10 KB |
MD5:
e33a3fc5406113d4690fc45ebfc16073
SHA1: 85a18e98a7f0baf7c68d7187f9d43d054faebb9c SHA256: ffc668f22c871c2216dc1e23508b1400cacba2740bd89eba88eb0a4ac0d49b04 SSDeep: 384:jFLKV1UR8Jg6tg87PusSAHzN+5GvmIkxCKzDzwhEOtWcqrTeBh6sDAX:j5SURB6tgYPuAZ+AvmIkxCKvkRerwDi |
|
|
| \\?\C:\588bce7c90097ed212\1035\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.86 KB |
MD5:
5c5f6497bfa4168958be381e53645820
SHA1: 8bb135c172382aefa5bb83b832bf30ecf06a541b SHA256: c2119129ddb6e98fb5b4f73bb54d35bb1540bd00f1d9a17918b87b181d755908 SSDeep: 96:OtCGKDKGl4exNI6LaPfO9d+UTi+1sRHQLXQzNpcmS9WQc7Ae:4lKDKGWexNIMa3g2+q4b9WQQAe |
|
|
| \\?\C:\588bce7c90097ed212\1035\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.10 KB |
MD5:
e54f8723ce05c948c3204d72c07338c5
SHA1: 97dc84e66460c5be4160fd1fa3d6a2ef278b9cc9 SHA256: 9741c97613244924516019c48d102e3f67e7230226182d1a7ae1d4682997d7e2 SSDeep: 384:0SBDKAZcB4pqLuiPQcdHFUrtnLS5AcL4hnh2kcrIdEjRtzk+DzKl63EkrB8k6pAX:0SDcB4MLzP1HuLmnkNcrI4z/e63skYi |
|
|
| \\?\C:\588bce7c90097ed212\1036\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.69 KB |
MD5:
79427c399a539b370392f8414b38026f
SHA1: 5bead6b872fee8f620a674a60761979b94f15f0b SHA256: 1b554429020c7569b1316e631e952e4b38448c0071a36217608258254f91f989 SSDeep: 96:5FhPbHbzwkvJjue92lbKl6+EmNhRaS6Ae:JbHjie92QlHnaS6Ae |
|
|
| \\?\C:\588bce7c90097ed212\1036\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.60 KB |
MD5:
7477fe5ab0c5bd445858837fa5b54d0d
SHA1: 13d750edae1ae1cdb0771b068afabfaab54c9f61 SHA256: ff1c341c313ad4d2075cdd892728b4966f8f6ead4bca96ccddf3f679d896357f SSDeep: 384:R7Bu8aMNJku3C7FCfkv02IToSEXSL0q/mQKAX:ntakfPoS1Q8mti |
|
|
| \\?\C:\588bce7c90097ed212\1037\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 16.60 KB |
MD5:
a9b4301f52c4201a58f3b9b63653709a
SHA1: 15cf77cda8ccfcc9f81d6dce77fdde6dc3e38d39 SHA256: 95f1a5d5c91780154373b21d177e056d5dd9b1ad8e3260e0557244852933fd60 SSDeep: 384:KlkvrRMW5rlMWg/wLkiXpRcXfKzOPIFciU8DYqKJAAig/OCf3yL5dfCpoAX:MM9MW5rlWo9XEXfmOWAigt2Xapoi |
|
|
| \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 84.67 KB |
MD5:
31c6b513e3065868b8fd998fcd7540bd
SHA1: 2046060a558db927cc57f8fdbf8d81a4528703c8 SHA256: cc1da1141e89f8a68c22ec434fe2658e57c85f962ea503d9fdc8a7e72b9688ce SSDeep: 1536:DUpYoqVMdq3JbDBckV7CfvhefiJJ8v3vc1/7xjrM29JVntmYK1ydgzMbC:D0uVUGZc5ppa3YjY6JVwdYdX2 |
|
|
| \\?\C:\588bce7c90097ed212\1038\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.60 KB |
MD5:
04c18a74f938f53fe418db51e1aef6d5
SHA1: 885315a0f435eadb216775940669297e31c63963 SHA256: 0a0d97245e101864bf0bd8c7a3117399e682d5d2b700546e47e3da0ee7738adf SSDeep: 384:jLVKVT70HcSvhUKICqjgUDzyTUduFxSYOcAX:IZ7GcshRqjgUDOTUMTi |
|
|
| \\?\C:\588bce7c90097ed212\1040\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.80 KB |
MD5:
e545425e3b49a83a22f82ddc815c4188
SHA1: 27f78cef569272b2df013346d97b2ea4a501d0d5 SHA256: 841ed119c9d3fb36a77f1b6ddd241da07e55b9c1a9fee184e5bff33215e6c4d2 SSDeep: 96:Y4FqwrPfe8LPgSnvx9gskcdOZd+ogUqhYcJYQIR3zXSrB8dIAe:Y4Fqwrfpb5nvDj3sZd+oVqhXSQezXSVz |
|
|
| \\?\C:\588bce7c90097ed212\1038\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 4.39 KB |
MD5:
673be93ff7736cd046cb447ea6791432
SHA1: 5fcf353832ae1b21cf91b17ab2164bca8dc51d3e SHA256: 8e002e72cabbc8e293f1fdb2821f29d423abe6f3d537fcc2075b3ea0aece59b2 SSDeep: 96:VtlKMTDVByg/1NGKV/2SsQyR3f/TuJjrT826C9La2yAVSMo9Vwz0hKSAe:VuM/2q1sKV/cQyRv/TuW6LaZAVSMo9ey |
|
|
| \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 66.89 KB |
MD5:
039e83f594c3537f85187f70db0c7bda
SHA1: 5b3af482f0e5bf88022562cc207fce561f0e348c SHA256: be00fb7de9bba60ec43331a85bd3d4f8ce1779cc5c3f3a6dd7aefd025ede6040 SSDeep: 1536:J1A5aBn7GvIRMAZoPDnEhojJ+HMLo/ql4mvVfQHrdTra/:J1A5e7GQRm5JoMLo/qVvVfOrdHa/ |
|
|
| \\?\C:\588bce7c90097ed212\1042\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 12.63 KB |
MD5:
0a32517064270c2e0f847b6bc8baa042
SHA1: 75e151827a9260888d5cb3fdfe5fc224883995a6 SHA256: 60b0d8fc98629820020c6ec0bbfc1f50316b2ae384022830309d32cdf4194d36 SSDeep: 192:TaN2jKbzVlh52ibnCOAe+60UtN3iRLJF8sU450gigiC0CRSnO7JAe:T7GTXbCkxtNw8BFnC0fn4JAe |
|
|
| \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 63.97 KB |
MD5:
8ee76ee8a7e8cb8c820562ce055825c1
SHA1: eb3b89daa98296c4880937b4ca26d9b606cf9171 SHA256: 2c449db9020a536b17c4505e45baadfa0c9cfe0454ce97644e4e72076e0d3c29 SSDeep: 768:JGABltCI/FrfrLTQn4MrIcFCXqYTaeXwmzNgEvBBPdGcVpsH53rCpcZwUEP3Qdvn:JGgt9/PSSLlNwmWEpLgcmn0I |
|
|
| \\?\C:\588bce7c90097ed212\1040\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.10 KB |
MD5:
b579dbbdc56640e0393db2546e76dc94
SHA1: e62f973104f2de009f569381d426cabfee3715e5 SHA256: 3e938df5a5644e672e913c48e3a6981f4200d934c78f797a91d2b84a81e96bfa SSDeep: 384:87VA0oTcse0+FQlBIHps1139kRfVRRakQKNuxCirhUgTomWi3WnKbcU2X/AX:8BzoThj+OlT1rkdb0KNsrhgiovPX/i |
|
|
| \\?\C:\588bce7c90097ed212\1043\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.71 KB |
MD5:
705884db90069ddd68e440f541732587
SHA1: 1d6995096ecb965f87c272357faa6ee32ee1c341 SHA256: 44ccb4e31563e5fc5926243f0a152b2375c21737fa5b97a62482472506132ff7 SSDeep: 48:Hm74g2DMBvsLFCZ8/FZ/ynR9LlgxGSmc2y+n+h3ce0VTRDaAAto/NRRtyPLkYhhp:HcBiZ6R9ZgxGSh2axgQji/NYp/bH2mAe |
|
|
| \\?\C:\588bce7c90097ed212\1043\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.10 KB |
MD5:
169a2b6d08b0d450afca85228059c589
SHA1: bae68f792d0da3c4f07ebad2cb458801431ae359 SHA256: 1fb34fa98c8801fe3fb20c3cee411b69dc6646f4c2ebdba7bed907a0cd993d68 SSDeep: 384:4valxN90bYcLEQthgjZfswwTK0GLvK1GmrT5YxGEX9VuBZfAX:4wTjZDOK0GbKgKEGk9VmZfi |
|
|
| \\?\C:\588bce7c90097ed212\1044\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 17.60 KB |
MD5:
db549e58b7c4d48b97c95e8c232461a6
SHA1: 8adb528f265cb3fbc6d0a4f2347058075443bcae SHA256: 67e45a6262be6b2c80c738aaf5fe0adc08f030c34e322c7ac59a71ca06421958 SSDeep: 384:IR/0EH5GTrgNlrwPmUuxsoeSdsURWTKJtKcLsJAX:G/lFlZRVeSW9utdLsJi |
|
|
| \\?\C:\588bce7c90097ed212\1045\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 4.19 KB |
MD5:
a23d2a4b7cfa2844723f71cc6cd27c33
SHA1: 4aca64f4df0c98c02d68238c4add1a3ed8068954 SHA256: d916a0ee6126ac5aca29eef42eff1e3bb337664d8cc6be4d9053cadab2a14b66 SSDeep: 96:4FPZ27k7kufeCDF4zWWFhOFoTPKVFtNu9DEeduazHQjwBMeAe:OBkpXzvFgjzqDhduac8BMeAe |
|
|
| \\?\C:\588bce7c90097ed212\1045\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.10 KB |
MD5:
0fcf9b3de77f179c1ae95ae5903a066e
SHA1: f32c5844489b5ac0c904a24b0de2a59251f496e4 SHA256: 3795d043f0d1effe29e6979a986a567d3c4a5340ff50e14a75807d84d0cf9bf6 SSDeep: 384:mQ9q1AuHyCcDU9DNc3K7yhqafQI7wd1NE8n53m0YF6FYdQOX4diT78qAX:0VH3cDURNX7cqaGd1N/8eoQOIsi |
|
|
| \\?\C:\588bce7c90097ed212\1046\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.10 KB |
MD5:
c1727be1c774bb1d8d79b775169b62ec
SHA1: b8ede92345a84b6d4fb416b5931785e174c82c90 SHA256: 1d5aa36cb8444c2ca181b509def39b263c258ca0c57cbbe55605f3bea69afefc SSDeep: 384:nwRsLfojXfxN4n1O04JNcrLXmgvkK7ZB8LfWvF/8zrtVXw7AX:5fqN4nI0wN+7lmfWvuXtVXw7i |
|
|
| \\?\C:\588bce7c90097ed212\1053\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 4.02 KB |
MD5:
b75f62e8f9cf1e746672427b60215a7d
SHA1: 7819addaea5a66ff6c6407cb0b39a7d6c521ae12 SHA256: d42ec33a52aee99e2dd9d02e8317ac13a2874d885968c79e72b4a96903a02101 SSDeep: 96:DFA2r0wNAkkDimO+LWrMVxbj0YzGl0qA+xn9ruhtpnVBAe:5GwGqMjbql0qA+x9ahtpPAe |
|
|
| \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 76.13 KB |
MD5:
f3100163ce40899100174d391592c89d
SHA1: cf28fe1b922fdd3d659dc3ad9cd933c00642c551 SHA256: 12f637179e18b81d066b49cb7a8a6be8e6266aa1d7ee7047803d598697299bcc SSDeep: 1536:GTkpuvqY42viREBA/y5iW86DCdi3MD6EQlKA4GMclaKrobkeH/N6S+CYmX0:vYqRnK5iwCgU4lKA4NcltKkW9X0 |
|
|
| \\?\C:\588bce7c90097ed212\1053\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 17.60 KB |
MD5:
c48918f0b9e045a6aa72596886132614
SHA1: 51ee071882b3715386f26be3df5022aac513e44b SHA256: 0aaa9285a9d3b3f6693e4637a05a5fbc00fff0126c22a0966f8ff0dfa326b897 SSDeep: 384:hXXv7GhT4Gqtl17EeBG4NTJ/+ASQoXBVQJdBAX:l/aV4Jl1a62AS1VQJdBi |
|
|
| \\?\C:\588bce7c90097ed212\1055\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 4.02 KB |
MD5:
29aabb46e9c3bc9fb9864f4349cc30a6
SHA1: c1b89835ea535f368e479933714e2264898e9296 SHA256: 1b6a9c41048aec9e3ba876dbd5103584275ce4952d1abc8df6c290d0ffa7638e SSDeep: 96:7fFDO7yu2bx0oSpIvYNNguw4N1j8gM0cUQMC6Ae:dO7yuU0oLINz/1jw0MMC6Ae |
|
|
| \\?\C:\588bce7c90097ed212\1049\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.10 KB |
MD5:
0884154a46b32aef89609a1f1770c574
SHA1: 755b6f0fd048c7d35bae86619b7c43ab6eef4ccd SHA256: 676efc3cf2e000f7b2f8ad644ea0edad8ce2e4fececd9477f75fb0dd27e3246b SSDeep: 384:3JvrT1+IKLVMxG2wpbgfoXM2mOIelESqTSmZjAX:3pP1+ISVEG2KbsDLGmFi |
|
|
| \\?\C:\588bce7c90097ed212\1055\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 17.60 KB |
MD5:
46ae375def7634711ad6fbfa77ba661c
SHA1: bae85900c67a268cefdcc048868bbc88242f160d SHA256: 6a8dd07402bd5b3b8cf4235eec524b9fe173fc639e9a9fb4d671ff6621e677fb SSDeep: 384:O9bB+IAM0L+ebgWxuZ4pHTkmwMEmTIvfBfE0SQ072gsNOUFko/WTZwoF6Pc98L1i:cb590DTFxMfE0Sf2gsNrl4Ftqi |
|
|
| \\?\C:\588bce7c90097ed212\2052\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 5.94 KB |
MD5:
b0d9a8dadf16010254c0d485a873d1eb
SHA1: ebdea96a67fc96c3101923caea1d47bb87f56b6a SHA256: 619911451e9859f8a458d0409f9bdda7b961527068822fe88bf4c78e4fa985ad SSDeep: 96:GwpASgFUxylSTHlFU+ce214oRq4M4ZHvk8ixGFTxR8tRAjhmLxqdNIysLEoeV0qc:GUuHl0HlFU+cbRReavkRxGFTn5d4LExa |
|
|
| \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 59.52 KB |
MD5:
0f68a065f1353c23f0ca39a331eaf011
SHA1: 890d58a1bd511cf41efe5399b911ee021e9ce7cc SHA256: 0a949b81d271a5d9b9bef72f246074866a0c15375aabf1e19aa8a96fe1516fd4 SSDeep: 1536:Nhm3TqXvpAQvyYXuxmGxy4GKdrAc6XIOJSsiigb1xnipCC+:jYepeWLKSk6SFNa7+ |
|
|
| \\?\C:\588bce7c90097ed212\2052\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 14.10 KB |
MD5:
2dba1d6ee0b453acf2aebcd42a08c700
SHA1: 4a4307f09476ca9070e8ca5b0afc788afbde4bf6 SHA256: f498a33c588924c2403678f852604f00e0569fb352b3fc8e6c06ecdd4d6b7b48 SSDeep: 384:lbgYcHUaRAjHgkLCrGJ2HkPvlCYxKIPNJgcRAX:lcmMQHgkeK0ElrgcRi |
|
|
| \\?\C:\588bce7c90097ed212\3076\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 6.41 KB |
MD5:
35e2a64525a5668d2eb18e6ab779c57f
SHA1: 8076fc13d528a1d0c3e537e776eb163e82ba5cd1 SHA256: 30708a7d26c5dcd8739a7b7344e781b49d54d17d4262466553f6bd304ab973d4 SSDeep: 192:RPU4VbXZmF6nkjWBrBKytXHPTqCGJ2NlYch92QAAoAe:20rZHlBcI2t2NlYcO1AoAe |
|
|
| \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 59.66 KB |
MD5:
f1c77c12e81c972867440dccd837f313
SHA1: eaa8356e7396fd9f99de65a3e0e2269e435dc874 SHA256: 88b2ef60b782239a98165b2a0dfbcc02dd9cda84d76ac179e5f492741ecad600 SSDeep: 1536:V8I5ZwzDpFnxj/KqKE1t18wrkdXtKRv1BZVd:GIczDbnR/Kgq4yC1td |
|
|
| \\?\C:\588bce7c90097ed212\3076\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 14.10 KB |
MD5:
3e920d85f0c5b2f4a742d5fb87be58bb
SHA1: 9bb0dae4410f6d02adf1ef0fdef8374ea0b12189 SHA256: ff8df3a9ef8e9ac896e2ade01d39288cb13f1519a1743ed4ac92f3ebefc99824 SSDeep: 384:iWzYiTd6MOjT1kMPDwd4Gw5gAVfGouJKvAXnrAX:i61/On1t+kuAxDA3ri |
|
|
| \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 78.63 KB |
MD5:
c10108974ea6f6bdc7ced020ecf27798
SHA1: 10bc97e3a30116bb7ce851ac1b80b9c60df7b54a SHA256: 569eb0b67a73fc9c1c2b87b6f476d2acbd1c911eb108ec12ff6b78dbab256e85 SSDeep: 1536:xhn07/LnFGVdHSLH5rNghb9lIBC+bv2+BfLn7gnfmhngfLunVCuOInmdl6JUc4+k:xGYdHSLHJmb9YC+TL7gnetQaVOUJUc4J |
|
|
| \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZLIB.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.99 MB |
MD5:
0c5c41641f3360f0dc4c9d9fa5b4a440
SHA1: c3471b9a739b0fe065f5f6ea63176aebbc4182c0 SHA256: 1cfe9bd2599554ec965d6d77c1716720e0e97a52d733dc9420d39d05cab0eb8e SSDeep: 49152:JXvh50tKu7H3AEiLrm2ORpGsZF0fMY4iYg+S:JD0t9HQEMOF0fMY5T+S |
|
|
| \\?\C:\588bce7c90097ed212\3082\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.24 KB |
MD5:
fb28d31fd0f4902ec27550383030132c
SHA1: 89e1058c09f2ae77ec890bc299599a0a2be541e3 SHA256: b017c0f92d6a4c8b6ed6180fd75a4e9f0b26df9cbbeaf048cfcf0478cc17f1b1 SSDeep: 48:rmtLTjp4FL25kOabgEauzuTq2GhsH6VXGg8xUhzFWzV2UOm3vNhAe:aTV4FL2O5YzJ4XGpxUyB2LmHAe |
|
|
| \\?\C:\588bce7c90097ed212\Client\UiInfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 38.38 KB |
MD5:
310c5ff3065c8af248550c99227157d2
SHA1: 9f26068291a10f1377b8780662345e4b0a60487c SHA256: 5a8b2b203d747a0125705919d3f9d5fa49899b13251d73d2337cbb99e26a9706 SSDeep: 768:PWcN7DvC1SRFzz+89k2RYzaWRbTBM+YWkwgryPUDsR7:PW87DvrzS89k2Oz/R/17sAB |
|
|
| \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 78.38 KB |
MD5:
692b1926699d88185fb61b9f89319e5d
SHA1: 92ece12653e0e1e2b19bc0654a3d52f57ee14be2 SHA256: e7b97c522b3abc274de37ecea107810f81c88b8de18c09f3d8918fe1e1c5efa9 SSDeep: 1536:v3qG/5v89K+r8/uuCua9xgkF5r4vuSIp82eicIb+cYeA:v6k9//uo3kFF4WS682eHt |
|
|
| \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 91.39 KB |
MD5:
d5b97355731d95c91c3a8a49241ca6ef
SHA1: c0e44f1dd49ce699aee42853e0c1b491374c285f SHA256: f6e51ea06bdcd1bcc8c43e0947ff2798e59904ed0b8f652267a0fd1dbb722ece SSDeep: 1536:8C1ANWfe8Ic4K7j6/A6NqEF3Y1raN2ZSTQ/Z1J0hdDZ5egOaXxJTMhOCNb7bGKna:p4WG8IlAYqEKtaN5sx1J+fegOY0NbG8M |
|
|
| \\?\C:\588bce7c90097ed212\DHtmlHeader.html.id[B4197730-0115].[fileisafe@tuta.io].actin | 16.00 KB |
MD5:
d826485cbfaeb2e97bd2e387ac0bb3e1
SHA1: aa220b5b62f9dd0f323840fc3637d55abc6a6fa2 SHA256: 57dc2ddcc0d40315698fa6707a63faab960735f2041e2e30ee5e04ccc75c3d07 SSDeep: 384:em6D3DSlG5sIa6jH1oWh6WMjBfznUkWaIRaQtbpVx1Le1BCCDn9n4GAX:s3CIt4WMJj0bpxLiHnJhi |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.11 KB |
MD5:
e02db767c4a996dc9abcd98cae89f9dd
SHA1: 075e2014df5158e83cd3eba1cf4a906123b64946 SHA256: bcd82024d1d44dd8f895bb03264faa6b7b1c9376bae3b2b0388bfe147fd7a548 SSDeep: 24:niqHBt7LMixd7kXzYN16BXhdWtxEAaN4Kq+D+FX4+BbqbrPAe:xMgdyzo69hdWtxuC+DI5E/Ae |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.11 KB |
MD5:
c234a2c71659be07e62a4a8be4ac22bc
SHA1: 810be016af5a1bc07f9ab3793001874ea06be453 SHA256: 61a93311213b85e380a99ffa62a0c43d520193cc9ab90852a3e57defad5aeb13 SSDeep: 24:rn1CwwywN6daxg4z9XADrNVtsv1/CGAYJOQCClUrrPAe:rnAAwNmaxg4z9APXtsv1aNiwClUvAe |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.11 KB |
MD5:
c220443e9219145bb59710d2563daa9b
SHA1: f0279cc4a784c8d0eac8a704efa6b294450ad98b SHA256: 0ba2385ec37c750eb6e3fe3f1058b508781674d9bcffe1369b6fde3d3f1bfa5c SSDeep: 24:xI1TrfwAqGq8B2Q02pt+WUB4kptBGkE0CfMtZazCGnCFrPAe:enfRq877Q425CfMizCGn8Ae |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.11 KB |
MD5:
95a7b0f6bf00268196d905b493072acc
SHA1: 40fd9d65df640382514a3df69090d8d8a0d460c9 SHA256: 622dface45d7bb00490bc75af090e00eb47d006823dce403e0870e3016afc722 SSDeep: 24:7qT/Y5KHoD/RGwYtUl4OeceBNJ3hNoDVDwDrPAe:7SUMolGwYtUl1eNBfLcmnAe |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.11 KB |
MD5:
5dd6a18dc5bdaf6e014d061303f506f1
SHA1: 2f89958c9c117eb8fbaad82b6476bb07f3079488 SHA256: 4e01808582a8143bb9f7ebc6a66951f4cbf9615d3b1661e30cca59bba63c11e5 SSDeep: 24:AEutO07oOmYihV3Qq1y7EkCE+JtQtpaKPKrPAe:AEutO2RmYM3Qc0EkCEWmna3Ae |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.11 KB |
MD5:
c6acead4d94a81b9d45a84bd72ab027a
SHA1: decb0c2456b5a5ba0db808d7b93a9606f15f0637 SHA256: fb2ad634dc327ec0b324b867f0a241c6ebb8c637e76e51b24ecdcfdd13cb15dd SSDeep: 24:PmTHUXOmECSQ/iyUQsIsAAOcJbzg904oopozKlazZYVrPAe:PmTHEbSNQpstZ6oopozrNY9Ae |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Setup.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 36.10 KB |
MD5:
40c5eff3473688e9f32ec9f3a0c7ac11
SHA1: ec019b1345407cfdb6a770f539cce53e816aaade SHA256: a8b9b252b8fdd73fdc32929825e107fce83253e66c0c63f709cbf24576a06723 SSDeep: 768:Ya65eGbwfd3blxSQ31QUvkgeWhvxh+9ZSV+ilwUtgus55RvimBI/4j7:Y0GbwsQeceWF+jSVGygusTR9q4n |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\stop.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 10.14 KB |
MD5:
a51890bb392a67792cf34c1febf61f83
SHA1: ed9eeab52008496d9737a985f4ff178f5b2e9e7b SHA256: faac7005ecd5ca7be1cdd219a5d60c8ae3f2b7873e260f0b7e90c983a498fd04 SSDeep: 192:iYG8FSfP0R4klmaWOCkd2sblULbo2lWz7BornEis23peL8A9co/2WEZnAe:c6SH0XRWZril0bolsEiV3QL8gOVAe |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.36 KB |
MD5:
7f283808c446ac6140757db3311c272c
SHA1: ed7db06ecffde67abfddb63f6a64944b47eb88a2 SHA256: 22d6f972f6e7b08c9d125fc14768fcc92388d3be07f613359f8c0c69752ffd09 SSDeep: 24:TOzGNTh7xUjaEOUi7wComCWzXmwAfPAbmokEAeW4I+KeYAMBAwc+wrPAe:TVNTU9ip04XaPA6okEQX+FxAe |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\warn.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 10.14 KB |
MD5:
13dadc56934404f450c51bdb1e330413
SHA1: 5e3a15a833b4efb8ecd9906e66a5261c5c88b3da SHA256: 8562374dd0a6b9917b70cd4f51887a225796dfd0d97a4c7b2491d4027b3b023e SSDeep: 192:M2poUMrWEc/Z5svUJnzp4SulutKVNHElpbkS04o2Fp5W/d/UsDAe:PMyP/Z50an14SxwNklmS04Vp5WllDAe |
|
|
| \\?\C:\588bce7c90097ed212\netfx_Core.mzz.id[B4197730-0115].[fileisafe@tuta.io].actin | 173.83 MB |
MD5:
cc75e7bda8993fedfe1a6badcf08dce7
SHA1: 9f7920f930c3874402c2d3c14535e2bdd1fe4eed SHA256: e104262286e666244be9b1244b073d074f316420ff783d93d664a93ea8c7c99c SSDeep: 196608:GV04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:z4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp |
|
|
| \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | 2.56 MB |
MD5:
7b93715d691463744801ed8d0f4f6310
SHA1: 0868f067cf705dee494de2396d4ca33bbcfcde20 SHA256: 167732296a439cc03b2700791bc5e877754e7c4dfc9ee6ba396e9bf2f873a0b6 SSDeep: 24576:nc+BQbPyxbs4rONS5voMfjhOGxljdgzxkcWNDd5Vx6xeL+GKBBnZ9yU+4xWq7:ncxisfQxoMLRJg+j+GwBOU+mW2 |
|
|
| \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZMAIN.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | 8.85 MB |
MD5:
a26af3a24d5603ad50d034c6bb91eb43
SHA1: c1f1872b71f502ab1cc886f1446842fd649e1a2c SHA256: cdcf6f9cbc580e9dbc85a70cf0ece0256882d635121813abc9e2ddc43a0d9d92 SSDeep: 196608:XUlyFr7dR2JMzKLatZ8sm2nDaEKaFP9/G3EAQE9Rz:U+Tz9f77K0F/8EIz |
|
|
| \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZTOOL.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | 10.96 MB |
MD5:
9d0b0104d01b54997fa4b7fd5c4722d6
SHA1: d3733eb4d7f16eb685a23560f1c4f711689bdc07 SHA256: 7257b06977ca440ddc890a33904acbd440eabd5cbcf8b5c3fad817cf6ae270fc SSDeep: 196608:jEuMM0AiFcA7B/B5A7ld6J3S5wAAHbfpI5/T5k5poK7g0U9g4I:wMkmiqds3S5wVb+VCjg0wrI |
|
|
| \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | 92.77 KB |
MD5:
42484e5654b822be4f0ddf730b975534
SHA1: 957588aec0fc34589e4a3a786147489a3965b6f9 SHA256: 9d9c34946602f2f21ec702c39d7707b43e7365132ecedb80fd872b4bacb9e9f6 SSDeep: 1536:PyPIZm+c70/OF8W8hoqwybpgUS0vh29W0ojThl+oH0OFa1jpeaoFy3h:PivcAvpNWJj9l+oH0PjMaoFyR |
|
|
| \\?\C:\588bce7c90097ed212\Setup.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | 76.56 KB |
MD5:
f17e8698eee5cbe2154b4200b7cf8a77
SHA1: 7d0c49a83bbf9056f3d2d66a80374384b0eaa735 SHA256: f1ff53125c5e7d6ea1db01cd47563e51bb448016c01dd1a75e7d1821af3598bd SSDeep: 1536:UYzwQquLK9AiJqQtm7Ky2CO8p4ZdzrHWzNxuWhFZL:jwQxLK9zMQsKsO8edzSPDhFp |
|
|
| \\?\C:\588bce7c90097ed212\SetupUi.xsd.id[B4197730-0115].[fileisafe@tuta.io].actin | 29.66 KB |
MD5:
5ef2530e0f67c2ae9392dbe331db6bd2
SHA1: d7b5cbae4bc402fdb0a05f37b3b97f185c490ca2 SHA256: 81eba0d6c3390036fdee32cf1903b3a61207136ceb2d26e9e02dbb6d3f4820ff SSDeep: 384:JCarjvIQbLFkwKZk35O3Otq5VodDC777oy2odOv9U31V4u+63k8UG6Fpot2AXSLi:lfRLFT35qOV1Llk4uT3km6rAEGjIE57 |
|
|
| \\?\C:\588bce7c90097ed212\SetupUtility.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | 94.10 KB |
MD5:
4b317a7bb314e912c595777ab1a01d3c
SHA1: ddfc0e540e0bf968d2052535298c49818b2cc382 SHA256: 36361967924f9a77011d5d9389075414646c5c3a58edb700e843e763d5f52f3b SSDeep: 1536:wfugPQdcb2aGBQczdoXTn32Yx1J5hLCmXbxolfXNYa1z09fxk:d4QvfBzzdK3PgmKZNs9fS |
|
|
| \\?\C:\588bce7c90097ed212\sqmapi.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 141.28 KB |
MD5:
733c8928c7d7123a64fe683a50569502
SHA1: 18e11ae55341ca1a9f7d3004467b4217c876729e SHA256: 87a19c66e240053832d4b128c7d0816d10ed7e7f42d380cb4ebb22f247e86ee9 SSDeep: 3072:vXRvbBI/T/+rda47B7gyOMYNMb578+I2tfx/8oHeXhMk8ea2kp:I2rdaOB7gyFNdp/8oKhMkHsp |
|
|
| \\?\C:\588bce7c90097ed212\Strings.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 14.00 KB |
MD5:
deab174718d6a8241c531b0526057461
SHA1: a3bba0c67a5e92f1fa813f9942b030c0bd7b2c7d SHA256: c4c2d1cf93970c379703cd51dcd0633ecea57b1a2c513b73ee7b1b860ed08038 SSDeep: 192:MVVjt1xo7oDJ3f7mgxk6bZplwDhhftbPNFs/QT2nIuskW1vhPzbV08QumyqgUTix:MF07A5fZC1TUvDWnzh0wmO3XBAe |
|
|
| \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0115].[fileisafe@tuta.io].actin | 5.61 MB |
MD5:
08ad36cc8279b0ade4127d5ff52e30a6
SHA1: 446d60761fa05246499c741bf64a50661cb8a430 SHA256: 5ab8ea13073c6753e9d3e2f365b78ea82920bf69e357b6769b4b9217512cd3a4 SSDeep: 98304:Ef0pKGBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDKj384t:27GBHTK8KXZ4UuY1kB1iKFKj38U |
|
|
| \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0115].[fileisafe@tuta.io].actin | 2.79 MB |
MD5:
868f492136cfd3596cb23eb1621b915f
SHA1: 09bbaee2d9ce72441972e26d6c5eed06a64f3d9e SHA256: fa44a5271e80000f1663e1e8850e8666b020ef2dd3575eb41d008795064ed655 SSDeep: 49152:oJ6tDuv7GuMRau8yuXQFKUYcs3HVKf3rhKf8K7FYHwY4:oJbGnRau84KUYcs31KfFKfZ7+QY4 |
|
|
| \\?\C:\BOOTNXT.id[B4197730-0115].[fileisafe@tuta.io].actin | 242 bytes |
MD5:
4de1f1d6133e2e5bf3571067ab1febb6
SHA1: 5a1c8ea23b4e93c0ff72c3de36f8e861da601aeb SHA256: f3a24c7d1bbff129adc7c63f92355352796fbf0d9473fd96ade9b3acad831a8a SSDeep: 6:X4MYTtgrYlEO1mrR91PVJyFZliYDEcbwRvs/Q:oM4yrY+OABryEAjwWY |
|
|
| \\?\C:\BOOTSECT.BAK.id[B4197730-0115].[fileisafe@tuta.io].actin | 8.25 KB |
MD5:
47a8196ca7f1166bd9c9bf387340bb06
SHA1: 502e4153e8740a7013f828134c15a356b1be7a32 SHA256: 71e7504c2c9eca5cd351852c462672c0277843bf375ad4ca5330fc030e1cce18 SSDeep: 192:YHW5fbHMwFmeSWBD7Tb+qUQlACeRbuEWu7Kdhu9sLXxradPPpsAe:YyAte3BX+Qlbe9o86LX9cpsAe |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
8336b2a1e77cffa53ac71e4c41fe82f0
SHA1: 3d2c53a09107c6a7b921680d7a2d02bdd72e2d39 SHA256: fed92840ee276b06e7674f7f5598b8134a8974bd59cf4173bec012d05802d46c SSDeep: 1536:pjxQi7hVE3sbQEFVhMD351ZyorrxzVmR37DcJoHB9rv3fn8O97UQLVw4Rf:pj2iNiyxFVhmDZRrVzAR3/LZ7UQlRf |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.35 KB |
MD5:
832a2a612055d9d5a0a2b82b5ed0ec99
SHA1: 9bc0bc46cd27d91e0d0003a9e9c3b300d24d5af8 SHA256: 19df60e312899f4c5d3cbaa2a7acc6f87abf2d41c7a7b73bd5f723ec0ace329a SSDeep: 1536:dg+c9CTDQPmE7SOezhgj7Uy+X6nLAn5BYyNE5koy:Bc6uCO6GnVLAnQyoy |
|
|
| \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.00 MB |
MD5:
8a47af70b37cc9c9572d61bb8415d4cc
SHA1: cb458b165a8a4ef3fb56288e0ec17e3627692f3c SHA256: 5608bd9745ec5d985235d07c85a6d4fe145b4041275792a6a25bc822959ebb22 SSDeep: 24576:FJQC8iFD4OLMIGF1lmfAJwMKYeA0j9f0YSQ:FJQtMDVgN/l2TMhedxf0Yz |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
812fce6592bbc7a6d74efb4226420358
SHA1: 66fb1b1f9d9ec5d36a2023b5b71b72c0a7f576cb SHA256: 9039a94bddf103f817c43eadd801d00027cc1f7227b787b5642ef94d9a2779c2 SSDeep: 1536:i4XHx7in7tPg5x7bXNtB45erL34WdyBEc5onwXQAY8ncBM5xcDcor+3JPN6lKi+t:9G76BXTB4MHoWIWaOAhc+XcDcs+Fr |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.07 MB |
MD5:
1d575f09dd81fd448d5982cb00943267
SHA1: a44efa51a89cfa747efaaaf18f4f6a3d5fb8076e SHA256: 4d0c94378bf05f0735a138af83ea3917941e9bd5dfe0ff3e7ac733cb53b3554f SSDeep: 24576:W0W5qYPehhSazT7wIXduNaKSbV4AcT6rKW/YiukQv+u/10rP:W0WB2O+T71Xd06RQbv+r |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 2.82 MB |
MD5:
804e1143abee4546621a7db5df116a24
SHA1: 94d447dc68e48152d15c37e83bc8ec40da17e08d SHA256: cfba83c1d9dd1157159fbeaf7304952c80b590343ff8a4103ed90c032e87d53a SSDeep: 24576:kKFEJ4Rw2xaqbfPpahCXiYNXnN5lgDSVa33bBEHFSH:kKFEJ4681hah9onPWDSwbGl2 |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
f8de26ad981cfdc4224241681e64428c
SHA1: 30dcf230d12697cb59e26c0b124d00b4d0ef1275 SHA256: c3de9b1f49a14a1f58aa22e0661d7be67642d3856d23ed3029d98288f385e4e2 SSDeep: 1536:T130ncs9bJIo36gaAOM+Tm5w3pOMuNZ7PguEd5AZyzi:R30nj9WK6gaRMQm5WUZ7PguEd5AZ9 |
|
|
| \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.36 KB |
MD5:
f0a1b2e40125beb69321d5d1008c6efe
SHA1: 136b3c0787142b8a3358c27dd06bec1e4b06ad87 SHA256: f4e4dfa91910e0b714cf566e3c5cfaa2fbd4bfa1e66ab006f066451184c986ed SSDeep: 1536:m2R9e+i6GGtbrEIzdkCe7PNMDbJpTkxIROU55OXKtmkP:m2RQF6GGtEIz/e7PepTkxWkKlP |
|
|
| \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
bca52418bfcd7f986632bf867b26361e
SHA1: 62d18932cd0171e031d8ba42522232e2f54a3b49 SHA256: 49af22aa8b115814e3d76a5a88192f3a55b7f9b9fbc2c618791f37f9b10e8779 SSDeep: 1536:90Xd9RPErrAhP4HDCxB+yEcyhAqA6d66rJL/b:90X72nAhn9yypW9L/b |
|
|
| \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
7aa71dd2440fd389c79b1d5437ce334c
SHA1: a45e192640a870ef73325c93d14eb823a4fbdad9 SHA256: c012461c6522d70b13f72ea20dcf6fca7ab2e328a2e7d4943d8d7566a97c1cfa SSDeep: 1536:M6Y9q0PnVGvptMEL0gMip9IxpgkLytAuaZTyI8OAu1l5ykCI3/UDP+RZ+H:nY9q0907g8pCrVWTqyXm5w6MwZq |
|
|
| \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.35 KB |
MD5:
54226e4a17fc1e310a39fe401de03fff
SHA1: 5f2a093c7aa830dfc5a06a020ee2578a8120c8c1 SHA256: 01d0ae9aacb84c2013c88c7f7ee68f0d186f7163d43ac9163b7440516ac73011 SSDeep: 1536:AaIR6jfbO3s9uqFzwBzSg/Wsa9UT+ELLEFKRfhpjSOgH:ZoYjO37ZLW1wh0SjmO6 |
|
|
| \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
d53b079fbdb0011b02c7741d0c88d638
SHA1: eab6c61d123e71e81088f0c99fbc3d8318f429d7 SHA256: bbcdca28a548e55733b7bc83e8858c58367f2eb9e178d53813d0e352d44f743b SSDeep: 1536:KUt5RmgwW9b7y1g0IPFoTCiPv2xq2JoOxnieA14:KORmL11g00FhKexjm8niV14 |
|
|
| \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
fac39673831638e8764e104671186959
SHA1: 3e434c8c09d79919ed8205ae44cb091ae6af73ad SHA256: f3681e9437141fa2c7db1adafe9241401d9efbc43cd80499c2c6227d0a0024c2 SSDeep: 1536:/rLfAYqdtgXZgxLNo6d18VkxI83CNj9+E6vfUXphSvIjNt35wx75:/HAddtWZaa6dWw36L6sphrP5wxl |
|
|
| \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
578684504f545bfce9365792ca24d780
SHA1: e58672b7b1c9653946b37dc5683ec977309afffc SHA256: 971b29d11e00c71ca71885450731173340a8eb7e8b968b6d53598d6375a0ee8c SSDeep: 1536:vmlCO0nmfXemVMYqNcYIQShlrhl5gCD5LQAGHijjF:vmlCvyOy/b5gCNcFHil |
|
|
| \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
ebb95f81a0d5e7e78ca7eff222524640
SHA1: 5e66ad4db2c3020861318f0fa8edbc66339d06ba SHA256: aed37a432395b2f6226684d8bc379667da07f6cd2758d4e18309eb8c0d03c61a SSDeep: 1536:tEXzmtEoyQ7PeaXromL2cdOA488D7kMFFW85QI/tl61YMm:GmtXygBhpn9MFFD/rCYMm |
|
|
| \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
a4f693f8ff5ffd70b9027f65255ba450
SHA1: 664082616e606811718c08d56864a7b366082466 SHA256: ccf7e60097afe30b7a62b79d9e90ebcbb2364cc89c542b4c2fb1ee2fbd68f707 SSDeep: 1536:Ckt1ZeB37q7AblVH+6Hsz7aO2avXaMf7z7HEiNAUtXpDyg+MG:F1c5u7AbnH+6HM2OpvXaU7bNNXpOgG |
|
|
| \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.35 KB |
MD5:
e9b1d021a0674e1dc43494cc832f48ae
SHA1: 6d03c5b9b136dbb7316622875f4279b13f074598 SHA256: c349f4a27e74f7dd7a95679b177285a0c0c7ec5efa1375cc7066fb1964ea44aa SSDeep: 1536:SORYfkPIbsKJ0QV6L/sD1BF5tPKDFEC+yXBY7KUS0RAfRdrBfO:ZRYf/QK96L/sDR3PmEouUyAfRds |
|
|
| \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
8780ebaad45ef4ce1484917467e768d7
SHA1: 293eb51020f8124ce48c0b6d6dbaa78ddcbe3044 SHA256: bff9426237047cf42ac3abbba30d8694ab5665c6c6ff2e92aca8e93bd692684d SSDeep: 1536:zay6FlyihJGWxoYCl3zk3rdQirFwtg27vXPb0:+y6byCLC1k7DWXj0 |
|
|
| \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
e83b8b03d2eb1dfcaf332072492a0314
SHA1: 1c46a9f5bc1c38c28ce7907d4e1f98420b9d30f7 SHA256: 3911e844ba7a89d588d3ee5815426eed9e649696bc3f7502afa0b35cccbf8b8c SSDeep: 1536:KJSzkrSekMKFgRpoh1Rg1dvPhg7c2RWmHUpVCvT854Qv9sVWDCpc9S50EHduAxgm:+kkrSnMKFgHmg1F58cKt0b1sVWOpc9zY |
|
|
| \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
3311cd0d0e336631f2d409611ba1ff8e
SHA1: 88b39ab3d6cae5b12d79ed6fee5ea80475352235 SHA256: f74a511170025d695e69de167305ce17ba2ef0a52388457fcc674e50e3a8e394 SSDeep: 1536:85dMtAedjCMCKuAXXBfn2w2IUtFbtbaRBaaUfE8S+oq0rCtr:XvdXruA54tXaRYaUfE8SOr |
|
|
| \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
2c78ce671f25bceb82e14d9dc85a251f
SHA1: 3568bd4945b5ff15438c7e11f56a162563a9208c SHA256: 4538bf3f72aae699477cfd7a2412d14587fc0e8b6762ec77d8e3c96be55470bb SSDeep: 1536:UNSwEP/rjgxHF+Cn+C9vLVwNw0ppFOkXFh01:PeFl+UvLVm7ppFZXs1 |
|
|
| \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
90ef7b998bc5d6579ec3f5a7f31878c3
SHA1: 49956eb9dd5f3c1806e2e81c302fdd128c7ae400 SHA256: 4fbba4c2f2c4b6a755846aec654c00feb0459bd47efa19df4a98ccfe9753acad SSDeep: 1536:16XS2kKPXseW/gQwIZvVZeDpGJr4u6HZUr+s2I+/3:1cnXtW4EUDcJEu6HEm1v |
|
|
| \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
92c62b606fa6a747ed5bd5115006dbe6
SHA1: e5e553b0d7380b288bff699a01d8b625179309f2 SHA256: 799d729436c8c0045478ba8cbaa4b73a604ebfeaf2aa3461e04fc94a53682bfb SSDeep: 1536:poduRhWrrLRxzdUmCfwRtDis3RYXEIGn04VtbW:pfRhYrLbIfwRtD3RYNO55W |
|
|
| \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
a6154682cc2a149b3f50a3fef9970ccb
SHA1: 7625108532fbd10450c26220f2f57873cc41e98b SHA256: b0742fe4037ef9bf6744b88d42b6628df9ccde8cb4b3868913206578cd116872 SSDeep: 1536:MnCwGYHxmaj4Y8si730r7yohivpazvyyZ3N+b0RIrSWuMP/:4CPAmaV8a7HhtzayZ3808SWuMP/ |
|
|
| \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.30 KB |
MD5:
380f34b4151efc7826006312236883cf
SHA1: 1cd68f3c5288727f68b9d683a4892e0bfa093ffb SHA256: 5db53c87a8a0ab0808dd8a3096b5f1a00a5c60345f4badf6e877b5cb630da465 SSDeep: 1536:DR66MXqp1RZhx4uQGGCgtZ7PlQATApnt6l1snDktnZEr13EKNgMN:DRjMX8hxxPqjzlfskIFEo |
|
|
| \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
a99d7e13baa616996abd7b5f6a1f358c
SHA1: 3987bf886ad6cb3a96bce19115b8d48bdf919030 SHA256: 19ffa2bed163df09b0c2e436697c2cc2017c7c6d7bd54639cdb6821b7651e977 SSDeep: 1536:sf3ztKhPGr+skC5G+wyW3kb+U/jWvexgxde6tdUECeVPKFdM4TEr:sLQO7ZG+pNn/NyjNAReVPKFdM4Ar |
|
|
| \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.38 KB |
MD5:
130b22b2fad613627fade1049cc2e116
SHA1: 9e5f63459ee55557424a532e65e5cd99be258b34 SHA256: d3f39b053169298532050fcc6d8d65c6a18a651cc0f100cbe6bfebf060e005f9 SSDeep: 1536:vFChnXTQZqyG2FvI3oErvGDNSjO4BPTVDCKT5hn34lbuQJ:49XTPKAPvqAO4BpD3TsoQJ |
|
|
| \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
b3bc66d482e90a011ddd8218d9b26d25
SHA1: 437ee869aa782a6a59bd6535ca5b3c70932f4062 SHA256: 52008a0315e7b37e95f8d355891af48e8bd41e4c24de4fb0473d1795f21de6b2 SSDeep: 1536:67azx+oSDXdcWRPRBz2NB0IVPnJkdfyQmsRaSwpX3F9sc1m3wQ:6w+TDOk80IVPJQfissLpF9B1mgQ |
|
|
| \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
503849dae1b407f94867579fffa4877b
SHA1: a3b7facdb7094da0e3d6bffa6a34bcf47c32b37b SHA256: ed574bf1a5691204ece45e51f97c2a3e2eb4f52e1c14e4960acfdc4102660224 SSDeep: 1536:C5l8Mn6ePkeZNdBhqvzCBoK5qR3quBEFw8U2mGqsPG5rJdM0LPr8e/MRUn:C556eseRVCK5qVmw8JmXgSpr883n |
|
|
| \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
ee1ef17ff123295aaf0950156ae0492a
SHA1: 11575f1fa66f83fcd50665ddb48f638d3b0c48bb SHA256: 842e688aaf3f7ef61e16853fa7ee921777f52c4d8b5048abf55c40ac249ac8c3 SSDeep: 1536:TQE2xK9Vl5WMcUcIUQFmYErRTsxDzCT6PvRKUw:CxKLKMc8UQF0rRTiDOSw |
|
|
| \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
b6cba712fb54d472b0d22c185b07f4f7
SHA1: a122adc251791159cf027fe36cc8ecd6a66fef92 SHA256: 7cbe9b8f382b743692fc248010c6abdb18cb2ba6fa1ce45504f47ff67f16b8d4 SSDeep: 1536:X9DVSCHZ8p3X+hjxkWyTHnxmpF7suWxjLBtMdb:X9RRZ8pEtkdYpFIxfQh |
|
|
| \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.38 KB |
MD5:
003a2e64055ec57e865dfe1723909acd
SHA1: 5f0b216e3488ccfdde468fc2ec75e2bd438b93e5 SHA256: 7937292b1af7bfb139a9e93c73d4d2b65bb1459cbeb6a1b60aba184a0f1cd1cb SSDeep: 1536:h4L8ehL+1EGeeOMgk2618J1AZGaq0U5CYl0+rWDYWeaYPUkQz:hihLCEGzOMgk2m+eZzq0U5CYlLPaYBM |
|
|
| \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.36 KB |
MD5:
0a1d4433035a87bd1b1de04f44c3a51b
SHA1: a1f13967b0046935dfdd15c91d5181bfb761fd72 SHA256: 22bae3921cbc67c21fcec81c88497c72ccc459e20adaa83302e8b628e90ef521 SSDeep: 1536:+qVvQYHowVtyOL37b2gFF6L9qbuKTFilXT0vfJusfGbozX2:LlQiowp7b2gTQ9ZqUZ0nVGbCG |
|
|
| \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.38 KB |
MD5:
ae0c26f89af915809d026cb06496e7b2
SHA1: c6641281330602d1af65659644ccf4030b630d5c SHA256: 425ae67f2c73b0f7dc2ef2afa8c35c6d502019f4118fd94f9d5f91dcabc3fc97 SSDeep: 1536:XQKi1ETEiMXSBEQPySc5d2nOYETYsPdirH/G6Ozs/6P1W99yx:XQ1ETEiMiBEQaXAlGT636x |
|
|
| \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.35 KB |
MD5:
becfdc076511d0c9da370f7b7c14e380
SHA1: 62ffd64a1189b46aeb403204f5ab09d74b415a89 SHA256: e15fac09b04e3ab49d28e738d4ed2f75f5cd8f40ed1a9a178916c6b07f9a8120 SSDeep: 1536:eF3pU3xiQVl491G5HRwgXsleaJ6ymovy0da:y3pRQV6rOigXDrSla |
|
|
| \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
048e3e204391d719a191469b029be3a9
SHA1: 4fa92945b25b5313e795389a9cd8f3ade112d91e SHA256: eab358e6dba6989d696a71ff1aa0548ec733388c0a111841aa5e2ca08952199d SSDeep: 1536:SPVwAYeDXP1lwS7mhM+KYpm5xad65u+mNDD0e8AorYaXDoP727w:MmAYeDf16lRp00bbuYazg27w |
|
|
| \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
028e55c27a72411cae9920c5d119fe25
SHA1: a89a1fe7ec0fc5f1ab5b03f5d9acbcb4b47bc582 SHA256: 6187d94cd3708f826dd47e5e185c181a760eb487e2c61f5b44f41654420ecb88 SSDeep: 1536:DZrguiEwh2XcVhF/PBFpSDcZ4yqrS3C5niM85NdrWG:tMuKWYLBvZ4ykfOgG |
|
|
| \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.35 KB |
MD5:
77c06d34fd6584c5a489d4660136fda6
SHA1: d4f2fbce7086574c2b30cdab210f44a53966bf0c SHA256: 024eb37e4608bda49d8bbb4cdc98fc4ea725048056fabb19a95851003f80d806 SSDeep: 1536:Oy0WT7u0Q3jBbewNEZPsqCfPKLi19MIsjMPY1AVqS03jG7:OwsDNEefP9MEY12FwjG7 |
|
|
| \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
5e63cdea33faca8009369e1f5ec7cee1
SHA1: 5c2c2521090b568863dcb73b1e60633206485218 SHA256: eebca9e2278ad176ea4bf9f33ad00d7e486c4769a81797f804ba874ccd454fe6 SSDeep: 1536:07anqpgmp6sfglT0WQcGuY/YILvrPE3bLDsgvBnpr6S+rol:QaQEeWQ9h/Y6jPE3bcgpnp2Sic |
|
|
| \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
75a74da6e7f4fc7a11d2b8bb2b0024e3
SHA1: 69fc0c4cb7cd3b973bf83e2ff46904cba8540133 SHA256: 69237f8ca8996a35409b2af34d1097fd32191ab701253f62006c1f352ddabe38 SSDeep: 1536:QJ1tRNh+c8srNwWQGESTUvnD6QHZ4BAqgepiwW6RXI3IYGg:Q/P+cHGuhTUvOR5S+MIlg |
|
|
| \\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.00 MB |
MD5:
4b585ff6b0c24b06962ae2a46dff5f9d
SHA1: 44bd52e52187b5681ae154e08cfabd77ea622e6d SHA256: 1344c89dca4361039590208065e28e79ee34d46b2d02f7edb4b873fadd0bab24 SSDeep: 24576:nS5bvcil1fk4o/7rVgp7x/D19I4S0hFkraz91RFhmcaMb:qLPnno/+pVrXTS0hmk9XFEhU |
|
|
| \\?\C:\Logs\Setup.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.25 KB |
MD5:
e80cf0c40116ea9a2ed08ff23a30dce9
SHA1: f36c9f3acab29e1387d9d5739c6c036430d8539d SHA256: 2db2e9bcfdfb5d28eb59538d6b8389dbfcd8d989755eafd6e86ce953f74e3076 SSDeep: 1536:0Nw9jW7teURj2AtPWQ2HqnleWvToLYr2f8Q8g0QGPeoZAHH:0YjCMUURQPeWvs2AP4vAn |
|
|
| \\?\C:\Logs\System.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.07 MB |
MD5:
802505c4ba8bf20608fe09e9b53bd61e
SHA1: c2b52dbc788f0379ac0adc9485dd6c66d0960259 SHA256: a0849cad0766e56d906c052ac65a370572deb94a5c954a394c09b575bfe1a75d SSDeep: 24576:5qhTyWVoUMyZxEHAFJ67EI7yqd6V8ZNXyxYerO8:cyByZxEW67l5d6V86xYerO8 |
|
|
| \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.id[B4197730-0115].[fileisafe@tuta.io].actin | 15.86 KB |
MD5:
222b4cadec61a01b7c6bf3dd0a571f54
SHA1: 1583ffbb011fbcf92d23307a23cbe62c3f603e21 SHA256: 95cea5510fb6108aa14977b57152f5b23086b9f5ae47e6b89363c3cf3a15954a SSDeep: 384:3Md41bj2p0p/UxYZ+khYxKvyX8xR6CviyNS5yFLLhLAe:3SIj2pOKYMkvyX87qgSkFHhL7 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.47 KB |
MD5:
1148bb7f80b1150e8ce06095d7af23f5
SHA1: 9f158a8fa033bef7370b6cbb7a8ad51f4cd17384 SHA256: 3d4cbd6e38dc24947a3e1d5be548b5a82d6fbdaf5484e05179a856664b459906 SSDeep: 384:C/54oXRYPO67xYv2tmT16DGzBgvVoI+pvTtaAISqBD19SZPZrAn:YcPO67OSmT1tz+saJfQPZry |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 20.99 KB |
MD5:
e4307037c2bd7e521d027805ca5e5dd6
SHA1: 0aa7d7b2edb8376ce1ec7879ab648bf3ecb90d42 SHA256: ce483505ec7718d9829161db82635c2e22f741bf2b2d797eb92fad56a1ca8e3c SSDeep: 384:Jep1bM/yAADKZujBMBqz/jC6fpNrMt2EjwyTp8Be8EXIQEMVIfyyT8XcW+QzcA3:Jep1AE2ZI0Cp9M2EjF18Y8EX1zhXsQzl |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.49 KB |
MD5:
3091a9be7698d00413de707cb17cc81b
SHA1: 92f409bb57282855b2e1167b01f5be978022036a SHA256: e266e9a1aa9341ee0733ddfcb7fc89dd002d92c9348efc6adb3ec542a36fb754 SSDeep: 384:MwXhVawd43OK2HykZBwoc20081gDnojxCTmE4Utk9A3:MWhd43kZBmbj11jwSWq9C |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 11.64 KB |
MD5:
2cdd4f28c41a3558a4e26240214a5dd3
SHA1: 62fc69abfd2b6382d993af2b33f2eec211c51ee6 SHA256: e99a4df99735af78dd16492c5bc97e6d8e32b8aff0501e840649b6430f740998 SSDeep: 192:1Z3BYKPHC26tW5VOmxScD3fwv4k5ZYvzXS/+RXkAdKbTE7L4u0Xln1DA3:1BBYKPC26tHmDDXQSzC9fuilBA3 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.99 KB |
MD5:
fc4f87d7b9ea7ff2aee1425271e070eb
SHA1: 6dc0ae4694f56d44c7232a441bf6e52243ca6fee SHA256: c7276bf1f31bb66ee64922d584595860e821577d199057940f8da065fd19f4b9 SSDeep: 384:yJzJJbqSU1SYKiKH3PoeGk3/1BrLWDeh31AVkHM7VT0Oo4hkaEWWPUH7rA3:y5qNbjKH3ge1/LrLWDE++MRRo4KaEFMC |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.49 KB |
MD5:
67b69fd0f27ebeb66cc67ed2ae73f824
SHA1: 979e1cfb6fa2ecfda23e4fd6540d286b28c85490 SHA256: cbb436ffa0b75f9662beabfa351c86b7dfab8847af7949a0cf1c25e84630797c SSDeep: 384:CblXvGEoje5//4n6la51r03d16B2sBvO+EZ70JDelKxDA3:Slf0i/gnt51r0N1+qyelqDC |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 24.47 KB |
MD5:
def716ead813c363b0ea02c6db8657a3
SHA1: e8ed2b52176a800a5a5a8ee5b1cb0a67ece7adce SHA256: 3b5ac7d484d5cdf0e45a29e6985f81ffb97450cc0224cc649574b2b0b0d146b5 SSDeep: 768:BPhl6nFJmC7yE8Vco9MYdSsBrgBdA2a1QGdhehy:bqthzxYdS8f1QGdheQ |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 26.49 KB |
MD5:
e87382270c2b1ee78079bd2a7215fba0
SHA1: 08658fd2a80116278da3143d8ed89833aff8929b SHA256: 6320d0456fb6d5f311f09040b91308946450f21b75c6bccc464697951a1e74a2 SSDeep: 768:ZCafR0xhFBE4S/2MVbPy9d52s88jSMwF+zH+aC:ZCS8bE4Q2mP+d52WSaHE |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 20.97 KB |
MD5:
cd6552912eded0e4246465009c3a2c26
SHA1: 0058329772b9b06c0b94a900247ec674f491f2ca SHA256: 81e88b5661591cbb9b36fff08fb975ae1dbfb8e54f861cabb351da19814e389d SSDeep: 384:9Lt7aC2lorP/pqjxm/Nuv6T5DNGaAAHm0e1UzHdzHz/5D4pz2wn7pRJTsJAn:9p7lujx4D91AAGH1Arz/GreJy |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 24.49 KB |
MD5:
d2474ae2debc4046ee064c4949b161a8
SHA1: 43f6e6cbcf45fee8e75ebbb725fbdd047036c40e SHA256: f7c8991614fba8e273fa7d118bdb4d93cea748fd09cbca86eb076015f1c376c1 SSDeep: 768:KbCGgFtTPEkdfxIEO+BSB3rT2L48kCUtUlAZlnnCBaC:Km7tjldfxIEOzTWfqtoq0 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | 2.71 MB |
MD5:
c9ff08dd6f27c9fc01d2fb78289cd913
SHA1: c26ca52e2a9e894d9f5f89078970b25841221e96 SHA256: a3b6be08414f85a214c9390ff12b4de807622691fc61fe7b2d84a5a75ab2c531 SSDeep: 24576:J4uRh4AF7vfjQyiuBBa/MDexD8oDWVlnvkVzteJFNypTNIWJeUPE+07gdvraP9n:nOAFjtiia/fxsnvkVEXNAT+UhK |
|
|
| \\?\C:\Logs\Windows PowerShell.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.27 KB |
MD5:
defaf637c295f378ba16adb8cb748000
SHA1: 05a1b6ac2d4d8d62adba652aedd4ebedfe889700 SHA256: 5b8e8f0a43cf7c94bd02ca19587db8b5a9c064ae636e4dd49edba33520c2f08c SSDeep: 1536:nf3CvTiz+gevqn2MmLF4fuet4nqEYpTZl6IB1xjY:nKvTSiqmFMt4qRFD1+ |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.47 KB |
MD5:
0ce572d5b82f7fbde95c19feb0ed1f5b
SHA1: f15e10c623b06e02920d14a233dbb64c58c4840b SHA256: 72b45f9023880fa15cd68ffd192eea89d98859636e6e64e846c5f99673fdcea8 SSDeep: 384:sU7D5wLobHQQay4nnmW3I8wgouHt85ziaqCItdKdEI:sUH5wLBXx3I8wgouHqipCOKdEI |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 20.99 KB |
MD5:
6cf77f4c0caa4df1eafd4cd351e73ddf
SHA1: 9d3c39a1a6dbc97fcfde1a368f70375ac225283f SHA256: 2ee164a16e38fea380e4695c093fdb4c1d2057b9acc847a5acf6407950226955 SSDeep: 384:G+4yhX+Ipk5T4tdCno4QKBAEh9cNbPCsw7cJJJdo4:GiX+2kTo8wPCswgvo4 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.99 KB |
MD5:
ccb31e98b3c9a29082868f4095050582
SHA1: fc26e4c1b74c57d8cefbefaec3dbafd3871856c0 SHA256: 7f2b296596efff167c4858a1c4e72da32e3b1997c5a02098bf953cc340f7cc9e SSDeep: 384:yPMT9QRUT50TEPM5aOoJYyowFtwEwCw3fA3Ckc7llMxcKWjb0O4:BWRUGTEPM57NUfTk4wZlMx7WvR4 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.47 KB |
MD5:
f6a0cffd86d19aa98295def0a06ac834
SHA1: f4af0e668445027e913c02cdc023f479c1ccb45d SHA256: 34496739e9eec2f30d2e2c85ae70f34b121433d17d4f938c16d496f08d2f65fb SSDeep: 384:+XI+kfi8+QovP1twYFaajUrGy5MFNG3LWNy7TUY6kukKxfYZUjySI:lvKFQQDkajov5UG7T3mX/fI |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 20.49 KB |
MD5:
6e196f8a623bed9e5e0d4dc5b9b9477d
SHA1: ce20d01c0af6d8aa49164c080f7ad13af252e997 SHA256: ac0edb99007cf43b202b39fd8634208100d7eb744f04b8962a322f71e1ec1400 SSDeep: 384:ZFB220uw+RuSJx6zi8TK4hL6PW5P9/Zd86M3LS8GLjoghuQ/EY1s4:tcerOK4h15P9/38DLS8GZ/El4 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.47 KB |
MD5:
f365e5ebe0ad96b60bd6db577bb0baf3
SHA1: 83dbb67938e8a33481109dc876d76242e91344b4 SHA256: 5729d20fe4e52a65838a571345f285f719f73e9753e0affbcf9610d36d1819a0 SSDeep: 384:vFyFM6UcJx7eVweWUEv9clqNsIrJVtEkzbmyLz8mMejlmR6+A8h8Gq/YZVtwSI:vEFLJx7wweWdcUiILvCs8hexmw8h8G7m |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 69.49 KB |
MD5:
de61046f201ed6fb60f98f6f7f16d231
SHA1: 103a4f0027f62daf36d6562ecbdcae6c40bb978c SHA256: 2467c39a01ed6065ec1ff3b571cae29945a1f99332cdda7be649c6494c9a0819 SSDeep: 1536:heYuHpQ5i265a3tBN6QPbecBsa6lfqiyFFTRGHUEsys0X4:OyogtHhH6lfLWwsl |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 26.49 KB |
MD5:
ff70eaca5d9b452e376e1002b946ca57
SHA1: 3915b4d8c221b8988008679d855d50b5e231f540 SHA256: 5823f487e909d666b58db071c01a8e0f334c114b2ff776252b35c352cddbc026 SSDeep: 768:Wcvk6dMn6y2Oq0lqfqlqAOQdA/VPXmQuQ4:WcvkAMn6y2OqIgAXIPXmZQ4 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 24.49 KB |
MD5:
244227cc09bfc57697611ea5c91d3af7
SHA1: 8006147499376068dc05700dc5a43d47dfffbca9 SHA256: 1e1a079273440116cc85eeb7aeb8d0b83c709ce7cee90d6174784688135b44bf SSDeep: 768:+FlbjxtOWVMWj825wz8ucJZI9iApbyJZY4:CbH42DfI9iAX4 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 20.97 KB |
MD5:
bda0bcc65be12fb0ed71496432238491
SHA1: ed05dfdc25b4541d1503557f26b9ec1174e86238 SHA256: 884a51fa1dfbf66b0271676fc6254464d229b64581e0421ba2aaaeecd80a6cfc SSDeep: 384:0R+A0kvGc/bB9ejnMf66k+Gx9O+eToPqTJBxNtzsMM3RMkjzaCQiDIHw91SZX9TL:0cS/d9qMXk5reoMPDM37kiMQ9MNT/dC0 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.99 KB |
MD5:
c4e2e2ae8543da3b266e657b8408744b
SHA1: f05e6d6c63dbe0b009fdfa6a748d24cf8cfb5391 SHA256: 372955281c48ce13fd72be28871af50c5f281aba293968c1c2600efb0c85dbf7 SSDeep: 384:PZP3/0G/4JuQ+3+LQzL0hOU1EGQJo7FJbO6L4:Rn0G/483+LQ4h1qubV4 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 387.92 KB |
MD5:
320657819ecea8814510e0febc9fe54e
SHA1: cde7d2096b67093bd5750f4400b9d404d8bf2a4d SHA256: 6bfe9d3698a1c5b56de221b0209b55150b29af45835f9f2fee33c5a6a04ece95 SSDeep: 6144:92ioay0003ukNy7JWJLgxbqZZdfMRWtibAY8MQtCCh2FMNRmJDtenUwsE15:8iVy0003RKWKbqaWti0YekFMzvUw55 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | 2.71 MB |
MD5:
8b119ae6521f012083674bdf563defae
SHA1: 5063ba317eee1a7c871d4c84fc0fa32389ecb473 SHA256: 7575b70d35a0cc3f46a2aca6ffd29b8f56652c6e1e426b0f5fe5e96565247491 SSDeep: 24576:J4uRh4AF7vfjQyiuBBa/MDexAy6MaLb2Xz4Y+Rg77b9BHq1WInCm9UeKkFMwxi:nOAFjtiia/fxAuz4YiKvjHKnvWeLFZi |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 2.43 MB |
MD5:
6818a9e6df2fc6a2cf2237842df44540
SHA1: 7c3a43db57cbabe6975b2ee22212bf713fbfa9ed SHA256: b5a3df01f2ea8983c6e06b6b2e03ac2871841febe9cd8125bc047b0d7025ba1b SSDeep: 49152:aU0NzxBTEWxeKLOIHWgnEigkM/r08rM7Kecu+Oq:aU4OINRKr0p1P+P |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 2.93 MB |
MD5:
73065d3f2c724c9e9a64535cb221fa0c
SHA1: 7cdd681c4c622955f463ad623ff5b6aceef858bd SHA256: 4a974af7e41e1c22ba5ebc78043164722cc6e7a5da68951e213c127c9288c5b6 SSDeep: 6144:iwDrAQct+9OqXVWrVOwx5ymXYXvCyc/XHLysJ0sFB+0yCR6KbaUo7i2f+Fpfv:B/NVqm0YdqXr0sF1XbaUJ2fepfv |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 500.47 KB |
MD5:
7de9da1b8c19e4783f7be07695f171e4
SHA1: 8a5a7f9fff8d600e4ad73d79b78a7c904fdb3325 SHA256: c10c8215fc09def1ddf0ca5c4ea792793e744262bf690a56d343a8e453f0ff9f SSDeep: 12288:WBELstHL+MsHpRPJAaiEYsXXzUPXcEk/Sf2NRkjKC6gNmQL9+IBG:SfH69p71iuYPXUIjf6gNmEsIBG |
|
|
| \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 140.96 KB |
MD5:
84c835dc5a2a70e9097f3733349d008e
SHA1: f1bfac1ae5cd2451ceb812ecf71bae8ecfa55e00 SHA256: 34190e9e9040a6c6a2de780aeeb19c0abb8d1bbc7145da6c9f6cf59de597dc0a SSDeep: 3072:x44ijBhBPgfJy3hVlmZYRKleJXdM//qUkpgNkEeW:xNidhtgfJyxzfoqUkp0VeW |
|
|
| \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | 418 bytes |
MD5:
3f7c5389d45b54294ed370afa7076562
SHA1: bf0adbbd107f8601b6562bd2ad79aa715ef6b9cc SHA256: 1f16ecfe80328561a78b4e13bce3738a555bb2e04dc5922e9295d71a834bcc88 SSDeep: 6:hYskGS0o7VEy3SRpYyx08K9NltVmapEWsIjTj7Unr91PVJyFZliYDEcbwRKuQ:isQ6yiRAFLl/mapxsIjT/+bryEAjwIf |
|
|
| \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id[B4197730-0115].[fileisafe@tuta.io].actin | 866 bytes |
MD5:
4a8075397dc61bb34dea8792634bfccc
SHA1: bae249ea0d826bfb2d36f56a4c6bb3f7a240a4ff SHA256: 1fd0b38a09a22b9f8fc6ef9bd1eee0f8012f62ec41ae1695ebf1d3d7f22e8cb5 SSDeep: 24:5NJ6lVjdOB7FBBY7qpfUrhOVe054aMHCDlzrPAn:snkBJU7q8rcea4aZ53An |
|
|
| \\?\C:\$GetCurrent\SafeOS\preoobe.cmd.id[B4197730-0115].[fileisafe@tuta.io].actin | 322 bytes |
MD5:
dc55e7520093de6060894a4f9cf5103d
SHA1: 59f831f3357bc8d93b1a568ffe7c48337924a2fb SHA256: a8bfcf6b7d4259e54e8d71cb3caf005eb4784d1213831220f8b4e26b10ae6afb SSDeep: 6:PjSnDix/4QU/AvO1Cg791PVJyFZliYDEcbwRSQ:byit4KO1JrryEAjwV |
|
|
| \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | 386 bytes |
MD5:
b0a9bd564b87a25d75bef35978f10bb3
SHA1: 99c007a6228c3e7c2db82b7ab94f76565a12f6e4 SHA256: 0c4915e2a61149c9aaee0a7ce12e7d352f0b4d1655c9f6827af3ffad8f32971c SSDeep: 6:okipCUgS8v+zLv2VEzalzepLMWghXSsb91PVJyFZliYDEcbwRSQ:ok6CUh8WnvZOsDAryEAjwV |
|
|
| \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id[B4197730-0115].[fileisafe@tuta.io].actin | 322 bytes |
MD5:
b724a29b502368ea82d169dbe388529e
SHA1: 0a7ae29e340c48aa16fa4851e9a0c934d17f2732 SHA256: ad531f0168ad18a67ed759d08e1cb29a15be9e103680eef68204a4dce2c9619d SSDeep: 6:OGWIW50+WeZ8m8J6Q5Mtol791PVJyFZliYDEcbwRVQ:OjWa8m8J5ryEAjwk |
|
|
| \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 72.74 KB |
MD5:
e7a671038795457ed1ceb33a9ea0a356
SHA1: ed7a16dd07162d35c61b66e8120aa6f4d0a0da0e SHA256: 3809862302a5dce4cf51c81cc24827e0bcee84c36ccff93356e57575dc540ab5 SSDeep: 1536:+15uCaIF7/s6nHIi9p8xNg6yFhbIr0zHLcTkUJ:SuRm7nyxNg6mIrTTtJ |
|
|
| \\?\C:\588bce7c90097ed212\1025\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 17.10 KB |
MD5:
ea0833959ae6de29102d5fcbd52549c8
SHA1: 62b49fc01a8956ab08db8a0946ec96be569379ba SHA256: 0bc080f5b90870b1b743ca9aedb9765217c0d6d7fbb8b32a6f8e985602fc3134 SSDeep: 384:PM96B/juC3e5DKanf/gTNsCZUTEkzYyhr8seREf101lCAX:PM96FKCwCVZUTFY6zeqfq1Ii |
|
|
| \\?\C:\588bce7c90097ed212\1028\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 6.41 KB |
MD5:
7af0064c72cd27d9c288d834d78b0fad
SHA1: 1bf7e7733347c8ccc91042837d10279764355274 SHA256: a98706ac0ff478b611b762486bd00e3197f1b57bdd66fbd46b686a99410ce1d5 SSDeep: 96:58cJE8Si6S5C3O9hzmhK97JuySqRqO/4SYo4KNtqcYYBPSzNNuGqBpwAe:bJdDC3mmDySNJ/ySz3SB2Ae |
|
|
| \\?\C:\588bce7c90097ed212\1029\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.88 KB |
MD5:
307eb9fe1ee2c06b45187f4ce4d5d9e0
SHA1: a503eeae27dc5abb30d91841b97f7952bb2adffd SHA256: 8d9317247cbe48fdb2d6fcfc436b1eadf5e869994d013c11ce53341eaa965efb SSDeep: 96:5Hk8xDxIDTfmznrCkWTc0HcUERWxPWKo1jipn7Gvy1eI/qiAe:51M3mPWTc08UImPWt1Yk6Ae |
|
|
| \\?\C:\588bce7c90097ed212\1029\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.10 KB |
MD5:
778973a9fb33cbc223eaa810f01a918b
SHA1: 3d0ea83283bf3657ba740fbd546c4bf15d3eda74 SHA256: 2cf3c7ffdf9405474b52a0387f7f1e7580b830b32e86773896182c473e4ea07a SSDeep: 384:A0Uc/mHxr7zaHbSNzVDG1Gq2pG+M5b1SQz233Mv2y9H+cAX:AxHxr/aH+FVa1GqnTSZnci |
|
|
| \\?\C:\588bce7c90097ed212\1030\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.49 KB |
MD5:
bb3da7884cb132a4638d33efd077a16d
SHA1: 1e3999f5239dea84e31f14a447677ef81d357b12 SHA256: e410849dca361a488e275f68a7c299efb54fb61d21e8ce1ac8b94d28a6bbc3bc SSDeep: 48:SPxGUHwzJEuvvPWuNQ+d4OWsHip0SxwzMtJi/DRSCFXmJnSuZ+B6VoEnN/11rI2x:awzJJXC+K220FAtY/DESddGN35oVaAe |
|
|
| \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 76.19 KB |
MD5:
3ae8115edf81db6614c0e79da454ae8f
SHA1: 5afda253431aeec094bce8d70c3c0bd7b58e15db SHA256: 1bfd96d2253574d46871c0d606a24d828c2ba1334c8c744f0c969868b26bc1bf SSDeep: 1536:7cxjXwqOo3+RaTE5YHM4wSvDG4Yxhnvp9DhJysEn7uUb2d2:X9g6OEVhSbG4YrD3ZEn7u0Y2 |
|
|
| \\?\C:\588bce7c90097ed212\1030\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.10 KB |
MD5:
7d40d05a63458c524120f2bcc8be05ac
SHA1: 73e42241bb6e97f493f5406a5ef9ea78d37d716d SHA256: 54a0a623412d7ae1395bf6c0a33ef96e6d23db8a5a7d8d233a09697a0bece457 SSDeep: 384:5LUeHVT2hW6B9CF4dOLQCNdxfw90d+b16Rj1Jyq5tNEbXxXAX:5LUKR2sS9C+dOcex60dVj3D5wxXi |
|
|
| \\?\C:\588bce7c90097ed212\1032\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 8.91 KB |
MD5:
a2b58c3aa73da8d57ccf5addfd38711e
SHA1: 97ceb929f2cbb1ae1c5e6f9306ebf12c4992f504 SHA256: 50bed187f5211147a5e0dffc5e9c6878fadf76733eedf8d4d14a81e3b33530ea SSDeep: 192:y/z088y1chj0XjqhD4wcj4iNGqXitmjy5JAoIoAe:0l8ymAXOhX+oqjjy5JTAe |
|
|
| \\?\C:\588bce7c90097ed212\1032\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.10 KB |
MD5:
3fcc0e90044c5de68759cb162ac44137
SHA1: 2821cd59612397db5baabb81131250e415a5fd9f SHA256: d950f460d906189a6c49a8e3acce4688a30caf2c9809e636c209906adfe109fa SSDeep: 384:dOaPFB7EnkNrEpWV4c0Rr2I4rV83cp4PCzKky3ZQTPPnFAX:sW/9NYoKtxcp4PCkZk3Fi |
|
|
| \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 75.47 KB |
MD5:
12fc64531431ae42a1946dafcd9dafb7
SHA1: d92335de8431f73cd28b79594075b8f5401bb9e8 SHA256: 421119f26c00e6c9aaa5ade7ae6cf4f63ccffab312c21d99a6e3eafdc6b225e0 SSDeep: 1536:S85AmwNR4MqAdYr07aXeGo8cdsc642NRDVTLE3AkbV0QuD2alUp8EH2:SqOR4MqdrSLFdv64aDVTAQd9DoeEW |
|
|
| \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 75.69 KB |
MD5:
136b9df4b992a4c0b9a14d4fba0cbf61
SHA1: 188aa69e6b5fe253c0903dd51576c2f28b60eb7c SHA256: 1d5e924ca58ea46ca1f001bfce87b30eb8c8b19aebabac4a3bd835dd063014ef SSDeep: 1536:AVMm5PAAr2ObI7+hIdcZVGWwvhq6WQ68N0y0NcqzgHDMhNUHYc+FM1rYR3ItYxvN:AV5Zm+hIWVGrwc69y0RgHI21oBlI6f |
|
|
| \\?\C:\588bce7c90097ed212\1037\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 6.94 KB |
MD5:
f2335b6dcb86bc1e914b364f8d927c64
SHA1: 6b201d807ff9451d45f925af2bde59cfd95458ac SHA256: 6d7bbec52797fc7e400f861ef53d6235ede9113459528bc05b146438c1a49604 SSDeep: 192:WCbzHBleK8AZCDweREVr6TVQm+WXgSwKGqzAe:WCvhleK5ZCbRgcV9XgIdzAe |
|
|
| \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 70.64 KB |
MD5:
f28f1b41e8bdbef12667e6a2a0d9c258
SHA1: ba89f60e613cda8447b4128da8d6b431c7424edb SHA256: 704fb91b971b8de586defc851da8e71a6527a8e5818a12c61364071ef6e989cc SSDeep: 1536:Ka4rPDyJlCZoNr/ejpS/TGaFbWtsMsOfgvuVoZsCeLf:Z4rPDyJlCR1SbGiCukyuVoZsCeLf |
|
|
| \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 81.28 KB |
MD5:
47472e258534c69cc161a87acd99d462
SHA1: 6e8ea684ee270e1eba869d4defc339128d490997 SHA256: 69641700f35df1b885edf78a84465cf9c1eb32958cee08af0da3686e0109fb77 SSDeep: 1536:J85B1cZK/K4+3eNQ65vBIcCJ3J56Hkq47hcJm46XfE7jzvztV3f9t:3ZFzkccC16H2lcJmtPQz7tVVt |
|
|
| \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 78.44 KB |
MD5:
dff8496ff779340bd3ad51f514f95b09
SHA1: 9bfc25fc0b575fa1a48d671d2bab1bc35c5e103a SHA256: 1b976fcf8bbf9e4600523a5cf7c066ccffa836de21a28858b1ccac3cf39a0df5 SSDeep: 1536:OhFKOe5jmkYQIp8Vz0cfVHGYOyR1WAKG5PzeJGrtkAlHlrmxQ2XJi:OSOe5SnQq8Vz9VmS1WAKWaUBzB8xRXJi |
|
|
| \\?\C:\588bce7c90097ed212\1041\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 10.13 KB |
MD5:
ff04acd2f938a2afbb9906614d252504
SHA1: 6ccab69634aa997367330536e2cb132137ef8707 SHA256: dcdbffe2adcf9d6b363eb76e0ba0c24b85d62a91fb8418efab6487dd6a452ba3 SSDeep: 192:fOVpShu6RzYSjviIMvuL7YZ6i4mgIKkCO1sAx86zj4lgE0ehnpcUvq0obl5zeV3j:w8YqzPieL7YZhzgIKkwAO4U0oAx5zsAe |
|
|
| \\?\C:\588bce7c90097ed212\1041\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 15.60 KB |
MD5:
8ddf3dd62c79217d27fbac85cfa72c47
SHA1: a1908d35eaaf258b80215d155762ff1dc9f22361 SHA256: d14ba208256eaf8f835650cdecbeb12993a2ca203ab5bbfa0c2f5dcda4346199 SSDeep: 384:lXQEs+cux6LTTxqtlwtT2V9OcbAW4k54EvulyULAX:lAEbcuM2UTCwIAvxDi |
|
|
| \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 78.03 KB |
MD5:
a94937c7daf1125bca8a9999541cd366
SHA1: c6d0461ebb736316134d5bc30f77ca46a93a97f3 SHA256: a0825dec420a3435b527e8cec3fc08609a9af06547921481e19b7cbb6dd17d8d SSDeep: 1536:EAx4sRaLm18lT9CLI7oKlImWp2b9GQo95k6527K5bmUXV0k0UIjJyr:EAx4sRaLpJ7o4IB2sQ+5k658K5f0keG |
|
|
| \\?\C:\588bce7c90097ed212\1044\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.22 KB |
MD5:
3d26526cef3353ec94f4eec5087e3bc1
SHA1: 2d1974b16ab451a1e85687525086953b5f82b14a SHA256: 1f4ea173e689e5805bac8a6e9dd29187df4f2eab41f183ff7e992ae52ace0ca0 SSDeep: 96:lKZ5kK1lCIhIdqSPL5T/5M7T0GewbfUTGiuq00KJ8MAe:lpmlCI0qAtBM7T0QbcGiul0KJxAe |
|
|
| \\?\C:\588bce7c90097ed212\1042\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 15.10 KB |
MD5:
28a366334a8be3cb9368c206ca08aaab
SHA1: 1bab35e1ffe883f069c181fe5c7874afbbf4b4ca SHA256: d67ff6004acdd4b2acc9cd51d8a8a9651b1055c19e7a1f3b480a14fd7e7efb86 SSDeep: 384:a0ajRtJ0nLiIPgJ9QshBNh47FScqeIeQxksAX:ByoLi79NEIcMXx7i |
|
|
| \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 80.71 KB |
MD5:
f4fddb5fff6d6d8fa9a1cf92ad58b579
SHA1: bc01c3c174f919a10ca824c2ad53eec851b5cfb3 SHA256: 0335b2e783d0ae77985bd2408fe10796a802eacd22349aea5ce2a0731bf9c9d6 SSDeep: 1536:h1aaFTAUiC3z7WASAvv72lvWdHHW0AFDC5+/Yy/LE6ek9erP:nm+WASc8WdH2HFF3Y6ek9erP |
|
|
| \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 77.71 KB |
MD5:
3511531788a60822196e08f180128a97
SHA1: 5dcc8e405191fffb2def6b633a6adc7f5ef54e4f SHA256: be224edf3e1403b7c9cc98f50adf3c075b5f6186679152d1882dde4da5e360e2 SSDeep: 1536:Ly4i/kLbVE+GhQIwDvLn3JOB6A9BOfZ/1IhqfCkLHnJrmRsFoyp+Ua:LyHkAeIw/0B6A6RNBxzJmRupA |
|
|
| \\?\C:\Program Files\Microsoft Office\root\Office16\1033\DBSAMPLE.MDB.id[B4197730-0115].[fileisafe@tuta.io].actin | 496.25 KB |
MD5:
749f3c220afd25e344a41e4228057b0d
SHA1: 84cfa804bc3969d178d33b2cda67d1c18eccb136 SHA256: a0844e5cbfcc910e48cca9c8b0855dae2d19791fece461dc0cbb16052d6260c9 SSDeep: 12288:7aE3d3c700A7sE6rSZs6lIhuL6O8bZttyW9qdHNvD914:7L3ds700vPyhOEsN3oHNvDT4 |
|
|
| \\?\C:\588bce7c90097ed212\1046\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.85 KB |
MD5:
c2baf875fe1b83a29e43ba16021ff06f
SHA1: 8e32628c7a9160883c88ca4eff6c54be0a55a30b SHA256: 9a7ad9faf8df2078269c26e782b067f53db4a4486657fa4f96146da9a16e0d2b SSDeep: 96:PBAK9OnAIvivlErUtw0cRsCdMi06t4b+4y5lSaHF8p5GvRoCUk6qhOPAe:PauOaNErUtVcRsyMn6t4bc+alWGvR5Ux |
|
|
| \\?\C:\588bce7c90097ed212\1049\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 53.42 KB |
MD5:
b28b4132681c20efbf080bf082b2fcfa
SHA1: 3a1e9b627806db1e2e153f3428e0b6ca9ac62e3e SHA256: 00a85372e02bf6e95f88f15c352758036a3eaa00e0c769ba8bf9eb2eb93c69f6 SSDeep: 768:CshRCnz0qFmOQG2cg6n+wnWpCTehjXGGcYw+6cjVk/2pkNT99MQqOAD4V7sE0ZnG:X/CzKN6zntejXb61/BT99MDOUG7rFb |
|
|
| \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 79.83 KB |
MD5:
3784e2df9ccd37a44513d45b31045b70
SHA1: 71c7c59eec8bdf058e83d7df02c29eef4dc03bd4 SHA256: af50e9fd87d7d6fadc573b0f7ddceab805190033e2523ec3cc20b294f73b62b8 SSDeep: 1536:HvvDWkmwLLEZj4C3NPBBanLxD6uYteuyhs0ByqGeWjY9yoGTKOifbg86:H364LLckC3NPBB+NORMuy9JG/Y91GyfO |
|
|
| \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 79.11 KB |
MD5:
f4839b992c354ff0764a3c4d72101a22
SHA1: 94facc9e159db304c003689eaeaa5c92cac1aaea SHA256: 7be49c0f1916e6cb61950f7725454d9721d9a3c6c82525b4b8737b92c45b0466 SSDeep: 1536:CTMEKxGGwGvR52pitQwucKgxbnwyDP1unZqujsE1KUi0Ky/B/:+K9p50fbYbwyDSHPZiny/B/ |
|
|
| \\?\C:\588bce7c90097ed212\2070\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | 4.16 KB |
MD5:
df97605006c1991e562362ba92e723a1
SHA1: d70fb4c47e4d35396230a3be0c91ba389c2a858f SHA256: 6de1928ff80d4ecc71e2b63195d2ceba7c8866bcf73f0288d9a31248ae69897c SSDeep: 96:Iw8ifA5nso4z/Mn/3R6MBq1s8/6DmfezC3c7sYEU+LBdIvoic3Ae:QmAa7/KdSH69i0oh3Ae |
|
|
| \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 75.28 KB |
MD5:
4989c3f117acb6962304b56f7e27efa4
SHA1: 395e93554a0b31b8a7149d96251fe614fc8d0515 SHA256: 2f42e41e86fecec1381d673f5c17ee2a8d8d9a26058c9b0bd3ea39ee300ab7da SSDeep: 1536:edXAscHl6WtFnGpzU8VxuipL8QMduBHB3VhruOFOlY+hF:+IptFnn85N8Q42HZuPW+X |
|
|
| \\?\C:\588bce7c90097ed212\2070\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.60 KB |
MD5:
41652340685460dc7195532f8b3c90eb
SHA1: cc28be5a6c626f90298dba119531cbf480ac5818 SHA256: 04f3807d8dc5870881cd91a3c4c7823ae345dc9ff25d2de93116cda5256f9711 SSDeep: 384:ToLbEF6wOkpx0JpWQw9K+z0P9xdH4hcDFvAayaul3mlDQiAX:ULbXApCJY5QPJH4+hvzyayWlcii |
|
|
| \\?\C:\588bce7c90097ed212\3082\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.60 KB |
MD5:
807d0239f56f021aeaa88c17ff224eee
SHA1: fc855f2e8ad07df0addd54eca633fc974b3ed5c4 SHA256: 3db6b0d5f4d6e2cc138d8cba2c565ae446cae3fb18912b8db631a7bdfb805aa5 SSDeep: 384:XEw7Y7FOnJhfrhZP6vEYnnkQyw97/gzNJjfAX:Xy7GJ9h16vEof9iNFi |
|
|
| \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 197.33 KB |
MD5:
ca3f4c0e49fbf860cac251aee732d6ce
SHA1: 35c71002d23a9a940e9b97d0bf85625427a154ea SHA256: 37d7fc2f3633bb1c9221ca9bb8c43e1a069a8490c026b001dd0cacbe9c772262 SSDeep: 6144:63NUvOLmf9Rv7f8/tNkTjFpThC/LhWlzUbP:WOzff7QHkTjFpCUlW |
|
|
| \\?\C:\588bce7c90097ed212\DisplayIcon.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 86.71 KB |
MD5:
235cccca130d4de5f3f8ecc775ef8d88
SHA1: 042795677f98b35feb7ea358e49598059e0a5efb SHA256: 9ccc70515b5d21ba9fc6b5ce8c9375e91db80011e46658bf5ac5f3042df5d6a6 SSDeep: 1536:wd5WJZdVEyTS4RVQrmvbEwtwve5vnXwI7VsEzXvvw8/vy8Lg:wdOZdVEyTSaVQ2iqJrv4IzLg |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Print.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.36 KB |
MD5:
917a90d6168cc313946a2730013fe380
SHA1: 7e8b5b6d9032988a15bab60ed0ed10df933c6d72 SHA256: 885d7a8a3935f00c4a7fc62f8b0bb762bd3e2a672b361b5d3cdbc47bf29b0db1 SSDeep: 24:5kDdBrFXLGn3EtWhTkFVDSxh0XWZGBxp4uhiP6Nta6fESlQIvPhR5SrPAe:SDddqTkMLuhjDxMSlQAZMAe |
|
|
| \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 38.38 KB |
MD5:
630a4ebd14e0a71606ebe4d4297c0768
SHA1: 8007477e8ab9b80dc68f72a88779062ba4a0bcd8 SHA256: ba4fe51f1ee77fd2b04f7c543a2e4d8d2e67f1a8e58c04eb006a87499a1c9d8f SSDeep: 768:S9sEr57CgMeYttWXPA2Wtd7hSFmnXivJXafpmpVWgT1UgzpMJ0dRwt6Tl2YT97M7:ysW5eTaX++mXiEij1+qdRQ42YTu |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.11 KB |
MD5:
1b03a7c11cd3492cf998a1dcbd2a1498
SHA1: 369955a9d515ff4d43d9fb14983b197fdabf4518 SHA256: 56301de9076aa20448fe15f3db333bfaf814a9b703f8e99397f8408961ba9c76 SSDeep: 24:82CHycCBvbC1zwaZa81o3jye6Krbai7fDaHyWurrPAe:JCHbCJKk0gee6Qai7f2evAe |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.11 KB |
MD5:
005876b98f6ae2528d015f0136846e07
SHA1: ee2f4ca637d90fbd505acd87724c280855316010 SHA256: 9cc55b3ac4174201b1047d9b4a493d9a16eed201cefb011c62e9d7a436d666fa SSDeep: 24:OUUpJnvBTjC/LCIl3SdkVCBvwSoWtnQfpNDEEdHn9DrPAe:OUUpRpu/LCI5SdzYS1QfpNDbbAe |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.38 KB |
MD5:
7843ceb10d5723dabaea413597129ce7
SHA1: 598e3f8ccb5b825ba05aa3c7d7ffdc99ffa5e1ba SHA256: 83f480ec9a7268816c4e38e1ffa59c91a3fa93f8419de6864ae2d4bd5485af32 SSDeep: 24:YPCw7Y726mvvEDsgS6HLp+9hXiICqljCS7UKif+wBzbFyd2BGrPAX:BUixmvvgSC1+9FC8ZQKif+wBzhK2B4AX |
|
|
| \\?\C:\588bce7c90097ed212\header.bmp.id[B4197730-0115].[fileisafe@tuta.io].actin | 3.78 KB |
MD5:
8f2e02f90f586a9acf0775871f260e9b
SHA1: feb43d2f44de380e729fd9df9ba8123a3847e9fe SHA256: 6969b898be5d3b44392bfbacea15ac02ae4660a8a3edc51aa8c4867bae1cbed7 SSDeep: 96:h0+bjSCrtRxo/X1GgIYbQXaQJEiXVXFUM1lMd9UljliXZfAe:h0OjrqFG4HMx1UMc9UljlIfAe |
|
|
| \\?\C:\588bce7c90097ed212\Graphics\Save.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.36 KB |
MD5:
70dd82316bc436a343ea0484a5e7f817
SHA1: 5f8a5d9d90bd6d042029347e0c59b3cd35db910f SHA256: 6b9b10bf49a8767f9dc9a51e7cea1e9924191c037363b36d6147a09e03fea820 SSDeep: 24:2mEdILpidA5l68nml3HEjzuiFDGFPR5qZxVlsMj7lQrPAe:3Edojn+cqipYR4Zxbf7lWAe |
|
|
| \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.11 MB |
MD5:
27c3e13768705edcaeb9bd0b034654a0
SHA1: a51eadd8a5995336bf4e4c0e700ae3ecdde54b90 SHA256: 23cb36141e6a30bd0b2a17ff871c49056f2f90bd18a58a71512ee87a31da9d26 SSDeep: 24576:c2ISthvGCpiUXf00RDCDSoApE3wvDCHTAKqm0pC16VQO3UuG2/C:c2IStoCpiUs04S20+zimLXOUc6 |
|
|
| \\?\C:\588bce7c90097ed212\netfx_Extended.mzz.id[B4197730-0115].[fileisafe@tuta.io].actin | 41.88 MB |
MD5:
b790da90d0c6c3db2d470430d72b0adf
SHA1: ba28aaf3de47f780fd99f939c6190d4a029b4166 SHA256: 9079e442aee573d221fa746a405405a2553f60de994e7db863d6eb28640df578 SSDeep: 49152:cpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwTse9QOH:CtZKH2mALErq2nt7rvfI+vZpfQ |
|
|
| \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | 852.27 KB |
MD5:
51bd2cc252170d5ab6579e159a5ed419
SHA1: a91019a1b68703c642bf8afc32b78011c062c03f SHA256: 120621944120e590911eabc40c6ce0a34a3ac7a0713abafc30c0dbc19831cac2 SSDeep: 24576:zYHyl8kiF2t+SZA6td5X5YVyMqX8YDmt0dEUcb6pyX:zv8TF2wSXtd5J1MqX1EUcbv |
|
|
| \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | 484.27 KB |
MD5:
82c00d7fe2ac62d5dff5ecacfd3140b3
SHA1: e4a7e81ea69be406f19a0b84d0472650a216869b SHA256: 027c8021feb85e92a3675d7c4b0b586d5d4c50c2a54fbfacacaa2458b7a2184e SSDeep: 12288:t7bQnRdIGFo/mfrlnEJt/CxehRalhuYNDx:t7b2RdIQouJEJt6CEbuK |
|
|
| \\?\C:\588bce7c90097ed212\ParameterInfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 265.92 KB |
MD5:
8a3fae4786f75a44b0db94ba7af0034a
SHA1: 16fd8633f65ab2307511ffcb9183f199a34a1519 SHA256: fc3ae9771ea9d51f8136614f3dbe41dcfaa9507316af3e71bfb6473c6494860c SSDeep: 6144:0ubirHTcN5QMxDjeO0fwqEf7hviMkp/8KzvKEgbVwoyo3baros0Sd6cZ:0u+0N51jeO04qEDoMklzvKvTLaro/Sdz |
|
|
| \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | 180.77 KB |
MD5:
5bde61ffeb3550cb69426b1e8aea71dc
SHA1: a23110cb820c666cdcbf18e728a4ffacbce91202 SHA256: d574b7b46dba902b34f3edd1443cd88cdad9ae83e9b447432c06e7779cff2452 SSDeep: 3072:HArSpcG8llzvOfLPG1qUDuDLSMLniX10qCZNSa2o181BUBR6Lh9KKth:H5SGa8fLPeqouDHitENha14cTfth |
|
|
| \\?\C:\588bce7c90097ed212\SetupEngine.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 788.58 KB |
MD5:
de5f6a0983c3b53db10cd5a12dd5bd97
SHA1: 8e1f25d9338ef84a46777d8726de3b4db3570580 SHA256: c9d1daf6c939beb87db4864cd630998f2988bc8827ae2011d2114373934dbd9c SSDeep: 24576:Ry8IET/ImniJW2QhuhznwQyJehfC/Dt5r:c8FTbiJaarwQ1fCJ5r |
|
|
| \\?\C:\588bce7c90097ed212\SetupUi.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 288.58 KB |
MD5:
95b5fe7a585ef2d5d36be383ee208680
SHA1: 8e0ae79382dc935c004561adae054f3d68cf8eef SHA256: 1b9a5b1d36179f0d0a24699d0c5ef6252d3b3d08279af775602cb3c2ee2acf0b SSDeep: 6144:B3XmsnitHMO0ZLpQtoxTRXDEJ9jC//J9DJwcljihIsbEArASk/IA:B3WsqHqZOoTesJnnlOiyrASmn |
|
|
| \\?\C:\588bce7c90097ed212\UiInfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | 38.24 KB |
MD5:
4fdc152480ee69363dcf36f6294b235b
SHA1: 05a4b6d221bf7dba9af6f085888d5e172f024f38 SHA256: 4ee1c8a7cac03d811d85c6dd61318140ce38ff4cbadd1d841938168f34eeccf3 SSDeep: 768:UIi5RhNGYYpfZcjAtykYiBUobgrSAD7EhSN2ECvkiF6q4w/bnkyOEcEXz9HS/i7:UIiFMYKfajUykYO91ADfIkidD7/c4lSG |
|
|
| \\?\C:\588bce7c90097ed212\watermark.bmp.id[B4197730-0115].[fileisafe@tuta.io].actin | 101.88 KB |
MD5:
4f3574411a93b8b87442f4d87816be8f
SHA1: 01698d9fb59d20b05c8b9a584ec43e679810d372 SHA256: 9227c576d559fb0e8bd56054cb16fe905dfaef7b7160d872667b9a33db13e693 SSDeep: 3072:X8iC2cPd+wyZSba8s2u4ikspzodjWPb7Epum:XQjPZe8s2u4vsp0djWnq |
|
|
| \\?\C:\588bce7c90097ed212\SplashScreen.bmp.id[B4197730-0115].[fileisafe@tuta.io].actin | 40.38 KB |
MD5:
7efd02a51919868a7f93b3f3e8a9b1b0
SHA1: c04f408a972824d70be3fd3a454551399fa0a3c0 SHA256: e4b34c771daa728793cef014c0e3079d1900d061ea528a7f3fd030173fac49a7 SSDeep: 768:Ud+cgrDfMnmPMx1YypQMVk4NmY3yST5X58XD2cqvfImHd+upi:U0VrYnWQ1YyycNNrT5agtHd+uI |
|
|
| \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-0115].[fileisafe@tuta.io].actin | 5.71 MB |
MD5:
15e4c53398a1718558bce47d0997a80a
SHA1: 2d8bd056277be4b58b91d88e5b466f450b50c95e SHA256: 38db87aacd2c798689a6cf2a7b9b1100bc7b5816aebf3910d38c817f0e2b1db4 SSDeep: 98304:uuEAUjb7BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKUufFalvDTF/:e3PBkOK2Knq45mY4H5OMKkKtN+nF/ |
|
|
| \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id[B4197730-0115].[fileisafe@tuta.io].actin | 2.84 MB |
MD5:
52fb0595caebe1debede1c623d61fdf8
SHA1: 1b09a22ceedb86ff6c3dd8e0f470bccddfb57e3b SHA256: b92a5ade413db0854453d758201239b94a82ab56a225142ef67d7def24281323 SSDeep: 49152:WV4YaGoDumT1r7AdXZy9KU2KUYxs35DKZ3OIKoabMQ1ruyCVv+20hRedBU1:WV4Yab1PAdXZzKUYxs3pKZnKoaHuyCVw |
|
|
| \\?\C:\Boot\BOOTSTAT.DAT.id[B4197730-0115].[fileisafe@tuta.io].actin | 64.25 KB |
MD5:
f2e72fd6befbeab69abae2b32e1cf424
SHA1: 7f9cd95227d00654667685e685b4c59fc32c3313 SHA256: d4fe3a794f2f5578d9bf5e4abef6b3180cc212c171235e46367ab7a8d3a3d5c5 SSDeep: 1536:xCFQdv5H9o9H3QGnGR86AAb/YYeZpg5aCH7Mx4:xXhH9qH3QjtAileZLaMx4 |
|
|
| \\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.27 KB |
MD5:
5ff1c09a50bf118a8f4f392606a38121
SHA1: 0b82ccf7e33e90698db92e2d1317c9197ac0f0b7 SHA256: dc58e7f9112738cff8fabbbdce86a6906c2566d9f821eabf73cf47399faa803a SSDeep: 1536:segt7dctFMmZ22Mnux4lgxY+1Uaq10m19BNC0GvWUQv:bo7E+CCux4Xa47/0BK |
|
|
| \\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.27 KB |
MD5:
90603a3dc54eaeede88e2099d9c842a7
SHA1: 481a2be8062d76d883f6619169054afdd41a3c4c SHA256: 79d4d3ceaf0579da6ab971229a1d3e39a96b20cf3d998ed33a085e4532d8f09f SSDeep: 1536:mubm3oamYwu+0CKAVALmyg4zpip2z7JQ1Z6phI2hvJeC4TopT:Tm7mYv1FOATg4YcQGpe2RJeCppT |
|
|
| \\?\C:\Logs\Key Management Service.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.28 KB |
MD5:
3bec933495e152c114f371806ffd0000
SHA1: aeeb04e27fb5e44c19240649fae3f12cfbe6f2a1 SHA256: 118fceb0bdfe032c1e42f08d491cbaeec347d39909c5708c0d3d27ca28a61894 SSDeep: 768:akcXjvqyiCcWHjhnSyOFZcNedOvlE6eNG4Ev7FpRTPhZP9cM/lWcRmzcHaBG5mBF:ujQAHjhnfOFSZvWSvFbOM/wQaBsy6mt |
|
|
| \\?\C:\Logs\Application.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.27 KB |
MD5:
916bc8c5179ff07e8941fcecc5468cbf
SHA1: a8f072da08e7fbbb65a41df96838e4bdc2361bf6 SHA256: 43b99ce482589ef3408ddf9fb92d785386d68905e0ef96763099ef2d24a6aeb2 SSDeep: 1536:clUTDFccZwA7a2Sdrf6aQsIY5MtjS6fWoTpFOiRAe:asDFjwA7a2SA0IYCtPpFRT |
|
|
| \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.38 KB |
MD5:
e3c47e16526fa9a4be8b1f2872871dd6
SHA1: 293871113607ccdc9f0d442f793fe33855fe5f63 SHA256: 9a26f3575b91d2216156d14ae9b3be0808dcd25391cfc287bd2634d3225bb3cd SSDeep: 1536:9sgs4EFUg9ngif9Q7G+cX92l6ifny5EYf1NlsPPoHx2TXXjmsYLY8:KzF59nggt1ivy5EY7OPPoR2fmjx |
|
|
| \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
307bd8fa8ea00591e99fc27ff27443db
SHA1: 172c860470e84c72e30482bb2951b6cabe74e286 SHA256: 4d297b4b7ff9e0c8afd6349a68888438d00a4eef95912f47da09a4d8f441e4e4 SSDeep: 1536:gIahsGlydoDLiQs05YGvxXzKOlwyM70DaKXpC5Ukb/89r1y73:gIBGlydoD2Qs0KGvxrOm9abbp |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
8036aad071380250d263ad680299fc04
SHA1: 50b66e977b64d829f0640bf6fe54fb2f61ee4a61 SHA256: 3cdbd91f33f393d0f6ad013ed40a123211f569814e6d14759b17235edf3858d9 SSDeep: 1536:IQ3YGl0Oe7OVJBDVDrythV6XParz66XrKSQSV:pYGlMCr5BXCz66bKSRV |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.35 KB |
MD5:
cee34bf29e1df7a1a7e94a84230f04d3
SHA1: f38e07db031aeae5458568d06ece1e6cfbdb9f52 SHA256: 30d3d53ce771195c881a9d6919c5a3f9562ca8de2e3aa526958189b0bc48eb04 SSDeep: 1536:WxHlWky0uFTCU49m0YfOP+sRZzV2ssouXqPqpaPP9pKmt52dYs6R:oW50g0YNaVSqyaX9pKAuYNR |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
a82f996d4d7646402227c5c33a1b0e1f
SHA1: 440d626f6126d964ee2f0821f86a3d5a0b0a22b5 SHA256: dd5aafd3a029f610f8f3611c83e97df8e9118eed258e2bcea0f942db9793102f SSDeep: 1536:kaa7zgnQy7xQ+oiLjaJYLDoIUdlzhc9TYS4+MsttzrlUaO:kjzgnQkqQII+hOTYTsNu |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
d313ec1b2f52bfb0b9280b4cfdbbfa3c
SHA1: a63f6cd119e40957b182d2cb079c9009a551eea5 SHA256: f0d419bc78ff1005a0b92b925110a28a86047a2166c8ec59201d6afbccc72ba2 SSDeep: 1536:/zJ7D/IXExnkHe999zOP+Gn2j8a3pay4Mx44bOjSCKGCGg/cG:/uXxHe0GdAMGMxojK1N0G |
|
|
| \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
e41c0913122e7aa201abe5606674250b
SHA1: 791d45efe33318a343bf1865bcf07bfaadcd561a SHA256: bdba6d67efc01b241bf3736885208c0e97ec4cc1e9d35d59ad9809ace68baabc SSDeep: 1536:75bXvqwC+Om9ixVhOrHjSf+aFehHunY0m/lHy39B5:NXvqwcxVU7KjOHu1m/lsB5 |
|
|
| \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
56187afbaa78e2b373d67fb97a8fb831
SHA1: 10e12cafe1bd29a4012cd4c430bc05c92f1bf957 SHA256: 1b4b68354262156b14e38d7cecdba2ec74d8b53b301e2e564a1fd5e87544981d SSDeep: 1536:X1IK++6k1gMxNAsJfzkdEe2yw5iBtET8esBDxlDOSK:uKsk17o2fzkdEel/dhxB7K |
|
|
| \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.00 MB |
MD5:
ae66be09aa82fda0aa90a19216932e67
SHA1: f2a519082946aa15f7e44c2a164343c5f8bc6a32 SHA256: 6f2ebabdfce67fab7446e0c53b0c0b063a6efb5559625c880c3160b7549d5ede SSDeep: 24576:bpXaVs1cJZ7TvtmZmRuykHlpqnu6Wh8VSvHCxvdr6r1OYorKwI:NXH1QfvtmZmRqpqu6WuSvqvdr6QJG7 |
|
|
| \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
46f8fc67d40a6c40ebb75cba0427f5f2
SHA1: 20ab36e7145b2cb011b82b7a11493930ac0e23cc SHA256: 8c29218151848bfdb4a2f15e42918c53666be6ce9642103ec59ed1da08a641d2 SSDeep: 1536:YwxUiOPF8x2cgpZa65nNKUjYRP2ivq3SyxVu3C1agLTDdj:p4t8x2zYwY4Mvq3SiI8agLTF |
|
|
| \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
521abe7a946611944ae1e5867ba4f87b
SHA1: 40cb83d3f888b109750e226760ab35a5e93fe0cb SHA256: 15d0cc0709165307ff7139d7ae9bcf5ff4be29f4006169d4fc727a2e31c9ef74 SSDeep: 1536:RluAz2LeTOarYR6DlEJ0QUDn+o750ZZI0/xv6ipwOu5Q:RMAzMeikhDYgx75f0ZvNwO0Q |
|
|
| \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
36195fe94fa306a66e78debc89971ed5
SHA1: 5c368b78501042c3610e625deffb3a55f95ac2c0 SHA256: 00aa75740cc5e0d7610d908d91856b67d087e5d161516e37572f5dbf3c835426 SSDeep: 1536:R8XgM8tzf+YAKb42MrpZE8kwQoHAPs1XUca7QTM1u1Yq:YmsbRtZE8kSAPsecZM1UYq |
|
|
| \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
bf097947cc0bf512bf3b35fb74c242ad
SHA1: f5c0903444c1d7b32cb04b2a91bcdad6f3818dbc SHA256: 9df28252597151291563c39794d4d38cbcc30aca98dfc6cae00d8d652724bc2b SSDeep: 1536:5wPkURrBr4fRBydr0ar3gZGwGc5lgZOvvXTUKxmgl4WKu5gZsWFFkw:SPk+rBr2nCQgWCZOvfL4vu5gZsWz |
|
|
| \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
667ef30e3f467253a25b1575e7322ad1
SHA1: 29c3734919d77d8f6c39bf431023a67c7e856976 SHA256: b7426bf95d2b5d3287d1992369fe99ff853fc3c6d70f995cca34b34d38e3668e SSDeep: 1536:3M7Vl6MdPK9RgaB/vIjaKaeehGCC/94jr3mYI:3cdPgeaqr0kqr3bI |
|
|
| \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.35 KB |
MD5:
5b07881dd13c0899deccb78d9026b2d9
SHA1: c0c7a612deb78c4e648fe789fd744281b5187544 SHA256: e1665673043f543031445c425d2331b3019341aae37b71f356f0a7a7fd62f951 SSDeep: 1536:Ye4h1X24kbO78MXcCXzXS4bVmkLv/Iq1P5xsErz5mm4:94vX2ZOYMbXTSuz/7Px3HcZ |
|
|
| \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.00 MB |
MD5:
cab7aed2fff77f328d82e64725403bbf
SHA1: 45ed7200ab40f185c7765697b025d754de0bb94e SHA256: e56126f60f4e00cf191feed82c6d2f72e4716e129326e2b0aba3a313222e6835 SSDeep: 24576:Y2ua0L/bUkjwzRipthn9SKCGWmw0VhRYAvHev1pqa5:zQLTwzoh7WJ0JvH81sE |
|
|
| \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
81ef923d032d8852f80135b50772f3fc
SHA1: 64081c195eb2683498c72c5df94aacde73b4b357 SHA256: acc6bd749ceddb55f620e60b1fd3122eec10793e4e6891de7d58d6d27b5d13ba SSDeep: 1536:l8d6Z8xXcgq+r0PIjxFV0KBS6IUZMGFe30RCe2FokwaUJOuYOZNyr:l8dZt3ZQPuzvBS6TqGlRwwaiXYzr |
|
|
| \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.33 KB |
MD5:
1fe18de4328a0b8a9c1831cc6f3b58ac
SHA1: 53eec59957fd76fe163c64a9d42aa75ed0a300da SHA256: 647f48730d7661d399760ae88aeb5800b5abcc21b533b6f27c070e5d93d7f255 SSDeep: 1536:s+EmHGROxcBy/8rqbsrZun1skT8/EwBWRuCBzEEQjqm+/DA23CqiCFmd:ImmNyNbsrEnuC8swARjzIjF+/DnCqiI2 |
|
|
| \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
eb9cef523a51580327d4f6c6d16e13f0
SHA1: a147902d1191bcfcfb2616ac8d77682b52eb46e8 SHA256: 499b3c8bc5a311aecd6b8e627fb2e3fa8fa94e7cfe1379320fa24233cc777f93 SSDeep: 1536:bcwvLh0X/tIFtYzYisap6p7RnPL9ajiY75pc6BT+1nLHS6iUU1tio/ZMh:bPdC/taFEmVB07HyLH7i8h |
|
|
| \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.30 KB |
MD5:
2cb4114ce78ee467b5890ef8ca82feb6
SHA1: fa016fcebfb7ded2cdfe9aa78da55fe53b81af07 SHA256: ce778eed87f4559b7f53d62da208d0eb6598de55bc1b55878ba6f16cc8f36ccb SSDeep: 1536:9uHO8TmyX8ROR+ndkZB6Q2blUdYl5+ijqt7vcVSAE:SeyX8ROl6QalUdKkfedE |
|
|
| \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.30 KB |
MD5:
5c8a28f4e23ebd265e0898642bbdfbd1
SHA1: f9b4ace836eed150b2b572c985d42635b11ff25f SHA256: 8cd1257cc73e6ffacaeda61ffc631a034a37522f8b75afa648ff5225feec4484 SSDeep: 1536:8ty4p8cHSvrwoieqTriVODBNSyUChznu72SdGxH2Em6YGg8:8ty4hWIeYfDaCtU7ad1g8 |
|
|
| \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
8e96ae1e2fa03f13ae28fa23ea7bc45c
SHA1: 6c4d72dc7a925527a1bcf18926e254aa5320cd6b SHA256: 9b69e2e6bc4fb7219a8ce79fc99e284a557cae2e4230b6a2097fb561e89b2301 SSDeep: 1536:eOsi5vTGnVDp+7Fv3ai7J7toys4baOigJCA3xUroR9C:fP5roSpvNJDvCAhHbC |
|
|
| \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.36 KB |
MD5:
a122ae3f977a7adaf08146a44421f5d7
SHA1: 78fcca4388797e5a86a3c08caa10435a8abf3ffe SHA256: 90b5cbfe0ef0c03654c13863b7fd935e9df206c812f55ff46d67a4600d06cd2b SSDeep: 1536:BJtWeSlfqp4p4NqbI6YKyyicgKQ8ZL9VslRAOzYngAxTq30:BJtWecfrpjeKyyeUZrAAOzYVxTu0 |
|
|
| \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
f84fe889e31092d3020943f6c591dd46
SHA1: f446a0b2f3847e1eb4685492c7a7e0ab3fb9d25f SHA256: 4646c63bedae061863b7e54103b7d0e27cd8085887b203511d93c594aa07dec6 SSDeep: 1536:zfljfDHWQjYrXe3m2aQmIj7Lcn5R/9sNj5:zflzaLTgJInOd5 |
|
|
| \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.00 MB |
MD5:
ade2d7ed53d923b5077b5bb130fff2ea
SHA1: 990440147fe67e5808a61d4b3cf1518af613053e SHA256: 908718c73f891b49fc669219e5a6d6a88ffcb494dc6c74a10d3912f1aff624a7 SSDeep: 24576:TYeAUHXQiWC/e4NPU25E+qzk8Drumsovy:TYp+WMhFU25E+qIzzoq |
|
|
| \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
47d03c3cdc034df26f9283035080f3a4
SHA1: 089ac583aa524a1ef584c96ca031a4d15669b0a6 SHA256: a2e2f8c8d1c018ea7fb309a81182983cf2a5cc37957a950bc032b781c94e19eb SSDeep: 1536:ON146lOHRrN6zo7iGx2FNqbDywEEYZUYC9WyY29oYq3eWcZiW:6gHRBGo7bywEJU5g49o9cAW |
|
|
| \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
c306a7fc18cfe4f4962043ec975730be
SHA1: 5ae1e7ae49c0117aacebc3aa04a6d7064ff04056 SHA256: e7ec91a615c7bcfe2ede23cfea3d91094e7940ddbbe54f5ba96db9bf9f3fae1d SSDeep: 1536:UHYMUd+vRMY1Nn7hoHO9j1kFMe6QMw2fGiItaJBFoE70mZ+Yj3:QWoFdd1kFM5dw2fhJ/r0mwG |
|
|
| \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
8d9bcf89fdcfbb70cf5e40c6cb09a3e4
SHA1: 7075c1508dcc2edb0f1b461e18bcfd67e89754af SHA256: 67d8d78daaf3d2319b8adba888aab12bb773ef5a4398370efb485381decbf4b6 SSDeep: 1536:yBjrsxu9xnCqaB2TBmZUM8mX98/VHwCYAL59SUZrg0Rp:yf9x7OjZUMXN8/VHhNF979g0Rp |
|
|
| \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.30 KB |
MD5:
6990e56953bcb8d388a9c967562b49fe
SHA1: a23e6ec43e29932404112af1ee846795d6202812 SHA256: d0e881acde9021e3ac0792e86a48e0d464707850c40ebfb3b044984e62d52e97 SSDeep: 1536:5Vb9TkDk7dFkTlKizIKQPnBN+xlHx/kbmhYxt9gVTD7hK:LtSlK1PnBWNOTf9gVTk |
|
|
| \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
9d02590a98b54a228357f21e582a4b60
SHA1: 8860057d48874fc2efb340ed02f1050d4af83073 SHA256: 6260d4275e58876fa67fed5478cd0fdb593bb65460dfbab795459fc9fab4976f SSDeep: 1536:rGMUA4E19xqTBLaleQACNigWOWVISeJBEksV3xsP9wYrzQ:r3X195EphVOWmhQIG6zQ |
|
|
| \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
da41aded5ac7f497ca8017dbf2128d87
SHA1: 579ed6534a61034f2d320176030d38cd2f8a5828 SHA256: 23de804e631fc4270b8efb4283fa24afcff36b12cdf1e457edf4cc2de467b2da SSDeep: 1536:7RfXG7xDbCXQ0nXzA5Z+ktOG4vHYE5hkPmy19x:7V27xDbmVYEcPmyHx |
|
|
| \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
f9d3af6840f225233c73334284a74691
SHA1: c8dcf79a05dc36ffb914c3b9bc6288ecb95a22f7 SHA256: a01295d3610176945da28675b85a64a99dc4d1499b527aa80e155e7668b9b151 SSDeep: 1536:YIm8Mqm7FGVx/LJlgCdcDzw87J7dobLZPoiJk0KGApdGvQQ:YIm8BVJLgocb7J7donZPK55pdGvf |
|
|
| \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.36 KB |
MD5:
7907453bcbe2e097ce336d4f67d249e2
SHA1: ceb384398068131fd91bd6c6aae5b5e75858eb92 SHA256: fd431799b133959df6af5c664d2dc3027a1ad34b3a26dc387e98e36721998b3d SSDeep: 1536:jSCyngp6fmbirkBnfvUo2ykxFNHjq9SDI9oKec6odjpNdYk:mCynofBn38yA29Xec3pNuk |
|
|
| \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
21b2461e9227d3a66fe2595a35f869b3
SHA1: 1141b0ba0ddcc7438c907ef154c68e5af923b589 SHA256: a3a80473a55521b84d0fa20ece6448c5ac46aa40151fb700d0624470be8988ba SSDeep: 1536:1aOI7AVbo8yNa8pCpRCN5iKp53hheugwipkEuoL+b3SWC2r5oN8nscVyYy:1aOvbQaciRCN5tn3HeNi6qCWtruqwT |
|
|
| \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
12f3f59102fedd65d0f177e998db26ec
SHA1: b3f518eb92f589b0b8dbbf2c9cba4beff2265f66 SHA256: 79dedcaf27fc46713c5b05ae2192b7f9bea4096b6ae2e069b6a68630b8803234 SSDeep: 1536:F7pvvMu5o89vmT1drW70xp+01DB42ARtGRtl2CbbcwDE1e:VpnMKbua0xpFDBWtGRtl2VwoE |
|
|
| \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.39 KB |
MD5:
5999f73e501f498e15964c6b1f5bf42f
SHA1: acc5ca84b4992405794240199187ac9f766e5b20 SHA256: 7f9ef77a27016de066a7ae6e403d3d36dc3c24c485d6f41b519a5c2ba7e39d2d SSDeep: 1536:9yTShziQ3jRdU7hMVlmpvdV3xtg7I5w3A/1WMbtygN28X:9yT4XgtMuhn7g7n3A/oMbvNdX |
|
|
| \\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.35 KB |
MD5:
02869a1a8ceb26b9a0b83b1a50cfd053
SHA1: d7e1a92ad0e6eac85e5590b4659a6071744496f4 SHA256: 34de3865623f34723e69f701d93c0e2175963ff88b3ffb7d0c4a384821567be7 SSDeep: 1536:y13yI3FLQ8veXZbBiUN+VJOXJ4S+5nTgw59GPD5/vpND3A8UWfT:y13bJvepF1N+VGdgB96D5/vLAUT |
|
|
| \\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.31 KB |
MD5:
766c7bcb2d9bb2bad41d08f03bf7e719
SHA1: 221da5feab66282c971c96f1a3d781663fd77baa SHA256: 78881e8c811f91af71f1eb77827c1bbad3257bd3bd39746a836d1dd16ca0d835 SSDeep: 1536:u1NN8Ay+zlXIDiRaCcC6CliI3LMhSyMmQSEkSFvWStHrbMHlwF:IpN8qL79sEBFvtNrbMHW |
|
|
| \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.00 MB |
MD5:
7f677e373b225916c0c10aad2d20245e
SHA1: 9ba2b78d4ac637b8c4361b8017151c950895fc73 SHA256: cf506174af7e68770f6e97c01cf38e5d61672394514ee3ae78e8d4b94856324c SSDeep: 24576:NA58au0uJc1Xuf2OP01Ot7ziCVaafUaBzC5eNyio/qEMn:N+/w2vu3aaMaBC80Mn |
|
|
| \\?\C:\Logs\Security.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 1.07 MB |
MD5:
b30a90ee3505faaf050aa748fbe4d4b9
SHA1: 7b776718e39f9e61f6f6f5052b0a814f638f7d9a SHA256: 667235071f6b028c77ef2700c3ee5032079e891d46a06fa4d9333b570c3efec3 SSDeep: 24576:LWTRZ+R4cEcrb0MC9s+mbk9J8MNNkrt3h5r:aT2Ec9CJA4krt3h5r |
|
|
| \\?\C:\Logs\Windows PowerShell.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | 68.27 KB |
MD5:
5af21cbbdfe9e4079ec02d628389b725
SHA1: 48eef8fdc5fb9732182a6464098b84d80772c3fa SHA256: a33507e3bfeb2e62c32d300df6b57258fc83e5aca62f87f8476884bdcf4e4374 SSDeep: 1536:sbqXTv48ygBGFw5iWxogKW9PrRkpcXI+pNAhTCPnNhxNQdIJHt5:0oA8Nl5ing99kmXIqJPnNhz0U5 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.47 KB |
MD5:
d7ab390a1e3c35f8c8476c064a0cb60f
SHA1: 77a2f46009f308ff790b6b6ff11cf9978a371b5b SHA256: 5721449cea8d2fd90ed9a84409cdd20c3ddc3f18be689a407fa06be9fa4a2823 SSDeep: 384:viw+otwvlbdscvVayD7McfA7V4oZ/FmXe69Ywh0Fjh3zVWVwSEunpxAn:io8/F9A7V4c/XSYwh0Fjh3Gwqzy |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.00 KB |
MD5:
ef9def30f8bc232fe537744677fb1dae
SHA1: 5d4b3783fa6bdeb5e9688fe94ea295546cab1cc0 SHA256: 3423a0e6e91332db23a4430a09897d9e7599bd1af2c40ea8a2237d728177404c SSDeep: 384:Yq7knbyeEcEsrG4RWm9HMhHhmAwqH7X6f4643Qs4KsA+r/46TaAH:zobylirB92BmPcCo3QslkLTaS |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.47 KB |
MD5:
4aa812c6234329a6d4cd42d62d630743
SHA1: 4f345b2deeecc668092775a730bf689cf8c46c33 SHA256: 1a7bb5ef58553f30366c7092de98c339b2d4fef6b5273a3a856154cb55f22cf8 SSDeep: 384:jCh1Tk83gS6a7y52899vKUYUJAqu9B05cNx0+nkPaeOjogIIt0ZxfU5ZlUBLZVuz:8E12899vVYUJg9B05X+nkZint0/fUTE4 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 22.49 KB |
MD5:
dab233b0ed8994394695db73c64422d8
SHA1: 4c2685ff5a594179e469407bdbcbe5114756cf80 SHA256: e85790ed2f0a87b16fa9134f299f4724c7f518873081e4b1c54cf250b61c9c46 SSDeep: 384:n/96zv5Xk0GbO8aBluJW2SDORAccJCcKg7dRLSShG/sVWA3:kzDIOPluA2SDORAcaZ9SShErC |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.99 KB |
MD5:
39fdcff9e1c16f2009ea991f5a862380
SHA1: d325b8ca792e86043aece527f39381db62dc8a77 SHA256: 6f17dce2094973b0f4b2fcc7cdfc7257363a5c9b18d667478717781ec7ee6061 SSDeep: 384:xEGue7+tjEoxdzhZEUUAYa8Om54bPZrodby3bLiQbOwLtx596RA3:x777+tAaHaUUAH8T47JMQdLt/GC |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 20.49 KB |
MD5:
cd4ef13033db96374606dd6ee4dcfd4d
SHA1: 8a58891ecd8ac947e3915d38f22e519d4d028aa2 SHA256: d80447683a18a47cee7952efd2c2250e7e0469c1fb9bc76e0dd24f4069c69fdf SSDeep: 384:y68dw3KLuZhnm0776/enGeQok159cShAhhUNWhnKqHcfr/A3:y6X3KCZt72SGH15hhAhhMWcWcfzC |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.47 KB |
MD5:
85afbf4bcf822ba8ac74b8f843c8159d
SHA1: 05265fff7e80de3c02d4ac934cc60feee6ef8723 SHA256: e5127128dce64231223705b106f7ac359809af0c599d4c2551f3686e03180fb3 SSDeep: 384:zFXUWDFxAfXSVIgNEdq554lhgm7tLmEzR0RcKa+0dq96z2Kku+PsjZgJuSC+lprS:zGeFxA/SVIgNEq55vm5LZ0RcK70dggko |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 27.47 KB |
MD5:
4ba2b93057b8afb7357e5ecc042c0f16
SHA1: 8fdfbc3920e67ffe948bd77ee253954af73e6feb SHA256: fe780c009c491fe9906b0e1e296cdd96acf0cad1c14d2167d8ee71372743fd07 SSDeep: 768:YG9ssAxP1W7XxLohJB8pHLzWkt1mfrcZPhxoy:YG9st1iBIGhzWo6M |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.99 KB |
MD5:
c63b4745f9fe962ac3b3c34186b24214
SHA1: a0d93530724d78502e200d2352c0e95e74a143e0 SHA256: effd192210a42645574450213475b3495d045fb99d71db43e37b4b63d647b224 SSDeep: 384:/tnwjIwUKZ/L67kOESYivLrPnT0CBIYWIrmZWrL95WgrgEfX0ZZU8zEDTQg4lR5R:/lwjFUK9lFiTr70kICKML95Wef0Xz4TU |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 69.49 KB |
MD5:
1ebde341d4f674a278a9a022a03afc77
SHA1: f30a571643fb742587c4231a701bd574f467fb24 SHA256: 38aa711225743333ba8d4049dc7332520e0959b1dc8f240930ec1c82409b300d SSDeep: 1536:V5CXV5Wris3DpzVskCj+jjU7qvTmiJmlHf7UNDkMy0fzZABTtnwVCpIFM:VkXDWrnNFCoUMmiJoHf7CDTyWyKwpT |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 22.99 KB |
MD5:
53612c97de61933e2083f69f3eeb549a
SHA1: bc8013e152ab42a8c327fd0347d39cdb394c038f SHA256: fdaf31e6c6da4584aa025a06ad90db51f1116dc248e293a147e93fbe33b52765 SSDeep: 384:VtQNfmFU5aVfokf7K42qXD9xGp6Qj0HPmPbC8uKfAKjId4qft4HNOBgA3:Vamy5UfoKWbqX5s6u0HePbIKYiIdZftb |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.99 KB |
MD5:
5b0f32ebd1b17859e4f040587edc5403
SHA1: c7af9f91aa5ac55949642cd541ee5bc77639765e SHA256: 98bfddba60d0c1b8ab527b4c799c506c63c6fd3a31622171d19001ad44069543 SSDeep: 384:tTqSG8ENH3WpA1uJ1/Mrs/xq1SNWYz79tIyWN48qor/iD3b20K9PpA3:tTqSGPJ3WpAx+o1SWYz7My448wKZpC |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 387.92 KB |
MD5:
8250a694fb6d35bf7a403e8413f50dea
SHA1: 7b86cae16cf9a5ed9f3274b4e8edc67897f62020 SHA256: 4a8e840707e05fa8a7498b8dee527f14e705c59a108382f3f815a0ff434603f6 SSDeep: 12288:7EJEKKOHXv6Y+pcjl54d13vZ/jfsQXOYmTY31fHrk+Ys0jb:QJE7O3v63ppP3vxgCOYKYlDk+Ys0n |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 2.43 MB |
MD5:
380bbbd4abaa5e8d0cecbdb12a3c13d8
SHA1: 43e65ce96f154453032ba45df5cbc144553ee453 SHA256: 12f17c555fbbcb8a238dffcbf73b7f12a48c5cb4f9a090311ac4fc4a35d1525f SSDeep: 24576:d+iCZUPGCkqQ9gkHzxBTEWxek5Ph7toNsG8uxppqQn2DgfSdlgOjmOQ:aU0NzxBTEWxeKPhtoNBfJn2kqvy3 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 500.47 KB |
MD5:
421e796a7a15ae8b36da1663f2e74493
SHA1: b4c924d95b0d00b88e5353815ffe24e2b6c792ce SHA256: 0f45e710233e1a44fb27a02c24e3868a35df97dbacc676ddfe8e17cac198c64d SSDeep: 12288:kas5QdiTmF8wQZikalPGzyEU/tNGdq9Pc63Y:kHQdii2wQyUzQtNfS |
|
|
| \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.id[B4197730-0115].[fileisafe@tuta.io].actin | 15.86 KB |
MD5:
490a71461f0d533a71ea6490af0b130f
SHA1: 0d81b0ea67ad3ffa01ffee6f1888d6836ed6d3ea SHA256: e090b59504e42b8116bbef6dbab1a9a0be157631078d085aeba272b0261e2242 SSDeep: 384:ySc6qn0dFgrWJYubuYi7HYfo0hYUerahw4/UDS+eMuVkyOCDUweJJ:ySc90eKsco0OKwwiq1SyOJweJJ |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.47 KB |
MD5:
97c775eb94433bd1f1e6a97a9dcc5a71
SHA1: 24bd949362f89f3a1c84b7453b6f7aedb7ba8acc SHA256: 43febdd0f394f729fa376e6ee8ae3a1764368e1d9ca1d8967a240eb744b00e1d SSDeep: 384:M5jeIFChxvBktB7vUq4SlLN1b9caRyK8fjzg7j9/thhF8I:MhC+BjljtRF8rzk7F8I |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.00 KB |
MD5:
5505c1dd08e45c7a31c3b45599fecf11
SHA1: 9396d4598ef3f0ca08381a95a1ca6c0952cb4603 SHA256: 681aff65e233b161dfe21f7b366cd1e1dad88073a4279db560bf30e0bd45908a SSDeep: 384:r00RllKkKtVJlaIsWhCK+J2xQhjHkIZ2zLhPvc/V8G36DWA8z6IYoNso:3RuvtVJlHhHixHkBLNcV36DWZzkoWo |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.49 KB |
MD5:
d2b0f217e197ca22c1731d5dedec8f02
SHA1: 74429ddc55fb2cd25cec12c5f0f7e2c8158cbdc0 SHA256: 1851a65f1700c1ee65122da3e342cfb0547d930ad0ef67c34024b4b3b5ad8279 SSDeep: 384:KJZBr1MJrGXmQesoIg3zKyVCFbFeGug65YcMZKJ4:KF1MJrlzIg3eyQMGL6CcI04 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 11.64 KB |
MD5:
504a835adbef99d4f8314f9ddb35eadc
SHA1: 8d3fbef84d04b47c97d5a4b97b6aae75232ebc0a SHA256: 918a98274dcb6f91ba6222bfc56e9a08ab6246a18a608ef5a2d1406e652c9d25 SSDeep: 192:1g020WBFWgL+8NjHlIkup8wCZO9fg+QqbESdF3zkOGICeRMspL9PZc7ieT:mH5BiqTlIrCZORg+QqDdFzknFspxPZct |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 22.49 KB |
MD5:
41038d1c062ec59c67efc4b6a3444eb5
SHA1: 3cd755392e8fe7ae7acaa894effce773314602b7 SHA256: de4e7829dba678c3535d33d621e32168735dd04269e05bfda7e410987ca54c72 SSDeep: 384:UnNCwngKnYrrY6Yb2zRUrK4vUk95E/KdtP2PNV9qMYLMzS7CsixQFSTQDo4KbhZt:6CKwr4b2FUrKwUOT2PNV4MfSmAKQQbE8 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.99 KB |
MD5:
8d3258fa66ce4b5e0ab479b24ecba4de
SHA1: 2c1f4e21f2c2736077192eab64fd218e2e7ee7fe SHA256: b30811527451de4555ea4e2c8ff66b33b4b6036d8744a1bc2c7ac6e6e6a5bc06 SSDeep: 384:wGmzJV/THGXYCWdREiAr/SAxRXklXCF997CprlGfahGe7iPuh4:YzJV/THGXYhdR7ALNXMCF9hCprGahGeY |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 18.99 KB |
MD5:
7f895846d3b759eeac5bf886461ed00d
SHA1: 5834c2ac5d84bfd81a916042a335d8d209c78242 SHA256: 7da4e1f0159de55f285afe303f3cc6e34dee1e9def98ef8b5cce50fd3c8d1149 SSDeep: 384:Jv0o8ThJwVwfA1yg+I8h+AYBQ53G6JZxFI/pvjfsGCJM8F1t1HVqR17ap4:JhrVUnxhbYgG2LFIxbkfJMk1t1wXu4 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 27.47 KB |
MD5:
7147c42df4388bdde5ecc3cbcb081782
SHA1: 30c33a425d92d66cd6cae7c7839fc6be170d756d SHA256: fbc0bceb6ac3c407ca40f40aabb8fbf6472d4fab7b7c47fd43179b02b07ffb4d SSDeep: 768:ggirZReFHJuygTPz/xnKax5Xz/RQt+Kg+UmjpQ8Y6JKI:gprDeHJuyAp9xtz/itajcpQ8qI |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 19.49 KB |
MD5:
0db82f5f56942c26e5c6f1330aa039fa
SHA1: 8342f8c501b7ce210e9dcd93608a0c6b0b79bedc SHA256: 6e09e1ccf1a97ed0219972c1bae3cb44c6ed18c80e63d5c82f86962f6d1788f7 SSDeep: 384:BAZ4wYUHfwXRjPN+LknLF9NUDJnsm5oV9jslvJeX2RHa9eX8h7S+Tsth4:qZ8RjnnLF9NUDJsY1vyiaNhnKh4 |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 22.99 KB |
MD5:
2863ba925d95140af0065d8d3fe3e1bd
SHA1: 6a351590862033e7fe1af6bb3f8969902ed13674 SHA256: 1d99b97987dd5cd4d90c3a143bf5f2503310493f497f673b4481fa16186ceee7 SSDeep: 384:4xymwnfRvO9tHp/5o4zHbYMBdWnVRju45XY/vJf5FxnMaT0BoaXVi94wwi6Y4:ZB0LHbYMBdWVRCAXOBxnVTDaXM94wwiW |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 24.47 KB |
MD5:
48f6ed6efc0c8602c5f2562042a051c2
SHA1: 73d5c8f73a2161d7f6bb3e74a709215d66738539 SHA256: c03a949b46e2724b8d790c9aa50c2f22b4a8935f3e2dff3a2e13a333455ab8cc SSDeep: 768:m7qh5GO3+Rqj+1KZIiE+nlsXeIYxmza8wbMVli+MDnAI:mWmw+tKZIZ+yuIYga8BFonAI |
|
|
Host Behavior
File (3083)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\preoobe.cmd | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\preoobe.cmd | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\preoobe.cmd.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\$WINRE_BACKUP_PARTITION.MARKER | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1025\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1025\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1025\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1025\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1025\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1025\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1028\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1028\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1028\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1028\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1028\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1028\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1028\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1029\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1029\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1029\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1029\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1029\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1029\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1029\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1030\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1030\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1030\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1030\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1030\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1030\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1030\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1031\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1031\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1031\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1031\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1031\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1031\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1031\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1032\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1032\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1032\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1032\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1032\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1032\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1032\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1033\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1033\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1033\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1033\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1033\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1033\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1033\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1035\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1035\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1035\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1035\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1035\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1035\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1035\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1036\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1036\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1036\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1036\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1036\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1036\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1036\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1037\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1037\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1037\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1037\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1037\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1037\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1037\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1038\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1038\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1038\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1038\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1038\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1038\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1038\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1040\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1040\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1040\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1040\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1040\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1041\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1041\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1041\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1041\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1041\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1041\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1041\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1042\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1042\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1042\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1042\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1042\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1042\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1042\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1040\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1040\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1043\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1043\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1043\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1043\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1043\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1043\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1043\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1044\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1044\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1044\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1044\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1044\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1044\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1044\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1045\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1045\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1045\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1045\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1045\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1045\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1045\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1046\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1046\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1046\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\1033\DBSAMPLE.MDB | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\1033\DBSAMPLE.MDB | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\1033\DBSAMPLE.MDB.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1046\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1046\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1046\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1049\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1049\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1049\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1049\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1049\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1049\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1046\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1053\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1053\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1053\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1053\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1053\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1053\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1053\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1055\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1055\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1055\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1055\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZLIB.ACCDE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZLIB.ACCDE | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZLIB.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZMAIN.ACCDE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZMAIN.ACCDE | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZMAIN.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1055\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1055\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\1055\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2052\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2052\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2052\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2052\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2052\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2052\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2052\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2070\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2070\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2070\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2070\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2070\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2070\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\2070\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3076\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3076\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3076\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3076\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3076\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3076\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3076\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3082\eula.rtf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3082\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3082\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3082\SetupResources.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3082\SetupResources.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3082\SetupResources.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Client\Parameterinfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Client\UiInfo.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Client\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Client\UiInfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\DHtmlHeader.html | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\DHtmlHeader.html | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\DHtmlHeader.html.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZTOOL.ACCDE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZTOOL.ACCDE | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZTOOL.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\3082\LocalizedData.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\DisplayIcon.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\DisplayIcon.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\DisplayIcon.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Extended\UiInfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Print.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Print.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Print.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate1.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate2.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate3.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate4.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate5.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate6.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate7.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Rotate8.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Save.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Save.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Save.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Setup.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Setup.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\Setup.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\stop.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\stop.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\stop.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\warn.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\warn.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Graphics\warn.ico.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\header.bmp | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\header.bmp | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\header.bmp.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Core.mzz | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Core.mzz.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Core_x64.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Core_x86.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Extended.mzz | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Extended.mzz.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Extended_x64.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\netfx_Extended_x86.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\ParameterInfo.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\ParameterInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\ParameterInfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\RGB9RAST_x64.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\RGB9Rast_x86.msi.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Setup.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Setup.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupEngine.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupEngine.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupEngine.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupUi.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupUi.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupUi.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupUi.xsd | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupUi.xsd | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupUi.xsd.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupUtility.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupUtility.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SetupUtility.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SplashScreen.bmp | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SplashScreen.bmp | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\SplashScreen.bmp.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\WindowsApps\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\sqmapi.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\sqmapi.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\sqmapi.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Strings.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Strings.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Strings.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\UiInfo.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\UiInfo.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\watermark.bmp | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\watermark.bmp | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\watermark.bmp.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Configuration\configuration.sqlite | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Configuration\configuration.sqlite | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\BCD | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\BCD.LOG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\BCD.LOG1 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\BCD.LOG2 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\bg-BG\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\bg-BG\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\bootspaces.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\bootspaces.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\BOOTSTAT.DAT.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Boot\bootvhd.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\bootvhd.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\cs-CZ\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\cs-CZ\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\da-DK\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\da-DK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\de-DE\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\de-DE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\el-GR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\el-GR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\en-GB\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\en-GB\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\es-ES\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\es-ES\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\es-MX\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\es-MX\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\et-EE\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\et-EE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fi-FI\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fi-FI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fi-FI\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fi-FI\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\malgunn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\malgunn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\malgun_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\malgun_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\meiryon_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\meiryon_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\meiryo_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\meiryo_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msjhn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msjhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msjh_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msjh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msyhn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msyhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msyh_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msyh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segmono_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segmono_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segoen_slboot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segoen_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segoe_slboot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segoe_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fr-CA\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fr-CA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fr-FR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fr-FR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\hr-HR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\hr-HR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\hu-HU\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\hu-HU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\it-IT\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\it-IT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ja-JP\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ja-JP\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ko-KR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ko-KR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\lt-LT\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\lt-LT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\lv-LV\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\lv-LV\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\memtest.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\memtest.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\nb-NO\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\nb-NO\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\nb-NO\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\nl-NL\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\nl-NL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\nl-NL\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\nl-NL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pl-PL\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pl-PL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pl-PL\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pl-PL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pt-BR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pt-BR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pt-BR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pt-BR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pt-PT\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pt-PT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pt-PT\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pt-PT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\qps-ploc\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\qps-ploc\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\qps-ploc\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\qps-ploc\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Resources\bootres.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Resources\bootres.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Resources\en-US\bootres.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Resources\en-US\bootres.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ro-RO\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ro-RO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ru-RU\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ru-RU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ru-RU\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ru-RU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sk-SK\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sk-SK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sl-SI\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sl-SI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sv-SE\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sv-SE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sv-SE\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sv-SE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\tr-TR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\tr-TR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\tr-TR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\tr-TR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\uk-UA\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\uk-UA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\updaterevokesipolicy.p7b | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\updaterevokesipolicy.p7b | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-CN\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-CN\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-CN\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-CN\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-HK\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-HK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-HK\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-HK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-TW\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-TW\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-TW\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-TW\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\bootmgr | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\BOOTNXT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\BOOTNXT | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\BOOTNXT.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\BOOTSECT.BAK | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\BOOTSECT.BAK.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\hiberfil.sys | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Application.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\nb-NO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\HardwareEvents.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\HardwareEvents.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\HardwareEvents.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Internet Explorer.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Internet Explorer.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Internet Explorer.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Key Management Service.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Key Management Service.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Key Management Service.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Application.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Application.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-International%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Store%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Security.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Security.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Setup.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Setup.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Setup.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\System.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\System.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\System.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Logs\Windows PowerShell.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Windows PowerShell.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Windows PowerShell.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\pagefile.sys | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\grove_fame_lightning.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\grove_fame_lightning.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream64.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream64.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | type = size, size_out = 42674 |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | type = size, size_out = 6004 |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll | type = size, size_out = 144072 |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | type = size, size_out = 40 |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | type = size, size_out = 156 |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | type = size, size_out = 577 |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\preoobe.cmd | type = size, size_out = 74 |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\preoobe.cmd | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\preoobe.cmd.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd | type = size, size_out = 307 |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$GetCurrent\SafeOS\SetupComplete.cmd.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini | type = size, size_out = 129 |
|
1 | |
| Get Info | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | type = size, size_out = 129 |
|
1 | |
| Get Info | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\588bce7c90097ed212\1025\eula.rtf | type = size, size_out = 7567 |
|
1 | |
| Get Info | \\?\C:\588bce7c90097ed212\1025\eula.rtf | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\588bce7c90097ed212\1025\eula.rtf.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\588bce7c90097ed212\1025\LocalizedData.xml | type = size, size_out = 74214 |
|
1 | |
| Copy | c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe | source_filename = C:\Users\FD1HVy\Desktop\1.exe |
|
1 | |
| Copy | c:\programdata\microsoft\windows\start menu\programs\startup\1.exe | source_filename = C:\Users\FD1HVy\Desktop\1.exe |
|
1 | |
| Read | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini | size = 1114368, size_out = 129 |
|
1 | |
| Read | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | size = 1114368, size_out = 129 |
|
1 | |
| Write | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 144 |
|
1 | |
| Write | \\?\C:\$Recycle.Bin\S-1-5-18\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 144 |
|
1 | |
| Write | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\1033\DBSAMPLE.MDB.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 507920 |
|
1 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\1033\DBSAMPLE.MDB.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZMAIN.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1114368 |
|
8 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZLIB.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1114368 |
|
1 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZLIB.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 974608 |
|
1 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZLIB.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZTOOL.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1114368 |
|
10 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZMAIN.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 362512 |
|
1 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZMAIN.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZTOOL.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 349712 |
|
1 | |
| Write | \\?\C:\Program Files\Microsoft Office\root\Office16\ACCWIZ\ACWZTOOL.ACCDE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | size = 807264 |
|
1 | |
| Write | \\?\C:\Program Files\WindowsApps\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16000 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 18640 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 18640 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 21200 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 306 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 18640 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 11632 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19664 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 22736 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 20688 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19664 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 27856 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 70864 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19664 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 23248 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 24784 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 26832 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 21200 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786706 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 24784 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 396976 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786722 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 512224 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 820432 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Delete | \\?\C:\588bce7c90097ed212\1049\LocalizedData.xml | - |
|
1 | |
|
For performance reasons, the remaining 2009 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (20)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 44438416, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 44438480, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = 44450936, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | value_name = 1, data = C:\Users\FD1HVy\AppData\Local\1.exe, size = 70, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = 1, data = C:\Users\FD1HVy\AppData\Local\1.exe, size = 70, type = REG_SZ |
|
1 |
Process (1510)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\Desktop\1.exe | os_pid = 0x3a8, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0x4a8, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0x3d8, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Enumerate Processes | - | - |
|
1488 | |
| Enumerate Processes | - | - |
|
18 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_QUERY_INFORMATION |
|
1 |
Module (34)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
13 | |
| Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x761b0000 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\1.exe, file_name_orig = C:\Users\FD1HVy\Desktop\1.exe, size = 260 |
|
7 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x75ea4ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x75ea4b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x75ea4b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x75ea4b00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
7 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CreateProcessWithTokenW, address_out = 0x761c0c70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x75ea6b50 |
|
1 |
System (68)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
46 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
18 | |
| Get Time | type = Ticks, time = 125734 |
|
1 | |
| Get Info | type = Operating System |
|
2 |
Mutex (38)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\0115B419773000 |
|
1 | |
| Create | mutex_name = Global\0115B419773001 |
|
1 | |
| Create | mutex_name = Global\0115B419773000 |
|
1 | |
| Create | mutex_name = Global\0115B419773000 |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
3 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
5 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
4 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
4 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
3 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
2 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
2 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Release | mutex_name = Global\0115B419773000 |
|
1 | |
| Release | mutex_name = Global\0115B419773000 |
|
1 | |
| Release | mutex_name = Global\0115B419773000 |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #2: 1.exe
113
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\fd1hvy\desktop\1.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\1.exe" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:34, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:59 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3a8 |
| Parent PID | 0xc48 (c:\users\fd1hvy\desktop\1.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4D0
0x
9E4
0x
D08
0x
D30
0x
B08
0x
EC4
0x
F9C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 1.exe | 0x009B0000 | 0x009C4FFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\Desktop\1.exe | 67.00 KB |
MD5:
2ab38a18e49cce095d672abfaa210cf6
SHA1: ea07f27bff4c4706a84f723e3e75b1e47f9d8196 SHA256: 00ac3af56227e8ed3df43457297c72e2f91ad04fb1c7553df377ed7f8875b31c SSDeep: 1536:mkGB8nHbKUvryElSpi8jCZGcqDKlKnr8d7kuggk9TdoRH:mFBMHRvrAjCZmKcnr8w/i |
|
|
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Copy | C:\Users\FD1HVy\AppData\Local\1.exe | source_filename = C:\Users\FD1HVy\Desktop\1.exe |
|
1 | |
| Copy | c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe | source_filename = C:\Users\FD1HVy\Desktop\1.exe |
|
1 | |
| Copy | c:\programdata\microsoft\windows\start menu\programs\startup\1.exe | source_filename = C:\Users\FD1HVy\Desktop\1.exe |
|
1 |
Registry (19)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 45028240, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 45028304, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = 45040760, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = 1, data = C:\Users\FD1HVy\AppData\Local\1.exe, size = 70, type = REG_SZ |
|
1 |
Module (14)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
4 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\1.exe, file_name_orig = C:\Users\FD1HVy\Desktop\1.exe, size = 260 |
|
6 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x75ea4ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x75ea4b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x75ea4b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x75ea4b00 |
|
1 |
System (31)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = NQDPDE |
|
1 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
27 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Get Time | type = Ticks, time = 126093 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (31)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\0115B419773000 |
|
1 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
2 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
12 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
10 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
3 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #3: cmd.exe
167
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\WINDOWS\system32\cmd.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:39, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:54 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4a8 |
| Parent PID | 0xc48 (c:\users\fd1hvy\desktop\1.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F48
0x
838
|
Host Behavior
File (118)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
8 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
19 | |
| Open | STD_INPUT_HANDLE | - |
|
43 | |
| Read | STD_INPUT_HANDLE | size = 1, size_out = 1 |
|
36 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 52 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 36 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\vssadmin.exe | os_pid = 0xf68, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | C:\WINDOWS\system32\vssadmin.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Memory (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\WINDOWS\system32\vssadmin.exe | address = 1050382487552, size = 1952 |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NTDLL.DLL | base_address = 0x7ff931f40000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6d1a90000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ff92fdea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ff92fdee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ff92fdee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = NtQueryInformationProcess, address_out = 0x7ff931fe56b0 |
|
1 |
System (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
1 |
Environment (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
5 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 |
Process #4: cmd.exe
189
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\WINDOWS\system32\cmd.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:39, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:54 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3d8 |
| Parent PID | 0xc48 (c:\users\fd1hvy\desktop\1.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F7C
0x
15C
|
Host Behavior
File (140)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
8 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
19 | |
| Open | STD_INPUT_HANDLE | - |
|
54 | |
| Read | STD_INPUT_HANDLE | size = 1, size_out = 1 |
|
47 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 52 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 47 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\netsh.exe | os_pid = 0xf70, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | C:\WINDOWS\system32\netsh.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Memory (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\WINDOWS\system32\netsh.exe | address = 454028996608, size = 1952 |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NTDLL.DLL | base_address = 0x7ff931f40000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6d1a90000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ff92fdea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ff92fdee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ff92fdee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = NtQueryInformationProcess, address_out = 0x7ff931fe56b0 |
|
1 |
System (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
1 |
Environment (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
5 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 |
Process #7: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:48, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:45 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf68 |
| Parent PID | 0x4a8 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F98
0x
B64
|
Process #8: netsh.exe
66
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\system32\netsh.exe |
| Command Line | netsh advfirewall set currentprofile state off |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:48, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:45 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf70 |
| Parent PID | 0x3d8 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
39C
0x
F44
0x
E40
|
Host Behavior
Registry (19)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 |
Module (39)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-appmodel-runtime-l1-1-0.dll | base_address = 0x7ff92e3f0000 |
|
1 | |
| Load | IFMON.DLL | base_address = 0x7ff911d30000 |
|
1 | |
| Load | RASMONTR.DLL | base_address = 0x7ff911880000 |
|
1 | |
| Load | MSVCRT.DLL | base_address = 0x7ff931a40000 |
|
1 | |
| Load | C:\WINDOWS\system32\MFC42LOC.DLL | base_address = 0x0 |
|
1 | |
| Load | AUTHFWCFG.DLL | base_address = 0x7ff911520000 |
|
1 | |
| Load | DHCPCMONITOR.DLL | base_address = 0x7ff9112a0000 |
|
1 | |
| Load | DOT3CFG.DLL | base_address = 0x7ff9114d0000 |
|
1 | |
| Load | FWCFG.DLL | base_address = 0x7ff911100000 |
|
1 | |
| Load | HNETMON.DLL | base_address = 0x7ff9112b0000 |
|
1 | |
| Load | NETIOHLP.DLL | base_address = 0x7ff910dc0000 |
|
1 | |
| Load | NETTRACE.DLL | base_address = 0x7ff910c90000 |
|
1 | |
| Load | NSHHTTP.DLL | base_address = 0x7ff910c10000 |
|
1 | |
| Load | NSHIPSEC.DLL | base_address = 0x7ff914b70000 |
|
1 | |
| Load | NSHWFP.DLL | base_address = 0x7ff910770000 |
|
1 | |
| Load | P2PNETSH.DLL | base_address = 0x7ff910730000 |
|
1 | |
| Load | RPCNSH.DLL | base_address = 0x7ff914b40000 |
|
1 | |
| Load | WCNNETSH.DLL | base_address = 0x7ff9106d0000 |
|
1 | |
| Load | WHHELPER.DLL | base_address = 0x7ff914b30000 |
|
1 | |
| Load | WLANCFG.DLL | - |
|
1 | |
| Get Handle | c:\windows\system32\netsh.exe | base_address = 0x7ff6c2510000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\WINDOWS\system32\MFC42u.dll, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\ifmon.dll | function = InitHelperDll, address_out = 0x7ff911d31310 |
|
1 | |
| Get Address | c:\windows\system32\rasmontr.dll | function = InitHelperDll, address_out = 0x7ff911895850 |
|
1 | |
| Get Address | c:\windows\system32\authfwcfg.dll | function = InitHelperDll, address_out = 0x7ff911521430 |
|
1 | |
| Get Address | c:\windows\system32\dhcpcmonitor.dll | function = InitHelperDll, address_out = 0x7ff9112a1610 |
|
1 | |
| Get Address | c:\windows\system32\dot3cfg.dll | function = InitHelperDll, address_out = 0x7ff9114d1100 |
|
1 | |
| Get Address | c:\windows\system32\fwcfg.dll | function = InitHelperDll, address_out = 0x7ff9111011f0 |
|
1 | |
| Get Address | c:\windows\system32\hnetmon.dll | function = InitHelperDll, address_out = 0x7ff9112b2060 |
|
1 | |
| Get Address | c:\windows\system32\netiohlp.dll | function = InitHelperDll, address_out = 0x7ff910dd5f80 |
|
1 | |
| Get Address | c:\windows\system32\nettrace.dll | function = InitHelperDll, address_out = 0x7ff910c915d0 |
|
1 | |
| Get Address | c:\windows\system32\nshhttp.dll | function = InitHelperDll, address_out = 0x7ff910c110e0 |
|
1 | |
| Get Address | c:\windows\system32\nshipsec.dll | function = InitHelperDll, address_out = 0x7ff914b71250 |
|
1 | |
| Get Address | c:\windows\system32\nshwfp.dll | function = InitHelperDll, address_out = 0x7ff9107710d0 |
|
1 | |
| Get Address | c:\windows\system32\p2pnetsh.dll | function = InitHelperDll, address_out = 0x7ff9107311e0 |
|
1 | |
| Get Address | c:\windows\system32\rpcnsh.dll | function = InitHelperDll, address_out = 0x7ff914b41010 |
|
1 | |
| Get Address | c:\windows\system32\wcnnetsh.dll | function = InitHelperDll, address_out = 0x7ff9106d1680 |
|
1 | |
| Get Address | c:\windows\system32\whhelper.dll | function = InitHelperDll, address_out = 0x7ff914b314d0 |
|
1 |
System (8)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Cursor | x_out = 968, y_out = 232 |
|
1 | |
| Get Info | type = Operating System |
|
6 | |
| Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 |
Process #9: 1.exe
20
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\programdata\microsoft\windows\start menu\programs\startup\1.exe |
| Command Line | "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1.exe" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:06, Reason: Autostart |
| Unmonitor | End Time: 00:02:10, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdd4 |
| Parent PID | 0x8cc (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DD8
0x
DE4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 1.exe | 0x00120000 | 0x00134FFF | Relevant Image | - | 32-bit | - |
|
|
|
| 1.exe | 0x00120000 | 0x00134FFF | Process Termination | - | 32-bit | - |
|
|
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x74440000 |
|
2 | |
| Get Handle | mscoree.dll | base_address = 0x0 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\1.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\1.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x74454ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x74454b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x74454b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x74454b00 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Ticks, time = 57234 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\0115B419773001 |
|
1 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Release | mutex_name = Global\0115B419773001 |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #10: 1.exe
196
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe |
| Command Line | "C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:06, Reason: Autostart |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:27 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xddc |
| Parent PID | 0x8cc (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DE0
0x
DE8
0x
DEC
0x
DF4
0x
DF8
0x
DFC
0x
E00
0x
E04
0x
E08
0x
E0C
0x
E10
0x
E14
0x
F0C
0x
F10
0x
F14
0x
F18
0x
F28
0x
F2C
0x
F40
0x
F44
0x
F48
0x
F4C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 1.exe | 0x01150000 | 0x01164FFF | Relevant Image | - | 32-bit | - |
|
|
|
Host Behavior
File (12)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$WINRE_BACKUP_PARTITION.MARKER | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Get Info | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | type = size, size_out = 129 |
|
1 | |
| Get Info | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\$WINRE_BACKUP_PARTITION.MARKER | type = size, size_out = 0 |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Copy | C:\Users\FD1HVy\AppData\Local\1.exe | source_filename = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe |
|
1 | |
| Copy | c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe | source_filename = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe |
|
1 | |
| Copy | c:\programdata\microsoft\windows\start menu\programs\startup\1.exe | source_filename = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe |
|
1 |
Registry (19)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 46863328, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 46863392, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = 46875816, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = 1, data = C:\Users\FD1HVy\AppData\Local\1.exe, size = 70, type = REG_SZ |
|
1 |
Process (44)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe | show_window = SW_SHOWNORMAL |
|
1 | |
| Enumerate Processes | - | - |
|
42 | |
| Enumerate Processes | - | - |
|
1 |
Module (37)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x74440000 |
|
16 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe, size = 260 |
|
7 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x74454ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x74454b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x74454b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x74454b00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x74456b30 |
|
5 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x74456b50 |
|
5 |
System (30)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = NQDPDE |
|
1 | |
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
22 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
2 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Get Time | type = Ticks, time = 57218 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (42)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\0115B419773001 |
|
1 | |
| Create | mutex_name = Global\0115B419773000 |
|
1 | |
| Create | mutex_name = Global\0115B419773001 |
|
1 | |
| Create | mutex_name = Global\0115B419773001 |
|
1 | |
| Create | mutex_name = Global\0115B419773001 |
|
1 | |
| Create | mutex_name = Global\0115B419773001 |
|
3 | |
| Create | mutex_name = Global\0115B419773001 |
|
1 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
8 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
14 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
1 | |
| Release | mutex_name = Global\0115B419773001 |
|
1 | |
| Release | mutex_name = Global\0115B419773001 |
|
1 | |
| Release | mutex_name = Global\0115B419773001 |
|
1 | |
| Release | mutex_name = Global\0115B419773001 |
|
1 | |
| Release | mutex_name = Global\0115B419773001 |
|
3 | |
| Release | mutex_name = Global\0115B419773001 |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #12: 1.exe
5216
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe |
| Command Line | "C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:14, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf00 |
| Parent PID | 0xddc (c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F04
0x
F08
0x
F1C
0x
F20
0x
F24
0x
FC8
0x
FCC
0x
FD0
0x
FD4
0x
FD8
0x
FDC
0x
FE0
0x
FE4
0x
FE8
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 1.exe | 0x01150000 | 0x01164FFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| \\?\C:\Program Files\Common Files\grove_fame_lightning.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | 74.28 KB |
MD5:
4b610b16cb17715ede61047b52be36d0
SHA1: 61f3769452ec616975ad73f5227b64894e19eb5b SHA256: 0f26147300dbfa6fef1b3221fd255f3d6108dd5f676f715bce33f9d48a4f6c39 SSDeep: 1536:HW6mWSFib4XIs/MT96KkwNMbvcNYRrhmcgbcxiDv07YwZ4kpTofzI:2xWSsb4ImMT96KkWMbvcNkBgbcxizdwz |
|
|
| \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | 462.92 KB |
MD5:
ae4836355be7979fda6aff383fa78aa6
SHA1: 8ef730a323398ab8d473dbd3f22a75b0d934e947 SHA256: 8461a3cd1d6cbe1c93e56521dd3dd431980eb66a6f72bd395c88fe00809745de SSDeep: 6144:a+dnryTSL5TEpGUul5M+FdJQQPB6eQJaj6c96RddC42Zoet4RnWTawbzD+QRw:aO/NLUu0+rJQQoFJb/dt2ZzqnWTa9Qu |
|
|
Host Behavior
File (2882)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | \\?\C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\$WINRE_BACKUP_PARTITION.MARKER | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\BCD | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\BCD.LOG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\BCD.LOG1 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\BCD.LOG2 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\bg-BG\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\bg-BG\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\bootspaces.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\bootspaces.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\bootvhd.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\bootvhd.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\cs-CZ\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\cs-CZ\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\da-DK\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\da-DK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\de-DE\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\de-DE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\el-GR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\el-GR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\en-GB\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\en-GB\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\es-ES\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\es-ES\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\es-MX\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\es-MX\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\et-EE\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\et-EE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fi-FI\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fi-FI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fi-FI\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fi-FI\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\malgunn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\malgunn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\malgun_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\malgun_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\meiryon_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\meiryon_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\meiryo_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\meiryo_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msjhn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msjhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msjh_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msjh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msyhn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msyhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msyh_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\msyh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segmono_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segmono_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segoen_slboot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segoen_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segoe_slboot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\segoe_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fr-CA\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fr-CA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\fr-FR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\fr-FR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\hr-HR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\hr-HR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\hu-HU\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\hu-HU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\it-IT\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\it-IT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ja-JP\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ja-JP\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ko-KR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ko-KR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\lt-LT\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\lt-LT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\lv-LV\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\lv-LV\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\memtest.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\memtest.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\nb-NO\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\nb-NO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\nb-NO\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\nb-NO\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\nl-NL\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\nl-NL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\nl-NL\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\nl-NL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pl-PL\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pl-PL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pl-PL\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pl-PL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pt-BR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pt-BR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pt-BR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pt-BR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pt-PT\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pt-PT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\pt-PT\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\pt-PT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\qps-ploc\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\qps-ploc\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\qps-ploc\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\qps-ploc\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Resources\bootres.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Resources\bootres.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\Resources\en-US\bootres.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\Resources\en-US\bootres.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ro-RO\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ro-RO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ru-RU\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ru-RU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\ru-RU\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\ru-RU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sk-SK\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sk-SK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sl-SI\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sl-SI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-CS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-CS\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sr-Latn-RS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sv-SE\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sv-SE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\sv-SE\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\sv-SE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\tr-TR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\tr-TR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\tr-TR\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\tr-TR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\uk-UA\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\uk-UA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\updaterevokesipolicy.p7b | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\updaterevokesipolicy.p7b | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-CN\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-CN\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-CN\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-CN\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-HK\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-HK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-HK\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-HK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-TW\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-TW\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Boot\zh-TW\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Boot\zh-TW\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\bootmgr | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\hiberfil.sys | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Security.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\System.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Windows PowerShell.evtx | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Logs\Windows PowerShell.evtx | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Logs\Windows PowerShell.evtx.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\pagefile.sys | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\grove_fame_lightning.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\grove_fame_lightning.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\grove_fame_lightning.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream64.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream64.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.en-us.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.en-us.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.en-us.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\mso20win32client.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\mso20win32client.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\mso30win32client.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\mso30win32client.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\mso40uires.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\mso40uires.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\mso40uiwin32client.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\mso40uiwin32client.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msointl30.en-us.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msointl30.en-us.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msointl30.en-us.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\Content.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\Content.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\FlickLearningWizard.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\FlickLearningWizard.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\IPSEventLogMsg.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\IPSEventLogMsg.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\micaut.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\mip.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\mip.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\mraut.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\Services\verisign.bmp | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\Services\verisign.bmp | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\adojavas.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\adojavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\adovbs.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\adovbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msader15.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msader15.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado15.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado15.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado20.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado20.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado21.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado21.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado25.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado25.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado26.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado26.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado27.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado27.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado28.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado60.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msado60.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadomd.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadomd.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadomd28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msador15.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msador15.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msador28.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msador28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadox.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadox.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadox28.tlb | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadox28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadrh15.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\DirectDB.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\DirectDB.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\en-US\wab32res.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\adcjavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\adcvbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadce.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadce.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadcer.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadcer.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadco.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadco.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadcor.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadcor.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadds.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msadds.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msaddsr.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msaddsr.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdaprsr.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdaprsr.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdaprst.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdaprst.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdarem.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdarem.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdaremr.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdaremr.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdfmap.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\msadc\msdfmap.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdaosp.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdaosp.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdaps.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdaps.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdasql.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdasql.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdatl3.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msdatl3.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msxactps.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\msxactps.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\oledb32.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\oledb32.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\oledb32r.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\oledb32r.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\ado\msadrh15.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.rll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.rll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\wab32.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\wab32.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\wab32res.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\wab32res.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\boating.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\boating.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\boating.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\ExtExport.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\ExtExport.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\hmmapi.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\hmmapi.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\iediagcmd.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\iediagcmd.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\ieinstal.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\ieinstal.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\ielowutil.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\ielowutil.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\IEShims.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\IEShims.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\iexplore.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\iexplore.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\images\bing.ico | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\images\bing.ico | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Common Files\System\Ole DB\sqloledb.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\sqmapi.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\sqmapi.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\awt.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\awt.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\awt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\bci.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\bci.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\bci.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dcpr.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dcpr.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dcpr.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\decora_sse.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\decora_sse.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\decora_sse.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\deploy.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\deploy.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\deploy.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\deployJava1.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\deployJava1.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\deployJava1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_shmem.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_shmem.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_shmem.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_socket.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_socket.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_socket.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\eula.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\eula.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\eula.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fontmanager.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fontmanager.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fontmanager.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fxplugins.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fxplugins.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fxplugins.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glass.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glass.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glass.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glib-lite.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glib-lite.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glib-lite.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\gstreamer-lite.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\gstreamer-lite.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\gstreamer-lite.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\hprof.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\hprof.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\hprof.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\instrument.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\instrument.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\instrument.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pcsc.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pcsc.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pcsc.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pkcs11.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pkcs11.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pkcs11.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jaas_nt.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jaas_nt.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jaas_nt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jabswitch.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jabswitch.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jabswitch.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java-rmi.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java-rmi.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java-rmi.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\JavaAccessBridge-64.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\JavaAccessBridge-64.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\JavaAccessBridge-64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javafx_font.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javafx_font.dll | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javafx_font.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Copy | c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe | source_filename = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe |
|
1 | |
| Copy | c:\programdata\microsoft\windows\start menu\programs\startup\1.exe | source_filename = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe |
|
1 | |
| Read | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini | size = 1114368, size_out = 645 |
|
1 | |
| Read | \\?\C:\Program Files\desktop.ini | size = 1114368, size_out = 174 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16000 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\grove_fame_lightning.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 75792 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\grove_fame_lightning.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 69648 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll | size = 18640 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 18640 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 21200 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 306 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 18640 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 11632 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19664 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 22736 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 20688 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19664 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 27856 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 70864 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19664 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 23248 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 26832 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 24784 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 21200 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19152 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 290 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 24784 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 396976 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786706 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 473776 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvStream64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786722 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786722 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 512224 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 263904 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1114368 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 820432 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 94576 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.en-us.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 902336 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.en-us.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 332976 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 112 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 112 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 4144 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 358624 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1093264 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msointl30.en-us.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 61040 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\msointl30.en-us.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786706 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 4784 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 4464 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 996576 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 982736 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 390336 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 363744 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 590528 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1114368 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 360800 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 18640 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 656 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 244304 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 855392 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 990048 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 12464 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 20624 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 100496 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 48880 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 168080 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 17056 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 367232 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\System\ado\msadrh15.dll | size = 22688 |
|
1 | |
| Write | \\?\C:\Program Files\Common Files\System\ado\msadrh15.dll | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 176 |
|
1 | |
| Write | \\?\C:\Program Files\desktop.ini.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Internet Explorer\boating.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 75792 |
|
1 | |
| Write | \\?\C:\Program Files\Internet Explorer\boating.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\awt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1114368 |
|
1 | |
| Write | \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 464 |
|
1 | |
| Write | \\?\C:\Program Files\Internet Explorer\SIGNUP\install.ins.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\bci.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16976 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\bci.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dcpr.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 159824 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dcpr.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\decora_sse.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 86096 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\decora_sse.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\awt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 402256 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\awt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\deploy.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 587856 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\deploy.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\deployJava1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1026128 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\deployJava1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1114368 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 42320 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npdeployJava1.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_shmem.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 29776 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_shmem.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\eula.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 136272 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\eula.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fontmanager.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274512 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fontmanager.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_socket.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 24656 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\dt_socket.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glass.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 265808 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glass.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fxplugins.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 186960 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\fxplugins.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\gstreamer-lite.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 619600 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\gstreamer-lite.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glib-lite.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 455760 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\glib-lite.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\hprof.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 158288 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\hprof.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\instrument.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 123472 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\instrument.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pcsc.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19024 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pcsc.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pkcs11.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 63568 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\j2pkcs11.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jabswitch.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 34384 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jabswitch.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java-rmi.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 15952 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java-rmi.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 159824 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 206928 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jaas_nt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 21072 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jaas_nt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\JavaAccessBridge-64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 142416 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\JavaAccessBridge-64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 187408 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 80464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javafx_font.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 69200 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javafx_font.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javafx_iio.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 128080 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javafx_iio.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javaw.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 206928 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javaw.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javaws.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 319568 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javaws.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javafx_font_t2k.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 538192 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\javafx_font_t2k.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jawt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 14416 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jawt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java_crw_demo.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 29776 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\java_crw_demo.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jdwp.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 201808 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jdwp.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jfr.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 26704 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jfr.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jfxmedia.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 139856 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jfxmedia.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\JAWTAccessBridge-64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 15440 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\JAWTAccessBridge-64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jjs.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 15952 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jjs.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jli.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 174672 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jli.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jp2iexp.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 296016 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jp2iexp.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | size = 786706 |
|
1 | |
| Write | \\?\C:\Program Files\WindowsApps\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jp2launcher.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 112208 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jp2launcher.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 235600 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jpeg.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 185936 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jpeg.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jp2native.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 20048 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jp2native.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jsound.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 35408 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jsound.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jsoundds.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 31312 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jsoundds.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\kcms.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 220752 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\kcms.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\keytool.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\keytool.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jsdt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 18512 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\jsdt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\kinit.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\kinit.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\klist.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\klist.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\ktab.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\ktab.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\lcms.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 233552 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\lcms.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\management.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 36944 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\management.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\mlib_image.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 653904 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\mlib_image.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\msvcr100.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 829280 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\msvcr100.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\msvcp120.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 660144 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\msvcp120.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\net.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 96848 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\net.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\nio.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 60496 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\nio.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\npt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 19024 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\npt.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\orbd.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\orbd.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\msvcr120.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 963248 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\msvcr120.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\pack200.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\pack200.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 234576 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\policytool.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\policytool.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\prism_common.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 57424 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\prism_common.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\prism_d3d.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 130640 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\prism_d3d.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\plugin2\msvcr100.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 829280 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\plugin2\msvcr100.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\prism_sw.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 97872 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\prism_sw.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\rmid.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 15952 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\rmid.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\rmiregistry.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\rmiregistry.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\resource.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 15440 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\resource.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\server\jvm.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786690 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\server\classes.jsa.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786690 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\server\classes.jsa.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\server\jvm.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\servertool.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\servertool.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\splashscreen.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 204880 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\splashscreen.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1424 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\ssvagent.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 70224 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\ssvagent.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\sunec.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 135760 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\sunec.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\sunmscapi.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 31824 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\sunmscapi.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\t2k.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 255056 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\t2k.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 571984 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\tnameserv.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 16464 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\tnameserv.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\unpack200.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 197200 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\unpack200.exe.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\verify.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 49232 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\verify.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\w2k_lsa_auth.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 24144 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\w2k_lsa_auth.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\unpack.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 79952 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\unpack.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\wsdetect.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 192592 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\wsdetect.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\zip.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 77904 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\zip.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\COPYRIGHT.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3248 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\COPYRIGHT.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 160 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\WindowsAccessBridge-64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 110160 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\bin\WindowsAccessBridge-64.dll.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1392 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786706 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\amd64\jvm.cfg.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 640 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\amd64\jvm.cfg.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\classlist.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 84368 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\classlist.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\CIEXYZ.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 51248 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\CIEXYZ.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\GRAY.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 640 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\GRAY.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\LINEAR_RGB.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 1056 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\LINEAR_RGB.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3152 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\PYCC.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274480 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\cmm\PYCC.pf.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 226 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\currency.data.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 4128 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\currency.data.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 14160 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 2864 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_de.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3312 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_de.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 5552 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_fr.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3424 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_fr.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_it.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3232 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_it.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ja.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 6352 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ja.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ko.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 5728 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ko.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3296 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_sv.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3424 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_sv.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_es.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3616 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_es.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_HK.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3760 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_HK.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_TW.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 3760 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_TW.properties.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 8592 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 15280 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 7808 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 12256 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar | size = 4080 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar | size = 274 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 188032 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 258 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786690 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\cldrdata.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786706 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\cldrdata.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
3 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\jaccess.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 44528 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\jaccess.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\dnsns.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 8288 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\dnsns.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 242 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\localedata.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786706 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\jfxrt.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 786690 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\jfxrt.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
1 | |
| Write | \\?\C:\Program Files\Java\jre1.8.0_144\lib\ext\jfxrt.jar.id[B4197730-0115].[fileisafe@tuta.io].actin | size = 262144 |
|
1 | |
|
For performance reasons, the remaining 1838 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (20)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
6 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 40506336, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 40506400, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = 40518752, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | value_name = 1, data = C:\Users\FD1HVy\AppData\Local\1.exe, size = 70, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = 1, data = C:\Users\FD1HVy\AppData\Local\1.exe, size = 70, type = REG_SZ |
|
1 |
Process (849)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0xf30, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0xf38, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Enumerate Processes | - | - |
|
829 | |
| Enumerate Processes | - | - |
|
18 |
Module (28)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x74440000 |
|
12 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe, size = 260 |
|
6 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x74454ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x74454b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x74454b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x74454b00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x74456b30 |
|
6 |
System (49)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
29 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
18 | |
| Get Time | type = Ticks, time = 62484 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (21)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\0115B419773001 |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773001, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
2 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
4 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
3 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\0115B419773000, desired_access = SYNCHRONIZE |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #13: cmd.exe
397
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\WINDOWS\system32\cmd.exe" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:14, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf30 |
| Parent PID | 0xf00 (c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F34
0x
F88
|
Host Behavior
File (324)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\WINDOWS\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
14 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
7 | |
| Open | STD_OUTPUT_HANDLE | - |
|
37 | |
| Open | STD_INPUT_HANDLE | - |
|
134 | |
| Read | STD_INPUT_HANDLE | size = 1, size_out = 1 |
|
117 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
5 | |
| Write | STD_OUTPUT_HANDLE | size = 52 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 20 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 36 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 23 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 58 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (6)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\vssadmin.exe | os_pid = 0xf8c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\WINDOWS\System32\Wbem\WMIC.exe | os_pid = 0xfb0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\WINDOWS\system32\bcdedit.exe | os_pid = 0x38c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | C:\WINDOWS\system32\vssadmin.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\WINDOWS\System32\Wbem\WMIC.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\WINDOWS\system32\bcdedit.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Memory (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\WINDOWS\system32\vssadmin.exe | address = 484007534592, size = 1952 |
|
1 | |
| Read | C:\WINDOWS\System32\Wbem\WMIC.exe | address = 166791286784, size = 1952 |
|
1 | |
| Read | C:\WINDOWS\system32\bcdedit.exe | address = 139080695808, size = 1952 |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NTDLL.DLL | base_address = 0x7ffe6b580000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6de050000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ffe6b4d0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ffe6b4ea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ffe6b4ee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ffe6b4ee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ffe67f50a40 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = NtQueryInformationProcess, address_out = 0x7ffe6b6256b0 |
|
1 |
System (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
1 |
Environment (34)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
11 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
4 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
4 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
3 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
3 | |
| Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
2 | |
| Set Environment String | name = =ExitCode, value = 80041014 |
|
1 |
Process #14: cmd.exe
301
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\WINDOWS\system32\cmd.exe" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:14, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf38 |
| Parent PID | 0xf00 (c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\1.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F3C
0x
F80
|
Host Behavior
File (240)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\WINDOWS\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
11 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
5 | |
| Open | STD_OUTPUT_HANDLE | - |
|
28 | |
| Open | STD_INPUT_HANDLE | - |
|
98 | |
| Read | STD_INPUT_HANDLE | size = 1, size_out = 1 |
|
86 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 52 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 20 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 47 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 39 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (4)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\netsh.exe | os_pid = 0xf98, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\WINDOWS\system32\netsh.exe | os_pid = 0x580, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | C:\WINDOWS\system32\netsh.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\WINDOWS\system32\netsh.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Memory (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\WINDOWS\system32\netsh.exe | address = 266440065024, size = 1952 |
|
1 | |
| Read | C:\WINDOWS\system32\netsh.exe | address = 557799133184, size = 1952 |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NTDLL.DLL | base_address = 0x7ffe6b580000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x7ff6de050000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ffe6b4d0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x7ffe6b4ea990 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x7ffe6b4ee830 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x7ffe6b4ee300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x7ffe67f50a40 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = NtQueryInformationProcess, address_out = 0x7ffe6b6256b0 |
|
1 |
System (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
1 |
Environment (25)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
8 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
3 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
2 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #17: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:16, Reason: Child Process |
| Unmonitor | End Time: 00:02:17, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf8c |
| Parent PID | 0xf30 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F90
0x
F94
0x
FA4
0x
FA8
0x
FAC
|
Process #18: netsh.exe
85
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\netsh.exe |
| Command Line | netsh advfirewall set currentprofile state off |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:16, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:16 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf98 |
| Parent PID | 0xf38 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F9C
0x
FA0
0x
FB8
0x
FC0
0x
FC4
|
Host Behavior
File (4)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 5 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
1 |
Registry (22)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 | |
| Get Key Info | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | - |
|
1 |
Module (49)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-appmodel-runtime-l1-1-0.dll | base_address = 0x7ffe67a40000 |
|
1 | |
| Load | IFMON.DLL | base_address = 0x7ffe62c00000 |
|
1 | |
| Load | RASMONTR.DLL | base_address = 0x7ffe5ff60000 |
|
1 | |
| Load | MSVCRT.DLL | base_address = 0x7ffe6a810000 |
|
1 | |
| Load | C:\WINDOWS\system32\MFC42LOC.DLL | base_address = 0x0 |
|
1 | |
| Load | AUTHFWCFG.DLL | base_address = 0x7ffe5f450000 |
|
1 | |
| Load | DHCPCMONITOR.DLL | base_address = 0x7ffe62b60000 |
|
1 | |
| Load | DOT3CFG.DLL | base_address = 0x7ffe62970000 |
|
1 | |
| Load | FWCFG.DLL | base_address = 0x7ffe5fa60000 |
|
1 | |
| Load | HNETMON.DLL | base_address = 0x7ffe62b50000 |
|
1 | |
| Load | NETIOHLP.DLL | base_address = 0x7ffe5fa00000 |
|
1 | |
| Load | NETTRACE.DLL | base_address = 0x7ffe5ed60000 |
|
1 | |
| Load | NSHHTTP.DLL | base_address = 0x7ffe62a60000 |
|
1 | |
| Load | NSHIPSEC.DLL | base_address = 0x7ffe54840000 |
|
1 | |
| Load | NSHWFP.DLL | base_address = 0x7ffe54780000 |
|
1 | |
| Load | P2PNETSH.DLL | base_address = 0x7ffe54740000 |
|
1 | |
| Load | RPCNSH.DLL | base_address = 0x7ffe5ff50000 |
|
1 | |
| Load | WCNNETSH.DLL | base_address = 0x7ffe5ed40000 |
|
1 | |
| Load | WHHELPER.DLL | base_address = 0x7ffe5fb70000 |
|
1 | |
| Load | WLANCFG.DLL | base_address = 0x7ffe546b0000 |
|
1 | |
| Load | WSHELPER.DLL | base_address = 0x7ffe5ea80000 |
|
1 | |
| Load | WWANCFG.DLL | base_address = 0x7ffe5c720000 |
|
1 | |
| Load | PEERDISTSH.DLL | base_address = 0x7ffe544f0000 |
|
1 | |
| Load | mprmsg.dll | base_address = 0x7ffe54c70000 |
|
1 | |
| Get Handle | c:\windows\system32\netsh.exe | base_address = 0x7ff73dc80000 |
|
2 | |
| Get Handle | c:\windows\system32\msvcrt.dll | base_address = 0x7ffe6a810000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\netsh.exe, file_name_orig = C:\WINDOWS\system32\MFC42u.dll, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\ifmon.dll | function = InitHelperDll, address_out = 0x7ffe62c01310 |
|
1 | |
| Get Address | c:\windows\system32\rasmontr.dll | function = InitHelperDll, address_out = 0x7ffe5ff75850 |
|
1 | |
| Get Address | c:\windows\system32\authfwcfg.dll | function = InitHelperDll, address_out = 0x7ffe5f451430 |
|
1 | |
| Get Address | c:\windows\system32\dhcpcmonitor.dll | function = InitHelperDll, address_out = 0x7ffe62b61610 |
|
1 | |
| Get Address | c:\windows\system32\dot3cfg.dll | function = InitHelperDll, address_out = 0x7ffe62971100 |
|
1 | |
| Get Address | c:\windows\system32\fwcfg.dll | function = InitHelperDll, address_out = 0x7ffe5fa611f0 |
|
1 | |
| Get Address | c:\windows\system32\hnetmon.dll | function = InitHelperDll, address_out = 0x7ffe62b52060 |
|
1 | |
| Get Address | c:\windows\system32\netiohlp.dll | function = InitHelperDll, address_out = 0x7ffe5fa15f80 |
|
1 | |
| Get Address | c:\windows\system32\nettrace.dll | function = InitHelperDll, address_out = 0x7ffe5ed615d0 |
|
1 | |
| Get Address | c:\windows\system32\nshhttp.dll | function = InitHelperDll, address_out = 0x7ffe62a610e0 |
|
1 | |
| Get Address | c:\windows\system32\nshipsec.dll | function = InitHelperDll, address_out = 0x7ffe54841250 |
|
1 | |
| Get Address | c:\windows\system32\nshwfp.dll | function = InitHelperDll, address_out = 0x7ffe547810d0 |
|
1 | |
| Get Address | c:\windows\system32\p2pnetsh.dll | function = InitHelperDll, address_out = 0x7ffe547411e0 |
|
1 | |
| Get Address | c:\windows\system32\rpcnsh.dll | function = InitHelperDll, address_out = 0x7ffe5ff51010 |
|
1 | |
| Get Address | c:\windows\system32\wcnnetsh.dll | function = InitHelperDll, address_out = 0x7ffe5ed41680 |
|
1 | |
| Get Address | c:\windows\system32\whhelper.dll | function = InitHelperDll, address_out = 0x7ffe5fb714d0 |
|
1 | |
| Get Address | c:\windows\system32\wlancfg.dll | function = InitHelperDll, address_out = 0x7ffe546b1320 |
|
1 | |
| Get Address | c:\windows\system32\wshelper.dll | function = InitHelperDll, address_out = 0x7ffe5ea81030 |
|
1 | |
| Get Address | c:\windows\system32\wwancfg.dll | function = InitHelperDll, address_out = 0x7ffe5c7211d0 |
|
1 | |
| Get Address | c:\windows\system32\peerdistsh.dll | function = InitHelperDll, address_out = 0x7ffe544f1220 |
|
1 | |
| Get Address | c:\windows\system32\mprmsg.dll | function = MprmsgGetErrorString, address_out = 0x7ffe54c71040 |
|
1 |
System (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Cursor | x_out = 40, y_out = 863 |
|
1 | |
| Get Info | type = Operating System |
|
6 | |
| Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Process #19: wmic.exe
162
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\system32\wbem\wmic.exe |
| Command Line | wmic shadowcopy delete |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:17, Reason: Child Process |
| Unmonitor | End Time: 00:02:29, Reason: Self Terminated |
| Monitor Duration | 00:00:12 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfb0 |
| Parent PID | 0xf30 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FB4
0x
FBC
0x
FEC
0x
FF0
0x
FF4
|
Host Behavior
COM (7)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | F6D90F12-9C73-11D3-B32E-00C04F990BB4 | 2933BF95-7B36-11D2-B20E-00C04F983E60 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | EB87E1BD-3233-11D2-AEC9-00C04FB68820 | EB87E1BC-3233-11D2-AEC9-00C04FB68820 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli\ms_409 |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\NQDPDE\ROOT\CIMV2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy |
|
1 |
Registry (5)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory, data = 37 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Log File Max Size, data = 54 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\wbem\wmic.exe | base_address = 0x7ff719480000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = NQDPDE |
|
1 | |
| Get Time | type = Local Time, time = 2019-07-04 20:41:26 (Local Time) |
|
1 | |
| Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 |
Process #22: bcdedit.exe
0
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\system32\bcdedit.exe |
| Command Line | bcdedit /set {default} bootstatuspolicy ignoreallfailures |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:32, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x38c |
| Parent PID | 0xf30 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A80
0x
CF0
|
Process #23: netsh.exe
0
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\system32\netsh.exe |
| Command Line | netsh firewall set opmode mode=disable |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:34, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:00 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x580 |
| Parent PID | 0xf38 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
584
|
