v19V.exe
Windows Exe (x86-64)
Created at 2019-07-27T13:03:00
Remarks (2/2)
(0x200000e): The overall sleep time of all monitored processes was truncated from "39 minutes, 35 seconds" to "11 minutes" to reveal dormant functionality.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: v19v.exe
97260
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\v19v.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\v19V.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:29, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:14, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:44 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7fc |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2D4
0x
DB4
0x
FB8
0x
FA0
0x
9D8
0x
6E4
0x
AEC
0x
E98
0x
D60
0x
BB4
0x
A7C
0x
C30
0x
FB4
0x
B04
0x
4AC
0x
CF4
0x
F18
0x
90C
0x
524
0x
A5C
0x
B04
0x
5B4
0x
2AC
0x
F8C
0x
4CC
0x
A98
0x
70C
0x
810
0x
D18
0x
73C
0x
564
0x
668
0x
B08
0x
FFC
0x
DB8
0x
A24
0x
FC8
0x
E88
0x
56C
0x
BB4
0x
BE4
0x
F4
0x
BFC
0x
FC4
0x
F74
0x
D90
0x
84
0x
47C
0x
EF4
0x
F28
0x
15C
0x
B80
0x
914
0x
C40
0x
870
0x
874
0x
908
0x
958
0x
97C
0x
964
0x
9D0
0x
878
0x
A64
0x
A38
0x
A44
0x
BBC
0x
A4C
0x
A68
0x
A74
0x
DCC
0x
A94
0x
AA0
0x
AAC
0x
AA8
0x
AD0
0x
AD4
0x
AD8
0x
ADC
0x
AE0
0x
AE4
0x
994
0x
D50
0x
C4C
0x
C2C
0x
E3C
0x
C80
0x
C98
0x
C60
0x
DA0
0x
C0C
0x
C48
0x
DEC
0x
8F8
0x
C30
0x
864
0x
388
0x
548
0x
708
0x
F34
0x
724
0x
710
0x
FE4
0x
504
0x
C68
0x
CE8
0x
D34
0x
368
0x
D30
0x
D48
0x
D54
0x
B64
0x
D44
0x
4AC
0x
FC0
0x
DFC
0x
1A4
0x
E7C
0x
F18
0x
A40
0x
100C
0x
1010
0x
1014
0x
1018
0x
101C
0x
1020
0x
1024
0x
1028
0x
102C
0x
1030
0x
1034
0x
1038
0x
103C
0x
1040
0x
1044
0x
1048
0x
1054
0x
1060
0x
1064
0x
1068
0x
106C
0x
1070
0x
107C
0x
1080
0x
1084
0x
1088
0x
108C
0x
1090
0x
1094
0x
1098
0x
109C
0x
10A0
0x
10A4
0x
10A8
0x
10AC
0x
10B0
0x
10B4
0x
10B8
0x
10BC
0x
10C0
0x
10C4
0x
10C8
0x
10CC
0x
10D0
0x
10D4
0x
10D8
0x
10DC
0x
10E0
0x
10E4
0x
10E8
0x
10EC
0x
10F0
0x
10F4
0x
10F8
0x
10FC
0x
1100
0x
1104
0x
1108
0x
110C
0x
1110
0x
1114
0x
1118
0x
111C
0x
1120
0x
1124
0x
1128
0x
112C
0x
1130
0x
1134
0x
1138
0x
113C
0x
1140
0x
1144
0x
1148
0x
114C
0x
1154
0x
1158
0x
115C
0x
1160
0x
1164
0x
116C
0x
1170
0x
1174
0x
1178
0x
117C
0x
1180
0x
1184
0x
1188
0x
118C
0x
1190
0x
1194
0x
1198
0x
119C
0x
11A0
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11B8
0x
11BC
0x
11C0
0x
11C4
0x
11C8
0x
11CC
0x
11D0
0x
11D4
0x
11DC
0x
11E0
0x
11E4
0x
11E8
0x
11EC
0x
11F0
0x
11F4
0x
11F8
0x
11FC
0x
1200
0x
1204
0x
1208
0x
120C
0x
1210
0x
1214
0x
1218
0x
121C
0x
1220
0x
1224
0x
1228
0x
122C
0x
1230
0x
1234
0x
1238
0x
123C
0x
1240
0x
1244
0x
1248
0x
124C
0x
1250
0x
1254
0x
1258
0x
125C
0x
1260
0x
1264
0x
1268
0x
126C
0x
1270
0x
1274
0x
1278
0x
127C
0x
1280
0x
1284
0x
1288
0x
128C
0x
1290
0x
1294
0x
1298
0x
129C
0x
12A0
0x
12A4
0x
12A8
0x
12AC
0x
12B0
0x
12B8
0x
12BC
0x
12C0
0x
12C4
0x
12C8
0x
12CC
0x
12D0
0x
12D4
0x
12D8
0x
12DC
0x
12E8
0x
12EC
0x
12F0
0x
12F4
0x
12F8
0x
12FC
0x
1300
0x
1304
0x
1308
0x
130C
0x
1310
0x
1314
0x
1320
0x
131C
0x
1324
0x
1328
0x
132C
0x
1330
0x
1334
0x
1338
0x
133C
0x
1340
0x
1344
0x
1348
0x
134C
0x
1350
0x
1358
0x
135C
0x
1360
0x
1364
0x
1368
0x
136C
0x
1370
0x
1374
0x
1378
0x
1388
0x
138C
0x
1390
0x
1394
0x
1398
0x
139C
0x
13AC
0x
13B0
0x
13B4
0x
13B8
0x
13BC
0x
13C0
0x
13C4
0x
13C8
0x
13CC
0x
13D0
0x
13D4
0x
13D8
0x
13DC
0x
13E0
0x
13E4
0x
13E8
0x
13EC
0x
13F4
0x
13F8
0x
13FC
0x
F00
0x
DD4
0x
DD0
0x
BD8
0x
BA8
0x
F80
0x
704
0x
BEC
0x
F60
0x
754
0x
9B0
0x
1058
0x
E60
0x
C5C
0x
AF8
0x
E34
0x
DE8
0x
DE4
0x
DE0
0x
B8C
0x
500
0x
AFC
0x
B88
0x
B9C
0x
BA0
0x
BA4
0x
BE0
0x
BDC
0x
C08
0x
634
0x
6D0
0x
6E0
0x
79C
0x
BD0
0x
8C8
0x
CA8
0x
CA4
0x
B68
0x
CB4
0x
CB0
0x
69C
0x
ACC
0x
1050
0x
B54
0x
974
0x
7BC
0x
E30
0x
A9C
0x
CDC
0x
D20
0x
9E4
0x
BE8
0x
AC8
0x
4C8
0x
1320
0x
1078
0x
1150
0x
1074
0x
9BC
0x
F54
0x
AB8
0x
105C
0x
104C
0x
13A4
0x
1408
0x
140C
0x
1410
0x
1414
0x
1418
0x
141C
0x
1420
0x
1424
0x
1428
0x
142C
0x
1430
0x
1438
0x
143C
0x
1440
0x
1444
0x
1448
0x
144C
0x
1450
0x
1454
0x
1458
0x
145C
0x
1460
0x
1464
0x
146C
0x
1470
0x
1474
0x
1478
0x
147C
0x
1480
0x
1484
0x
1488
0x
148C
0x
1490
0x
1494
0x
1498
0x
149C
0x
14A0
0x
14A4
0x
14A8
0x
14AC
0x
14B0
0x
14B4
0x
14B8
0x
14BC
0x
14C0
0x
14CC
0x
14D0
0x
14D4
0x
14D8
0x
14DC
0x
14E0
0x
14E4
0x
14E8
0x
14EC
0x
14F0
0x
14F4
0x
14F8
0x
14FC
0x
1500
0x
1504
0x
1508
0x
150C
0x
1510
0x
1514
0x
1518
0x
151C
0x
1520
0x
1524
0x
1528
0x
152C
0x
1530
0x
1534
0x
1538
0x
153C
0x
1540
0x
1544
0x
1548
0x
154C
0x
1574
0x
1578
0x
157C
0x
1580
0x
1584
0x
1588
0x
158C
0x
1590
0x
1594
0x
1598
0x
159C
0x
15A0
0x
15A4
0x
15A8
0x
15AC
0x
15B0
0x
15B4
0x
15B8
0x
15BC
0x
15C0
0x
15C4
0x
15C8
0x
15CC
0x
15D0
0x
15D4
0x
15D8
0x
15DC
0x
15E0
0x
15E4
0x
15E8
0x
15EC
0x
15F0
0x
15F4
0x
15F8
0x
15FC
0x
1600
0x
1608
0x
160C
0x
1610
0x
1614
0x
1618
0x
161C
0x
1620
0x
1624
0x
1628
0x
162C
0x
1630
0x
1634
0x
1638
0x
163C
0x
1640
0x
1644
0x
1648
0x
164C
0x
1650
0x
1654
0x
1658
0x
165C
0x
1660
0x
1664
0x
1668
0x
166C
0x
1670
0x
1674
0x
1680
0x
1684
0x
1688
0x
168C
0x
1690
0x
1694
0x
1698
0x
169C
0x
16A0
0x
16A4
0x
16A8
0x
16AC
0x
16B0
0x
16B4
0x
16B8
0x
16BC
0x
16C0
0x
16C4
0x
16C8
0x
16CC
0x
16D0
0x
16D4
0x
16D8
0x
16E4
0x
16E8
0x
16EC
0x
16F0
0x
16F4
0x
16F8
0x
16FC
0x
1700
0x
1704
0x
1708
0x
170C
0x
1710
0x
1714
0x
1718
0x
1724
0x
1728
0x
172C
0x
1730
0x
1734
0x
1738
0x
173C
0x
1740
0x
1744
0x
1748
0x
174C
0x
1750
0x
1754
0x
1758
0x
175C
0x
1760
0x
1764
0x
1768
0x
176C
0x
1770
0x
1774
0x
177C
0x
1780
0x
1784
0x
1788
0x
178C
0x
1790
0x
1794
0x
1798
0x
179C
0x
17A0
0x
17A4
0x
17A8
0x
17AC
0x
17B0
0x
17B4
0x
17B8
0x
17BC
0x
17C0
0x
17C4
0x
17C8
0x
17CC
0x
17D0
0x
17D4
0x
17D8
0x
17DC
0x
17E0
0x
17E4
0x
17E8
0x
17EC
0x
17F0
0x
17F4
0x
17F8
0x
17FC
0x
AB0
0x
EB0
0x
1008
0x
1004
0x
4F0
0x
4E0
0x
C44
0x
734
0x
6A4
0x
BF8
0x
57C
0x
A0C
0x
61C
0x
A90
0x
145C
0x
155C
0x
B5C
0x
BAC
0x
BB0
0x
BC4
0x
B7C
0x
BF0
0x
50C
0x
7A0
0x
630
0x
828
0x
588
0x
BB8
0x
6D4
0x
6C4
0x
BC0
0x
590
0x
B74
0x
B70
0x
7C4
0x
438
0x
BCC
0x
BC8
0x
578
0x
784
0x
14C8
0x
1560
0x
1380
0x
1804
0x
1808
0x
180C
0x
1810
0x
1814
0x
1818
0x
181C
0x
1820
0x
1824
0x
1828
0x
182C
0x
1830
0x
1834
0x
1838
0x
183C
0x
1840
0x
1844
0x
1848
0x
184C
0x
1850
0x
1854
0x
1858
0x
185C
0x
1860
0x
1864
0x
1868
0x
186C
0x
1870
0x
1878
0x
187C
0x
1880
0x
1884
0x
1888
0x
188C
0x
1890
0x
1894
0x
1898
0x
189C
0x
18A0
0x
18A4
0x
18A8
0x
18AC
0x
18B0
0x
18B4
0x
18B8
0x
18BC
0x
18C0
0x
18C4
0x
18C8
0x
18CC
0x
18D0
0x
18D4
0x
18D8
0x
18DC
0x
18E0
0x
18E4
0x
18E8
0x
18EC
0x
18F0
0x
18F4
0x
18F8
0x
18FC
0x
1900
0x
1904
0x
1908
0x
190C
0x
1910
0x
1914
0x
1918
0x
191C
0x
1924
0x
1928
0x
192C
0x
1930
0x
1934
0x
1938
0x
193C
0x
1940
0x
1944
0x
1948
0x
194C
0x
1950
0x
1954
0x
1958
0x
195C
0x
1960
0x
1964
0x
1968
0x
196C
0x
1970
0x
1974
0x
1978
0x
197C
0x
1980
0x
1984
0x
1988
0x
198C
0x
1990
0x
1994
0x
1998
0x
19A8
0x
19AC
0x
19B0
0x
19B4
0x
19B8
0x
19BC
0x
19C0
0x
19C4
0x
19CC
0x
19D0
0x
19D4
0x
19D8
0x
19DC
0x
19E0
0x
19E4
0x
19E8
0x
19EC
0x
19F0
0x
19F4
0x
19F8
0x
19FC
0x
1A00
0x
1A04
0x
1A08
0x
1A0C
0x
1A10
0x
1A14
0x
1A18
0x
1A1C
0x
1A20
0x
1A24
0x
1A28
0x
1A2C
0x
1A30
0x
1A34
0x
1A38
0x
1A3C
0x
1A40
0x
1A44
0x
1A48
0x
1A4C
0x
1A50
0x
1A54
0x
1A58
0x
1A5C
0x
1A60
0x
1A64
0x
1A68
0x
1A6C
0x
1A70
0x
1A74
0x
1A78
0x
1A7C
0x
1A80
0x
1A84
0x
1A88
0x
1A8C
0x
1A90
0x
1A94
0x
1A98
0x
1AA4
0x
1AA8
0x
1AAC
0x
1AB0
0x
1AB4
0x
1AB8
0x
1AC0
0x
1AC4
0x
1AC8
0x
1ACC
0x
1AD0
0x
1AD4
0x
1AD8
0x
1ADC
0x
1AE0
0x
1AE4
0x
1AEC
0x
1AF0
0x
1AF4
0x
1AF8
0x
1AFC
0x
1B00
0x
1B04
0x
1B08
0x
1B0C
0x
1B10
0x
1B14
0x
1B18
0x
1B1C
0x
1B20
0x
1B24
0x
1B28
0x
1B2C
0x
1B30
0x
1B34
0x
1B38
0x
1B3C
0x
1B40
0x
1B44
0x
1B48
0x
1B4C
0x
1B50
0x
1B54
0x
1B58
0x
1B5C
0x
1B60
0x
1B64
0x
1B68
0x
1B6C
0x
1B70
0x
1B74
0x
1B78
0x
1B7C
0x
1B80
0x
1B84
0x
1B88
0x
1B8C
0x
1B90
0x
1B94
0x
1B98
0x
1B9C
0x
1BA0
0x
1BA4
0x
1BA8
0x
1BAC
0x
1BB0
0x
1BB4
0x
1BB8
0x
1BBC
0x
1BC0
0x
1BC4
0x
1BC8
0x
1BCC
0x
1BD0
0x
1BD4
0x
1BD8
0x
1BDC
0x
1BE0
0x
1BE4
0x
1BE8
0x
1BEC
0x
1BF0
0x
1BF4
0x
1BF8
0x
1BFC
0x
B94
0x
14C4
0x
1468
0x
1404
0x
137C
0x
1434
0x
13F0
0x
13A0
0x
199C
0x
F6C
0x
F38
0x
167C
0x
1778
0x
1678
0x
1554
0x
1568
0x
1604
0x
A88
0x
F40
0x
156C
0x
DF8
0x
1550
0x
C70
0x
1570
0x
1564
0x
FB4
0x
1558
0x
1C04
0x
1C08
0x
1C0C
0x
1C10
0x
1C14
0x
1C1C
0x
1C20
0x
1C24
0x
1C28
0x
1C2C
0x
1C30
0x
1C34
0x
1C38
0x
1C3C
0x
1C40
0x
1C44
0x
1C48
0x
1C4C
0x
1C50
0x
1C54
0x
1C58
0x
1C5C
0x
1C60
0x
1C64
0x
1C68
0x
1C6C
0x
1C70
0x
1C74
0x
1C78
0x
1C7C
0x
1C80
0x
1C84
0x
1C88
0x
1C8C
0x
1C90
0x
1C94
0x
1C98
0x
1C9C
0x
1CA0
0x
1CA4
0x
1CA8
0x
1CB0
0x
1CB4
0x
1CB8
0x
1CBC
0x
1CC0
0x
1CC4
0x
1CC8
0x
1CCC
0x
1CD0
0x
1CD4
0x
1CD8
0x
1CDC
0x
1CE0
0x
1CE4
0x
1CE8
0x
1CEC
0x
1CF0
0x
1CF4
0x
1CF8
0x
1CFC
0x
1D00
0x
1D04
0x
1D08
0x
1D0C
0x
1D10
0x
1D14
0x
1D18
0x
1D1C
0x
1D20
0x
1D24
0x
1D28
0x
1D2C
0x
1D30
0x
1D34
0x
1D38
0x
1D3C
0x
1D40
0x
1D44
0x
1D48
0x
1D4C
0x
1D50
0x
1D54
0x
1D58
0x
1D60
0x
1D64
0x
1D68
0x
1D6C
0x
1D70
0x
1D74
0x
1D78
0x
1D7C
0x
1D80
0x
1D84
0x
1D88
0x
1D8C
0x
1D90
0x
1D94
0x
1D98
0x
1D9C
0x
1DA0
0x
1DA4
0x
1DA8
0x
1DAC
0x
1DB0
0x
1DB4
0x
1DBC
0x
1DC0
0x
1DC4
0x
1DC8
0x
1DCC
0x
1DD0
0x
1DD4
0x
1DD8
0x
1DDC
0x
1DE0
0x
1DE4
0x
1DE8
0x
1DEC
0x
1DF0
0x
1DF4
0x
1DF8
0x
1DFC
0x
1E00
0x
1E04
0x
1E08
0x
1E0C
0x
1E10
0x
1E14
0x
1E18
0x
1E1C
0x
1E20
0x
1E24
0x
1E28
0x
1E2C
0x
1E30
0x
1E34
0x
1E38
0x
1E3C
0x
1E40
0x
1E44
0x
1E48
0x
1E4C
0x
1E50
0x
1E54
0x
1E58
0x
1E5C
0x
1E60
0x
1E64
0x
1E68
0x
1E6C
0x
1E74
0x
1E78
0x
1E7C
0x
1E80
0x
1E84
0x
1E88
0x
1E8C
0x
1E90
0x
1E94
0x
1E98
0x
1E9C
0x
1EA0
0x
1EA4
0x
1EA8
0x
1EAC
0x
1EB0
0x
1EB4
0x
1EB8
0x
1EBC
0x
1EC0
0x
1EC4
0x
1EC8
0x
1ECC
0x
1ED0
0x
1ED4
0x
1ED8
0x
1EDC
0x
1EE0
0x
1EE4
0x
1EE8
0x
1EEC
0x
1EF0
0x
1EF4
0x
1EF8
0x
1EFC
0x
1F00
0x
1F04
0x
1F08
0x
1F0C
0x
1F10
0x
1F14
0x
1F18
0x
1F1C
0x
1F20
0x
1F30
0x
1F34
0x
1F38
0x
1F3C
0x
1F40
0x
1F44
0x
1F48
0x
1F4C
0x
1F50
0x
1F54
0x
1F58
0x
1F5C
0x
1F60
0x
1F64
0x
1F68
0x
1F6C
0x
1F70
0x
1F74
0x
1F78
0x
1F7C
0x
1F80
0x
1F84
0x
1F88
0x
1F8C
0x
1F90
0x
1F94
0x
1F98
0x
1F9C
0x
1FA0
0x
1FA8
0x
1FAC
0x
1FB0
0x
1FB4
0x
1FB8
0x
1FBC
0x
1FC0
0x
1FC4
0x
1FC8
0x
1FEC
0x
1FF0
0x
1FF4
0x
1FF8
0x
1FFC
0x
137C
0x
468
0x
728
0x
E0C
0x
FE0
0x
FDC
0x
1920
0x
4D0
0x
E5C
0x
2004
0x
2008
0x
200C
0x
2018
0x
201C
0x
2020
0x
2024
0x
2028
0x
202C
0x
2030
0x
2034
0x
2038
0x
203C
0x
2040
0x
2044
0x
204C
0x
2050
0x
2054
0x
2058
0x
205C
0x
2060
0x
2064
0x
2068
0x
206C
0x
2070
0x
2074
0x
2078
0x
207C
0x
2080
0x
2084
0x
2088
0x
208C
0x
2090
0x
2094
0x
2098
0x
209C
0x
20A0
0x
20A4
0x
20A8
0x
20AC
0x
20B0
0x
20B4
0x
20B8
0x
20BC
0x
20C0
0x
20C4
0x
20C8
0x
20CC
0x
20D0
0x
20D4
0x
20D8
0x
20E0
0x
20E4
0x
20E8
0x
20EC
0x
20F4
0x
20F8
0x
20FC
0x
2100
0x
2104
0x
2108
0x
210C
0x
2110
0x
2114
0x
2118
0x
211C
0x
2120
0x
2124
0x
212C
0x
2130
0x
2134
0x
2138
0x
213C
0x
2140
0x
2144
0x
2148
0x
214C
0x
2150
0x
2154
0x
2158
0x
215C
0x
2160
0x
2164
0x
216C
0x
2170
0x
2174
0x
2178
0x
217C
0x
2180
0x
2184
0x
2188
0x
218C
0x
2190
0x
2194
0x
2198
0x
219C
0x
21A0
0x
21A4
0x
21A8
0x
21AC
0x
21B0
0x
21B4
0x
21B8
0x
21BC
0x
21C0
0x
21C4
0x
21C8
0x
21CC
0x
21D0
0x
21D4
0x
21D8
0x
21DC
0x
21E0
0x
21E4
0x
21E8
0x
21EC
0x
21F0
0x
21F4
0x
21F8
0x
21FC
0x
2200
0x
2204
0x
2208
0x
220C
0x
2210
0x
2214
0x
2218
0x
221C
0x
2220
0x
2224
0x
2228
0x
222C
0x
2230
0x
2234
0x
2238
0x
223C
0x
2240
0x
2244
0x
2248
0x
2250
0x
2254
0x
2258
0x
225C
0x
2260
0x
2264
0x
2268
0x
226C
0x
2270
0x
2274
0x
2278
0x
227C
0x
2280
0x
2284
0x
2288
0x
228C
0x
2290
0x
2294
0x
229C
0x
22A0
0x
22A4
0x
22A8
0x
22AC
0x
22B0
0x
22B4
0x
22B8
0x
22BC
0x
22C0
0x
22C4
0x
22C8
0x
22CC
0x
22D0
0x
22D4
0x
22D8
0x
22DC
0x
22E0
0x
22E4
0x
22E8
0x
22EC
0x
22F0
0x
22F4
0x
22F8
0x
22FC
0x
2300
0x
2304
0x
2308
0x
230C
0x
2310
0x
2314
0x
2318
0x
231C
0x
2320
0x
2330
0x
2334
0x
2338
0x
233C
0x
2340
0x
2344
0x
2348
0x
234C
0x
2350
0x
2354
0x
2358
0x
235C
0x
2360
0x
2364
0x
2368
0x
236C
0x
2370
0x
2374
0x
237C
0x
2380
0x
2384
0x
2388
0x
238C
0x
2390
0x
2394
0x
2398
0x
239C
0x
23A0
0x
23A4
0x
23A8
0x
23AC
0x
23B0
0x
23B4
0x
23B8
0x
23BC
0x
23C0
0x
23C4
0x
23C8
0x
23CC
0x
23D0
0x
23D4
0x
23D8
0x
23DC
0x
23E0
0x
23E4
0x
23E8
0x
23EC
0x
23F0
0x
23F4
0x
23F8
0x
23FC
0x
CA0
0x
1F80
0x
83C
0x
EA8
0x
2404
0x
2408
0x
240C
0x
2410
0x
2414
0x
2418
0x
241C
0x
2420
0x
2424
0x
2428
0x
242C
0x
2430
0x
2434
0x
2438
0x
243C
0x
2440
0x
2444
0x
2448
0x
244C
0x
2450
0x
2454
0x
2458
0x
245C
0x
2460
0x
2464
0x
2468
0x
246C
0x
2470
0x
2474
0x
2478
0x
247C
0x
2484
0x
2488
0x
248C
0x
2490
0x
2494
0x
2498
0x
249C
0x
24A0
0x
24A4
0x
24A8
0x
24AC
0x
24B0
0x
24B4
0x
24B8
0x
24BC
0x
24C0
0x
24C4
0x
24D0
0x
24D4
0x
24D8
0x
24DC
0x
24E0
0x
24E4
0x
24E8
0x
24EC
0x
24F0
0x
24F4
0x
24F8
0x
24FC
0x
2500
0x
2504
0x
250C
0x
2510
0x
2514
0x
2518
0x
251C
0x
2520
0x
2524
0x
2528
0x
252C
0x
2530
0x
2534
0x
2538
0x
253C
0x
2540
0x
2544
0x
2548
0x
254C
0x
2550
0x
2554
0x
2558
0x
255C
0x
2560
0x
2564
0x
2568
0x
256C
0x
2570
0x
2574
0x
2578
0x
257C
0x
2580
0x
2584
0x
2588
0x
258C
0x
2590
0x
2594
0x
2598
0x
259C
0x
25A0
0x
25A4
0x
25A8
0x
25AC
0x
25B0
0x
25B4
0x
25B8
0x
25BC
0x
25C0
0x
25C4
0x
25C8
0x
25CC
0x
25D0
0x
25D4
0x
25D8
0x
25DC
0x
25E0
0x
25E4
0x
25E8
0x
25EC
0x
25F0
0x
25F4
0x
25F8
0x
25FC
0x
2600
0x
2604
0x
2608
0x
260C
0x
2610
0x
2614
0x
2618
0x
261C
0x
2620
0x
2624
0x
2628
0x
262C
0x
2630
0x
2634
0x
2638
0x
263C
0x
2640
0x
2644
0x
2648
0x
264C
0x
2650
0x
2654
0x
2658
0x
265C
0x
2660
0x
2664
0x
2668
0x
266C
0x
2670
0x
2674
0x
2678
0x
267C
0x
2680
0x
2684
0x
2688
0x
268C
0x
2690
0x
2694
0x
2698
0x
269C
0x
26A0
0x
26A4
0x
26A8
0x
26AC
0x
26B0
0x
26B4
0x
26B8
0x
26BC
0x
26C0
0x
26C4
0x
26C8
0x
26CC
0x
26D0
0x
26D4
0x
26D8
0x
26DC
0x
26E0
0x
26E4
0x
26E8
0x
26EC
0x
26F0
0x
26F4
0x
26F8
0x
26FC
0x
2700
0x
2704
0x
2708
0x
270C
0x
2710
0x
2714
0x
2718
0x
271C
0x
2720
0x
2724
0x
2728
0x
272C
0x
2730
0x
2734
0x
2738
0x
273C
0x
2740
0x
2744
0x
2748
0x
274C
0x
2750
0x
2754
0x
2758
0x
275C
0x
2760
0x
2764
0x
2768
0x
276C
0x
2770
0x
2774
0x
2778
0x
277C
0x
2780
0x
2784
0x
2788
0x
278C
0x
2790
0x
2794
0x
2798
0x
279C
0x
27A0
0x
27A4
0x
27A8
0x
27AC
0x
27B0
0x
27B4
0x
27B8
0x
27BC
0x
27C0
0x
27C4
0x
27C8
0x
27CC
0x
27D0
0x
27D4
0x
27D8
0x
27DC
0x
27E0
0x
27E4
0x
27E8
0x
27EC
0x
27F0
0x
27F4
0x
27F8
0x
27FC
0x
1F28
0x
1FA4
0x
8AC
0x
1F24
0x
A78
0x
1CAC
0x
1E70
0x
1D5C
0x
E80
0x
1DB8
0x
1C18
0x
390
0x
2804
0x
2808
0x
280C
0x
2810
0x
2814
0x
2818
0x
281C
0x
2820
0x
2824
0x
2828
0x
282C
0x
2830
0x
2834
0x
2838
0x
283C
0x
2840
0x
2844
0x
284C
0x
2850
0x
2854
0x
2858
0x
285C
0x
2860
0x
2864
0x
2868
0x
286C
0x
2870
0x
2874
0x
2878
0x
287C
0x
2880
0x
2884
0x
2888
0x
288C
0x
2890
0x
2894
0x
2898
0x
289C
0x
28A0
0x
28A4
0x
28A8
0x
28AC
0x
28B0
0x
28B4
0x
28B8
0x
28BC
0x
28C0
0x
28C4
0x
28C8
0x
28D0
0x
28D4
0x
28D8
0x
28DC
0x
28E0
0x
28E4
0x
28E8
0x
28EC
0x
28F0
0x
28F4
0x
28F8
0x
28FC
0x
2900
0x
2904
0x
2908
0x
290C
0x
2910
0x
2914
0x
2918
0x
291C
0x
2920
0x
2924
0x
2928
0x
292C
0x
2930
0x
2934
0x
2938
0x
293C
0x
2940
0x
2944
0x
2948
0x
294C
0x
2950
0x
2954
0x
2958
0x
295C
0x
2960
0x
2964
0x
2968
0x
296C
0x
2970
0x
2974
0x
2978
0x
297C
0x
2980
0x
2984
0x
2988
0x
298C
0x
2990
0x
2994
0x
2998
0x
299C
0x
29A0
0x
29A4
0x
29A8
0x
29AC
0x
29B0
0x
29B4
0x
29B8
0x
29BC
0x
29C0
0x
29C4
0x
29C8
0x
29CC
0x
29D0
0x
29D4
0x
29D8
0x
29DC
0x
29E0
0x
29E4
0x
29E8
0x
29EC
0x
29F0
0x
29F4
0x
29F8
0x
29FC
0x
2A00
0x
2A04
0x
2A08
0x
2A0C
0x
2A10
0x
2A14
0x
2A18
0x
2A1C
0x
2A20
0x
2A24
0x
2A28
0x
2A2C
0x
2A30
0x
2A34
0x
2A38
0x
2A3C
0x
2A40
0x
2A44
0x
2A48
0x
2A4C
0x
2A50
0x
2A54
0x
2A58
0x
2A5C
0x
2A60
0x
2A64
0x
2A68
0x
2A6C
0x
2A70
0x
2A78
0x
2A7C
0x
2A80
0x
2A84
0x
2A88
0x
2A8C
0x
2A90
0x
2A94
0x
2A98
0x
2A9C
0x
2AA0
0x
2AA4
0x
2AA8
0x
2AAC
0x
2AB0
0x
2AB4
0x
2AB8
0x
2ABC
0x
2AC0
0x
2AC4
0x
2AC8
0x
2ACC
0x
2AD0
0x
2AD4
0x
2AD8
0x
2ADC
0x
2AE0
0x
2AE4
0x
2AE8
0x
2AEC
0x
2AF0
0x
2AF4
0x
2AF8
0x
2AFC
0x
2B00
0x
2B04
0x
2B08
0x
2B0C
0x
2B10
0x
2B14
0x
2B18
0x
2B1C
0x
2B20
0x
2B24
0x
2B28
0x
2B2C
0x
2B30
0x
2B34
0x
2B38
0x
2B3C
0x
2B40
0x
2B44
0x
2B48
0x
2B4C
0x
2B50
0x
2B54
0x
2B58
0x
2B5C
0x
2B60
0x
2B64
0x
2B68
0x
2B6C
0x
2B70
0x
2B74
0x
2B78
0x
2B7C
0x
2B80
0x
2B84
0x
2B88
0x
2B8C
0x
2B90
0x
2B94
0x
2B98
0x
2B9C
0x
2BA0
0x
2BA4
0x
2BA8
0x
2BAC
0x
2BB0
0x
2BB4
0x
2BB8
0x
2BBC
0x
2BC0
0x
2BC4
0x
2BC8
0x
2BCC
0x
2BD0
0x
2BD4
0x
2BD8
0x
2BDC
0x
2BE0
0x
2BE4
0x
2BE8
0x
2BEC
0x
2BF0
0x
2BF4
0x
2BF8
0x
2BFC
0x
232C
0x
2480
0x
2328
0x
6C8
0x
2A74
0x
2048
0x
224C
0x
2128
0x
2168
0x
2014
0x
2C04
0x
2C08
0x
2C0C
0x
2C10
0x
2C14
0x
2C18
0x
2C1C
0x
2C20
0x
2C24
0x
2C28
0x
2C2C
0x
2C30
0x
2C34
0x
2C38
0x
2C3C
0x
2C40
0x
2C44
0x
2C48
0x
2C4C
0x
2C50
0x
2C54
0x
2C58
0x
2C5C
0x
2C60
0x
2C64
0x
2C68
0x
2C6C
0x
2C70
0x
2C74
0x
2C78
0x
2C7C
0x
2C80
0x
2C84
0x
2C88
0x
2C8C
0x
2C90
0x
2C94
0x
2C98
0x
2C9C
0x
2CA0
0x
2CA4
0x
2CA8
0x
2CAC
0x
2CB0
0x
2CB4
0x
2CB8
0x
2CBC
0x
2CC0
0x
2CC4
0x
2CC8
0x
2CCC
0x
2CD0
0x
2CD4
0x
2CD8
0x
2CDC
0x
2CE0
0x
2CE4
0x
2CE8
0x
2CEC
0x
2CF0
0x
2CF4
0x
2CF8
0x
2CFC
0x
2D00
0x
2D04
0x
2D08
0x
2D0C
0x
2D10
0x
2D14
0x
2D18
0x
2D1C
0x
2D20
0x
2D24
0x
2D28
0x
2D2C
0x
2D30
0x
2D34
0x
2D38
0x
2D3C
0x
2D40
0x
2D44
0x
2D48
0x
2D4C
0x
2D50
0x
2D54
0x
2D58
0x
2D5C
0x
2D60
0x
2D64
0x
2D68
0x
2D6C
0x
2D70
0x
2D74
0x
2D78
0x
2D7C
0x
2D80
0x
2D84
0x
2D88
0x
2D8C
0x
2D90
0x
2D94
0x
2D98
0x
2D9C
0x
2DA0
0x
2DA4
0x
2DA8
0x
2DAC
0x
2DB0
0x
2DB4
0x
2DB8
0x
2DBC
0x
2DC0
0x
2DC4
0x
2DC8
0x
2DCC
0x
2DD0
0x
2DD4
0x
2DD8
0x
2DDC
0x
2DE0
0x
2DE4
0x
2DE8
0x
2DEC
0x
2DF0
0x
2DF4
0x
2DF8
0x
2DFC
0x
2E00
0x
2E04
0x
2E08
0x
2E0C
0x
2E10
0x
2E14
0x
2E18
0x
2E1C
0x
2E20
0x
2E24
0x
2E28
0x
2E2C
0x
2E30
0x
2E34
0x
2E38
0x
2E3C
0x
2E40
0x
2E44
0x
2E48
0x
2E4C
0x
2E50
0x
2E54
0x
2E58
0x
2E5C
0x
2E60
0x
2E64
0x
2E68
0x
2E6C
0x
2E70
0x
2E74
0x
2E78
0x
2E7C
0x
2E80
0x
2E84
0x
2E88
0x
2E8C
0x
2E90
0x
2E94
0x
2E98
0x
2E9C
0x
2EA0
0x
2EA4
0x
2EA8
0x
2EAC
0x
2EB0
0x
2EB4
0x
2EB8
0x
2EBC
0x
2EC0
0x
2EC4
0x
2EC8
0x
2ECC
0x
2ED0
0x
2ED4
0x
2ED8
0x
2EDC
0x
2EE0
0x
2EE4
0x
2EE8
0x
2EEC
0x
2EF0
0x
2EF4
0x
2EF8
0x
2EFC
0x
2F00
0x
2F04
0x
2F08
0x
2F0C
0x
2F10
0x
2F14
0x
2F18
0x
2F1C
0x
2F20
0x
2F24
0x
2F28
0x
2F2C
0x
2F30
0x
2F34
0x
2F38
0x
2F3C
0x
2F40
0x
2F44
0x
2F48
0x
2F4C
0x
2F50
0x
2F54
0x
2F58
0x
2F5C
0x
2F60
0x
2F64
0x
2F68
0x
2F6C
0x
2F70
0x
2F74
0x
2F78
0x
2F7C
0x
2F80
0x
2F84
0x
2F88
0x
2F8C
0x
2F90
0x
2F94
0x
2F98
0x
2F9C
0x
2FA0
0x
2FA4
0x
2FA8
0x
2FAC
0x
2FB0
0x
2FB4
0x
2FBC
0x
2FC0
0x
2FC4
0x
2FC8
0x
2FCC
0x
2FD0
0x
2FD4
0x
2FD8
0x
2FDC
0x
2FE0
0x
2FE4
0x
2FE8
0x
2FEC
0x
2FF0
0x
2FF4
0x
2FF8
0x
2FFC
0x
2848
0x
770
0x
9C0
0x
4A0
0x
F2C
0x
F48
0x
3004
0x
3008
0x
300C
0x
3010
0x
3014
0x
3018
0x
301C
0x
3020
0x
3024
0x
3028
0x
302C
0x
3030
0x
3034
0x
3038
0x
303C
0x
3040
0x
3044
0x
3048
0x
304C
0x
3050
0x
3054
0x
3058
0x
305C
0x
3060
0x
3064
0x
3068
0x
306C
0x
3070
0x
3074
0x
3078
0x
307C
0x
3080
0x
3084
0x
3088
0x
308C
0x
3090
0x
3094
0x
3098
0x
309C
0x
30A0
0x
30A4
0x
30A8
0x
30B4
0x
30B8
0x
30BC
0x
30C0
0x
30C4
0x
30C8
0x
30CC
0x
30D0
0x
30D4
0x
30D8
0x
30DC
0x
30E0
0x
30E4
0x
30E8
0x
30EC
0x
30F0
0x
30F4
0x
30F8
0x
30FC
0x
3110
0x
3100
0x
3114
0x
3118
0x
311C
0x
3120
0x
3124
0x
3128
0x
312C
0x
3130
0x
3134
0x
3138
0x
313C
0x
3140
0x
3144
0x
3148
0x
314C
0x
3150
0x
3154
0x
3158
0x
315C
0x
3160
0x
3164
0x
3168
0x
316C
0x
3170
0x
3174
0x
3178
0x
317C
0x
3180
0x
3184
0x
3188
0x
318C
0x
3190
0x
3194
0x
3198
0x
319C
0x
31A0
0x
31A4
0x
31A8
0x
31AC
0x
31B0
0x
31B4
0x
31BC
0x
31C0
0x
31C4
0x
31C8
0x
31CC
0x
31D0
0x
31D4
0x
31D8
0x
31DC
0x
31E0
0x
31E4
0x
31E8
0x
31EC
0x
31F0
0x
31F4
0x
31F8
0x
31FC
0x
3200
0x
3204
0x
3208
0x
320C
0x
3210
0x
3214
0x
3218
0x
321C
0x
3220
0x
3224
0x
3228
0x
322C
0x
3230
0x
3234
0x
3238
0x
323C
0x
3240
0x
3244
0x
3248
0x
324C
0x
3250
0x
3254
0x
3258
0x
325C
0x
3260
0x
3264
0x
3268
0x
326C
0x
3270
0x
3274
0x
3278
0x
327C
0x
3280
0x
3284
0x
3288
0x
328C
0x
3290
0x
3294
0x
3298
0x
329C
0x
32A0
0x
32A4
0x
32A8
0x
32B0
0x
32B4
0x
32B8
0x
32BC
0x
32C0
0x
32C4
0x
32C8
0x
32CC
0x
32D0
0x
32D4
0x
32D8
0x
32DC
0x
32E0
0x
32E4
0x
32E8
0x
32EC
0x
32F4
0x
32F8
0x
32FC
0x
3300
0x
3304
0x
3308
0x
330C
0x
3310
0x
3314
0x
3318
0x
331C
0x
3320
0x
3324
0x
3328
0x
332C
0x
3330
0x
3334
0x
3338
0x
333C
0x
3340
0x
3344
0x
3348
0x
334C
0x
3350
0x
3354
0x
3358
0x
335C
0x
3360
0x
3364
0x
3368
0x
336C
0x
3370
0x
3374
0x
3378
0x
337C
0x
3380
0x
3384
0x
3388
0x
338C
0x
3390
0x
3394
0x
3398
0x
339C
0x
33A0
0x
33A4
0x
33A8
0x
33AC
0x
33B0
0x
33B4
0x
33B8
0x
33BC
0x
33C0
0x
33C4
0x
33C8
0x
33CC
0x
33D0
0x
33D4
0x
33D8
0x
33DC
0x
33E0
0x
33E4
0x
33E8
0x
33EC
0x
33F4
0x
33F8
0x
33FC
0x
F68
0x
D2C
0x
1720
0x
1F2C
0x
3108
0x
171C
0x
3404
0x
3408
0x
340C
0x
3410
0x
3414
0x
3418
0x
341C
0x
3420
0x
3424
0x
3428
0x
342C
0x
3430
0x
3434
0x
3438
0x
343C
0x
3440
0x
3444
0x
3448
0x
344C
0x
3450
0x
3454
0x
3458
0x
345C
0x
3460
0x
3464
0x
346C
0x
3470
0x
3474
0x
3478
0x
347C
0x
3480
0x
3484
0x
3488
0x
348C
0x
3490
0x
3494
0x
3498
0x
349C
0x
34A0
0x
34A4
0x
34A8
0x
34AC
0x
34B0
0x
34B4
0x
34B8
0x
34BC
0x
34C0
0x
34C4
0x
34C8
0x
34CC
0x
34D0
0x
34D4
0x
34D8
0x
34DC
0x
34E0
0x
34E4
0x
34E8
0x
34EC
0x
34F0
0x
34F4
0x
34F8
0x
34FC
0x
3500
0x
3504
0x
3508
0x
350C
0x
3510
0x
3514
0x
3518
0x
351C
0x
3520
0x
3524
0x
3530
0x
3534
0x
3538
0x
353C
0x
3540
0x
3544
0x
3548
0x
354C
0x
3550
0x
3554
0x
3558
0x
355C
0x
3560
0x
3564
0x
3568
0x
356C
0x
3570
0x
3574
0x
357C
0x
3580
0x
3584
0x
3588
0x
358C
0x
3590
0x
3594
0x
3598
0x
359C
0x
35A0
0x
35A4
0x
35A8
0x
35AC
0x
35B0
0x
35B4
0x
35B8
0x
35BC
0x
35C0
0x
35C4
0x
35C8
0x
35CC
0x
35D0
0x
35D4
0x
35D8
0x
35DC
0x
35E0
0x
35E4
0x
35E8
0x
35EC
0x
35F0
0x
35F4
0x
35F8
0x
35FC
0x
3600
0x
3604
0x
3608
0x
360C
0x
3610
0x
3614
0x
3618
0x
361C
0x
3620
0x
3624
0x
3628
0x
362C
0x
3630
0x
3634
0x
3638
0x
363C
0x
3640
0x
3644
0x
3648
0x
364C
0x
3650
0x
3654
0x
3658
0x
365C
0x
3660
0x
3664
0x
3668
0x
366C
0x
3670
0x
3674
0x
3678
0x
367C
0x
3680
0x
3684
0x
3688
0x
368C
0x
3690
0x
3694
0x
3698
0x
369C
0x
36A0
0x
36A4
0x
36A8
0x
36AC
0x
36B0
0x
36B4
0x
36B8
0x
36BC
0x
36C4
0x
36C8
0x
36CC
0x
36D0
0x
36D4
0x
36D8
0x
36DC
0x
36E0
0x
36E4
0x
36E8
0x
36EC
0x
36F0
0x
36F4
0x
36F8
0x
36FC
0x
3700
0x
3704
0x
3708
0x
370C
0x
3710
0x
3714
0x
3718
0x
371C
0x
3720
0x
3724
0x
3728
0x
372C
0x
3730
0x
3734
0x
3738
0x
373C
0x
3740
0x
3744
0x
3748
0x
374C
0x
3750
0x
3754
0x
3758
0x
375C
0x
3760
0x
3764
0x
3768
0x
376C
0x
3770
0x
3774
0x
3778
0x
377C
0x
3780
0x
3784
0x
3788
0x
378C
0x
3790
0x
3794
0x
3798
0x
379C
0x
37A0
0x
37A4
0x
37A8
0x
37AC
0x
37B0
0x
37B4
0x
37B8
0x
37BC
0x
37C0
0x
37C4
0x
37C8
0x
37CC
0x
37D0
0x
37D4
0x
37D8
0x
37DC
0x
37E0
0x
37E4
0x
37E8
0x
37EC
0x
37F0
0x
37F4
0x
37F8
0x
37FC
0x
2D28
0x
16E0
0x
3804
0x
3808
0x
380C
0x
3810
0x
3814
0x
3818
0x
381C
0x
3820
0x
3824
0x
3828
0x
382C
0x
3830
0x
3834
0x
3840
0x
3844
0x
3848
0x
384C
0x
3850
0x
3854
0x
3858
0x
385C
0x
3860
0x
3864
0x
3868
0x
386C
0x
3870
0x
3874
0x
3878
0x
387C
0x
3880
0x
3884
0x
3888
0x
388C
0x
3890
0x
389C
0x
38A0
0x
38A4
0x
38A8
0x
38AC
0x
38B0
0x
38B4
0x
38B8
0x
38BC
0x
38C0
0x
38C4
0x
38C8
0x
38CC
0x
38D0
0x
38D4
0x
38D8
0x
38DC
0x
38E0
0x
38E4
0x
38E8
0x
38EC
0x
38F4
0x
38F8
0x
38FC
0x
3900
0x
3904
0x
3908
0x
390C
0x
3910
0x
3914
0x
3918
0x
391C
0x
3920
0x
3924
0x
3928
0x
392C
0x
3930
0x
3934
0x
3938
0x
393C
0x
3940
0x
3944
0x
3948
0x
394C
0x
3950
0x
3954
0x
3958
0x
395C
0x
3960
0x
3964
0x
3968
0x
396C
0x
3970
0x
3974
0x
3978
0x
397C
0x
3980
0x
3984
0x
3988
0x
398C
0x
3990
0x
3994
0x
3998
0x
399C
0x
39A0
0x
39A4
0x
39A8
0x
39AC
0x
39B0
0x
39B4
0x
39B8
0x
39BC
0x
39C0
0x
39C4
0x
39C8
0x
39CC
0x
39D0
0x
39D4
0x
39D8
0x
39E0
0x
39E4
0x
39E8
0x
39EC
0x
39F0
0x
39F4
0x
39F8
0x
39FC
0x
3A00
0x
3A04
0x
3A08
0x
3A0C
0x
3A10
0x
3A14
0x
3A18
0x
3A1C
0x
3A20
0x
3A24
0x
3A28
0x
3A2C
0x
3A30
0x
3A34
0x
3A38
0x
3A3C
0x
3A40
0x
3A44
0x
3A48
0x
3A4C
0x
3A50
0x
3A54
0x
3A58
0x
3A5C
0x
3A60
0x
3A64
0x
3A68
0x
3A6C
0x
3A70
0x
3A74
0x
3A78
0x
3A7C
0x
3A80
0x
3A84
0x
3A88
0x
3A8C
0x
3A90
0x
3A94
0x
3A98
0x
3A9C
0x
3AA0
0x
3AA4
0x
3AA8
0x
3AAC
0x
3AB0
0x
3AB4
0x
3AB8
0x
3ABC
0x
3AC0
0x
3AC4
0x
3AC8
0x
3ACC
0x
3AD0
0x
3AD4
0x
3AD8
0x
3ADC
0x
3AE0
0x
3AE4
0x
3AE8
0x
3AEC
0x
3AF0
0x
3AF4
0x
3AF8
0x
3B00
0x
3B04
0x
3B08
0x
3B0C
0x
3B10
0x
3B14
0x
3B18
0x
3B1C
0x
3B20
0x
3B24
0x
3B28
0x
3B2C
0x
3B30
0x
3B34
0x
3B38
0x
3B3C
0x
3B48
0x
3B4C
0x
3B50
0x
3B54
0x
3B58
0x
3B5C
0x
3B60
0x
3B64
0x
3B68
0x
3B6C
0x
3B70
0x
3B74
0x
3B78
0x
3B7C
0x
3B80
0x
3B84
0x
3B88
0x
3B8C
0x
3B90
0x
3B94
0x
3B98
0x
3B9C
0x
3BA0
0x
3BA4
0x
3BA8
0x
3BAC
0x
3BB0
0x
3BB4
0x
3BB8
0x
3BBC
0x
3BC0
0x
3BC4
0x
3BC8
0x
3BCC
0x
3BD0
0x
3BD4
0x
3BD8
0x
3BDC
0x
3BE0
0x
3BE4
0x
3BE8
0x
3BF0
0x
3BF4
0x
3BF8
0x
3BFC
0x
3898
0x
3110
0x
3C04
0x
3C08
0x
3C0C
0x
3C10
0x
3C14
0x
3C18
0x
3C1C
0x
3C20
0x
3C24
0x
3C28
0x
3C2C
0x
3C34
0x
3C38
0x
3C3C
0x
3C40
0x
3C44
0x
3C48
0x
3C4C
0x
3C50
0x
3C54
0x
3C58
0x
3C5C
0x
3C60
0x
3C64
0x
3C68
0x
3C6C
0x
3C70
0x
3C74
0x
3C78
0x
3C7C
0x
3C80
0x
3C84
0x
3C88
0x
3C8C
0x
3C90
0x
3C94
0x
3C98
0x
3C9C
0x
3CA0
0x
3CA4
0x
3CA8
0x
3CAC
0x
3CB0
0x
3CB4
0x
3CB8
0x
3CBC
0x
3CC0
0x
3CC4
0x
3CC8
0x
3CCC
0x
3CD0
0x
3CD4
0x
3CD8
0x
3CE0
0x
3CE4
0x
3CE8
0x
3CEC
0x
3CF0
0x
3CF4
0x
3CF8
0x
3CFC
0x
3D00
0x
3D04
0x
3D08
0x
3D0C
0x
3D10
0x
3D14
0x
3D18
0x
3D1C
0x
3D20
0x
3D24
0x
3D28
0x
3D2C
0x
3D30
0x
3D34
0x
3D38
0x
3D3C
0x
3D40
0x
3D44
0x
3D48
0x
3D4C
0x
3D50
0x
3D54
0x
3D58
0x
3D5C
0x
3D60
0x
3D6C
0x
3D70
0x
3D74
0x
3D78
0x
3D7C
0x
3D80
0x
3D84
0x
3D88
0x
3D8C
0x
3D90
0x
3D94
0x
3D98
0x
3D9C
0x
3DA0
0x
3DA4
0x
3DA8
0x
3DAC
0x
3DB0
0x
3DBC
0x
3DC0
0x
3DC4
0x
3DC8
0x
3DCC
0x
3DD0
0x
3DD4
0x
3DD8
0x
3DDC
0x
3DE0
0x
3DE4
0x
3DE8
0x
3DEC
0x
3DF0
0x
3DF4
0x
3DF8
0x
3E00
0x
3E04
0x
3E08
0x
3E0C
0x
3E10
0x
3E14
0x
3E18
0x
3E1C
0x
3E20
0x
3E24
0x
3E28
0x
3E2C
0x
3E30
0x
3E34
0x
3E38
0x
3E3C
0x
3E40
0x
3E44
0x
3E48
0x
3E4C
0x
3E50
0x
3E54
0x
3E58
0x
3E5C
0x
3E60
0x
3E64
0x
3E68
0x
3E6C
0x
3E70
0x
3E74
0x
3E78
0x
3E7C
0x
3E80
0x
3E84
0x
3E88
0x
3E8C
0x
3E90
0x
3E94
0x
3E98
0x
3E9C
0x
3EA0
0x
3EA4
0x
3EA8
0x
3EAC
0x
3EB0
0x
3EB8
0x
3EBC
0x
3EC0
0x
3EC4
0x
3EC8
0x
3ECC
0x
3ED0
0x
3ED4
0x
3ED8
0x
3EDC
0x
3EE0
0x
3EE4
0x
3EE8
0x
3EEC
0x
3EF0
0x
3EF4
0x
3EF8
0x
3EFC
0x
3F00
0x
3F04
0x
3F08
0x
3F0C
0x
3F10
0x
3F14
0x
3F18
0x
3F1C
0x
3F20
0x
3F24
0x
3F28
0x
3F2C
0x
3F30
0x
3F34
0x
3F38
0x
3F3C
0x
3F40
0x
3F44
0x
3F48
0x
3F4C
0x
3F50
0x
3F54
0x
3F58
0x
3F5C
0x
3F60
0x
3F64
0x
3F68
0x
3F6C
0x
3F70
0x
3F74
0x
3F78
0x
3F7C
0x
3F80
0x
3F84
0x
3F88
0x
3F8C
0x
3F94
0x
3F98
0x
3F9C
0x
3FA0
0x
3FA4
0x
3FA8
0x
3FAC
0x
3FB0
0x
3FB4
0x
3FB8
0x
3FBC
0x
3FC0
0x
3FC4
0x
3FC8
0x
3FCC
0x
3FD0
0x
3FD4
0x
3FD8
0x
3FDC
0x
3FE0
0x
3FE4
0x
3FE8
0x
3FEC
0x
3FF0
0x
3FF4
0x
3FF8
0x
3FFC
0x
352C
0x
36C0
0x
3528
0x
30B0
0x
11D8
0x
31B8
0x
33F0
0x
32AC
0x
30AC
0x
32F0
0x
310C
0x
3104
0x
4004
0x
4008
0x
400C
0x
4010
0x
4014
0x
4018
0x
401C
0x
4020
0x
4024
0x
4028
0x
402C
0x
4030
0x
4034
0x
4038
0x
403C
0x
4040
0x
4044
0x
4048
0x
404C
0x
4054
0x
4058
0x
405C
0x
4060
0x
4064
0x
4068
0x
406C
0x
4070
0x
4074
0x
4078
0x
407C
0x
4080
0x
4084
0x
4088
0x
408C
0x
4090
0x
4094
0x
4098
0x
409C
0x
40A0
0x
40A4
0x
40A8
0x
40AC
0x
40B0
0x
40B4
0x
40B8
0x
40BC
0x
40C0
0x
40C4
0x
40C8
0x
40CC
0x
40D0
0x
40D4
0x
40D8
0x
40DC
0x
40E0
0x
40E4
0x
40E8
0x
40EC
0x
40F0
0x
40F4
0x
40F8
0x
40FC
0x
4100
0x
4104
0x
4108
0x
410C
0x
4110
0x
4114
0x
4118
0x
411C
0x
4120
0x
4124
0x
4128
0x
412C
0x
4130
0x
4134
0x
4138
0x
413C
0x
4140
0x
4144
0x
4148
0x
414C
0x
4150
0x
4154
0x
4158
0x
415C
0x
4160
0x
4164
0x
4168
0x
416C
0x
4170
0x
4174
0x
4178
0x
417C
0x
4180
0x
4184
0x
4188
0x
418C
0x
4190
0x
4194
0x
4198
0x
419C
0x
41A0
0x
41A4
0x
41A8
0x
41AC
0x
41B0
0x
41B4
0x
41B8
0x
41BC
0x
41C0
0x
41C4
0x
41C8
0x
41CC
0x
41D0
0x
41D4
0x
41D8
0x
41DC
0x
41E0
0x
41E4
0x
41E8
0x
41EC
0x
41F0
0x
41F4
0x
41F8
0x
41FC
0x
4200
0x
4204
0x
4208
0x
420C
0x
4210
0x
4214
0x
4218
0x
421C
0x
4220
0x
4224
0x
4228
0x
422C
0x
4230
0x
4234
0x
4238
0x
423C
0x
4240
0x
4244
0x
4248
0x
424C
0x
4250
0x
4254
0x
4258
0x
425C
0x
4260
0x
4264
0x
4268
0x
426C
0x
4270
0x
4274
0x
4278
0x
427C
0x
4280
0x
4284
0x
4288
0x
428C
0x
4290
0x
4294
0x
4298
0x
429C
0x
42A0
0x
42A4
0x
42A8
0x
42AC
0x
42B0
0x
42B4
0x
42B8
0x
42BC
0x
42C0
0x
42C4
0x
42C8
0x
42CC
0x
42D0
0x
42D4
0x
42D8
0x
42DC
0x
42E0
0x
42E4
0x
42E8
0x
42EC
0x
42F0
0x
42F4
0x
42F8
0x
42FC
0x
4300
0x
4304
0x
4308
0x
430C
0x
4310
0x
4314
0x
4318
0x
431C
0x
4320
0x
4324
0x
4328
0x
432C
0x
4330
0x
4334
0x
4338
0x
433C
0x
4340
0x
4344
0x
4348
0x
434C
0x
4350
0x
4354
0x
4358
0x
435C
0x
4360
0x
4364
0x
4368
0x
436C
0x
4370
0x
437C
0x
4380
0x
4384
0x
4388
0x
438C
0x
4390
0x
4394
0x
4398
0x
439C
0x
43A0
0x
43A4
0x
43A8
0x
43AC
0x
43B0
0x
43B4
0x
43B8
0x
43BC
0x
43C0
0x
43C4
0x
43C8
0x
43CC
0x
43D0
0x
43D4
0x
43D8
0x
43DC
0x
43E0
0x
43E4
0x
43E8
0x
43EC
0x
43F0
0x
43F4
0x
43F8
0x
43FC
0x
DB4
0x
E38
0x
904
0x
1384
0x
6BC
0x
8F4
0x
3D68
0x
3EB4
0x
48C
0x
383C
0x
544
0x
9F0
0x
12B4
0x
39DC
0x
3C30
0x
3D64
0x
3AFC
0x
3838
0x
3B40
0x
38F0
0x
ED0
0x
F10
0x
4404
0x
4408
0x
440C
0x
4410
0x
4414
0x
4418
0x
441C
0x
4420
0x
4424
0x
4428
0x
442C
0x
4430
0x
4434
0x
4438
0x
443C
0x
4440
0x
4444
0x
4448
0x
444C
0x
4450
0x
4454
0x
4458
0x
445C
0x
4460
0x
4464
0x
4468
0x
446C
0x
4470
0x
4474
0x
4478
0x
447C
0x
4480
0x
4484
0x
4488
0x
448C
0x
4490
0x
4494
0x
4498
0x
449C
0x
44A0
0x
44A4
0x
44A8
0x
44AC
0x
44B0
0x
44B4
0x
44B8
0x
44BC
0x
44C0
0x
44C4
0x
44C8
0x
44CC
0x
44D0
0x
44D4
0x
44D8
0x
44DC
0x
44E0
0x
44E4
0x
44E8
0x
44EC
0x
44F0
0x
44F4
0x
44F8
0x
44FC
0x
4500
0x
4504
0x
4508
0x
450C
0x
4510
0x
4514
0x
4524
0x
4528
0x
452C
0x
4530
0x
4534
0x
4538
0x
453C
0x
4540
0x
4544
0x
4548
0x
454C
0x
4550
0x
4554
0x
4558
0x
455C
0x
4560
0x
4564
0x
4568
0x
456C
0x
4570
0x
4584
0x
4588
0x
458C
0x
4590
0x
4594
0x
4598
0x
459C
0x
45A0
0x
45A4
0x
45A8
0x
45AC
0x
45B0
0x
45B4
0x
45B8
0x
45BC
0x
45C0
0x
45C4
0x
45C8
0x
45CC
0x
45D0
0x
45D4
0x
45D8
0x
45DC
0x
45E0
0x
45F0
0x
45F4
0x
45F8
0x
45FC
0x
4600
0x
4604
0x
4608
0x
460C
0x
4610
0x
4614
0x
4618
0x
461C
0x
4620
0x
4624
0x
4628
0x
462C
0x
4630
0x
4634
0x
4638
0x
463C
0x
4640
0x
4644
0x
4648
0x
464C
0x
4650
0x
465C
0x
4660
0x
4664
0x
4668
0x
466C
0x
4670
0x
4674
0x
4678
0x
467C
0x
4680
0x
4684
0x
4688
0x
468C
0x
4690
0x
4694
0x
4698
0x
469C
0x
46A0
0x
46A4
0x
46A8
0x
46AC
0x
46B0
0x
46B4
0x
46B8
0x
46C0
0x
46C4
0x
46C8
0x
46CC
0x
46D0
0x
46D4
0x
46D8
0x
46DC
0x
46E0
0x
46E4
0x
46E8
0x
46EC
0x
46F0
0x
46F4
0x
46F8
0x
46FC
0x
4700
0x
4704
0x
4708
0x
470C
0x
4710
0x
4714
0x
4718
0x
471C
0x
4720
0x
4724
0x
4728
0x
472C
0x
4730
0x
4734
0x
4738
0x
473C
0x
4740
0x
4744
0x
4748
0x
474C
0x
4750
0x
4754
0x
4758
0x
475C
0x
4760
0x
4764
0x
4768
0x
476C
0x
4770
0x
4774
0x
4778
0x
477C
0x
4780
0x
4784
0x
4788
0x
478C
0x
4790
0x
4794
0x
4798
0x
479C
0x
47A0
0x
47A4
0x
47A8
0x
47AC
0x
47B0
0x
47B4
0x
47B8
0x
47BC
0x
47C0
0x
47CC
0x
47D0
0x
47D4
0x
47D8
0x
47DC
0x
47E0
0x
47E4
0x
47E8
0x
47EC
0x
47F0
0x
47F4
0x
47F8
0x
47FC
0x
EE0
0x
45E8
0x
4580
0x
F14
0x
4804
0x
4808
0x
4814
0x
4818
0x
481C
0x
4820
0x
4824
0x
4828
0x
482C
0x
4830
0x
4834
0x
4838
0x
483C
0x
4840
0x
4844
0x
4848
0x
484C
0x
4850
0x
4854
0x
4858
0x
485C
0x
4860
0x
4864
0x
4868
0x
486C
0x
4870
0x
4874
0x
4878
0x
487C
0x
4880
0x
4884
0x
4888
0x
488C
0x
4890
0x
4894
0x
4898
0x
489C
0x
48A0
0x
48A4
0x
48A8
0x
48AC
0x
48B0
0x
48B4
0x
48B8
0x
48BC
0x
48C0
0x
48C4
0x
48C8
0x
48CC
0x
48D0
0x
48D4
0x
48D8
0x
48DC
0x
48E0
0x
48E4
0x
48E8
0x
48EC
0x
48F0
0x
48F4
0x
48F8
0x
48FC
0x
4900
0x
4904
0x
4908
0x
490C
0x
4910
0x
4914
0x
4920
0x
4924
0x
4928
0x
492C
0x
4930
0x
4934
0x
4938
0x
493C
0x
4940
0x
4944
0x
4948
0x
494C
0x
4950
0x
4954
0x
4958
0x
495C
0x
4960
0x
4964
0x
4968
0x
496C
0x
4970
0x
4974
0x
4978
0x
497C
0x
4980
0x
4984
0x
4988
0x
498C
0x
4990
0x
4994
0x
4998
0x
499C
0x
49A0
0x
49A4
0x
49A8
0x
49AC
0x
49B0
0x
49B4
0x
49B8
0x
49BC
0x
49C0
0x
49C4
0x
49C8
0x
49CC
0x
49D0
0x
49D4
0x
49D8
0x
49DC
0x
49E0
0x
49E4
0x
49E8
0x
49EC
0x
49F0
0x
49F4
0x
49F8
0x
49FC
0x
4A00
0x
4A04
0x
4A08
0x
4A0C
0x
4A10
0x
4A14
0x
4A18
0x
4A1C
0x
4A20
0x
4A24
0x
4A28
0x
4A2C
0x
4A30
0x
4A34
0x
4A38
0x
4A3C
0x
4A40
0x
4A44
0x
4A48
0x
4A4C
0x
4A50
0x
4A54
0x
4A68
0x
4A6C
0x
4A70
0x
4A74
0x
4A78
0x
4A7C
0x
4A80
0x
4A84
0x
4A88
0x
4A8C
0x
4A90
0x
4A94
0x
4A98
0x
4A9C
0x
4AA0
0x
4AA4
0x
4AA8
0x
4AAC
0x
4AB0
0x
4AB4
0x
4AB8
0x
4ABC
0x
4AC0
0x
4AC4
0x
4AC8
0x
4ACC
0x
4AD0
0x
4AD4
0x
4AD8
0x
4ADC
0x
4AE0
0x
4AE4
0x
4AE8
0x
4AEC
0x
4AF0
0x
4AF4
0x
4AF8
0x
4AFC
0x
4B00
0x
4B04
0x
4B08
0x
4B0C
0x
4B10
0x
4B14
0x
4B18
0x
4B1C
0x
4B20
0x
4B24
0x
4B28
0x
4B2C
0x
4B30
0x
4B34
0x
4B38
0x
4B3C
0x
4B40
0x
4B44
0x
4B48
0x
4B4C
0x
4B50
0x
4B54
0x
4B58
0x
4B5C
0x
4B60
0x
4B64
0x
4B68
0x
4B6C
0x
4B70
0x
4B74
0x
4B78
0x
4B7C
0x
4B80
0x
4B84
0x
4B88
0x
4B8C
0x
4B90
0x
4B94
0x
4B98
0x
4B9C
0x
4BA0
0x
4BA4
0x
4BA8
0x
4BAC
0x
4BB0
0x
4BB4
0x
4BB8
0x
4BBC
0x
4BC0
0x
4BC4
0x
4BC8
0x
4BCC
0x
4BD0
0x
4BD4
0x
4BD8
0x
4BDC
0x
4BE0
0x
4BE4
0x
4BE8
0x
4BEC
0x
4BF0
0x
4BF4
0x
4BF8
0x
4BFC
0x
568
0x
3894
0x
FA0
0x
4C04
0x
4C08
0x
4C0C
0x
4C10
0x
4C14
0x
4C18
0x
4C1C
0x
4C20
0x
4C24
0x
4C28
0x
4C2C
0x
4C30
0x
4C34
0x
4C38
0x
4C3C
0x
4C40
0x
4C44
0x
4C48
0x
4C4C
0x
4C50
0x
4C54
0x
4C58
0x
4C5C
0x
4C60
0x
4C64
0x
4C68
0x
4C6C
0x
4C70
0x
4C74
0x
4C78
0x
4C7C
0x
4C80
0x
4C84
0x
4C88
0x
4C8C
0x
4C90
0x
4C94
0x
4C98
0x
4C9C
0x
4CA0
0x
4CA4
0x
4CA8
0x
4CAC
0x
4CB0
0x
4CB4
0x
4CB8
0x
4CBC
0x
4CC0
0x
4CC4
0x
4CC8
0x
4CCC
0x
4CD0
0x
4CD4
0x
4CD8
0x
4CDC
0x
4CE0
0x
4CE4
0x
4CE8
0x
4CEC
0x
4CF0
0x
4CF4
0x
4CF8
0x
4CFC
0x
4D00
0x
4D04
0x
4D08
0x
4D0C
0x
4D10
0x
4D14
0x
4D18
0x
4D1C
0x
4D20
0x
4D24
0x
4D28
0x
4D2C
0x
4D30
0x
4D34
0x
4D38
0x
4D3C
0x
4D40
0x
4D44
0x
4D48
0x
4D4C
0x
4D50
0x
4D54
0x
4D58
0x
4D5C
0x
4D60
0x
4D64
0x
4D68
0x
4D6C
0x
4D70
0x
4D74
0x
4D78
0x
4D7C
0x
4D80
0x
4D84
0x
4D88
0x
4D8C
0x
4D90
0x
4D94
0x
4D98
0x
4D9C
0x
4DA0
0x
4DA4
0x
4DA8
0x
4DAC
0x
4DB0
0x
4DB4
0x
4DB8
0x
4DBC
0x
4DC0
0x
4DC4
0x
4DC8
0x
4DCC
0x
4DD0
0x
4DD4
0x
4DD8
0x
4DDC
0x
4DE0
0x
4DE4
0x
4DE8
0x
4DEC
0x
4DF0
0x
4DF4
0x
4DF8
0x
4DFC
0x
4E00
0x
4E04
0x
4E08
0x
4E0C
0x
4E10
0x
4E14
0x
4E18
0x
4E1C
0x
4E20
0x
4E24
0x
4E28
0x
4E2C
0x
4E30
0x
4E34
0x
4E38
0x
4E3C
0x
4E40
0x
4E44
0x
4E48
0x
4E4C
0x
4E50
0x
4E54
0x
4E58
0x
4E5C
0x
4E60
0x
4E64
0x
4E68
0x
4E6C
0x
4E70
0x
4E74
0x
4E78
0x
4E7C
0x
4E80
0x
4E84
0x
4E88
0x
4E8C
0x
4E90
0x
4E94
0x
4E98
0x
4E9C
0x
4EA0
0x
4EA4
0x
4EA8
0x
4EAC
0x
4EB0
0x
4EB4
0x
4EB8
0x
4EBC
0x
4EC0
0x
4EC4
0x
4EC8
0x
4ECC
0x
4ED0
0x
4ED4
0x
4ED8
0x
4EDC
0x
4EE0
0x
4EE4
0x
4EE8
0x
4EEC
0x
4EF0
0x
4EF4
0x
4EF8
0x
4EFC
0x
4F00
0x
4F04
0x
4F08
0x
4F0C
0x
4F10
0x
4F14
0x
4F18
0x
4F1C
0x
4F20
0x
4F24
0x
4F28
0x
4F2C
0x
4F30
0x
4F34
0x
4F38
0x
4F3C
0x
4F40
0x
4F44
0x
4F48
0x
4F4C
0x
4F50
0x
4F54
0x
4F58
0x
4F5C
0x
4F60
0x
4F64
0x
4F68
0x
4F6C
0x
4F70
0x
4F74
0x
4F78
0x
4F7C
0x
4F80
0x
4F84
0x
4F88
0x
4F8C
0x
4F90
0x
4F94
0x
4F98
0x
4F9C
0x
4FA0
0x
4FA4
0x
4FA8
0x
4FAC
0x
4FB0
0x
4FB4
0x
4FB8
0x
4FBC
0x
4FC0
0x
4FC4
0x
4FC8
0x
4FCC
0x
4FD0
0x
4FD4
0x
4FD8
0x
4FDC
0x
4FE0
0x
4FE4
0x
4FE8
0x
4FEC
0x
4FF0
0x
4FF4
0x
4FF8
0x
4FFC
0x
4274
0x
5004
0x
5008
0x
500C
0x
5010
0x
5014
0x
5018
0x
501C
0x
5020
0x
5024
0x
5028
0x
502C
0x
5030
0x
5034
0x
5038
0x
503C
0x
5040
0x
5044
0x
5048
0x
504C
0x
5050
0x
5054
0x
5058
0x
505C
0x
5060
0x
5064
0x
5068
0x
506C
0x
5070
0x
5074
0x
5078
0x
507C
0x
5080
0x
5084
0x
5088
0x
508C
0x
5090
0x
5094
0x
5098
0x
509C
0x
50A0
0x
50A4
0x
50A8
0x
50AC
0x
50B0
0x
50B4
0x
50B8
0x
50BC
0x
50C0
0x
50C4
0x
50C8
0x
50CC
0x
50D0
0x
50D4
0x
50D8
0x
50DC
0x
50E0
0x
50E4
0x
50E8
0x
50EC
0x
50F0
0x
50F4
0x
50F8
0x
50FC
0x
5100
0x
5104
0x
5108
0x
510C
0x
5110
0x
5114
0x
5118
0x
511C
0x
5120
0x
5124
0x
5128
0x
512C
0x
5130
0x
5134
0x
5138
0x
513C
0x
5140
0x
5144
0x
5148
0x
514C
0x
5150
0x
5154
0x
5158
0x
515C
0x
5160
0x
5164
0x
5168
0x
516C
0x
5170
0x
5174
0x
5178
0x
517C
0x
5180
0x
5184
0x
5188
0x
518C
0x
5190
0x
5194
0x
5198
0x
519C
0x
51A0
0x
51A4
0x
51A8
0x
51AC
0x
51B0
0x
51B4
0x
51B8
0x
51BC
0x
51C0
0x
51C4
0x
51C8
0x
51CC
0x
51D0
0x
51D4
0x
51D8
0x
51DC
0x
51E0
0x
51E4
0x
51E8
0x
51EC
0x
51F0
0x
51F4
0x
51F8
0x
51FC
0x
5200
0x
5204
0x
5208
0x
520C
0x
5210
0x
5214
0x
5218
0x
521C
0x
5220
0x
5224
0x
5228
0x
522C
0x
5234
0x
5238
0x
523C
0x
5240
0x
5244
0x
5248
0x
524C
0x
5250
0x
5254
0x
5258
0x
525C
0x
5260
0x
5264
0x
5268
0x
526C
0x
5270
0x
5274
0x
5278
0x
527C
0x
5280
0x
5284
0x
5288
0x
528C
0x
5290
0x
5294
0x
5298
0x
529C
0x
52A0
0x
52A4
0x
52A8
0x
52AC
0x
52B0
0x
52B4
0x
52B8
0x
52BC
0x
52C0
0x
52C4
0x
52C8
0x
52CC
0x
52D0
0x
52D4
0x
52D8
0x
52DC
0x
52E0
0x
52E4
0x
52E8
0x
52EC
0x
52F0
0x
52F4
0x
52F8
0x
52FC
0x
5300
0x
5304
0x
5308
0x
530C
0x
5310
0x
5314
0x
5318
0x
531C
0x
5320
0x
5324
0x
5328
0x
532C
0x
5330
0x
5334
0x
5338
0x
533C
0x
5340
0x
5344
0x
5348
0x
534C
0x
5350
0x
5354
0x
5358
0x
535C
0x
5360
0x
5364
0x
5368
0x
536C
0x
5370
0x
5374
0x
5378
0x
537C
0x
5380
0x
5384
0x
5388
0x
538C
0x
5390
0x
5394
0x
5398
0x
539C
0x
53A0
0x
53A4
0x
53A8
0x
53AC
0x
53B0
0x
53B4
0x
53B8
0x
53BC
0x
53C0
0x
53C4
0x
53C8
0x
53CC
0x
53D0
0x
53D4
0x
53D8
0x
53DC
0x
53E0
0x
53E4
0x
53E8
0x
53EC
0x
53F0
0x
53F4
0x
53F8
0x
53FC
0x
4A5C
0x
1FE0
0x
4A64
0x
4364
0x
4A58
0x
4578
0x
4A60
0x
451C
0x
1FD4
0x
5230
0x
4658
0x
4918
0x
46BC
0x
491C
0x
47C4
0x
4574
0x
4518
0x
480C
0x
4654
0x
45E4
0x
45EC
0x
4810
0x
47C8
0x
457C
0x
5404
0x
5408
0x
540C
0x
5410
0x
5414
0x
5418
0x
541C
0x
5420
0x
5424
0x
5428
0x
542C
0x
5430
0x
5434
0x
5438
0x
543C
0x
5440
0x
5444
0x
5448
0x
544C
0x
5450
0x
5454
0x
5458
0x
545C
0x
5460
0x
5464
0x
5468
0x
546C
0x
5470
0x
5474
0x
5478
0x
547C
0x
5480
0x
5484
0x
5488
0x
548C
0x
5490
0x
5494
0x
5498
0x
549C
0x
54A0
0x
54A4
0x
54A8
0x
54AC
0x
54B0
0x
54B4
0x
54B8
0x
54BC
0x
54C0
0x
54C4
0x
54C8
0x
54CC
0x
54D0
0x
54D4
0x
54D8
0x
54DC
0x
54E0
0x
54E4
0x
54E8
0x
54EC
0x
54F0
0x
54F4
0x
54F8
0x
54FC
0x
5500
0x
5504
0x
5508
0x
550C
0x
5510
0x
5514
0x
5518
0x
551C
0x
5520
0x
5524
0x
5528
0x
552C
0x
5530
0x
5534
0x
5538
0x
553C
0x
5540
0x
5544
0x
5548
0x
554C
0x
5550
0x
5554
0x
5558
0x
555C
0x
5560
0x
5564
0x
5568
0x
556C
0x
5570
0x
5574
0x
5578
0x
557C
0x
5580
0x
5584
0x
5588
0x
558C
0x
5590
0x
5594
0x
5598
0x
559C
0x
55A0
0x
55A4
0x
55A8
0x
55AC
0x
55B0
0x
55B4
0x
55B8
0x
55BC
0x
55C0
0x
55C4
0x
55C8
0x
55CC
0x
55D0
0x
55D4
0x
55D8
0x
55DC
0x
55E0
0x
55E4
0x
55E8
0x
55EC
0x
55F0
0x
55F4
0x
55F8
0x
55FC
0x
5600
0x
5604
0x
5608
0x
560C
0x
5610
0x
5614
0x
5618
0x
561C
0x
5620
0x
5624
0x
5628
0x
562C
0x
5630
0x
5634
0x
5638
0x
563C
0x
5640
0x
5644
0x
5648
0x
564C
0x
5650
0x
5654
0x
5658
0x
565C
0x
5660
0x
5664
0x
5668
0x
566C
0x
5670
0x
5674
0x
5678
0x
567C
0x
5680
0x
5684
0x
5688
0x
568C
0x
5690
0x
5694
0x
5698
0x
569C
0x
56A0
0x
56A4
0x
56A8
0x
56AC
0x
56B0
0x
56B4
0x
56B8
0x
56BC
0x
56C0
0x
56C4
0x
56C8
0x
56CC
0x
56D0
0x
56D4
0x
56D8
0x
56DC
0x
56E0
0x
56E4
0x
56E8
0x
56EC
0x
56F0
0x
56F4
0x
56F8
0x
56FC
0x
5700
0x
5704
0x
5708
0x
570C
0x
5710
0x
5714
0x
5718
0x
571C
0x
5720
0x
5724
0x
5728
0x
572C
0x
5730
0x
5734
0x
5738
0x
573C
0x
5740
0x
5744
0x
5748
0x
574C
0x
5750
0x
5754
0x
5758
0x
575C
0x
5760
0x
5764
0x
5768
0x
576C
0x
5770
0x
5774
0x
5778
0x
577C
0x
5780
0x
5784
0x
5788
0x
578C
0x
5790
0x
5794
0x
5798
0x
579C
0x
57A0
0x
57A4
0x
57A8
0x
57AC
0x
57B0
0x
57B4
0x
57B8
0x
57BC
0x
57C0
0x
57C4
0x
57C8
0x
57CC
0x
57D0
0x
57D4
0x
57D8
0x
57DC
0x
57E0
0x
57E4
0x
57E8
0x
57EC
0x
57F0
0x
57F4
0x
57F8
0x
57FC
0x
5804
0x
5808
0x
580C
0x
5810
0x
5814
0x
5818
0x
581C
0x
5820
0x
5824
0x
5828
0x
582C
0x
5830
0x
5834
0x
5838
0x
583C
0x
5840
0x
5844
0x
5848
0x
584C
0x
5850
0x
5854
0x
5858
0x
585C
0x
5860
0x
5864
0x
5868
0x
586C
0x
5870
0x
5874
0x
5878
0x
587C
0x
5880
0x
5884
0x
5888
0x
588C
0x
5890
0x
5894
0x
5898
0x
589C
0x
58A0
0x
58A4
0x
58A8
0x
58AC
0x
58B0
0x
58B4
0x
58B8
0x
58BC
0x
58C0
0x
58C4
0x
58D0
0x
58D4
0x
58D8
0x
58DC
0x
58E0
0x
58E4
0x
58E8
0x
58EC
0x
58F0
0x
58F4
0x
58F8
0x
58FC
0x
5900
0x
5904
0x
5908
0x
590C
0x
5910
0x
5914
0x
5918
0x
591C
0x
5920
0x
5924
0x
5928
0x
592C
0x
5930
0x
5934
0x
5948
0x
594C
0x
5950
0x
5954
0x
5958
0x
595C
0x
5960
0x
5964
0x
5968
0x
596C
0x
5970
0x
5974
0x
5978
0x
597C
0x
5980
0x
5984
0x
5988
0x
598C
0x
5990
0x
5994
0x
5998
0x
599C
0x
59A0
0x
59A4
0x
59B4
0x
59B8
0x
59BC
0x
59C0
0x
59C4
0x
59C8
0x
59CC
0x
59D0
0x
59D4
0x
59D8
0x
59DC
0x
59E0
0x
59E4
0x
59E8
0x
59EC
0x
59F0
0x
59F4
0x
59F8
0x
5A04
0x
5A08
0x
5A0C
0x
5A10
0x
5A14
0x
5A18
0x
5A1C
0x
5A20
0x
5A24
0x
5A28
0x
5A2C
0x
5A30
0x
5A34
0x
5A38
0x
5A3C
0x
5A40
0x
5A44
0x
5A48
0x
5A4C
0x
5A50
0x
5A54
0x
5A5C
0x
5A60
0x
5A64
0x
5A68
0x
5A6C
0x
5A70
0x
5A74
0x
5A78
0x
5A7C
0x
5A80
0x
5A84
0x
5A88
0x
5A8C
0x
5A90
0x
5A94
0x
5A98
0x
5A9C
0x
5AA0
0x
5AA4
0x
5AA8
0x
5AAC
0x
5AB0
0x
5AB4
0x
5AB8
0x
5ABC
0x
5AC0
0x
5AC4
0x
5AC8
0x
5ACC
0x
5AD0
0x
5AD4
0x
5AD8
0x
5ADC
0x
5AE0
0x
5AE4
0x
5AE8
0x
5AEC
0x
5AF0
0x
5AF4
0x
5AF8
0x
5AFC
0x
5B00
0x
5B04
0x
5B08
0x
5B0C
0x
5B10
0x
5B14
0x
5B18
0x
5B1C
0x
5B20
0x
5B24
0x
5B28
0x
5B2C
0x
5B30
0x
5B34
0x
5B38
0x
5B3C
0x
5B40
0x
5B44
0x
5B48
0x
5B4C
0x
5B50
0x
5B54
0x
5B58
0x
5B5C
0x
5B68
0x
5B6C
0x
5B70
0x
5B74
0x
5B78
0x
5B7C
0x
5B80
0x
5B84
0x
5B88
0x
5B8C
0x
5B90
0x
5B94
0x
5B98
0x
5B9C
0x
5BA0
0x
5BA4
0x
5BA8
0x
5BAC
0x
5BB0
0x
5BB4
0x
5BB8
0x
5BC0
0x
5BC4
0x
5BC8
0x
5BCC
0x
5BD0
0x
5BD4
0x
5BD8
0x
5BDC
0x
5BE0
0x
5BE4
0x
5BE8
0x
5BEC
0x
5BF0
0x
5BF4
0x
5BF8
0x
5BFC
0x
59AC
0x
F0C
0x
5944
0x
5650
0x
5C04
0x
5C08
0x
5C0C
0x
5C14
0x
5C18
0x
5C1C
0x
5C20
0x
5C24
0x
5C28
0x
5C2C
0x
5C30
0x
5C34
0x
5C38
0x
5C3C
0x
5C40
0x
5C44
0x
5C48
0x
5C4C
0x
5C50
0x
5C54
0x
5C58
0x
5C5C
0x
5C60
0x
5C64
0x
5C68
0x
5C6C
0x
5C70
0x
5C74
0x
5C78
0x
5C7C
0x
5C80
0x
5C84
0x
5C88
0x
5C8C
0x
5C90
0x
5C94
0x
5C98
0x
5C9C
0x
5CA0
0x
5CA4
0x
5CA8
0x
5CAC
0x
5CB0
0x
5CB4
0x
5CB8
0x
5CBC
0x
5CC0
0x
5CC4
0x
5CC8
0x
5CCC
0x
5CD0
0x
5CD4
0x
5CD8
0x
5CDC
0x
5CE0
0x
5CE4
0x
5CE8
0x
5CEC
0x
5CF0
0x
5CF4
0x
5CF8
0x
5CFC
0x
5D00
0x
5D04
0x
5D08
0x
5D0C
0x
5D10
0x
5D14
0x
5D18
0x
5D1C
0x
5D20
0x
5D2C
0x
5D30
0x
5D34
0x
5D38
0x
5D3C
0x
5D40
0x
5D44
0x
5D48
0x
5D4C
0x
5D50
0x
5D54
0x
5D58
0x
5D5C
0x
5D60
0x
5D64
0x
5D68
0x
5D6C
0x
5D70
0x
5D74
0x
5D78
0x
5D7C
0x
5D80
0x
5D84
0x
5D88
0x
5D8C
0x
5D90
0x
5D94
0x
5D98
0x
5D9C
0x
5DA0
0x
5DA4
0x
5DA8
0x
5DAC
0x
5DB0
0x
5DB4
0x
5DB8
0x
5DBC
0x
5DC0
0x
5DC4
0x
5DC8
0x
5DCC
0x
5DD0
0x
5DD4
0x
5DD8
0x
5DDC
0x
5DE0
0x
5DE4
0x
5DE8
0x
5DEC
0x
5DF0
0x
5DF4
0x
5DF8
0x
5DFC
0x
5E00
0x
5E04
0x
5E08
0x
5E0C
0x
5E10
0x
5E14
0x
5E18
0x
5E1C
0x
5E20
0x
5E24
0x
5E28
0x
5E2C
0x
5E30
0x
5E34
0x
5E38
0x
5E3C
0x
5E40
0x
5E44
0x
5E48
0x
5E4C
0x
5E50
0x
5E54
0x
5E58
0x
5E5C
0x
5E60
0x
5E64
0x
5E68
0x
5E6C
0x
5E70
0x
5E74
0x
5E78
0x
5E7C
0x
5E80
0x
5E84
0x
5E98
0x
5E9C
0x
5EA0
0x
5EA4
0x
5EA8
0x
5EAC
0x
5EB0
0x
5EB4
0x
5EB8
0x
5EBC
0x
5EC0
0x
5EC4
0x
5EC8
0x
5ECC
0x
5ED0
0x
5ED4
0x
5ED8
0x
5EDC
0x
5EE0
0x
5EE4
0x
5EE8
0x
5EEC
0x
5EF0
0x
5EF4
0x
5EF8
0x
5EFC
0x
5F00
0x
5F04
0x
5F08
0x
5F0C
0x
5F10
0x
5F14
0x
5F18
0x
5F1C
0x
5F20
0x
5F24
0x
5F28
0x
5F2C
0x
5F30
0x
5F34
0x
5F38
0x
5F3C
0x
5F40
0x
5F44
0x
5F48
0x
5F4C
0x
5F50
0x
5F54
0x
5F58
0x
5F5C
0x
5F60
0x
5F64
0x
5F68
0x
5F6C
0x
5F70
0x
5F74
0x
5F78
0x
5F7C
0x
5F80
0x
5F84
0x
5F88
0x
5F8C
0x
5F90
0x
5F94
0x
5F98
0x
5F9C
0x
5FA0
0x
5FA4
0x
5FA8
0x
5FAC
0x
5FB0
0x
5FB4
0x
5FB8
0x
5FBC
0x
5FC0
0x
5FC4
0x
5FC8
0x
5FCC
0x
5FD0
0x
5FD4
0x
5FD8
0x
5FDC
0x
5FE0
0x
5FE4
0x
5FE8
0x
5FEC
0x
5FF0
0x
5FF4
0x
5FF8
0x
5FFC
0x
564C
0x
6004
0x
6008
0x
600C
0x
6010
0x
6014
0x
6018
0x
601C
0x
6020
0x
6024
0x
6028
0x
6034
0x
6038
0x
603C
0x
6040
0x
6044
0x
6048
0x
604C
0x
6050
0x
6054
0x
6058
0x
605C
0x
6060
0x
6064
0x
6068
0x
606C
0x
6070
0x
6074
0x
6078
0x
607C
0x
6080
0x
6084
0x
6088
0x
608C
0x
6090
0x
6094
0x
6098
0x
609C
0x
60A0
0x
60A4
0x
60A8
0x
60AC
0x
60B0
0x
60B4
0x
60B8
0x
60BC
0x
60C0
0x
60C4
0x
60C8
0x
60CC
0x
60D0
0x
60D4
0x
60D8
0x
60DC
0x
60E0
0x
60E4
0x
60E8
0x
60EC
0x
60F0
0x
60F4
0x
60F8
0x
60FC
0x
6100
0x
6104
0x
6108
0x
610C
0x
6110
0x
6114
0x
6118
0x
611C
0x
6120
0x
6124
0x
6128
0x
612C
0x
6130
0x
6134
0x
6138
0x
613C
0x
6140
0x
6144
0x
6148
0x
614C
0x
6150
0x
6154
0x
6158
0x
615C
0x
6160
0x
6164
0x
6168
0x
616C
0x
6170
0x
6174
0x
6178
0x
617C
0x
6180
0x
6184
0x
6188
0x
618C
0x
6190
0x
6194
0x
6198
0x
619C
0x
61A0
0x
61A4
0x
61A8
0x
61AC
0x
61B0
0x
61B4
0x
61B8
0x
61BC
0x
61C0
0x
61C4
0x
61C8
0x
61CC
0x
61D0
0x
61D4
0x
61D8
0x
61DC
0x
61E0
0x
61E4
0x
61E8
0x
61EC
0x
61F0
0x
61F4
0x
61F8
0x
61FC
0x
6200
0x
6204
0x
6208
0x
620C
0x
6210
0x
6214
0x
6218
0x
621C
0x
6220
0x
6224
0x
6228
0x
622C
0x
6230
0x
6234
0x
6238
0x
623C
0x
6240
0x
6244
0x
6248
0x
624C
0x
6250
0x
6254
0x
6258
0x
625C
0x
6260
0x
6264
0x
6268
0x
626C
0x
6270
0x
6274
0x
6278
0x
627C
0x
6280
0x
6284
0x
6288
0x
628C
0x
6290
0x
6294
0x
6298
0x
629C
0x
62A0
0x
62A4
0x
62A8
0x
62AC
0x
62B0
0x
62B4
0x
62B8
0x
62BC
0x
62C0
0x
62C4
0x
62C8
0x
62CC
0x
62D0
0x
62D4
0x
62D8
0x
62DC
0x
62E0
0x
62E4
0x
62E8
0x
62EC
0x
62F0
0x
62F4
0x
62F8
0x
62FC
0x
6300
0x
6304
0x
6308
0x
630C
0x
6310
0x
6314
0x
6318
0x
631C
0x
6320
0x
6324
0x
6328
0x
632C
0x
6330
0x
6334
0x
6338
0x
633C
0x
6340
0x
6344
0x
6348
0x
634C
0x
6350
0x
6354
0x
6358
0x
635C
0x
6360
0x
6364
0x
6368
0x
636C
0x
6370
0x
6374
0x
6378
0x
637C
0x
6380
0x
6384
0x
6388
0x
638C
0x
6390
0x
6394
0x
6398
0x
639C
0x
63A0
0x
63A4
0x
63A8
0x
63AC
0x
63B0
0x
63B4
0x
63B8
0x
63BC
0x
63C4
0x
63C8
0x
63CC
0x
63D0
0x
63D4
0x
63D8
0x
63DC
0x
63E0
0x
63E4
0x
63E8
0x
63EC
0x
63F0
0x
63F4
0x
63F8
0x
63FC
0x
12E0
0x
6404
0x
6408
0x
640C
0x
6410
0x
6414
0x
6418
0x
641C
0x
6420
0x
6424
0x
6428
0x
642C
0x
6430
0x
6434
0x
6438
0x
643C
0x
6440
0x
6444
0x
6448
0x
644C
0x
6450
0x
6454
0x
6458
0x
645C
0x
6460
0x
6464
0x
6468
0x
646C
0x
6470
0x
6474
0x
6478
0x
647C
0x
6480
0x
6484
0x
6488
0x
648C
0x
6490
0x
6494
0x
6498
0x
649C
0x
64A0
0x
64A4
0x
64A8
0x
64AC
0x
64B0
0x
64B4
0x
64B8
0x
64BC
0x
64C0
0x
64C4
0x
64C8
0x
64CC
0x
64D0
0x
64D4
0x
64D8
0x
64DC
0x
64E0
0x
64E4
0x
64E8
0x
64EC
0x
64F0
0x
64F4
0x
64F8
0x
64FC
0x
6500
0x
6504
0x
6508
0x
650C
0x
6510
0x
6514
0x
6518
0x
651C
0x
6520
0x
6524
0x
6528
0x
652C
0x
6530
0x
6534
0x
6538
0x
653C
0x
6540
0x
6544
0x
6548
0x
654C
0x
6550
0x
6554
0x
6558
0x
655C
0x
6560
0x
6564
0x
6568
0x
656C
0x
6570
0x
6574
0x
6578
0x
657C
0x
6580
0x
6584
0x
6588
0x
658C
0x
6590
0x
6594
0x
6598
0x
659C
0x
65A0
0x
65A4
0x
65A8
0x
65AC
0x
65B0
0x
65B4
0x
65B8
0x
65BC
0x
65C0
0x
65C4
0x
65C8
0x
65CC
0x
65D0
0x
65D4
0x
65D8
0x
65DC
0x
65E0
0x
65E4
0x
65E8
0x
65EC
0x
65F0
0x
65F4
0x
65F8
0x
65FC
0x
6600
0x
6604
0x
6608
0x
660C
0x
6610
0x
6614
0x
6618
0x
661C
0x
6620
0x
6624
0x
6628
0x
662C
0x
6630
0x
6634
0x
6638
0x
663C
0x
6640
0x
6644
0x
6648
0x
664C
0x
6650
0x
6654
0x
6658
0x
665C
0x
6660
0x
6664
0x
6668
0x
666C
0x
6670
0x
6674
0x
6678
0x
667C
0x
6680
0x
6684
0x
6688
0x
668C
0x
6690
0x
6694
0x
6698
0x
669C
0x
66A0
0x
66A4
0x
66A8
0x
66AC
0x
66B0
0x
66B4
0x
66B8
0x
66BC
0x
66C0
0x
66C4
0x
66C8
0x
66CC
0x
66D0
0x
66D4
0x
66D8
0x
66DC
0x
66E0
0x
66E4
0x
66E8
0x
66EC
0x
66F0
0x
66F4
0x
66F8
0x
66FC
0x
6700
0x
6704
0x
6708
0x
670C
0x
6710
0x
6714
0x
6718
0x
671C
0x
6720
0x
6724
0x
6728
0x
672C
0x
6730
0x
6734
0x
6738
0x
673C
0x
6740
0x
6744
0x
6748
0x
674C
0x
6750
0x
6754
0x
6758
0x
675C
0x
6760
0x
6764
0x
6768
0x
676C
0x
6770
0x
6774
0x
6778
0x
677C
0x
6780
0x
6784
0x
6788
0x
678C
0x
6790
0x
6794
0x
6798
0x
679C
0x
67A0
0x
67A4
0x
67A8
0x
67B0
0x
67B4
0x
67B8
0x
67BC
0x
67C0
0x
67C4
0x
67C8
0x
67CC
0x
67D0
0x
67D4
0x
67D8
0x
67DC
0x
67E0
0x
67E4
0x
67E8
0x
67EC
0x
67F0
0x
67F4
0x
67F8
0x
67FC
0x
5E8C
0x
602C
0x
5E94
0x
6030
0x
5E88
0x
58CC
0x
593C
0x
5E90
0x
5A58
0x
5D24
0x
5A00
0x
5D28
0x
6AC
0x
AC0
0x
12E4
0x
5B64
0x
58C8
0x
5C10
0x
59B0
0x
5940
0x
5938
0x
6804
0x
6808
0x
680C
0x
6810
0x
6814
0x
6818
0x
681C
0x
6820
0x
6824
0x
6828
0x
682C
0x
6830
0x
6834
0x
6838
0x
683C
0x
6840
0x
6844
0x
6848
0x
684C
0x
6850
0x
6854
0x
6858
0x
685C
0x
6860
0x
6864
0x
6868
0x
686C
0x
6870
0x
6874
0x
6878
0x
687C
0x
6880
0x
6884
0x
6888
0x
688C
0x
6890
0x
6894
0x
6898
0x
689C
0x
68A0
0x
68A4
0x
68A8
0x
68AC
0x
68B0
0x
68B4
0x
68B8
0x
68BC
0x
68C0
0x
68C4
0x
68C8
0x
68CC
0x
68D0
0x
68D4
0x
68D8
0x
68DC
0x
68E0
0x
68E4
0x
68E8
0x
68EC
0x
68F0
0x
68F4
0x
68F8
0x
68FC
0x
6900
0x
6904
0x
6908
0x
690C
0x
6910
0x
6914
0x
6918
0x
691C
0x
6920
0x
6924
0x
6928
0x
692C
0x
6930
0x
6934
0x
6938
0x
693C
0x
6940
0x
6944
0x
6948
0x
694C
0x
6950
0x
6954
0x
6958
0x
695C
0x
6960
0x
6964
0x
6968
0x
696C
0x
6970
0x
6974
0x
6978
0x
697C
0x
6980
0x
6984
0x
6988
0x
698C
0x
6990
0x
6994
0x
6998
0x
699C
0x
69A0
0x
69A4
0x
69A8
0x
69AC
0x
69B0
0x
69B4
0x
69B8
0x
69BC
0x
69C0
0x
69C4
0x
69C8
0x
69CC
0x
69D0
0x
69D4
0x
69D8
0x
69DC
0x
69E0
0x
69E4
0x
69E8
0x
69EC
0x
69F0
0x
69F4
0x
69F8
0x
69FC
0x
6A00
0x
6A04
0x
6A08
0x
6A0C
0x
6A10
0x
6A14
0x
6A18
0x
6A1C
0x
6A20
0x
6A24
0x
6A28
0x
6A2C
0x
6A30
0x
6A34
0x
6A38
0x
6A3C
0x
6A40
0x
6A44
0x
6A48
0x
6A4C
0x
6A50
0x
6A54
0x
6A58
0x
6A5C
0x
6A60
0x
6A64
0x
6A68
0x
6A70
0x
6A74
0x
6A78
0x
6A7C
0x
6A80
0x
6A84
0x
6A88
0x
6A8C
0x
6A90
0x
6A94
0x
6A98
0x
6A9C
0x
6AA0
0x
6AA4
0x
6AA8
0x
6AAC
0x
6AB0
0x
6AB4
0x
6AB8
0x
6ABC
0x
6AC0
0x
6ACC
0x
6AD0
0x
6AD4
0x
6AD8
0x
6ADC
0x
6AE0
0x
6AE4
0x
6AE8
0x
6AEC
0x
6AF0
0x
6AF4
0x
6AF8
0x
6AFC
0x
6B00
0x
6B18
0x
6B1C
0x
6B20
0x
6B24
0x
6B28
0x
6B2C
0x
6B30
0x
6B34
0x
6B38
0x
6B3C
0x
6B40
0x
6B44
0x
6B48
0x
6B4C
0x
6B50
0x
6B54
0x
6B58
0x
6B68
0x
6B6C
0x
6B70
0x
6B74
0x
6B78
0x
6B7C
0x
6B80
0x
6B84
0x
6B88
0x
6B8C
0x
6B90
0x
6B94
0x
6B98
0x
6B9C
0x
6BA0
0x
6BA4
0x
6BA8
0x
6BAC
0x
6BB0
0x
6BB4
0x
6BB8
0x
6BBC
0x
6BC0
0x
6BC4
0x
6BC8
0x
6BCC
0x
6BD0
0x
6BD4
0x
6BD8
0x
6BDC
0x
6BE0
0x
6BE4
0x
6BE8
0x
6BEC
0x
6BF0
0x
6BF4
0x
6BF8
0x
6BFC
0x
59FC
0x
5BBC
0x
5B60
0x
67AC
0x
63C0
0x
4520
0x
19C8
0x
19A4
0x
3B44
0x
3578
0x
8A8
0x
6C04
0x
6C08
0x
6C0C
0x
6C10
0x
6C14
0x
6C18
0x
6C1C
0x
6C20
0x
6C24
0x
6C28
0x
6C2C
0x
6C30
0x
6C34
0x
6C38
0x
6C3C
0x
6C40
0x
6C44
0x
6C48
0x
6C4C
0x
6C50
0x
6C54
0x
6C58
0x
6C5C
0x
6C60
0x
6C64
0x
6C68
0x
6C6C
0x
6C70
0x
6C74
0x
6C78
0x
6C7C
0x
6C80
0x
6C84
0x
6C88
0x
6C8C
0x
6C90
0x
6C94
0x
6C98
0x
6C9C
0x
6CA0
0x
6CA4
0x
6CA8
0x
6CAC
0x
6CB0
0x
6CB4
0x
6CB8
0x
6CBC
0x
6CC0
0x
6CC4
0x
6CC8
0x
6CCC
0x
6CD0
0x
6CD4
0x
6CD8
0x
6CDC
0x
6CE0
0x
6CE4
0x
6CE8
0x
6CEC
0x
6CF0
0x
6CF4
0x
6CF8
0x
6CFC
0x
6D00
0x
6D04
0x
6D08
0x
6D0C
0x
6D10
0x
6D14
0x
6D18
0x
6D1C
0x
6D20
0x
6D24
0x
6D28
0x
6D2C
0x
6D30
0x
6D34
0x
6D38
0x
6D3C
0x
6D40
0x
6D44
0x
6D48
0x
6D4C
0x
6D50
0x
6D54
0x
6D58
0x
6D5C
0x
6D60
0x
6D64
0x
6D68
0x
6D6C
0x
6D70
0x
6D74
0x
6D78
0x
6D7C
0x
6D80
0x
6D84
0x
6D88
0x
6D8C
0x
6D90
0x
6D94
0x
6D98
0x
6D9C
0x
6DA0
0x
6DA4
0x
6DA8
0x
6DAC
0x
6DB0
0x
6DB4
0x
6DB8
0x
6DBC
0x
6DC0
0x
6DC4
0x
6DC8
0x
6DCC
0x
6DD0
0x
6DD4
0x
6DD8
0x
6DDC
0x
6DE0
0x
6DE4
0x
6DE8
0x
6DEC
0x
6DF0
0x
6DF4
0x
6DF8
0x
6DFC
0x
6E00
0x
6E04
0x
6E08
0x
6E0C
0x
6E10
0x
6E14
0x
6E18
0x
6E1C
0x
6E20
0x
6E24
0x
6E28
0x
6E2C
0x
6E30
0x
6E34
0x
6E38
0x
6E3C
0x
6E40
0x
6E44
0x
6E48
0x
6E4C
0x
6E50
0x
6E54
0x
6E58
0x
6E5C
0x
6E60
0x
6E64
0x
6E68
0x
6E6C
0x
6E70
0x
6E74
0x
6E78
0x
6E7C
0x
6E80
0x
6E84
0x
6E88
0x
6E8C
0x
6E90
0x
6E94
0x
6E98
0x
6E9C
0x
6EA0
0x
6EA4
0x
6EA8
0x
6EAC
0x
6EB0
0x
6EB4
0x
6EB8
0x
6EBC
0x
6EC0
0x
6EC4
0x
6EC8
0x
6ECC
0x
6ED0
0x
6ED4
0x
6ED8
0x
6EDC
0x
6EE0
0x
6EE4
0x
6EE8
0x
6EEC
0x
6EF0
0x
6EF4
0x
6EF8
0x
6EFC
0x
6F00
0x
6F04
0x
6F08
0x
6F0C
0x
6F10
0x
6F14
0x
6F18
0x
6F1C
0x
6F20
0x
6F24
0x
6F28
0x
6F2C
0x
6F30
0x
6F34
0x
6F38
0x
6F3C
0x
6F40
0x
6F44
0x
6F48
0x
6F4C
0x
6F50
0x
6F54
0x
6F58
0x
6F5C
0x
6F60
0x
6F64
0x
6F68
0x
6F6C
0x
6F70
0x
6F74
0x
6F78
0x
6F7C
0x
6F80
0x
6F84
0x
6F88
0x
6F8C
0x
6F90
0x
6F94
0x
6F98
0x
6F9C
0x
6FA0
0x
6FA4
0x
6FA8
0x
6FAC
0x
6FB0
0x
6FB4
0x
6FB8
0x
6FBC
0x
6FC0
0x
6FC4
0x
6FC8
0x
6FCC
0x
6FD0
0x
6FD4
0x
6FD8
0x
6FDC
0x
6FE0
0x
6FE4
0x
6FE8
0x
6FEC
0x
6FF0
0x
6FF4
0x
6FF8
0x
6FFC
0x
16DC
0x
86C
0x
59A8
0x
7004
0x
7008
0x
700C
0x
7010
0x
7014
0x
7018
0x
701C
0x
7020
0x
7024
0x
7028
0x
702C
0x
7030
0x
7034
0x
7038
0x
703C
0x
7040
0x
7044
0x
7048
0x
704C
0x
7050
0x
7054
0x
7058
0x
705C
0x
7060
0x
7064
0x
7068
0x
706C
0x
7070
0x
7074
0x
7078
0x
707C
0x
7080
0x
7084
0x
7088
0x
709C
0x
70A0
0x
70A4
0x
70A8
0x
70AC
0x
70B0
0x
70B4
0x
70B8
0x
70BC
0x
70C0
0x
70C4
0x
70C8
0x
70CC
0x
70D0
0x
70D4
0x
70D8
0x
70DC
0x
70E0
0x
70E4
0x
70F4
0x
70F8
0x
70FC
0x
7100
0x
7104
0x
7108
0x
710C
0x
7110
0x
7114
0x
7118
0x
711C
0x
7120
0x
7124
0x
7128
0x
712C
0x
7130
0x
7134
0x
7138
0x
713C
0x
7140
0x
7148
0x
714C
0x
7150
0x
7158
0x
715C
0x
7160
0x
7164
0x
7168
0x
716C
0x
7170
0x
7174
0x
7178
0x
717C
0x
7180
0x
7184
0x
7188
0x
718C
0x
7190
0x
7194
0x
7198
0x
719C
0x
71A0
0x
71A8
0x
71AC
0x
71B0
0x
71B4
0x
71B8
0x
71BC
0x
71C0
0x
71C4
0x
71C8
0x
71CC
0x
71D0
0x
71D4
0x
71D8
0x
71DC
0x
71E0
0x
71E4
0x
71E8
0x
71EC
0x
71F0
0x
71F8
0x
71FC
0x
7200
0x
7204
0x
7208
0x
720C
0x
7210
0x
7214
0x
7218
0x
721C
0x
7220
0x
7224
0x
7228
0x
722C
0x
7230
0x
7234
0x
7238
0x
723C
0x
7240
0x
7244
0x
7248
0x
724C
0x
7250
0x
7254
0x
7258
0x
725C
0x
7260
0x
7264
0x
7268
0x
726C
0x
7270
0x
7274
0x
7278
0x
727C
0x
7280
0x
7284
0x
7288
0x
728C
0x
7290
0x
7294
0x
7298
0x
72A0
0x
72A4
0x
72A8
0x
72AC
0x
72B0
0x
72B4
0x
72B8
0x
72BC
0x
72C0
0x
72C4
0x
72C8
0x
72CC
0x
72D0
0x
72D4
0x
72D8
0x
72DC
0x
72E0
0x
72E4
0x
72F0
0x
72F4
0x
72F8
0x
72FC
0x
7300
0x
7304
0x
7308
0x
730C
0x
7310
0x
7314
0x
7318
0x
731C
0x
7320
0x
7324
0x
7328
0x
732C
0x
7330
0x
7334
0x
7338
0x
733C
0x
7340
0x
7344
0x
7348
0x
734C
0x
7350
0x
7354
0x
735C
0x
7360
0x
7364
0x
7368
0x
736C
0x
7370
0x
7374
0x
7378
0x
737C
0x
7380
0x
7384
0x
7388
0x
738C
0x
7390
0x
7394
0x
7398
0x
739C
0x
73A0
0x
73A4
0x
73A8
0x
73AC
0x
73B0
0x
73B4
0x
73B8
0x
73BC
0x
73C0
0x
73C4
0x
73C8
0x
73CC
0x
73D0
0x
73D4
0x
73D8
0x
73DC
0x
73E0
0x
73E4
0x
73E8
0x
73EC
0x
73F0
0x
73F4
0x
73F8
0x
748
0x
77C
0x
1FE4
0x
74C
0x
638
0x
608
0x
740
0x
C10
0x
774
0x
C50
0x
CD4
0x
D9C
0x
DA4
0x
7098
0x
6DD8
0x
70EC
0x
7404
0x
7408
0x
740C
0x
7410
0x
7414
0x
7418
0x
741C
0x
7428
0x
742C
0x
7430
0x
7434
0x
7438
0x
743C
0x
7440
0x
7444
0x
7448
0x
744C
0x
7450
0x
7454
0x
7458
0x
745C
0x
7460
0x
7464
0x
7468
0x
746C
0x
7470
0x
7474
0x
7478
0x
747C
0x
7490
0x
7494
0x
7498
0x
749C
0x
74A0
0x
74A4
0x
74A8
0x
74AC
0x
74B0
0x
74B4
0x
74B8
0x
74BC
0x
74C0
0x
74CC
0x
74D0
0x
74D4
0x
74D8
0x
74DC
0x
74E0
0x
74E4
0x
74E8
0x
74EC
0x
74F0
0x
74F4
0x
74F8
0x
74FC
0x
7500
0x
7504
0x
7508
0x
750C
0x
7510
0x
7514
0x
7518
0x
751C
0x
7520
0x
7524
0x
752C
0x
7530
0x
7534
0x
7538
0x
753C
0x
7540
0x
7544
0x
7548
0x
754C
0x
7550
0x
7554
0x
7558
0x
755C
0x
7560
0x
7564
0x
7568
0x
756C
0x
7570
0x
7574
0x
7578
0x
757C
0x
7580
0x
7584
0x
7588
0x
758C
0x
7590
0x
7594
0x
7598
0x
759C
0x
75A0
0x
75A4
0x
75A8
0x
75AC
0x
75B0
0x
75B4
0x
75B8
0x
75BC
0x
75C0
0x
75C4
0x
75C8
0x
75CC
0x
75D0
0x
75E4
0x
75E8
0x
75EC
0x
75F0
0x
75F4
0x
75F8
0x
75FC
0x
7600
0x
7604
0x
7608
0x
760C
0x
7610
0x
7614
0x
7618
0x
761C
0x
7620
0x
7624
0x
7628
0x
762C
0x
7630
0x
7634
0x
7638
0x
763C
0x
7640
0x
7644
0x
7648
0x
7654
0x
7658
0x
765C
0x
7660
0x
7664
0x
7668
0x
766C
0x
7670
0x
7674
0x
7678
0x
767C
0x
7680
0x
7684
0x
7688
0x
768C
0x
7690
0x
7694
0x
7698
0x
769C
0x
76A0
0x
76A4
0x
76A8
0x
76AC
0x
76B0
0x
76B4
0x
76B8
0x
76BC
0x
76C0
0x
76C4
0x
76C8
0x
76CC
0x
76D0
0x
76D4
0x
76D8
0x
76DC
0x
76E0
0x
76E4
0x
76E8
0x
76EC
0x
76F0
0x
76F4
0x
76F8
0x
76FC
0x
7704
0x
7708
0x
770C
0x
7710
0x
7714
0x
7718
0x
771C
0x
7720
0x
7724
0x
7728
0x
772C
0x
7730
0x
7734
0x
7738
0x
773C
0x
7740
0x
7744
0x
7748
0x
774C
0x
7750
0x
7754
0x
7758
0x
775C
0x
7760
0x
7764
0x
7768
0x
776C
0x
7770
0x
7774
0x
7778
0x
777C
0x
7780
0x
7784
0x
7788
0x
778C
0x
7790
0x
7794
0x
7798
0x
779C
0x
77A0
0x
77A4
0x
77A8
0x
77AC
0x
77B0
0x
77B4
0x
77B8
0x
77BC
0x
77C0
0x
77C4
0x
77C8
0x
77CC
0x
77D0
0x
77D4
0x
77D8
0x
77DC
0x
77E0
0x
77E4
0x
77E8
0x
77EC
0x
77F0
0x
77F4
0x
77F8
0x
77FC
0x
6DDC
0x
E20
0x
E10
0x
F0
0x
7700
0x
7804
0x
7808
0x
780C
0x
7810
0x
7814
0x
7818
0x
781C
0x
7820
0x
7824
0x
7828
0x
782C
0x
7830
0x
7834
0x
7838
0x
783C
0x
7840
0x
7844
0x
7848
0x
784C
0x
7850
0x
7854
0x
7858
0x
785C
0x
7860
0x
7864
0x
7868
0x
786C
0x
7870
0x
7874
0x
7878
0x
787C
0x
7880
0x
7884
0x
7888
0x
788C
0x
7890
0x
7894
0x
7898
0x
789C
0x
78A0
0x
78A4
0x
78A8
0x
78B0
0x
78B4
0x
78B8
0x
78BC
0x
78C0
0x
78C4
0x
78C8
0x
78CC
0x
78D0
0x
78D4
0x
78D8
0x
78DC
0x
78E0
0x
78E4
0x
78E8
0x
78EC
0x
78F0
0x
78F4
0x
78F8
0x
78FC
0x
7900
0x
7904
0x
7918
0x
791C
0x
7920
0x
7924
0x
7928
0x
792C
0x
7930
0x
7938
0x
793C
0x
7940
0x
7944
0x
7948
0x
794C
0x
7950
0x
7954
0x
7958
0x
795C
0x
7960
0x
7964
0x
7968
0x
796C
0x
7974
0x
7978
0x
797C
0x
7980
0x
7984
0x
7988
0x
798C
0x
7990
0x
7994
0x
7998
0x
799C
0x
79A0
0x
79A4
0x
79A8
0x
79AC
0x
79B0
0x
79B4
0x
79B8
0x
79BC
0x
79C0
0x
79C4
0x
79C8
0x
79CC
0x
79D0
0x
79D4
0x
79D8
0x
79DC
0x
79E0
0x
79E4
0x
79E8
0x
79EC
0x
79F0
0x
79F4
0x
79F8
0x
79FC
0x
7A00
0x
7A04
0x
7A08
0x
7A0C
0x
7A10
0x
7A14
0x
7A18
0x
7A1C
0x
7A20
0x
7A24
0x
7A28
0x
7A2C
0x
7A30
0x
7A34
0x
7A38
0x
7A3C
0x
7A40
0x
7A44
0x
7A48
0x
7A4C
0x
7A50
0x
7A54
0x
7A58
0x
7A5C
0x
7A60
0x
7A64
0x
7A68
0x
7A6C
0x
7A70
0x
7A74
0x
7A78
0x
7A7C
0x
7A80
0x
7A84
0x
7A88
0x
7A8C
0x
7A90
0x
7A94
0x
7A98
0x
7A9C
0x
7AA0
0x
7AA4
0x
7AA8
0x
7AAC
0x
7AB0
0x
7AB4
0x
7AB8
0x
7ABC
0x
7AC0
0x
7AC4
0x
7AC8
0x
7ACC
0x
7AD0
0x
7AD4
0x
7AD8
0x
7ADC
0x
7AE0
0x
7AE4
0x
7AE8
0x
7AEC
0x
7AF0
0x
7AF4
0x
7AF8
0x
7AFC
0x
7B00
0x
7B04
0x
7B08
0x
7B0C
0x
7B10
0x
7B14
0x
7B18
0x
7B1C
0x
7B20
0x
7B24
0x
7B28
0x
7B2C
0x
7B30
0x
7B34
0x
7B38
0x
7B3C
0x
7B40
0x
7B44
0x
7B48
0x
7B4C
0x
7B50
0x
7B54
0x
7B58
0x
7B5C
0x
7B60
0x
7B64
0x
7B68
0x
7B6C
0x
7B70
0x
7B74
0x
7B78
0x
7B7C
0x
7B80
0x
7B84
0x
7B88
0x
7BA0
0x
7BA4
0x
7BA8
0x
7BAC
0x
7BB0
0x
7BB4
0x
7BB8
0x
7BBC
0x
7BC0
0x
7BC4
0x
7BC8
0x
7BCC
0x
7BD0
0x
7BD4
0x
7BD8
0x
7BDC
0x
7BE0
0x
7BE4
0x
7BE8
0x
7BEC
0x
7BF0
0x
7BF4
0x
7BF8
0x
7BFC
0x
7484
0x
75D4
0x
E2C
0x
74C8
0x
75E0
0x
7480
0x
19A0
0x
E08
0x
E14
0x
E24
0x
E28
0x
E1C
0x
E18
0x
74C4
0x
7090
0x
E04
0x
71A4
0x
73FC
0x
71F4
0x
7420
0x
729C
0x
1AE8
0x
7144
0x
7C04
0x
7C08
0x
7C0C
0x
7C10
0x
7C14
0x
7C18
0x
7C1C
0x
7C20
0x
7C24
0x
7C28
0x
7C2C
0x
7C30
0x
7C34
0x
7C38
0x
7C3C
0x
7C40
0x
7C44
0x
7C48
0x
7C4C
0x
7C50
0x
7C54
0x
7C58
0x
7C5C
0x
7C60
0x
7C64
0x
7C68
0x
7C6C
0x
7C70
0x
7C74
0x
7C78
0x
7C7C
0x
7C80
0x
7C84
0x
7C88
0x
7C8C
0x
7C90
0x
7C94
0x
7C98
0x
7C9C
0x
7CA0
0x
7CA4
0x
7CA8
0x
7CAC
0x
7CB0
0x
7CB4
0x
7CB8
0x
7CBC
0x
7CC0
0x
7CC4
0x
7CC8
0x
7CCC
0x
7CD0
0x
7CD4
0x
7CD8
0x
7CDC
0x
7CE0
0x
7CE4
0x
7CE8
0x
7CEC
0x
7CF0
0x
7CF4
0x
7CF8
0x
7CFC
0x
7D00
0x
7D04
0x
7D08
0x
7D0C
0x
7D10
0x
7D14
0x
7D18
0x
7D1C
0x
7D20
0x
7D24
0x
7D28
0x
7D2C
0x
7D30
0x
7D34
0x
7D38
0x
7D3C
0x
7D40
0x
7D44
0x
7D48
0x
7D4C
0x
7D50
0x
7D54
0x
7D58
0x
7D5C
0x
7D60
0x
7D64
0x
7D68
0x
7D6C
0x
7D70
0x
7D74
0x
7D78
0x
7D7C
0x
7D80
0x
7D84
0x
7D88
0x
7D8C
0x
7D90
0x
7D94
0x
7D98
0x
7D9C
0x
7DA0
0x
7DA4
0x
7DA8
0x
7DAC
0x
7DB0
0x
7DB4
0x
7DB8
0x
7DBC
0x
7DC0
0x
7DC4
0x
7DC8
0x
7DCC
0x
7DD0
0x
7DD4
0x
7DD8
0x
7DDC
0x
7DE0
0x
7DE4
0x
7DE8
0x
7DEC
0x
7DF0
0x
7DF4
0x
7DF8
0x
7DFC
0x
7E00
0x
7E04
0x
7E08
0x
7E0C
0x
7E10
0x
7E14
0x
7E18
0x
7E1C
0x
7E20
0x
7E24
0x
7E28
0x
7E2C
0x
7E30
0x
7E34
0x
7E38
0x
7E3C
0x
7E40
0x
7E44
0x
7E48
0x
7E4C
0x
7E50
0x
7E54
0x
7E58
0x
7E5C
0x
7E60
0x
7E64
0x
7E68
0x
7E6C
0x
7E70
0x
7E74
0x
7E78
0x
7E7C
0x
7E80
0x
7E84
0x
7E88
0x
7E8C
0x
7E90
0x
7E94
0x
7E98
0x
7E9C
0x
7EA0
0x
7EA4
0x
7EAC
0x
7EA8
0x
7EB0
0x
7EB4
0x
7EB8
0x
7EBC
0x
7EC0
0x
7EC4
0x
7EC8
0x
7ECC
0x
7ED0
0x
7ED4
0x
7ED8
0x
7EDC
0x
7EE0
0x
7EE4
0x
7EE8
0x
7EEC
0x
7EF0
0x
7EF4
0x
7EF8
0x
7EFC
0x
7F00
0x
7F04
0x
7F08
0x
7F0C
0x
7F10
0x
7F14
0x
7F18
0x
7F1C
0x
7F20
0x
7F24
0x
7F28
0x
7F2C
0x
7F30
0x
7F34
0x
7F38
0x
7F3C
0x
7F40
0x
7F44
0x
7F48
0x
7F4C
0x
7F50
0x
7F54
0x
7F58
0x
7F5C
0x
7F60
0x
7F64
0x
7F68
0x
7F6C
0x
7F70
0x
7F74
0x
7F78
0x
7F7C
0x
7F80
0x
7F84
0x
7F88
0x
7F8C
0x
7F90
0x
7F94
0x
7F98
0x
7F9C
0x
7FA0
0x
7FA4
0x
7FA8
0x
7FAC
0x
7FB0
0x
7FB4
0x
7FB8
0x
7FBC
0x
7FC0
0x
7FC4
0x
7FC8
0x
7FCC
0x
7FD0
0x
7FD4
0x
7FD8
0x
7FDC
0x
7FE0
0x
7FE4
0x
7FE8
0x
7FEC
0x
7FF0
0x
7FF4
0x
7FF8
0x
7FFC
0x
72EC
0x
70F0
0x
7358
0x
72E8
0x
8004
0x
8008
0x
800C
0x
8010
0x
8014
0x
8018
0x
801C
0x
8020
0x
8024
0x
8028
0x
802C
0x
8030
0x
8034
0x
8038
0x
803C
0x
8040
0x
8044
0x
8048
0x
804C
0x
8050
0x
8054
0x
8058
0x
805C
0x
8060
0x
8064
0x
8068
0x
806C
0x
8070
0x
8074
0x
8078
0x
807C
0x
8080
0x
8084
0x
8088
0x
808C
0x
8090
0x
8094
0x
8098
0x
809C
0x
80A0
0x
80A4
0x
80A8
0x
80AC
0x
80B0
0x
80B4
0x
80B8
0x
80BC
0x
80C0
0x
80C4
0x
80C8
0x
80CC
0x
80D0
0x
80D4
0x
80D8
0x
80DC
0x
80E0
0x
80E4
0x
80E8
0x
80EC
0x
80F0
0x
80F4
0x
80F8
0x
80FC
0x
8100
0x
8104
0x
8108
0x
810C
0x
8110
0x
8114
0x
8118
0x
811C
0x
8120
0x
8124
0x
8128
0x
812C
0x
8130
0x
8134
0x
8138
0x
813C
0x
8140
0x
8144
0x
8148
0x
814C
0x
8150
0x
8154
0x
8158
0x
815C
0x
8160
0x
8164
0x
8168
0x
816C
0x
8170
0x
8174
0x
8178
0x
817C
0x
8180
0x
8184
0x
8188
0x
818C
0x
8190
0x
8194
0x
8198
0x
819C
0x
81A0
0x
81A4
0x
81A8
0x
81AC
0x
81B0
0x
81B4
0x
81B8
0x
81BC
0x
81C0
0x
81C4
0x
81C8
0x
81CC
0x
81D0
0x
81D4
0x
81D8
0x
81DC
0x
81E0
0x
81E4
0x
81E8
0x
81EC
0x
81F0
0x
81F4
0x
81F8
0x
81FC
0x
8200
0x
8204
0x
8208
0x
820C
0x
8210
0x
8214
0x
8218
0x
821C
0x
8220
0x
8224
0x
8228
0x
822C
0x
8230
0x
8234
0x
8238
0x
823C
0x
8240
0x
8244
0x
8248
0x
824C
0x
8250
0x
8254
0x
8258
0x
825C
0x
8260
0x
8264
0x
8268
0x
826C
0x
8270
0x
8274
0x
8278
0x
827C
0x
8280
0x
8284
0x
8288
0x
828C
0x
8290
0x
8294
0x
8298
0x
829C
0x
82A0
0x
82A4
0x
82A8
0x
82AC
0x
82B0
0x
82B4
0x
82B8
0x
82BC
0x
82C0
0x
82C4
0x
82C8
0x
82CC
0x
82D0
0x
82D4
0x
82D8
0x
82DC
0x
82E0
0x
82E4
0x
82E8
0x
82EC
0x
82F0
0x
82F4
0x
82F8
0x
82FC
0x
830C
0x
8310
0x
8314
0x
8318
0x
831C
0x
8320
0x
8324
0x
8328
0x
832C
0x
8330
0x
8334
0x
8338
0x
833C
0x
8340
0x
8344
0x
8348
0x
834C
0x
8350
0x
8354
0x
8358
0x
835C
0x
8360
0x
8364
0x
8368
0x
836C
0x
8370
0x
8374
0x
8378
0x
837C
0x
8380
0x
8384
0x
8388
0x
838C
0x
8390
0x
8394
0x
8398
0x
839C
0x
83A0
0x
83A4
0x
83A8
0x
83AC
0x
83B0
0x
83B4
0x
83B8
0x
83C4
0x
83C8
0x
83CC
0x
83D0
0x
83D4
0x
83D8
0x
83DC
0x
83E0
0x
83E4
0x
83E8
0x
83EC
0x
83F0
0x
83F4
0x
83F8
0x
83FC
0x
8404
0x
8408
0x
840C
0x
8410
0x
8414
0x
8418
0x
841C
0x
8428
0x
842C
0x
8430
0x
8434
0x
8438
0x
843C
0x
8440
0x
8444
0x
8448
0x
844C
0x
8450
0x
8454
0x
8458
0x
845C
0x
8460
0x
8464
0x
8468
0x
846C
0x
8470
0x
8474
0x
8478
0x
847C
0x
8480
0x
8484
0x
8488
0x
848C
0x
8490
0x
8494
0x
8498
0x
849C
0x
84A0
0x
84A4
0x
84A8
0x
84AC
0x
84B0
0x
84B4
0x
84B8
0x
84BC
0x
84C0
0x
84C4
0x
84C8
0x
84CC
0x
84D0
0x
84D4
0x
84D8
0x
84DC
0x
84E0
0x
84E4
0x
84E8
0x
84EC
0x
84F0
0x
84F4
0x
84F8
0x
84FC
0x
8500
0x
8504
0x
8508
0x
850C
0x
8510
0x
8514
0x
8518
0x
851C
0x
8520
0x
8524
0x
8528
0x
852C
0x
8530
0x
8534
0x
8538
0x
853C
0x
8540
0x
8544
0x
8548
0x
854C
0x
8550
0x
8554
0x
8558
0x
855C
0x
8560
0x
8564
0x
8568
0x
856C
0x
8570
0x
8574
0x
8578
0x
857C
0x
8580
0x
8584
0x
8588
0x
858C
0x
8590
0x
8594
0x
8598
0x
859C
0x
85A0
0x
85A4
0x
85A8
0x
85AC
0x
85B0
0x
85B4
0x
85B8
0x
85BC
0x
85C0
0x
85C4
0x
85C8
0x
85CC
0x
85D0
0x
85D4
0x
85D8
0x
85DC
0x
85E0
0x
85E4
0x
85E8
0x
85EC
0x
85F0
0x
85F4
0x
85F8
0x
85FC
0x
8600
0x
8604
0x
8608
0x
860C
0x
8610
0x
8614
0x
8618
0x
861C
0x
8620
0x
8624
0x
8628
0x
862C
0x
8630
0x
8634
0x
8638
0x
863C
0x
8640
0x
8644
0x
8648
0x
864C
0x
8650
0x
8654
0x
8658
0x
865C
0x
8660
0x
8664
0x
8668
0x
866C
0x
8670
0x
8674
0x
8678
0x
867C
0x
8680
0x
8684
0x
8688
0x
868C
0x
8690
0x
8694
0x
8698
0x
869C
0x
86A0
0x
86A4
0x
86A8
0x
86AC
0x
86B0
0x
86B4
0x
86B8
0x
86BC
0x
86C0
0x
86C4
0x
86C8
0x
86CC
0x
86D0
0x
86D4
0x
86D8
0x
86DC
0x
86E0
0x
86E4
0x
86E8
0x
86EC
0x
86F0
0x
86F4
0x
86F8
0x
86FC
0x
8700
0x
8704
0x
8708
0x
870C
0x
8710
0x
8714
0x
8718
0x
871C
0x
8720
0x
8724
0x
8728
0x
872C
0x
8730
0x
8734
0x
8738
0x
873C
0x
8740
0x
8744
0x
8748
0x
874C
0x
8750
0x
8754
0x
8758
0x
875C
0x
8760
0x
8764
0x
8768
0x
876C
0x
8770
0x
8774
0x
8778
0x
877C
0x
8780
0x
8784
0x
8788
0x
878C
0x
8790
0x
8794
0x
8798
0x
879C
0x
87A0
0x
87A4
0x
87A8
0x
87AC
0x
87B0
0x
87B4
0x
87B8
0x
87BC
0x
87C0
0x
87C4
0x
87C8
0x
87CC
0x
87D0
0x
87D4
0x
87D8
0x
87DC
0x
87E4
0x
87E8
0x
87EC
0x
87F0
0x
87F4
0x
87F8
0x
87FC
0x
8304
0x
708C
0x
7094
0x
70E8
0x
8804
0x
8808
0x
880C
0x
8810
0x
8814
0x
8820
0x
8824
0x
8828
0x
882C
0x
8830
0x
8834
0x
8838
0x
883C
0x
8840
0x
8844
0x
8848
0x
884C
0x
8850
0x
8854
0x
8858
0x
885C
0x
8860
0x
8864
0x
8868
0x
887C
0x
8880
0x
8884
0x
8888
0x
888C
0x
8890
0x
8894
0x
8898
0x
889C
0x
88A0
0x
88A4
0x
88A8
0x
88AC
0x
88B0
0x
88B4
0x
88B8
0x
88BC
0x
88C0
0x
88C4
0x
88C8
0x
88CC
0x
88D0
0x
88D4
0x
88D8
0x
88DC
0x
88EC
0x
88F0
0x
88F4
0x
88F8
0x
88FC
0x
8900
0x
8904
0x
8908
0x
890C
0x
8910
0x
8914
0x
8918
0x
891C
0x
8920
0x
8924
0x
8928
0x
892C
0x
8930
0x
8934
0x
8938
0x
893C
0x
8940
0x
8944
0x
8948
0x
8954
0x
8958
0x
895C
0x
8960
0x
8964
0x
8968
0x
896C
0x
8970
0x
8974
0x
8978
0x
897C
0x
8980
0x
8984
0x
8988
0x
898C
0x
8990
0x
8994
0x
8998
0x
899C
0x
89A0
0x
89A8
0x
89AC
0x
89B0
0x
89B4
0x
89B8
0x
89BC
0x
89C0
0x
89C4
0x
89C8
0x
89CC
0x
89D0
0x
89D4
0x
89D8
0x
89DC
0x
89E0
0x
89E4
0x
89E8
0x
89EC
0x
89F0
0x
89F4
0x
89F8
0x
89FC
0x
8A00
0x
8A04
0x
8A08
0x
8A0C
0x
8A10
0x
8A14
0x
8A18
0x
8A1C
0x
8A20
0x
8A24
0x
8A28
0x
8A2C
0x
8A30
0x
8A34
0x
8A38
0x
8A3C
0x
8A40
0x
8A44
0x
8A48
0x
8A4C
0x
8A50
0x
8A54
0x
8A58
0x
8A5C
0x
8A60
0x
8A64
0x
8A68
0x
8A6C
0x
8A70
0x
8A74
0x
8A78
0x
8A7C
0x
8A80
0x
8A84
0x
8A88
0x
8A8C
0x
8A90
0x
8A94
0x
8A98
0x
8A9C
0x
8AA0
0x
8AAC
0x
8AB0
0x
8AB4
0x
8AB8
0x
8ABC
0x
8AC0
0x
8AC4
0x
8AC8
0x
8ACC
0x
8AD0
0x
8AD4
0x
8AD8
0x
8ADC
0x
8AE0
0x
8AE4
0x
8AF4
0x
8AF8
0x
8AFC
0x
8B00
0x
8B04
0x
8B08
0x
8B0C
0x
8B10
0x
8B14
0x
8B18
0x
8B1C
0x
8B20
0x
8B24
0x
8B28
0x
8B2C
0x
8B48
0x
8B4C
0x
8B50
0x
8B54
0x
8B58
0x
8B5C
0x
8B60
0x
8B64
0x
8B68
0x
8B6C
0x
8B70
0x
8B74
0x
8B78
0x
8B7C
0x
8B80
0x
8B84
0x
8B88
0x
8B8C
0x
8B90
0x
8B94
0x
8B98
0x
8B9C
0x
8BA0
0x
8BA4
0x
8BA8
0x
8BAC
0x
8BB0
0x
8BB4
0x
8BB8
0x
8BBC
0x
8BC0
0x
8BC4
0x
8BC8
0x
8BCC
0x
8BD0
0x
8BD4
0x
8BD8
0x
8BDC
0x
8BE0
0x
8BE4
0x
8BE8
0x
8BEC
0x
8BF0
0x
8BF8
0x
8BFC
0x
88E4
0x
8878
0x
8C04
0x
8C08
0x
8C0C
0x
8C10
0x
8C14
0x
8C18
0x
8C1C
0x
8C20
0x
8C24
0x
8C28
0x
8C2C
0x
8C30
0x
8C34
0x
8C38
0x
8C40
0x
8C44
0x
8C48
0x
8C4C
0x
8C50
0x
8C54
0x
8C58
0x
8C5C
0x
8C60
0x
8C64
0x
8C68
0x
8C6C
0x
8C70
0x
8C74
0x
8C78
0x
8C7C
0x
8C80
0x
8C84
0x
8C88
0x
8C8C
0x
8C90
0x
8C94
0x
8C98
0x
8C9C
0x
8CA0
0x
8CA4
0x
8CA8
0x
8CAC
0x
8CB0
0x
8CB4
0x
8CB8
0x
8CBC
0x
8CC0
0x
8CC4
0x
8CC8
0x
8CCC
0x
8CD0
0x
8CD4
0x
8CD8
0x
8CDC
0x
8CE0
0x
8CE4
0x
8CE8
0x
8CEC
0x
8CF0
0x
8CF4
0x
8CF8
0x
8CFC
0x
8D00
0x
8D04
0x
8D08
0x
8D14
0x
8D18
0x
8D1C
0x
8D20
0x
8D24
0x
8D28
0x
8D2C
0x
8D30
0x
8D34
0x
8D38
0x
8D3C
0x
8D40
0x
8D44
0x
8D48
0x
8D4C
0x
8D50
0x
8D54
0x
8D58
0x
8D5C
0x
8D60
0x
8D64
0x
8D70
0x
8D74
0x
8D78
0x
8D7C
0x
8D80
0x
8D84
0x
8D88
0x
8D8C
0x
8D90
0x
8D94
0x
8D98
0x
8D9C
0x
8DA0
0x
8DA4
0x
8DA8
0x
8DAC
0x
8DB0
0x
8DB4
0x
8DB8
0x
8DBC
0x
8DC0
0x
8DC4
0x
8DC8
0x
8DCC
0x
8DD0
0x
8DD4
0x
8DD8
0x
8DE0
0x
8DE4
0x
8DE8
0x
8DEC
0x
8DF0
0x
8DF4
0x
8DF8
0x
8DFC
0x
8E00
0x
8E04
0x
8E08
0x
8E0C
0x
8E10
0x
8E14
0x
8E18
0x
8E1C
0x
8E20
0x
8E24
0x
8E28
0x
8E2C
0x
8E30
0x
8E34
0x
8E38
0x
8E3C
0x
8E40
0x
8E44
0x
8E48
0x
8E4C
0x
8E50
0x
8E54
0x
8E58
0x
8E5C
0x
8E60
0x
8E64
0x
8E68
0x
8E6C
0x
8E70
0x
8E74
0x
8E78
0x
8E7C
0x
8E80
0x
8E84
0x
8E8C
0x
8E90
0x
8E94
0x
8E98
0x
8E9C
0x
8EA0
0x
8EA4
0x
8EA8
0x
8EAC
0x
8EB0
0x
8EB4
0x
8EB8
0x
8EBC
0x
8EC0
0x
8EC4
0x
8EC8
0x
8ECC
0x
8ED0
0x
8ED4
0x
8ED8
0x
8EDC
0x
8EE8
0x
8EEC
0x
8EF0
0x
8EF4
0x
8EF8
0x
8EFC
0x
8F00
0x
8F04
0x
8F08
0x
8F0C
0x
8F10
0x
8F14
0x
8F18
0x
8F1C
0x
8F20
0x
8F24
0x
8F28
0x
8F2C
0x
8F30
0x
8F3C
0x
8F40
0x
8F44
0x
8F48
0x
8F4C
0x
8F50
0x
8F54
0x
8F58
0x
8F5C
0x
8F60
0x
8F64
0x
8F68
0x
8F6C
0x
8F70
0x
8F74
0x
8F78
0x
8F7C
0x
8F80
0x
8F84
0x
8F88
0x
8F8C
0x
8F90
0x
8F94
0x
8F98
0x
8F9C
0x
8FA0
0x
8FA4
0x
8FA8
0x
8FAC
0x
8FB0
0x
8FB4
0x
8FB8
0x
8FBC
0x
8FC0
0x
8FC4
0x
8FC8
0x
8FCC
0x
8FD0
0x
8FD4
0x
8FD8
0x
8FDC
0x
8FE0
0x
8FE4
0x
8FE8
0x
8FEC
0x
8FF0
0x
8FF4
0x
7EAC
0x
83C0
0x
9004
0x
9008
0x
900C
0x
9010
0x
9014
0x
9018
0x
901C
0x
9020
0x
9024
0x
9028
0x
902C
0x
9030
0x
9034
0x
9040
0x
9044
0x
9048
0x
904C
0x
9050
0x
9054
0x
9058
0x
905C
0x
9060
0x
9064
0x
9068
0x
906C
0x
9070
0x
9074
0x
9078
0x
907C
0x
9088
0x
908C
0x
9090
0x
9094
0x
9098
0x
909C
0x
90A0
0x
90A4
0x
90A8
0x
90AC
0x
90B0
0x
90B4
0x
90B8
0x
90BC
0x
90C0
0x
90C4
0x
90C8
0x
90CC
0x
90D0
0x
90D4
0x
90D8
0x
90DC
0x
90E0
0x
90E4
0x
90E8
0x
90EC
0x
90F0
0x
90F4
0x
90F8
0x
90FC
0x
9100
0x
9104
0x
9108
0x
910C
0x
9110
0x
9114
0x
9118
0x
911C
0x
9120
0x
9124
0x
9128
0x
912C
0x
9130
0x
9134
0x
913C
0x
9140
0x
9144
0x
9148
0x
914C
0x
9150
0x
9154
0x
9158
0x
915C
0x
9160
0x
9164
0x
9168
0x
916C
0x
9170
0x
9174
0x
9178
0x
917C
0x
9180
0x
9184
0x
918C
0x
9190
0x
9194
0x
9198
0x
919C
0x
91A0
0x
91A4
0x
91A8
0x
91AC
0x
91B0
0x
91B4
0x
91B8
0x
91BC
0x
91C0
0x
91C4
0x
91C8
0x
91CC
0x
91D0
0x
91D4
0x
91D8
0x
91DC
0x
91E0
0x
91E4
0x
91E8
0x
91EC
0x
91F0
0x
91F4
0x
91F8
0x
91FC
0x
9200
0x
9204
0x
9208
0x
920C
0x
9210
0x
9214
0x
9218
0x
921C
0x
9220
0x
9224
0x
9228
0x
922C
0x
9230
0x
9234
0x
9238
0x
923C
0x
9240
0x
9244
0x
9248
0x
924C
0x
9250
0x
9254
0x
9258
0x
925C
0x
9260
0x
9264
0x
9268
0x
926C
0x
9270
0x
9274
0x
9278
0x
927C
0x
9280
0x
9284
0x
9290
0x
9294
0x
9298
0x
929C
0x
92A0
0x
92A4
0x
92A8
0x
92AC
0x
92B0
0x
92B4
0x
92B8
0x
92BC
0x
92C0
0x
92C4
0x
92C8
0x
92CC
0x
92D0
0x
92D4
0x
92D8
0x
92DC
0x
92E0
0x
92E4
0x
92E8
0x
92EC
0x
92F0
0x
92F4
0x
92F8
0x
92FC
0x
9300
0x
9304
0x
9308
0x
930C
0x
9310
0x
9314
0x
9318
0x
931C
0x
9320
0x
9324
0x
9328
0x
932C
0x
9330
0x
9334
0x
9338
0x
933C
0x
9340
0x
9344
0x
9348
0x
934C
0x
9350
0x
9354
0x
9358
0x
935C
0x
9360
0x
9364
0x
9368
0x
936C
0x
9370
0x
9374
0x
9378
0x
937C
0x
9380
0x
9384
0x
9388
0x
938C
0x
9390
0x
9394
0x
9398
0x
939C
0x
93A0
0x
93A4
0x
93A8
0x
93AC
0x
93B0
0x
93B4
0x
93B8
0x
93BC
0x
93C0
0x
93C4
0x
93C8
0x
93CC
0x
93D0
0x
93D4
0x
93D8
0x
93DC
0x
93E0
0x
93E4
0x
93E8
0x
93EC
0x
93F0
0x
93F4
0x
93F8
0x
93FC
0x
903C
0x
9404
0x
9408
0x
940C
0x
9410
0x
9414
0x
9418
0x
941C
0x
9420
0x
9424
0x
9428
0x
942C
0x
9430
0x
9434
0x
9438
0x
943C
0x
9440
0x
9444
0x
9448
0x
944C
0x
9450
0x
9454
0x
9458
0x
945C
0x
9460
0x
9464
0x
9468
0x
946C
0x
9470
0x
9474
0x
9478
0x
947C
0x
9480
0x
9484
0x
9488
0x
948C
0x
9490
0x
9494
0x
9498
0x
949C
0x
94A0
0x
94A4
0x
94A8
0x
94AC
0x
94B0
0x
94B4
0x
94B8
0x
94BC
0x
94C0
0x
94C4
0x
94C8
0x
94CC
0x
94D0
0x
94D4
0x
94D8
0x
94DC
0x
94E0
0x
94E4
0x
94E8
0x
94EC
0x
94F0
0x
94F4
0x
94F8
0x
94FC
0x
9500
0x
9504
0x
9508
0x
950C
0x
9510
0x
9514
0x
9518
0x
951C
0x
9520
0x
9524
0x
9528
0x
952C
0x
9530
0x
9534
0x
9538
0x
953C
0x
9540
0x
9544
0x
9548
0x
954C
0x
9550
0x
9554
0x
9558
0x
955C
0x
9560
0x
9564
0x
9568
0x
956C
0x
9570
0x
9574
0x
9578
0x
957C
0x
9580
0x
9584
0x
9588
0x
958C
0x
9590
0x
9594
0x
9598
0x
959C
0x
95A0
0x
95A4
0x
95A8
0x
95B0
0x
95B4
0x
95B8
0x
95BC
0x
95C0
0x
95C4
0x
95C8
0x
95CC
0x
95D0
0x
95D4
0x
95D8
0x
95DC
0x
95E0
0x
95E4
0x
95E8
0x
95EC
0x
95F0
0x
95F4
0x
95F8
0x
95FC
0x
9600
0x
9604
0x
9608
0x
960C
0x
9610
0x
9614
0x
9618
0x
961C
0x
9620
0x
9624
0x
9628
0x
962C
0x
9630
0x
9634
0x
9638
0x
963C
0x
9640
0x
9644
0x
9648
0x
964C
0x
9650
0x
9654
0x
9658
0x
965C
0x
9660
0x
9664
0x
9668
0x
966C
0x
9670
0x
9674
0x
9678
0x
967C
0x
9680
0x
9684
0x
9688
0x
968C
0x
9690
0x
9694
0x
9698
0x
969C
0x
96A0
0x
96A4
0x
96A8
0x
96AC
0x
96B0
0x
96B4
0x
96B8
0x
96BC
0x
96C0
0x
96C4
0x
96C8
0x
96CC
0x
96D0
0x
96D4
0x
96D8
0x
96DC
0x
96E0
0x
96E4
0x
96E8
0x
96EC
0x
96F0
0x
96F4
0x
96F8
0x
96FC
0x
9700
0x
9704
0x
9708
0x
970C
0x
9710
0x
9714
0x
9718
0x
971C
0x
9720
0x
9724
0x
9728
0x
972C
0x
9730
0x
9734
0x
9738
0x
973C
0x
9740
0x
9744
0x
9748
0x
974C
0x
9750
0x
9754
0x
9758
0x
975C
0x
9760
0x
9764
0x
9768
0x
976C
0x
9770
0x
9774
0x
9778
0x
977C
0x
9780
0x
9784
0x
9788
0x
978C
0x
9790
0x
9794
0x
9798
0x
979C
0x
97A0
0x
97A4
0x
97A8
0x
97AC
0x
97B0
0x
97B4
0x
97B8
0x
97BC
0x
97C0
0x
97C4
0x
97C8
0x
97CC
0x
97D0
0x
97D4
0x
97D8
0x
97DC
0x
97E0
0x
97E4
0x
97E8
0x
97EC
0x
97F0
0x
97F4
0x
97F8
0x
97FC
0x
8D10
0x
8EE4
0x
8D6C
0x
8F38
0x
881C
0x
8870
0x
89A4
0x
8BF4
0x
8950
0x
8C3C
0x
9804
0x
9808
0x
980C
0x
9810
0x
9814
0x
9818
0x
981C
0x
9820
0x
9824
0x
9828
0x
982C
0x
9830
0x
9834
0x
9838
0x
983C
0x
9840
0x
9844
0x
9848
0x
984C
0x
9850
0x
9858
0x
985C
0x
9860
0x
9864
0x
9868
0x
986C
0x
9870
0x
9874
0x
9878
0x
987C
0x
9880
0x
9884
0x
9888
0x
988C
0x
9890
0x
9894
0x
9898
0x
989C
0x
98A0
0x
98A4
0x
98A8
0x
98AC
0x
98B0
0x
98B4
0x
98B8
0x
98BC
0x
98C0
0x
98C4
0x
98C8
0x
98CC
0x
98D0
0x
98D4
0x
98D8
0x
98DC
0x
98E0
0x
98E4
0x
98E8
0x
98EC
0x
98F0
0x
98F4
0x
98F8
0x
98FC
0x
9900
0x
9904
0x
9908
0x
990C
0x
9910
0x
9914
0x
9918
0x
991C
0x
9920
0x
9924
0x
9928
0x
992C
0x
9930
0x
9934
0x
9938
0x
993C
0x
9940
0x
9944
0x
9948
0x
994C
0x
9950
0x
9954
0x
9958
0x
995C
0x
9960
0x
9964
0x
9968
0x
996C
0x
9970
0x
9974
0x
9978
0x
997C
0x
9980
0x
9984
0x
9988
0x
998C
0x
9990
0x
9994
0x
9998
0x
999C
0x
99A0
0x
99A4
0x
99A8
0x
99AC
0x
99B0
0x
99B4
0x
99B8
0x
99BC
0x
99C0
0x
99C4
0x
99C8
0x
99CC
0x
99D0
0x
99D4
0x
99D8
0x
99DC
0x
99E0
0x
99E4
0x
99E8
0x
99EC
0x
99F0
0x
99F4
0x
99F8
0x
99FC
0x
9A00
0x
9A04
0x
9A08
0x
9A0C
0x
9A10
0x
9A14
0x
9A18
0x
9A1C
0x
9A20
0x
9A24
0x
9A28
0x
9A2C
0x
9A30
0x
9A34
0x
9A38
0x
9A3C
0x
9A40
0x
9A44
0x
9A48
0x
9A4C
0x
9A50
0x
9A54
0x
9A58
0x
9A5C
0x
9A60
0x
9A64
0x
9A68
0x
9A6C
0x
9A70
0x
9A74
0x
9A78
0x
9A7C
0x
9A80
0x
9A84
0x
9A88
0x
9A8C
0x
9A90
0x
9A94
0x
9A98
0x
9A9C
0x
9AA0
0x
9AA4
0x
9AA8
0x
9AAC
0x
9AB0
0x
9AB4
0x
9AB8
0x
9ABC
0x
9AC0
0x
9AC4
0x
9AC8
0x
9ACC
0x
9AD0
0x
9AD4
0x
9AD8
0x
9ADC
0x
9AE0
0x
9AE4
0x
9AE8
0x
9AEC
0x
9AF0
0x
9AF4
0x
9AF8
0x
9AFC
0x
9B00
0x
9B04
0x
9B08
0x
9B0C
0x
9B10
0x
9B14
0x
9B18
0x
9B1C
0x
9B20
0x
9B24
0x
9B28
0x
9B2C
0x
9B30
0x
9B34
0x
9B38
0x
9B3C
0x
9B40
0x
9B44
0x
9B48
0x
9B4C
0x
9B50
0x
9B54
0x
9B58
0x
9B5C
0x
9B60
0x
9B64
0x
9B68
0x
9B6C
0x
9B70
0x
9B74
0x
9B78
0x
9B7C
0x
9B80
0x
9B84
0x
9B88
0x
9B8C
0x
9B90
0x
9B94
0x
9B98
0x
9B9C
0x
9BA0
0x
9BA4
0x
9BA8
0x
9BAC
0x
9BB0
0x
9BB4
0x
9BB8
0x
9BBC
0x
9BC0
0x
9BC4
0x
9BC8
0x
9BCC
0x
9BD0
0x
9BD4
0x
9BD8
0x
9BDC
0x
9BE0
0x
9BE4
0x
9BE8
0x
9BEC
0x
9BF0
0x
9BF4
0x
9BF8
0x
9BFC
0x
8AF0
0x
88E8
0x
894C
0x
8AEC
0x
8AA4
0x
8D0C
0x
8D68
0x
8818
0x
886C
0x
8874
0x
88E0
0x
7E4C
0x
6B04
0x
6AC8
0x
6B08
0x
9C04
0x
9C08
0x
9C0C
0x
9C10
0x
9C14
0x
9C18
0x
9C1C
0x
9C20
0x
9C24
0x
9C28
0x
9C2C
0x
9C30
0x
9C34
0x
9C38
0x
9C3C
0x
9C40
0x
9C44
0x
9C48
0x
9C4C
0x
9C50
0x
9C54
0x
9C58
0x
9C5C
0x
9C60
0x
9C64
0x
9C68
0x
9C6C
0x
9C70
0x
9C74
0x
9C78
0x
9C7C
0x
9C80
0x
9C84
0x
9C88
0x
9C8C
0x
9C90
0x
9C94
0x
9C98
0x
9C9C
0x
9CA0
0x
9CA4
0x
9CA8
0x
9CAC
0x
9CB0
0x
9CB4
0x
9CB8
0x
9CBC
0x
9CC0
0x
9CC4
0x
9CC8
0x
9CCC
0x
9CD0
0x
9CD4
0x
9CD8
0x
9CDC
0x
9CE0
0x
9CE4
0x
9CE8
0x
9CEC
0x
9CF0
0x
9CF4
0x
9CF8
0x
9CFC
0x
9D00
0x
9D04
0x
9D08
0x
9D0C
0x
9D10
0x
9D14
0x
9D18
0x
9D1C
0x
9D20
0x
9D24
0x
9D28
0x
9D2C
0x
9D30
0x
9D34
0x
9D38
0x
9D3C
0x
9D40
0x
9D44
0x
9D48
0x
9D4C
0x
9D50
0x
9D54
0x
9D58
0x
9D5C
0x
9D60
0x
9D64
0x
9D68
0x
9D6C
0x
9D70
0x
9D74
0x
9D78
0x
9D7C
0x
9D80
0x
9D84
0x
9D88
0x
9D8C
0x
9D90
0x
9D94
0x
9D98
0x
9D9C
0x
9DA0
0x
9DA4
0x
9DA8
0x
9DAC
0x
9DB0
0x
9DB4
0x
9DB8
0x
9DBC
0x
9DC0
0x
9DC4
0x
9DC8
0x
9DCC
0x
9DD0
0x
9DD4
0x
9DD8
0x
9DDC
0x
9DE0
0x
9DE4
0x
9DE8
0x
9DEC
0x
9DF0
0x
9DF4
0x
9DF8
0x
9DFC
0x
9E00
0x
9E04
0x
9E08
0x
9E0C
0x
9E10
0x
9E14
0x
9E18
0x
9E1C
0x
9E20
0x
9E24
0x
9E28
0x
9E2C
0x
9E30
0x
9E34
0x
9E38
0x
9E3C
0x
9E40
0x
9E44
0x
9E48
0x
9E4C
0x
9E50
0x
9E54
0x
9E58
0x
9E5C
0x
9E60
0x
9E64
0x
9E68
0x
9E6C
0x
9E70
0x
9E74
0x
9E78
0x
9E7C
0x
9E80
0x
9E84
0x
9E88
0x
9E8C
0x
9E90
0x
9E94
0x
9E98
0x
9E9C
0x
9EA0
0x
9EA4
0x
9EA8
0x
9EAC
0x
9EB0
0x
9EB4
0x
9EB8
0x
9EBC
0x
9EC0
0x
9EC4
0x
9EC8
0x
9ECC
0x
9ED0
0x
9ED4
0x
9ED8
0x
9EDC
0x
9EE0
0x
9EE4
0x
9EE8
0x
9EEC
0x
9EF0
0x
9EF4
0x
9EF8
0x
9EFC
0x
9F00
0x
9F04
0x
9F08
0x
9F0C
0x
9F10
0x
9F14
0x
9F18
0x
9F1C
0x
9F20
0x
9F24
0x
9F28
0x
9F2C
0x
9F30
0x
9F34
0x
9F38
0x
9F3C
0x
9F40
0x
9F44
0x
9F48
0x
9F4C
0x
9F50
0x
9F54
0x
9F58
0x
9F5C
0x
9F60
0x
9F64
0x
9F68
0x
9F6C
0x
9F70
0x
9F74
0x
9F78
0x
9F7C
0x
9F80
0x
9F84
0x
9F88
0x
9F8C
0x
9F90
0x
9F94
0x
9F98
0x
9F9C
0x
9FA0
0x
9FA4
0x
9FA8
0x
9FAC
0x
9FB0
0x
9FB4
0x
9FB8
0x
9FBC
0x
9FC0
0x
9FC4
0x
9FC8
0x
9FCC
0x
9FD0
0x
9FD4
0x
9FD8
0x
9FDC
0x
9FE0
0x
9FE4
0x
9FE8
0x
9FEC
0x
9FF0
0x
9FF4
0x
9FF8
0x
9FFC
0x
A004
0x
A008
0x
A00C
0x
A010
0x
A014
0x
A018
0x
A01C
0x
A020
0x
A024
0x
A028
0x
A02C
0x
A030
0x
A034
0x
A038
0x
A03C
0x
A040
0x
A044
0x
A048
0x
A04C
0x
A050
0x
A054
0x
A058
0x
A05C
0x
A060
0x
A064
0x
A068
0x
A06C
0x
A070
0x
A074
0x
A078
0x
A07C
0x
A080
0x
A084
0x
A088
0x
A08C
0x
A090
0x
A094
0x
A098
0x
A09C
0x
A0A0
0x
A0A4
0x
A0A8
0x
A0AC
0x
A0B0
0x
A0B4
0x
A0B8
0x
A0BC
0x
A0C0
0x
A0C4
0x
A0C8
0x
A0CC
0x
A0D0
0x
A0D4
0x
A0D8
0x
A0DC
0x
A0E0
0x
A0E4
0x
A0E8
0x
A0EC
0x
A0F8
0x
A0FC
0x
A100
0x
A104
0x
A108
0x
A10C
0x
A110
0x
A114
0x
A118
0x
A11C
0x
A120
0x
A124
0x
A128
0x
A12C
0x
A130
0x
A134
0x
A138
0x
A13C
0x
A140
0x
A144
0x
A148
0x
A14C
0x
A150
0x
A154
0x
A158
0x
A15C
0x
A160
0x
A164
0x
A168
0x
A16C
0x
A170
0x
A174
0x
A178
0x
A17C
0x
A180
0x
A184
0x
A188
0x
A18C
0x
A190
0x
A194
0x
A198
0x
A19C
0x
A1A0
0x
A1A4
0x
A1A8
0x
A1AC
0x
A1B0
0x
A1B4
0x
A1B8
0x
A1BC
0x
A1C0
0x
A1C4
0x
A1C8
0x
A1CC
0x
A1D0
0x
A1D4
0x
A1D8
0x
A1DC
0x
A1E0
0x
A1E4
0x
A1E8
0x
A1EC
0x
A1F0
0x
A1F4
0x
A1F8
0x
A1FC
0x
A200
0x
A204
0x
A208
0x
A20C
0x
A210
0x
A214
0x
A218
0x
A21C
0x
A220
0x
A224
0x
A228
0x
A22C
0x
A230
0x
A234
0x
A238
0x
A23C
0x
A240
0x
A244
0x
A248
0x
A24C
0x
A250
0x
A254
0x
A258
0x
A25C
0x
A260
0x
A264
0x
A268
0x
A26C
0x
A270
0x
A274
0x
A278
0x
A27C
0x
A280
0x
A284
0x
A288
0x
A28C
0x
A290
0x
A294
0x
A298
0x
A29C
0x
A2A0
0x
A2A4
0x
A2A8
0x
A2AC
0x
A2B0
0x
A2B4
0x
A2B8
0x
A2BC
0x
A2C0
0x
A2C4
0x
A2C8
0x
A2CC
0x
A2D0
0x
A2D4
0x
A2D8
0x
A2DC
0x
A2E0
0x
A2E4
0x
A2E8
0x
A2EC
0x
A2F0
0x
A2F4
0x
A2F8
0x
A2FC
0x
A300
0x
A304
0x
A308
0x
A30C
0x
A310
0x
A314
0x
A318
0x
A31C
0x
A320
0x
A324
0x
A328
0x
A32C
0x
A330
0x
A334
0x
A338
0x
A33C
0x
A340
0x
A344
0x
A348
0x
A34C
0x
A350
0x
A354
0x
A358
0x
A35C
0x
A360
0x
A364
0x
A368
0x
A36C
0x
A370
0x
A374
0x
A378
0x
A37C
0x
A380
0x
A384
0x
A388
0x
A38C
0x
A390
0x
A394
0x
A398
0x
A39C
0x
A3A0
0x
A3A4
0x
A3A8
0x
A3AC
0x
A3B0
0x
A3B8
0x
A3BC
0x
A3C0
0x
A3C4
0x
A3C8
0x
A3CC
0x
A3D0
0x
A3D4
0x
A3D8
0x
A3DC
0x
A3E0
0x
A3E4
0x
A3E8
0x
A3EC
0x
A3F0
0x
A3F4
0x
A3F8
0x
A3FC
0x
A404
0x
A408
0x
A40C
0x
A410
0x
A414
0x
A41C
0x
A420
0x
A424
0x
A428
0x
A42C
0x
A430
0x
A434
0x
A438
0x
A43C
0x
A440
0x
A444
0x
A448
0x
A44C
0x
A450
0x
A454
0x
A458
0x
A45C
0x
A460
0x
A464
0x
A468
0x
A46C
0x
A470
0x
A474
0x
A478
0x
A47C
0x
A480
0x
A484
0x
A488
0x
A48C
0x
A490
0x
A494
0x
A498
0x
A49C
0x
A4A0
0x
A4A4
0x
A4A8
0x
A4AC
0x
A4B0
0x
A4B4
0x
A4B8
0x
A4BC
0x
A4C0
0x
A4C4
0x
A4C8
0x
A4CC
0x
A4D0
0x
A4D4
0x
A4D8
0x
A4DC
0x
A4E0
0x
A4F4
0x
A4F8
0x
A4FC
0x
A500
0x
A504
0x
A508
0x
A50C
0x
A510
0x
A514
0x
A518
0x
A51C
0x
A520
0x
A524
0x
A528
0x
A52C
0x
A530
0x
A534
0x
A538
0x
A53C
0x
A540
0x
A544
0x
A548
0x
A54C
0x
A554
0x
A558
0x
A55C
0x
A560
0x
A564
0x
A568
0x
A56C
0x
A570
0x
A574
0x
A578
0x
A57C
0x
A580
0x
A584
0x
A588
0x
A58C
0x
A590
0x
A594
0x
A598
0x
A5A0
0x
A59C
0x
A5A8
0x
A5AC
0x
A5B0
0x
A5B4
0x
A5B8
0x
A5BC
0x
A5C0
0x
A5C4
0x
A5C8
0x
A5CC
0x
A5D0
0x
A5D4
0x
A5D8
0x
A5DC
0x
A5E0
0x
A5E4
0x
A5E8
0x
A5EC
0x
A5F0
0x
A5F4
0x
A5F8
0x
A5FC
0x
A600
0x
A604
0x
A608
0x
A60C
0x
A610
0x
A614
0x
A618
0x
A61C
0x
A620
0x
A624
0x
A628
0x
A62C
0x
A630
0x
A634
0x
A638
0x
A63C
0x
A640
0x
A644
0x
A648
0x
A64C
0x
A650
0x
A654
0x
A658
0x
A65C
0x
A660
0x
A664
0x
A668
0x
A66C
0x
A670
0x
A674
0x
A678
0x
A67C
0x
A680
0x
A684
0x
A688
0x
A68C
0x
A690
0x
A694
0x
A698
0x
A69C
0x
A6A0
0x
A6A4
0x
A6A8
0x
A6AC
0x
A6B0
0x
A6B4
0x
A6B8
0x
A6BC
0x
A6C0
0x
A6C4
0x
A6C8
0x
A6CC
0x
A6D0
0x
A6D4
0x
A6D8
0x
A6DC
0x
A6E0
0x
A6E4
0x
A6E8
0x
A6EC
0x
A6F0
0x
A6F4
0x
A6F8
0x
A6FC
0x
A700
0x
A704
0x
A708
0x
A70C
0x
A710
0x
A714
0x
A718
0x
A71C
0x
A720
0x
A724
0x
A728
0x
A72C
0x
A730
0x
A734
0x
A738
0x
A73C
0x
A740
0x
A744
0x
A748
0x
A74C
0x
A750
0x
A754
0x
A758
0x
A75C
0x
A760
0x
A764
0x
A76C
0x
A770
0x
A774
0x
A778
0x
A77C
0x
A780
0x
A784
0x
A788
0x
A78C
0x
A790
0x
A794
0x
A798
0x
A79C
0x
A7A0
0x
A7A4
0x
A7A8
0x
A7AC
0x
A7B0
0x
A7B4
0x
A7B8
0x
A7BC
0x
A7C0
0x
A7C4
0x
A7C8
0x
A7CC
0x
A7D0
0x
A7D4
0x
A7D8
0x
A7DC
0x
A7E0
0x
A7E4
0x
A7E8
0x
A7EC
0x
A7F0
0x
A7F4
0x
A7F8
0x
A7FC
0x
A4E8
0x
4FC
0x
8308
0x
A804
0x
A808
0x
A80C
0x
A810
0x
A814
0x
A818
0x
A81C
0x
A820
0x
A824
0x
A828
0x
A82C
0x
A830
0x
A834
0x
A838
0x
A83C
0x
A840
0x
A844
0x
A848
0x
A84C
0x
A850
0x
A854
0x
A858
0x
A85C
0x
A860
0x
A864
0x
A868
0x
A86C
0x
A870
0x
A874
0x
A878
0x
A87C
0x
A880
0x
A884
0x
A888
0x
A88C
0x
A890
0x
A894
0x
A898
0x
A89C
0x
A8A0
0x
A8A4
0x
A8A8
0x
A8AC
0x
A8B0
0x
A8B4
0x
A8B8
0x
A8BC
0x
A8C0
0x
A8C4
0x
A8C8
0x
A8CC
0x
A8D0
0x
A8D4
0x
A8D8
0x
A8DC
0x
A8E0
0x
A8E4
0x
A8E8
0x
A8EC
0x
A8F0
0x
A8F4
0x
A8F8
0x
A8FC
0x
A900
0x
A904
0x
A908
0x
A90C
0x
A910
0x
A914
0x
A918
0x
A91C
0x
A920
0x
A924
0x
A928
0x
A92C
0x
A930
0x
A934
0x
A938
0x
A93C
0x
A940
0x
A944
0x
A948
0x
A94C
0x
A950
0x
A954
0x
A958
0x
A95C
0x
A960
0x
A964
0x
A968
0x
A974
0x
A978
0x
A97C
0x
A980
0x
A984
0x
A988
0x
A98C
0x
A990
0x
A994
0x
A998
0x
A99C
0x
A9A0
0x
A9A4
0x
A9A8
0x
A9AC
0x
A9B0
0x
A9B4
0x
A9B8
0x
A9BC
0x
A9C0
0x
A9C4
0x
A9C8
0x
A9CC
0x
A9D0
0x
A9D4
0x
A9D8
0x
A9DC
0x
A9E0
0x
A9E4
0x
A9E8
0x
A9EC
0x
A9F0
0x
A9F4
0x
A9F8
0x
A9FC
0x
AA00
0x
AA04
0x
AA08
0x
AA0C
0x
AA10
0x
AA14
0x
AA18
0x
AA1C
0x
AA24
0x
AA28
0x
AA2C
0x
AA30
0x
AA34
0x
AA38
0x
AA3C
0x
AA40
0x
AA44
0x
AA48
0x
AA4C
0x
AA50
0x
AA54
0x
AA58
0x
AA5C
0x
AA60
0x
AA64
0x
AA68
0x
AA6C
0x
AA70
0x
AA74
0x
AA78
0x
AA7C
0x
AA80
0x
AA84
0x
AA88
0x
AA8C
0x
AA90
0x
AA94
0x
AA98
0x
AA9C
0x
AAA0
0x
AAA4
0x
AAA8
0x
AAAC
0x
AAB0
0x
AAB4
0x
AAB8
0x
AABC
0x
AAC0
0x
AAC4
0x
AAC8
0x
AACC
0x
AAD0
0x
AAD4
0x
AAD8
0x
AADC
0x
AAE0
0x
AAE4
0x
AAE8
0x
AAEC
0x
AAF0
0x
AAF4
0x
AAF8
0x
AAFC
0x
AB00
0x
AB04
0x
AB08
0x
AB0C
0x
AB10
0x
AB14
0x
AB18
0x
AB1C
0x
AB20
0x
AB24
0x
AB28
0x
AB2C
0x
AB30
0x
AB34
0x
AB38
0x
AB3C
0x
AB40
0x
AB44
0x
AB48
0x
AB4C
0x
AB50
0x
AB54
0x
AB58
0x
AB5C
0x
AB60
0x
AB64
0x
AB68
0x
AB6C
0x
AB70
0x
AB74
0x
AB78
0x
AB7C
0x
AB80
0x
AB84
0x
AB88
0x
AB8C
0x
AB90
0x
AB94
0x
AB98
0x
AB9C
0x
ABA0
0x
ABA4
0x
ABA8
0x
ABAC
0x
ABB0
0x
ABB4
0x
ABB8
0x
ABBC
0x
ABC0
0x
ABC4
0x
ABC8
0x
ABCC
0x
ABD0
0x
ABD4
0x
ABD8
0x
ABDC
0x
ABE0
0x
ABE4
0x
ABE8
0x
ABEC
0x
ABF0
0x
ABF4
0x
ABF8
0x
ABFC
0x
AC04
0x
AC08
0x
AC0C
0x
AC10
0x
AC14
0x
AC18
0x
AC1C
0x
AC20
0x
AC24
0x
AC28
0x
AC2C
0x
AC30
0x
AC34
0x
AC38
0x
AC3C
0x
AC40
0x
AC44
0x
AC48
0x
AC4C
0x
AC50
0x
AC54
0x
AC58
0x
AC5C
0x
AC60
0x
AC64
0x
AC68
0x
AC6C
0x
AC70
0x
AC74
0x
AC78
0x
AC7C
0x
AC80
0x
AC84
0x
AC88
0x
AC8C
0x
AC90
0x
AC94
0x
AC98
0x
AC9C
0x
ACA0
0x
ACA4
0x
ACA8
0x
ACAC
0x
ACB0
0x
ACB4
0x
ACB8
0x
ACBC
0x
ACC0
0x
ACC4
0x
ACC8
0x
ACCC
0x
ACD0
0x
ACD4
0x
ACD8
0x
ACDC
0x
ACE0
0x
ACE4
0x
ACEC
0x
ACF0
0x
ACF4
0x
ACF8
0x
ACFC
0x
AD00
0x
AD04
0x
AD08
0x
AD0C
0x
AD10
0x
AD14
0x
AD18
0x
AD1C
0x
AD20
0x
AD24
0x
AD28
0x
AD2C
0x
AD30
0x
AD34
0x
AD3C
0x
AD40
0x
AD44
0x
AD48
0x
AD4C
0x
AD50
0x
AD54
0x
AD58
0x
AD5C
0x
AD60
0x
AD64
0x
AD68
0x
AD6C
0x
AD70
0x
AD74
0x
AD78
0x
AD7C
0x
AD80
0x
AD84
0x
AD88
0x
AD8C
0x
AD90
0x
AD94
0x
AD98
0x
AD9C
0x
ADA0
0x
ADA4
0x
ADA8
0x
ADAC
0x
ADB0
0x
ADB4
0x
ADB8
0x
ADBC
0x
ADC0
0x
ADC4
0x
ADC8
0x
ADCC
0x
ADD0
0x
ADD4
0x
ADD8
0x
ADDC
0x
ADE0
0x
ADE4
0x
ADE8
0x
ADEC
0x
ADF0
0x
ADF4
0x
ADF8
0x
ADFC
0x
AE00
0x
AE04
0x
AE08
0x
AE0C
0x
AE10
0x
AE14
0x
AE18
0x
AE1C
0x
AE20
0x
AE24
0x
AE28
0x
AE2C
0x
AE30
0x
AE34
0x
AE38
0x
AE3C
0x
AE40
0x
AE44
0x
AE48
0x
AE4C
0x
AE50
0x
AE54
0x
AE58
0x
AE5C
0x
AE60
0x
AE64
0x
AE68
0x
AE6C
0x
AE70
0x
AE74
0x
AE78
0x
AE7C
0x
AE80
0x
AE84
0x
AE88
0x
AE8C
0x
AE90
0x
AE94
0x
AE98
0x
AE9C
0x
AEA0
0x
AEA4
0x
AEA8
0x
AEAC
0x
AEB0
0x
AEB4
0x
AEB8
0x
AEBC
0x
AEC0
0x
AEC4
0x
AEC8
0x
AECC
0x
AED0
0x
AED4
0x
AED8
0x
AEDC
0x
AEE0
0x
AEE4
0x
AEE8
0x
AEEC
0x
AEF0
0x
AEF4
0x
AEF8
0x
AEFC
0x
AF00
0x
AF04
0x
AF08
0x
AF0C
0x
AF10
0x
AF14
0x
AF18
0x
AF1C
0x
AF20
0x
AF24
0x
AF28
0x
AF2C
0x
AF30
0x
AF34
0x
AF38
0x
AF3C
0x
AF40
0x
AF44
0x
AF48
0x
AF4C
0x
AF50
0x
AF54
0x
AF58
0x
AF5C
0x
AF60
0x
AF64
0x
AF68
0x
AF6C
0x
AF70
0x
AF74
0x
AF78
0x
AF7C
0x
AF80
0x
AF84
0x
AF88
0x
AF8C
0x
AF90
0x
AF94
0x
AF98
0x
AF9C
0x
AFA0
0x
AFA4
0x
AFA8
0x
AFAC
0x
AFB0
0x
AFB4
0x
AFB8
0x
AFBC
0x
AFC0
0x
AFC4
0x
AFC8
0x
AFCC
0x
AFD0
0x
AFD4
0x
AFD8
0x
AFDC
0x
AFE0
0x
AFE4
0x
AFE8
0x
AFEC
0x
AFF0
0x
AFF4
0x
AFF8
0x
AFFC
0x
B004
0x
B008
0x
B00C
0x
B014
0x
B018
0x
B01C
0x
B020
0x
B024
0x
B028
0x
B02C
0x
B030
0x
B034
0x
B038
0x
B03C
0x
B040
0x
B044
0x
B048
0x
B04C
0x
B050
0x
B054
0x
B058
0x
B05C
0x
B060
0x
B064
0x
B068
0x
B06C
0x
B070
0x
B074
0x
B078
0x
B07C
0x
B080
0x
B084
0x
B088
0x
B08C
0x
B090
0x
B094
0x
B098
0x
B09C
0x
B0A0
0x
B0A4
0x
B0A8
0x
B0AC
0x
B0B0
0x
B0B4
0x
B0B8
0x
B0BC
0x
B0C0
0x
B0C4
0x
B0C8
0x
B0CC
0x
B0D0
0x
B0D4
0x
B0D8
0x
B0DC
0x
B0E0
0x
B0E4
0x
B0E8
0x
B0EC
0x
B0F0
0x
B0F4
0x
B0F8
0x
B0FC
0x
B108
0x
B10C
0x
B110
0x
B114
0x
B118
0x
B11C
0x
B120
0x
B134
0x
B138
0x
B13C
0x
B140
0x
B144
0x
B148
0x
B14C
0x
B150
0x
B154
0x
B158
0x
B15C
0x
B160
0x
B164
0x
B168
0x
B16C
0x
B170
0x
B174
0x
B178
0x
B17C
0x
B180
0x
B184
0x
B188
0x
B18C
0x
B190
0x
B194
0x
B198
0x
B19C
0x
B1A0
0x
B1A4
0x
B1A8
0x
B1AC
0x
B1B0
0x
B1B4
0x
B1B8
0x
B1BC
0x
B1C0
0x
B1C4
0x
B1C8
0x
B1CC
0x
B1D0
0x
B1D4
0x
B1D8
0x
B1DC
0x
B1E0
0x
B1E4
0x
B1E8
0x
B1EC
0x
B1F0
0x
B1F4
0x
B1F8
0x
B1FC
0x
B200
0x
B204
0x
B208
0x
B20C
0x
B210
0x
B214
0x
B218
0x
B21C
0x
B220
0x
B224
0x
B234
0x
B238
0x
B23C
0x
B240
0x
B244
0x
B248
0x
B24C
0x
B250
0x
B254
0x
B258
0x
B25C
0x
B260
0x
B264
0x
B268
0x
B26C
0x
B270
0x
B274
0x
B278
0x
B27C
0x
B280
0x
B284
0x
B288
0x
B28C
0x
B290
0x
B294
0x
B298
0x
B29C
0x
B2A0
0x
B2A4
0x
B2A8
0x
B2AC
0x
B2B0
0x
B2B4
0x
B2B8
0x
B2BC
0x
B2C0
0x
B2C4
0x
B2C8
0x
B2CC
0x
B2D0
0x
B2D4
0x
B2D8
0x
B2DC
0x
B2E0
0x
B2E4
0x
B2E8
0x
B2EC
0x
B2F0
0x
B2F4
0x
B2F8
0x
B2FC
0x
B300
0x
B304
0x
B310
0x
B314
0x
B318
0x
B31C
0x
B320
0x
B324
0x
B328
0x
B32C
0x
B330
0x
B334
0x
B338
0x
B33C
0x
B340
0x
B344
0x
B348
0x
B34C
0x
B350
0x
B354
0x
B358
0x
B35C
0x
B360
0x
B364
0x
B368
0x
B36C
0x
B370
0x
B374
0x
B378
0x
B37C
0x
B380
0x
B384
0x
B388
0x
B38C
0x
B390
0x
B394
0x
B398
0x
B39C
0x
B3A0
0x
B3A4
0x
B3A8
0x
B3AC
0x
B3B0
0x
B3B4
0x
B3B8
0x
B3BC
0x
B3C0
0x
B3C4
0x
B3C8
0x
B3CC
0x
B3D0
0x
B3D4
0x
B3D8
0x
B3DC
0x
B3E0
0x
B3E4
0x
B3E8
0x
B3EC
0x
B3F0
0x
B3F4
0x
B3F8
0x
B3FC
0x
B404
0x
B408
0x
B40C
0x
B410
0x
B414
0x
B418
0x
B41C
0x
B420
0x
B424
0x
B428
0x
B42C
0x
B430
0x
B434
0x
B438
0x
B43C
0x
B440
0x
B444
0x
B448
0x
B44C
0x
B450
0x
B454
0x
B458
0x
B45C
0x
B464
0x
B468
0x
B46C
0x
B470
0x
B474
0x
B478
0x
B47C
0x
B480
0x
B484
0x
B488
0x
B48C
0x
B490
0x
B494
0x
B498
0x
B49C
0x
B4A0
0x
B4A4
0x
B4A8
0x
B4AC
0x
B4B0
0x
B4B4
0x
B4B8
0x
B4BC
0x
B4C0
0x
B4C4
0x
B4C8
0x
B4CC
0x
B4D0
0x
B4D4
0x
B4D8
0x
B4DC
0x
B4E0
0x
B4E4
0x
B4E8
0x
B4EC
0x
B4F0
0x
B4F4
0x
B4F8
0x
B4FC
0x
B500
0x
B504
0x
B508
0x
B50C
0x
B510
0x
B514
0x
B518
0x
B51C
0x
B520
0x
B524
0x
B528
0x
B52C
0x
B530
0x
B534
0x
B538
0x
B53C
0x
B540
0x
B544
0x
B548
0x
B54C
0x
B550
0x
B554
0x
B558
0x
B55C
0x
B560
0x
B564
0x
B568
0x
B56C
0x
B570
0x
B574
0x
B578
0x
B57C
0x
B580
0x
B584
0x
B588
0x
B58C
0x
B590
0x
B594
0x
B598
0x
B59C
0x
B5A0
0x
B5A4
0x
B5A8
0x
B5AC
0x
B5B0
0x
B5B4
0x
B5B8
0x
B5BC
0x
B5C0
0x
B5C4
0x
B5C8
0x
B5CC
0x
B5D0
0x
B5D4
0x
B5D8
0x
B5DC
0x
B5E0
0x
B5E4
0x
B5E8
0x
B5EC
0x
B5F0
0x
B5F4
0x
B5F8
0x
B5FC
0x
B600
0x
B604
0x
B608
0x
B60C
0x
B610
0x
B614
0x
B618
0x
B61C
0x
B620
0x
B624
0x
B628
0x
B62C
0x
B630
0x
B634
0x
B638
0x
B63C
0x
B640
0x
B644
0x
B648
0x
B64C
0x
B650
0x
B654
0x
B658
0x
B65C
0x
B660
0x
B664
0x
B668
0x
B66C
0x
B670
0x
B674
0x
B678
0x
B67C
0x
B680
0x
B684
0x
B688
0x
B68C
0x
B690
0x
B694
0x
B698
0x
B69C
0x
B6A0
0x
B6A4
0x
B6A8
0x
B6AC
0x
B6B0
0x
B6B4
0x
B6B8
0x
B6BC
0x
B6C0
0x
B6C4
0x
B6C8
0x
B6CC
0x
B6D0
0x
B6D4
0x
B6D8
0x
B6DC
0x
B6E0
0x
B6E4
0x
B6E8
0x
B6EC
0x
B6F0
0x
B6F4
0x
B6FC
0x
B700
0x
B704
0x
B708
0x
B70C
0x
B710
0x
B714
0x
B718
0x
B71C
0x
B720
0x
B724
0x
B728
0x
B72C
0x
B730
0x
B734
0x
B738
0x
B73C
0x
B740
0x
B744
0x
B748
0x
B74C
0x
B750
0x
B754
0x
B758
0x
B75C
0x
B760
0x
B764
0x
B768
0x
B76C
0x
B770
0x
B774
0x
B778
0x
B77C
0x
B780
0x
B784
0x
B788
0x
B78C
0x
B790
0x
B794
0x
B798
0x
B79C
0x
B7A0
0x
B7A4
0x
B7A8
0x
B7AC
0x
B7B0
0x
B7B4
0x
B7B8
0x
B7BC
0x
B7C0
0x
B7C4
0x
B7C8
0x
B7CC
0x
B7D0
0x
B7D4
0x
B7D8
0x
B7DC
0x
B7E0
0x
B7E4
0x
B7E8
0x
B7EC
0x
B7F0
0x
B7F4
0x
B7F8
0x
B22C
0x
B130
0x
750
0x
E44
0x
B804
0x
B808
0x
B80C
0x
B810
0x
B814
0x
B818
0x
B81C
0x
B820
0x
B824
0x
B828
0x
B82C
0x
B830
0x
B834
0x
B838
0x
B83C
0x
B840
0x
B844
0x
B848
0x
B84C
0x
B850
0x
B854
0x
B858
0x
B85C
0x
B860
0x
B864
0x
B868
0x
B86C
0x
B870
0x
B874
0x
B878
0x
B87C
0x
B880
0x
B884
0x
B888
0x
B88C
0x
B890
0x
B894
0x
B898
0x
B89C
0x
B8A0
0x
B8A4
0x
B8A8
0x
B8AC
0x
B8B0
0x
B8B4
0x
B8B8
0x
B8BC
0x
B8C0
0x
B8C4
0x
B8C8
0x
B8CC
0x
B8D0
0x
B8D4
0x
B8D8
0x
B8DC
0x
B8E0
0x
B8E4
0x
B8E8
0x
B8EC
0x
B8F0
0x
B8F4
0x
B8F8
0x
B8FC
0x
B900
0x
B904
0x
B908
0x
B90C
0x
B910
0x
B914
0x
B918
0x
B91C
0x
B920
0x
B924
0x
B928
0x
B92C
0x
B930
0x
B934
0x
B938
0x
B93C
0x
B940
0x
B944
0x
B948
0x
B94C
0x
B950
0x
B954
0x
B958
0x
B968
0x
B96C
0x
B970
0x
B974
0x
B978
0x
B97C
0x
B980
0x
B984
0x
B988
0x
B98C
0x
B990
0x
B994
0x
B998
0x
B99C
0x
B9A0
0x
B9A4
0x
B9A8
0x
B9AC
0x
B9B0
0x
B9B4
0x
B9B8
0x
B9BC
0x
B9C0
0x
B9C4
0x
B9C8
0x
B9CC
0x
B9D0
0x
B9D4
0x
B9D8
0x
B9DC
0x
B9E0
0x
B9E4
0x
B9E8
0x
B9EC
0x
B9F0
0x
B9F4
0x
B9F8
0x
B9FC
0x
BA00
0x
BA04
0x
BA08
0x
BA0C
0x
BA10
0x
BA14
0x
BA18
0x
BA1C
0x
BA20
0x
BA24
0x
BA28
0x
BA2C
0x
BA30
0x
BA34
0x
BA38
0x
BA3C
0x
BA40
0x
BA44
0x
BA48
0x
BA4C
0x
BA50
0x
BA54
0x
BA58
0x
BA5C
0x
BA60
0x
BA64
0x
BA68
0x
BA6C
0x
BA70
0x
BA74
0x
BA78
0x
BA7C
0x
BA80
0x
BA84
0x
BA88
0x
BA8C
0x
BA90
0x
BA94
0x
BA98
0x
BA9C
0x
BAA4
0x
BAA8
0x
BAAC
0x
BAB0
0x
BAB4
0x
BAB8
0x
BABC
0x
BAC0
0x
BAC4
0x
BAC8
0x
BACC
0x
BAD0
0x
BAD4
0x
BAD8
0x
BADC
0x
BAE0
0x
BAE4
0x
BAE8
0x
BAEC
0x
BAF0
0x
BAF4
0x
BAF8
0x
BAFC
0x
BB00
0x
BB04
0x
BB08
0x
BB0C
0x
BB10
0x
BB14
0x
BB18
0x
BB1C
0x
BB20
0x
BB24
0x
BB28
0x
BB2C
0x
BB30
0x
BB34
0x
BB38
0x
BB3C
0x
BB40
0x
BB44
0x
BB48
0x
BB4C
0x
BB50
0x
BB54
0x
BB58
0x
BB5C
0x
BB60
0x
BB64
0x
BB68
0x
BB6C
0x
BB70
0x
BB74
0x
BB78
0x
BB7C
0x
BB80
0x
BB84
0x
BB88
0x
BB8C
0x
BB90
0x
BB94
0x
BB98
0x
BB9C
0x
BBA0
0x
BBA4
0x
BBA8
0x
BBAC
0x
BBB0
0x
BBB4
0x
BBB8
0x
BBBC
0x
BBC0
0x
BBC4
0x
BBC8
0x
BBCC
0x
BBD0
0x
BBD4
0x
BBD8
0x
BBDC
0x
BBE0
0x
BBE4
0x
BBE8
0x
BBEC
0x
BBF0
0x
BBF4
0x
BBF8
0x
BBFC
0x
BC04
0x
BC08
0x
BC0C
0x
BC10
0x
BC14
0x
BC18
0x
BC1C
0x
BC20
0x
BC24
0x
BC28
0x
BC2C
0x
BC30
0x
BC34
0x
BC38
0x
BC3C
0x
BC40
0x
BC44
0x
BC48
0x
BC4C
0x
BC50
0x
BC54
0x
BC58
0x
BC5C
0x
BC60
0x
BC64
0x
BC68
0x
BC6C
0x
BC70
0x
BC74
0x
BC78
0x
BC7C
0x
BC80
0x
BC84
0x
BC88
0x
BC8C
0x
BC90
0x
BC94
0x
BC98
0x
BC9C
0x
BCA0
0x
BCA4
0x
BCA8
0x
BCAC
0x
BCC0
0x
BCC4
0x
BCC8
0x
BCCC
0x
BCD0
0x
BCD4
0x
BCD8
0x
BCDC
0x
BCE0
0x
BCE4
0x
BCE8
0x
BCEC
0x
BCF0
0x
BCF4
0x
BCF8
0x
BCFC
0x
BD00
0x
BD04
0x
BD08
0x
BD0C
0x
BD10
0x
BD14
0x
BD18
0x
BD1C
0x
BD20
0x
BD24
0x
BD28
0x
BD2C
0x
BD30
0x
BD34
0x
BD38
0x
BD3C
0x
BD40
0x
BD44
0x
BD48
0x
BD4C
0x
BD50
0x
BD54
0x
BD58
0x
BD5C
0x
BD60
0x
BD64
0x
BD68
0x
BD6C
0x
BD70
0x
BD74
0x
BD78
0x
BD7C
0x
BD80
0x
BD84
0x
BD88
0x
BD8C
0x
BD90
0x
BD94
0x
BD98
0x
BD9C
0x
BDA0
0x
BDA4
0x
BDA8
0x
BDB0
0x
BDB4
0x
BDB8
0x
BDBC
0x
BDC0
0x
BDC4
0x
BDC8
0x
BDCC
0x
BDD0
0x
BDD4
0x
BDD8
0x
BDDC
0x
BDE0
0x
BDE4
0x
BDE8
0x
BDEC
0x
BDF0
0x
BDF4
0x
BDF8
0x
BDFC
0x
BE00
0x
BE04
0x
BE08
0x
BE0C
0x
BE10
0x
BE14
0x
BE18
0x
BE1C
0x
BE20
0x
BE24
0x
BE28
0x
BE2C
0x
BE30
0x
BE34
0x
BE38
0x
BE3C
0x
BE40
0x
BE44
0x
BE48
0x
BE4C
0x
BE50
0x
BE54
0x
BE58
0x
BE5C
0x
BE60
0x
BE64
0x
BE68
0x
BE6C
0x
BE70
0x
BE74
0x
BE78
0x
BE7C
0x
BE80
0x
BE84
0x
BE88
0x
BE8C
0x
BE90
0x
BE94
0x
BE98
0x
BE9C
0x
BEA0
0x
BEA4
0x
BEA8
0x
BEAC
0x
BEB0
0x
BEB4
0x
BEB8
0x
BEBC
0x
BEC0
0x
BEC4
0x
BEC8
0x
BECC
0x
BED0
0x
BED4
0x
BED8
0x
BEDC
0x
BEE0
0x
BEE4
0x
BEE8
0x
BEEC
0x
BEF0
0x
BEF4
0x
BEF8
0x
BEFC
0x
BF00
0x
BF04
0x
BF08
0x
BF0C
0x
BF10
0x
BF14
0x
BF18
0x
BF1C
0x
BF20
0x
BF24
0x
BF28
0x
BF2C
0x
BF30
0x
BF34
0x
BF38
0x
BF3C
0x
BF40
0x
BF44
0x
BF48
0x
BF4C
0x
BF50
0x
BF54
0x
BF58
0x
BF5C
0x
BF60
0x
BF64
0x
BF68
0x
BF6C
0x
BF70
0x
BF74
0x
BF78
0x
BF7C
0x
BF80
0x
BF84
0x
BF88
0x
BF8C
0x
BF90
0x
BF94
0x
BF98
0x
BF9C
0x
BFA0
0x
BFA4
0x
BFA8
0x
BFAC
0x
BFB0
0x
BFB4
0x
BFB8
0x
BFBC
0x
BFC0
0x
BFC4
0x
BFC8
0x
BFCC
0x
BFD0
0x
BFD4
0x
BFD8
0x
BFDC
0x
BFE0
0x
BFE4
0x
BFE8
0x
BFEC
0x
BFF0
0x
BFF4
0x
BFF8
0x
BFFC
0x
A5A8
0x
C004
0x
C008
0x
C00C
0x
C010
0x
C014
0x
C018
0x
C01C
0x
C020
0x
C024
0x
C028
0x
C02C
0x
C030
0x
C034
0x
C038
0x
C03C
0x
C040
0x
C044
0x
C048
0x
C04C
0x
C050
0x
C054
0x
C058
0x
C05C
0x
C060
0x
C064
0x
C068
0x
C06C
0x
C070
0x
C074
0x
C078
0x
C07C
0x
C080
0x
C084
0x
C088
0x
C08C
0x
C090
0x
C094
0x
C098
0x
C09C
0x
C0A0
0x
C0A4
0x
C0A8
0x
C0AC
0x
C0B0
0x
C0B4
0x
C0B8
0x
C0BC
0x
C0C0
0x
C0C4
0x
C0C8
0x
C0CC
0x
C0D0
0x
C0D4
0x
C0D8
0x
C0DC
0x
C0E0
0x
C0E4
0x
C0E8
0x
C0EC
0x
C0F0
0x
C0F4
0x
C0F8
0x
C0FC
0x
C100
0x
C104
0x
C108
0x
C10C
0x
C110
0x
C114
0x
C118
0x
C11C
0x
C120
0x
C124
0x
C128
0x
C12C
0x
C130
0x
C13C
0x
C140
0x
C144
0x
C148
0x
C14C
0x
C150
0x
C154
0x
C158
0x
C15C
0x
C160
0x
C164
0x
C168
0x
C16C
0x
C170
0x
C174
0x
C178
0x
C17C
0x
C180
0x
C184
0x
C188
0x
C18C
0x
C190
0x
C194
0x
C198
0x
C19C
0x
C1A0
0x
C1A4
0x
C1A8
0x
C1AC
0x
C1B0
0x
C1B4
0x
C1B8
0x
C1BC
0x
C1C0
0x
C1C4
0x
C1C8
0x
C1CC
0x
C1D0
0x
C1D4
0x
C1D8
0x
C1DC
0x
C1E0
0x
C1E4
0x
C1E8
0x
C1EC
0x
C1F0
0x
C1F4
0x
C1F8
0x
C1FC
0x
C200
0x
C204
0x
C208
0x
C20C
0x
C210
0x
C214
0x
C218
0x
C21C
0x
C220
0x
C224
0x
C228
0x
C22C
0x
C230
0x
C234
0x
C238
0x
C23C
0x
C240
0x
C244
0x
C248
0x
C24C
0x
C250
0x
C254
0x
C258
0x
C25C
0x
C260
0x
C264
0x
C268
0x
C26C
0x
C270
0x
C274
0x
C278
0x
C27C
0x
C288
0x
C28C
0x
C290
0x
C294
0x
C298
0x
C29C
0x
C2A0
0x
C2A4
0x
C2A8
0x
C2AC
0x
C2B0
0x
C2B4
0x
C2B8
0x
C2BC
0x
C2C0
0x
C2C4
0x
C2C8
0x
C2CC
0x
C2D0
0x
C2D4
0x
C2D8
0x
C2DC
0x
C2E0
0x
C2E4
0x
C2E8
0x
C2EC
0x
C2F0
0x
C2F4
0x
C2F8
0x
C2FC
0x
C300
0x
C304
0x
C308
0x
C30C
0x
C310
0x
C314
0x
C318
0x
C31C
0x
C320
0x
C324
0x
C328
0x
C32C
0x
C330
0x
C334
0x
C338
0x
C33C
0x
C340
0x
C344
0x
C348
0x
C34C
0x
C350
0x
C354
0x
C358
0x
C35C
0x
C360
0x
C364
0x
C368
0x
C36C
0x
C370
0x
C374
0x
C378
0x
C37C
0x
C380
0x
C384
0x
C388
0x
C38C
0x
C390
0x
C394
0x
C398
0x
C39C
0x
C3A0
0x
C3A4
0x
C3A8
0x
C3AC
0x
C3B0
0x
C3B4
0x
C3B8
0x
C3BC
0x
C3C0
0x
C3C4
0x
C3C8
0x
C3CC
0x
C3D0
0x
C3D4
0x
C3D8
0x
C3DC
0x
C3E0
0x
C3E4
0x
C3E8
0x
C3EC
0x
C3F0
0x
C3F4
0x
C3F8
0x
C3FC
0x
ACE8
0x
C404
0x
C408
0x
C40C
0x
C410
0x
C414
0x
C418
0x
C41C
0x
C420
0x
C424
0x
C428
0x
C42C
0x
C430
0x
C434
0x
C438
0x
C43C
0x
C440
0x
C444
0x
C448
0x
C44C
0x
C450
0x
C454
0x
C458
0x
C45C
0x
C460
0x
C464
0x
C468
0x
C46C
0x
C470
0x
C474
0x
C478
0x
C47C
0x
C480
0x
C484
0x
C488
0x
C48C
0x
C490
0x
C494
0x
C498
0x
C49C
0x
C4A0
0x
C4A4
0x
C4A8
0x
C4AC
0x
C4B0
0x
C4B4
0x
C4B8
0x
C4BC
0x
C4C0
0x
C4C4
0x
C4C8
0x
C4CC
0x
C4D0
0x
C4D4
0x
C4D8
0x
C4DC
0x
C4E0
0x
C4E4
0x
C4E8
0x
C4EC
0x
C4F0
0x
C4F4
0x
C4F8
0x
C4FC
0x
C500
0x
C504
0x
C508
0x
C50C
0x
C510
0x
C514
0x
C518
0x
C51C
0x
C520
0x
C524
0x
C528
0x
C52C
0x
C530
0x
C534
0x
C538
0x
C53C
0x
C540
0x
C544
0x
C548
0x
C550
0x
C554
0x
C558
0x
C55C
0x
C560
0x
C564
0x
C568
0x
C56C
0x
C570
0x
C574
0x
C578
0x
C57C
0x
C580
0x
C584
0x
C588
0x
C58C
0x
C590
0x
C594
0x
C598
0x
C59C
0x
C5A0
0x
C5A4
0x
C5A8
0x
C5AC
0x
C5B0
0x
C5B4
0x
C5B8
0x
C5BC
0x
C5C0
0x
C5C4
0x
C5C8
0x
C5CC
0x
C5D0
0x
C5D4
0x
C5D8
0x
C5DC
0x
C5E0
0x
C5E4
0x
C5E8
0x
C5EC
0x
C5F0
0x
C5F4
0x
C5F8
0x
C5FC
0x
C600
0x
C604
0x
C608
0x
C60C
0x
C610
0x
C614
0x
C618
0x
C61C
0x
C620
0x
C624
0x
C628
0x
C62C
0x
C630
0x
C634
0x
C638
0x
C63C
0x
C644
0x
C648
0x
C64C
0x
C650
0x
C654
0x
C658
0x
C65C
0x
C660
0x
C664
0x
C668
0x
C66C
0x
C670
0x
C674
0x
C678
0x
C67C
0x
C680
0x
C684
0x
C688
0x
C68C
0x
C690
0x
C694
0x
C698
0x
C69C
0x
C6A0
0x
C6A4
0x
C6A8
0x
C6AC
0x
C6B0
0x
C6B4
0x
C6B8
0x
C6BC
0x
C6C0
0x
C6C4
0x
C6C8
0x
C6CC
0x
C6D0
0x
C6D4
0x
C6D8
0x
C6DC
0x
C6E0
0x
C6E4
0x
C6E8
0x
C6EC
0x
C6F0
0x
C6F4
0x
C6F8
0x
C6FC
0x
C700
0x
C704
0x
C708
0x
C70C
0x
C714
0x
C718
0x
C71C
0x
C720
0x
C724
0x
C728
0x
C72C
0x
C730
0x
C734
0x
C738
0x
C73C
0x
C740
0x
C744
0x
C748
0x
C74C
0x
C750
0x
C754
0x
C758
0x
C75C
0x
C760
0x
C764
0x
C768
0x
C76C
0x
C770
0x
C774
0x
C778
0x
C77C
0x
C780
0x
C784
0x
C788
0x
C78C
0x
C790
0x
C794
0x
C798
0x
C79C
0x
C7A0
0x
C7A4
0x
C7A8
0x
C7AC
0x
C7B0
0x
C7B4
0x
C7B8
0x
C7BC
0x
C7C0
0x
C7C4
0x
C7C8
0x
C7CC
0x
C7D0
0x
C7D4
0x
C7D8
0x
C7DC
0x
C7E0
0x
C7E4
0x
C7E8
0x
C7EC
0x
C7F0
0x
C7F4
0x
C7F8
0x
C7FC
0x
F64
0x
C804
0x
C808
0x
C80C
0x
C810
0x
C814
0x
C818
0x
C81C
0x
C820
0x
C824
0x
C828
0x
C82C
0x
C830
0x
C834
0x
C838
0x
C83C
0x
C840
0x
C844
0x
C848
0x
C84C
0x
C850
0x
C854
0x
C858
0x
C85C
0x
C860
0x
C864
0x
C868
0x
C86C
0x
C870
0x
C874
0x
C878
0x
C87C
0x
C880
0x
C884
0x
C888
0x
C88C
0x
C890
0x
C894
0x
C898
0x
C89C
0x
C8A0
0x
C8A4
0x
C8A8
0x
C8AC
0x
C8B0
0x
C8B4
0x
C8B8
0x
C8BC
0x
C8C0
0x
C8C4
0x
C8C8
0x
C8CC
0x
C8D0
0x
C8D4
0x
C8D8
0x
C8DC
0x
C8E0
0x
C8E4
0x
C8E8
0x
C8EC
0x
C8F0
0x
C8F4
0x
C8F8
0x
C8FC
0x
C900
0x
C904
0x
C908
0x
C90C
0x
C910
0x
C914
0x
C918
0x
C91C
0x
C920
0x
C924
0x
C928
0x
C92C
0x
C930
0x
C934
0x
C938
0x
C93C
0x
C940
0x
C944
0x
C948
0x
C94C
0x
C950
0x
C954
0x
C958
0x
C95C
0x
C960
0x
C964
0x
C968
0x
C96C
0x
C970
0x
C974
0x
C978
0x
C97C
0x
C980
0x
C984
0x
C988
0x
C98C
0x
C990
0x
C994
0x
C998
0x
C99C
0x
C9A0
0x
C9A4
0x
C9A8
0x
C9AC
0x
C9B0
0x
C9B4
0x
C9B8
0x
C9BC
0x
C9C0
0x
C9C4
0x
C9C8
0x
C9CC
0x
C9D0
0x
C9D4
0x
C9D8
0x
C9DC
0x
C9E0
0x
C9E4
0x
C9E8
0x
C9EC
0x
C9F0
0x
C9F4
0x
C9F8
0x
C9FC
0x
CA00
0x
CA04
0x
CA08
0x
CA0C
0x
CA10
0x
CA14
0x
CA18
0x
CA1C
0x
CA20
0x
CA24
0x
CA28
0x
CA2C
0x
CA30
0x
CA34
0x
CA38
0x
CA3C
0x
CA40
0x
CA44
0x
CA48
0x
CA4C
0x
CA50
0x
CA54
0x
CA58
0x
CA5C
0x
CA60
0x
CA64
0x
CA68
0x
CA6C
0x
CA70
0x
CA74
0x
CA78
0x
CA7C
0x
CA80
0x
CA84
0x
CA88
0x
CA8C
0x
CA90
0x
CA94
0x
CA98
0x
CA9C
0x
CAA0
0x
CAA4
0x
CAA8
0x
CAAC
0x
CAB0
0x
CAB4
0x
CAB8
0x
CABC
0x
CAC0
0x
CAC4
0x
CAC8
0x
CACC
0x
CAD0
0x
CAD4
0x
CAD8
0x
CADC
0x
CAE0
0x
CAE4
0x
CAE8
0x
CAEC
0x
CAF0
0x
CAF4
0x
CAF8
0x
CAFC
0x
CB00
0x
CB04
0x
CB08
0x
CB0C
0x
CB10
0x
CB14
0x
CB18
0x
CB1C
0x
CB20
0x
CB24
0x
CB28
0x
CB2C
0x
CB30
0x
CB34
0x
CB38
0x
CB3C
0x
CB40
0x
CB44
0x
CB48
0x
CB4C
0x
CB50
0x
CB54
0x
CB58
0x
CB5C
0x
CB60
0x
CB64
0x
CB68
0x
CB6C
0x
CB70
0x
CB74
0x
CB78
0x
CB7C
0x
CB80
0x
CB84
0x
CB88
0x
CB8C
0x
CB90
0x
CB94
0x
CB98
0x
CB9C
0x
CBA0
0x
CBA4
0x
CBA8
0x
CBAC
0x
CBB0
0x
CBB4
0x
CBB8
0x
CBBC
0x
CBC0
0x
CBC4
0x
CBC8
0x
CBCC
0x
CBD0
0x
CBD4
0x
CBD8
0x
CBDC
0x
CBE0
0x
CBE4
0x
CBE8
0x
CBEC
0x
CBF0
0x
CBF4
0x
CBF8
0x
CBFC
0x
C138
0x
C54C
0x
C284
0x
C640
0x
C134
0x
B128
0x
C280
0x
B104
0x
6B14
0x
6B60
0x
6B10
0x
B30C
0x
BCB0
0x
B460
0x
BDAC
0x
A5A0
0x
B7FC
0x
B124
0x
CC04
0x
CC08
0x
CC0C
0x
CC10
0x
CC14
0x
CC18
0x
CC1C
0x
CC20
0x
CC24
0x
CC28
0x
CC2C
0x
CC30
0x
CC34
0x
CC38
0x
CC3C
0x
CC40
0x
CC44
0x
CC48
0x
CC4C
0x
CC50
0x
CC54
0x
CC58
0x
CC5C
0x
CC60
0x
CC64
0x
CC68
0x
CC6C
0x
CC70
0x
CC74
0x
CC78
0x
CC7C
0x
CC80
0x
CC84
0x
CC88
0x
CC8C
0x
CC90
0x
CC94
0x
CC98
0x
CC9C
0x
CCA0
0x
CCA4
0x
CCA8
0x
CCAC
0x
CCB0
0x
CCB4
0x
CCB8
0x
CCBC
0x
CCC0
0x
CCC4
0x
CCC8
0x
CCCC
0x
CCD0
0x
CCD4
0x
CCDC
0x
CCE0
0x
CCE4
0x
CCE8
0x
CCEC
0x
CCF0
0x
CCF4
0x
CCF8
0x
CCFC
0x
CD00
0x
CD04
0x
CD08
0x
CD0C
0x
CD10
0x
CD14
0x
CD18
0x
CD1C
0x
CD20
0x
CD24
0x
CD28
0x
CD2C
0x
CD30
0x
CD34
0x
CD38
0x
CD3C
0x
CD40
0x
CD44
0x
CD48
0x
CD4C
0x
CD50
0x
CD54
0x
CD58
0x
CD5C
0x
CD60
0x
CD64
0x
CD68
0x
CD6C
0x
CD70
0x
CD74
0x
CD78
0x
CD7C
0x
CD80
0x
CD84
0x
CD88
0x
CD8C
0x
CD90
0x
CD94
0x
CD98
0x
CD9C
0x
CDA0
0x
CDA4
0x
CDA8
0x
CDAC
0x
CDB0
0x
CDB4
0x
CDB8
0x
CDBC
0x
CDC0
0x
CDC4
0x
CDC8
0x
CDCC
0x
CDD0
0x
CDD4
0x
CDD8
0x
CDDC
0x
CDE0
0x
CDE4
0x
CDE8
0x
CDEC
0x
CDF0
0x
CDF4
0x
CDF8
0x
CDFC
0x
CE00
0x
CE04
0x
CE08
0x
CE0C
0x
CE10
0x
CE14
0x
CE18
0x
CE1C
0x
CE20
0x
CE24
0x
CE28
0x
CE2C
0x
CE30
0x
CE34
0x
CE38
0x
CE3C
0x
CE40
0x
CE44
0x
CE48
0x
CE4C
0x
CE50
0x
CE54
0x
CE58
0x
CE5C
0x
CE60
0x
CE64
0x
CE68
0x
CE6C
0x
CE70
0x
CE74
0x
CE78
0x
CE7C
0x
CE80
0x
CE84
0x
CE88
0x
CE8C
0x
CE90
0x
CE94
0x
CE98
0x
CE9C
0x
CEA0
0x
CEA4
0x
CEA8
0x
CEAC
0x
CEB0
0x
CEB4
0x
CEB8
0x
CEBC
0x
CEC0
0x
CEC4
0x
CEC8
0x
CECC
0x
CED0
0x
CED4
0x
CED8
0x
CEDC
0x
CEE0
0x
CEE4
0x
CEE8
0x
CEEC
0x
CEF0
0x
CEF4
0x
CEF8
0x
CEFC
0x
CF00
0x
CF04
0x
CF08
0x
CF0C
0x
CF10
0x
CF14
0x
CF18
0x
CF1C
0x
CF20
0x
CF24
0x
CF28
0x
CF2C
0x
CF30
0x
CF34
0x
CF38
0x
CF3C
0x
CF40
0x
CF44
0x
CF48
0x
CF4C
0x
CF50
0x
CF54
0x
CF58
0x
CF5C
0x
CF60
0x
CF64
0x
CF68
0x
CF6C
0x
CF70
0x
CF74
0x
CF78
0x
CF7C
0x
CF80
0x
CF84
0x
CF88
0x
CF8C
0x
CF90
0x
CF94
0x
CF98
0x
CF9C
0x
CFA0
0x
CFA4
0x
CFA8
0x
CFAC
0x
CFB0
0x
CFB4
0x
CFB8
0x
CFBC
0x
CFC0
0x
CFC4
0x
CFC8
0x
CFCC
0x
CFD0
0x
CFD4
0x
CFD8
0x
CFDC
0x
CFE0
0x
CFE4
0x
CFE8
0x
CFEC
0x
CFF0
0x
CFF4
0x
CFF8
0x
CFFC
0x
B100
0x
B95C
0x
B308
0x
B228
0x
B230
0x
6B64
0x
BAA0
0x
B960
0x
B12C
0x
9854
0x
D004
0x
D008
0x
D00C
0x
D010
0x
D014
0x
D018
0x
D01C
0x
D020
0x
D024
0x
D028
0x
D02C
0x
D030
0x
D034
0x
D038
0x
D03C
0x
D040
0x
D044
0x
D048
0x
D04C
0x
D050
0x
D054
0x
D058
0x
D05C
0x
D060
0x
D064
0x
D068
0x
D06C
0x
D070
0x
D074
0x
D078
0x
D07C
0x
D080
0x
D084
0x
D088
0x
D08C
0x
D090
0x
D094
0x
D098
0x
D09C
0x
D0A0
0x
D0A4
0x
D0A8
0x
D0AC
0x
D0B0
0x
D0B4
0x
D0B8
0x
D0BC
0x
D0C0
0x
D0C4
0x
D0C8
0x
D0CC
0x
D0D0
0x
D0D4
0x
D0D8
0x
D0DC
0x
D0E0
0x
D0E4
0x
D0E8
0x
D0EC
0x
D0F0
0x
D0F4
0x
D0F8
0x
D0FC
0x
D100
0x
D104
0x
D108
0x
D10C
0x
D110
0x
D114
0x
D118
0x
D11C
0x
D120
0x
D124
0x
D128
0x
D12C
0x
D130
0x
D134
0x
D138
0x
D13C
0x
D140
0x
D144
0x
D148
0x
D14C
0x
D150
0x
D154
0x
D160
0x
D164
0x
D168
0x
D16C
0x
D194
0x
D198
0x
D19C
0x
D1A0
0x
D1A4
0x
D1A8
0x
D1AC
0x
D1B0
0x
D1B4
0x
D1B8
0x
D1BC
0x
D1C0
0x
D1C4
0x
D1C8
0x
D1CC
0x
D1D0
0x
D1D4
0x
D1D8
0x
D1DC
0x
D1E0
0x
D1E4
0x
D1E8
0x
D1EC
0x
D1F0
0x
D1F4
0x
D1F8
0x
D1FC
0x
D200
0x
D204
0x
D208
0x
D210
0x
D214
0x
D218
0x
D21C
0x
D220
0x
D224
0x
D228
0x
D22C
0x
D23C
0x
D240
0x
D244
0x
D250
0x
D25C
0x
D260
0x
D264
0x
D268
0x
D26C
0x
D270
0x
D274
0x
D278
0x
D27C
0x
D280
0x
D284
0x
D288
0x
D28C
0x
D290
0x
D294
0x
D298
0x
D29C
0x
D2A0
0x
D2A4
0x
D2A8
0x
D2AC
0x
D2B0
0x
D2B4
0x
D2B8
0x
D2BC
0x
D2C0
0x
D2C4
0x
D2C8
0x
D2CC
0x
D2D0
0x
D2D4
0x
D2D8
0x
D2DC
0x
D2E0
0x
D2E4
0x
D2E8
0x
D2EC
0x
D2F0
0x
D2F4
0x
D2F8
0x
D2FC
0x
D300
0x
D304
0x
D308
0x
D30C
0x
D324
0x
D328
0x
D330
0x
D334
0x
D338
0x
D33C
0x
D340
0x
D344
0x
D348
0x
D34C
0x
D350
0x
D354
0x
D358
0x
D35C
0x
D368
0x
D36C
0x
D370
0x
D384
0x
D388
0x
D38C
0x
D390
0x
D394
0x
D398
0x
D39C
0x
D3A0
0x
D3A4
0x
D3A8
0x
D3AC
0x
D3B0
0x
D3B4
0x
D3B8
0x
D3BC
0x
D3C0
0x
D3C4
0x
D3C8
0x
D3CC
0x
D3D0
0x
D3D4
0x
D3D8
0x
D3DC
0x
D3E0
0x
D3E4
0x
D3E8
0x
D3EC
0x
D3F0
0x
D3F4
0x
D3F8
0x
D3FC
0x
D184
0x
D17C
0x
8B30
0x
CDD4
0x
BCBC
0x
D404
0x
D408
0x
D40C
0x
D410
0x
D414
0x
D418
0x
D41C
0x
D420
0x
D424
0x
D428
0x
D42C
0x
D430
0x
D434
0x
D438
0x
D43C
0x
D440
0x
D444
0x
D448
0x
D44C
0x
D450
0x
D454
0x
D458
0x
D45C
0x
D460
0x
D464
0x
D468
0x
D46C
0x
D470
0x
D474
0x
D478
0x
D47C
0x
D480
0x
D484
0x
D488
0x
D48C
0x
D490
0x
D494
0x
D498
0x
D49C
0x
D4A0
0x
D4A4
0x
D4A8
0x
D4AC
0x
D4B0
0x
D4B4
0x
D4B8
0x
D4BC
0x
D4C0
0x
D4C4
0x
D4C8
0x
D4CC
0x
D4D0
0x
D4D4
0x
D4D8
0x
D4DC
0x
D4E0
0x
D4E4
0x
D4E8
0x
D4EC
0x
D4F0
0x
D4F4
0x
D4F8
0x
D4FC
0x
D500
0x
D504
0x
D508
0x
D50C
0x
D510
0x
D514
0x
D518
0x
D51C
0x
D520
0x
D524
0x
D528
0x
D52C
0x
D530
0x
D534
0x
D538
0x
D53C
0x
D540
0x
D544
0x
D548
0x
D54C
0x
D550
0x
D554
0x
D558
0x
D55C
0x
D560
0x
D564
0x
D568
0x
D56C
0x
D570
0x
D574
0x
D578
0x
D57C
0x
D580
0x
D584
0x
D588
0x
D58C
0x
D590
0x
D594
0x
D598
0x
D59C
0x
D5A0
0x
D5A4
0x
D5A8
0x
D5AC
0x
D5B0
0x
D5B4
0x
D5B8
0x
D5BC
0x
D5C0
0x
D5C4
0x
D5C8
0x
D5CC
0x
D5D0
0x
D5D4
0x
D5D8
0x
D5DC
0x
D5E0
0x
D5E4
0x
D5E8
0x
D5EC
0x
D5F0
0x
D5F4
0x
D5F8
0x
D5FC
0x
D600
0x
D604
0x
D608
0x
D60C
0x
D610
0x
D614
0x
D618
0x
D61C
0x
D620
0x
D624
0x
D628
0x
D62C
0x
D630
0x
D634
0x
D638
0x
D63C
0x
D640
0x
D644
0x
D648
0x
D64C
0x
D650
0x
D654
0x
D658
0x
D65C
0x
D660
0x
D664
0x
D668
0x
D66C
0x
D670
0x
D678
0x
D67C
0x
D680
0x
D684
0x
D688
0x
D68C
0x
D690
0x
D694
0x
D698
0x
D69C
0x
D6A0
0x
D6A4
0x
D6A8
0x
D6AC
0x
D6B0
0x
D6B4
0x
D6B8
0x
D6BC
0x
D6C0
0x
D6C4
0x
D6C8
0x
D6CC
0x
D6D0
0x
D6D4
0x
D6D8
0x
D6DC
0x
D6E0
0x
D6E4
0x
D6E8
0x
D6EC
0x
D6F0
0x
D6F4
0x
D6F8
0x
D6FC
0x
D700
0x
D704
0x
D708
0x
D70C
0x
D710
0x
D714
0x
D718
0x
D71C
0x
D720
0x
D724
0x
D728
0x
D72C
0x
D730
0x
D734
0x
D738
0x
D73C
0x
D740
0x
D744
0x
D748
0x
D74C
0x
D750
0x
D754
0x
D758
0x
D75C
0x
D760
0x
D764
0x
D768
0x
D76C
0x
D770
0x
D774
0x
D778
0x
D77C
0x
D780
0x
D784
0x
D788
0x
D78C
0x
D790
0x
D794
0x
D798
0x
D79C
0x
D7A0
0x
D7A4
0x
D7A8
0x
D7AC
0x
D7B0
0x
D7B4
0x
D7B8
0x
D7BC
0x
D7C0
0x
D7C4
0x
D7C8
0x
D7CC
0x
D7D0
0x
D7D4
0x
D7D8
0x
D7DC
0x
D7E0
0x
D7E4
0x
D7E8
0x
D7EC
0x
D7F0
0x
D7F4
0x
D7F8
0x
D7FC
0x
8E88
0x
BCB8
0x
BCB4
0x
9138
0x
9084
0x
928C
0x
B964
0x
9288
0x
8FFC
0x
8FF8
0x
9188
0x
9080
0x
9038
0x
CDA0
0x
D314
0x
D374
0x
D320
0x
D380
0x
D310
0x
D174
0x
D15C
0x
D31C
0x
D190
0x
D254
0x
D20C
0x
D258
0x
D230
0x
D170
0x
D158
0x
D248
0x
D18C
0x
D188
0x
D180
0x
D24C
0x
D238
0x
D674
0x
D178
0x
D804
0x
D808
0x
D80C
0x
D810
0x
D814
0x
D818
0x
D81C
0x
D820
0x
D824
0x
D828
0x
D82C
0x
D830
0x
D834
0x
D838
0x
D83C
0x
D840
0x
D844
0x
D848
0x
D84C
0x
D850
0x
D854
0x
D858
0x
D85C
0x
D860
0x
D864
0x
D868
0x
D86C
0x
D870
0x
D874
0x
D878
0x
D87C
0x
D880
0x
D884
0x
D888
0x
D88C
0x
D890
0x
D894
0x
D898
0x
D89C
0x
D8A0
0x
D8A4
0x
D8A8
0x
D8AC
0x
D8B0
0x
D8B4
0x
D8B8
0x
D8BC
0x
D8C0
0x
D8C4
0x
D8C8
0x
D8CC
0x
D8D0
0x
D8D4
0x
D8D8
0x
D8DC
0x
D8E0
0x
D8E4
0x
D8E8
0x
D8EC
0x
D8F0
0x
D8F4
0x
D8F8
0x
D8FC
0x
D900
0x
D904
0x
D908
0x
D90C
0x
D910
0x
D914
0x
D918
0x
D91C
0x
D920
0x
D924
0x
D928
0x
D92C
0x
D930
0x
D934
0x
D938
0x
D940
0x
D944
0x
D948
0x
D94C
0x
D950
0x
D954
0x
D958
0x
D95C
0x
D960
0x
D964
0x
D968
0x
D96C
0x
D970
0x
D974
0x
D978
0x
D97C
0x
D980
0x
D984
0x
D988
0x
D98C
0x
D990
0x
D994
0x
D998
0x
D99C
0x
D9A0
0x
D9A8
0x
D9AC
0x
D9B0
0x
D9B4
0x
D9B8
0x
D9BC
0x
D9C0
0x
D9C4
0x
D9C8
0x
D9CC
0x
D9D0
0x
D9D4
0x
D9D8
0x
D9DC
0x
D9E0
0x
D9E4
0x
D9E8
0x
D9EC
0x
D9F0
0x
D9F4
0x
D9F8
0x
D9FC
0x
DA00
0x
DA04
0x
DA08
0x
DA0C
0x
DA10
0x
DA14
0x
DA18
0x
DA1C
0x
DA20
0x
DA24
0x
DA28
0x
DA2C
0x
DA30
0x
DA34
0x
DA38
0x
DA3C
0x
DA40
0x
DA44
0x
DA48
0x
DA4C
0x
DA50
0x
DA54
0x
DA58
0x
DA5C
0x
DA60
0x
DA64
0x
DA68
0x
DA6C
0x
DA70
0x
DA74
0x
DA78
0x
DA7C
0x
DA80
0x
DA84
0x
DA88
0x
DA8C
0x
DA90
0x
DA94
0x
DA98
0x
DA9C
0x
DAA0
0x
DAA4
0x
DAA8
0x
DAAC
0x
DAB0
0x
DAB4
0x
DAB8
0x
DABC
0x
DAC0
0x
DAC4
0x
DAC8
0x
DACC
0x
DAD0
0x
DAD4
0x
DAD8
0x
DADC
0x
DAE0
0x
DAE4
0x
DAE8
0x
DAEC
0x
DAF0
0x
DAF4
0x
DAF8
0x
DAFC
0x
DB00
0x
DB04
0x
DB08
0x
DB0C
0x
DB10
0x
DB14
0x
DB18
0x
DB1C
0x
DB20
0x
DB24
0x
DB28
0x
DB2C
0x
DB30
0x
DB34
0x
DB38
0x
DB3C
0x
DB40
0x
DB44
0x
DB48
0x
DB4C
0x
DB50
0x
DB54
0x
DB58
0x
DB5C
0x
DB60
0x
DB64
0x
DB68
0x
DB6C
0x
DB70
0x
DB74
0x
DB78
0x
DB7C
0x
DB80
0x
DB84
0x
DB88
0x
DB8C
0x
DB90
0x
DB94
0x
DB98
0x
DB9C
0x
DBA0
0x
DBA4
0x
DBA8
0x
DBAC
0x
DBB0
0x
DBB4
0x
DBB8
0x
DBBC
0x
DBC0
0x
DBC4
0x
DBC8
0x
DBCC
0x
DBD0
0x
DBD4
0x
DBD8
0x
DBDC
0x
DBE0
0x
DBE4
0x
DBE8
0x
DBEC
0x
DBF0
0x
DBF4
0x
DBF8
0x
DBFC
0x
DC04
0x
DC08
0x
DC0C
0x
DC10
0x
DC14
0x
DC18
0x
DC1C
0x
DC20
0x
DC24
0x
DC28
0x
DC2C
0x
DC30
0x
DC34
0x
DC38
0x
DC3C
0x
DC40
0x
DC44
0x
DC48
0x
DC4C
0x
DC50
0x
DC54
0x
DC58
0x
DC5C
0x
DC60
0x
DC64
0x
DC68
0x
DC6C
0x
DC70
0x
DC74
0x
DC78
0x
DC7C
0x
DC80
0x
DC84
0x
DC88
0x
DC8C
0x
DC90
0x
DC94
0x
DC98
0x
DC9C
0x
DCA0
0x
DCA4
0x
DCA8
0x
DCAC
0x
DCB0
0x
DCB4
0x
DCB8
0x
DCBC
0x
DCC0
0x
DCC4
0x
DCC8
0x
DCCC
0x
DCD0
0x
DCD4
0x
DCD8
0x
DCDC
0x
DCE0
0x
DCE4
0x
DCE8
0x
DCEC
0x
DCF0
0x
DCF4
0x
DCF8
0x
DCFC
0x
DD00
0x
DD04
0x
DD08
0x
DD0C
0x
DD10
0x
DD14
0x
DD18
0x
DD1C
0x
DD20
0x
DD24
0x
DD28
0x
DD2C
0x
DD30
0x
DD34
0x
DD38
0x
DD3C
0x
DD40
0x
DD44
0x
DD48
0x
DD4C
0x
DD50
0x
DD54
0x
DD58
0x
DD5C
0x
DD60
0x
DD64
0x
DD68
0x
DD6C
0x
DD70
0x
DD74
0x
DD78
0x
DD7C
0x
DD80
0x
DD84
0x
DD88
0x
DD8C
0x
DD90
0x
DD94
0x
DD98
0x
DD9C
0x
DDA0
0x
DDA4
0x
DDA8
0x
DDAC
0x
DDB0
0x
DDB4
0x
DDB8
0x
DDBC
0x
DDC0
0x
DDC4
0x
DDC8
0x
DDCC
0x
DDD0
0x
DDD4
0x
DDD8
0x
DDDC
0x
DDE0
0x
DDE4
0x
DDE8
0x
DDEC
0x
DDF0
0x
DDF4
0x
DDF8
0x
DDFC
0x
DE00
0x
DE04
0x
DE08
0x
DE0C
0x
DE10
0x
DE14
0x
DE18
0x
DE1C
0x
DE20
0x
DE24
0x
DE28
0x
DE2C
0x
DE30
0x
DE34
0x
DE38
0x
DE40
0x
DE44
0x
DE48
0x
DE4C
0x
DE50
0x
DE54
0x
DE58
0x
DE5C
0x
DEA8
0x
DEAC
0x
DEB0
0x
DEB4
0x
DEB8
0x
DEBC
0x
DEC0
0x
DEC4
0x
DEC8
0x
DECC
0x
DED0
0x
DED4
0x
DED8
0x
DEDC
0x
DEE0
0x
DEE4
0x
DEE8
0x
DEEC
0x
DEF0
0x
DEF4
0x
DEF8
0x
DEFC
0x
DF00
0x
DF04
0x
DF08
0x
DF0C
0x
DF10
0x
DF14
0x
DF18
0x
DF1C
0x
DF20
0x
DF24
0x
DF28
0x
DF2C
0x
DF30
0x
DF34
0x
DF38
0x
DF3C
0x
DF40
0x
DF44
0x
DF48
0x
DF4C
0x
DF50
0x
DF54
0x
DF58
0x
DF5C
0x
DF60
0x
DF64
0x
DF68
0x
DF6C
0x
DF70
0x
DF74
0x
DF78
0x
DF7C
0x
DF80
0x
DF84
0x
DF88
0x
DF8C
0x
DF90
0x
DF94
0x
DF98
0x
DF9C
0x
DFA0
0x
DFA4
0x
DFA8
0x
DFAC
0x
DFB0
0x
DFB4
0x
DFB8
0x
DFBC
0x
DFC0
0x
DFC4
0x
DFC8
0x
DFCC
0x
DFD0
0x
DFD4
0x
DFD8
0x
DFDC
0x
DFE0
0x
DFE4
0x
DFE8
0x
DFEC
0x
DFF0
0x
DFF4
0x
DFF8
0x
DFFC
0x
7908
0x
E004
0x
E008
0x
E00C
0x
E010
0x
E014
0x
E018
0x
E01C
0x
E020
0x
E024
0x
E028
0x
E02C
0x
E030
0x
E034
0x
E038
0x
E03C
0x
E040
0x
E044
0x
E048
0x
E04C
0x
E050
0x
E054
0x
E058
0x
E05C
0x
E060
0x
E064
0x
E068
0x
E06C
0x
E070
0x
E074
0x
E078
0x
E07C
0x
E080
0x
E084
0x
E088
0x
E08C
0x
E090
0x
E094
0x
E098
0x
E09C
0x
E0A0
0x
E0A4
0x
E0A8
0x
E0AC
0x
E0B0
0x
E0B4
0x
E0B8
0x
E0BC
0x
E0C0
0x
E0C4
0x
E0C8
0x
E0CC
0x
E0D0
0x
E0D4
0x
E0D8
0x
E0E0
0x
E0E4
0x
E0E8
0x
E0EC
0x
E0F0
0x
E0F4
0x
E0F8
0x
E0FC
0x
E100
0x
E104
0x
E108
0x
E10C
0x
E110
0x
E114
0x
E118
0x
E11C
0x
E120
0x
E124
0x
E128
0x
E12C
0x
E130
0x
E134
0x
E138
0x
E13C
0x
E140
0x
E144
0x
E148
0x
E14C
0x
E150
0x
E154
0x
E158
0x
E15C
0x
E160
0x
E164
0x
E168
0x
E16C
0x
E170
0x
E174
0x
E178
0x
E17C
0x
E180
0x
E184
0x
E188
0x
E18C
0x
E190
0x
E194
0x
E198
0x
E19C
0x
E1A0
0x
E1A4
0x
E1A8
0x
E1AC
0x
E1B0
0x
E1B4
0x
E1B8
0x
E1BC
0x
E1C0
0x
E1C4
0x
E1C8
0x
E1CC
0x
E1D0
0x
E1D4
0x
E1D8
0x
E1DC
0x
E20C
0x
E210
0x
E214
0x
E218
0x
E21C
0x
E220
0x
E224
0x
E228
0x
E22C
0x
E230
0x
E234
0x
E238
0x
E23C
0x
E240
0x
E244
0x
E248
0x
E24C
0x
E250
0x
E254
0x
E258
0x
E25C
0x
E260
0x
E264
0x
E268
0x
E26C
0x
E270
0x
E274
0x
E278
0x
E27C
0x
E280
0x
E284
0x
E288
0x
E28C
0x
E290
0x
E294
0x
E29C
0x
E2A0
0x
E2A4
0x
E2A8
0x
E2AC
0x
E2B0
0x
E2B4
0x
E2B8
0x
E2BC
0x
E2C0
0x
E2C4
0x
E2C8
0x
E2CC
0x
E2D0
0x
E2D4
0x
E2D8
0x
E2DC
0x
E2E0
0x
E2E4
0x
E2E8
0x
E2EC
0x
E2F0
0x
E2F4
0x
E2F8
0x
E2FC
0x
E300
0x
E304
0x
E308
0x
E30C
0x
E310
0x
E314
0x
E318
0x
E31C
0x
E320
0x
E324
0x
E328
0x
E32C
0x
E330
0x
E334
0x
E338
0x
E33C
0x
E340
0x
E344
0x
E354
0x
E358
0x
E35C
0x
E360
0x
E364
0x
E368
0x
E36C
0x
E370
0x
E374
0x
E378
0x
E37C
0x
E380
0x
E384
0x
E388
0x
E38C
0x
E390
0x
E394
0x
E398
0x
E39C
0x
E3A0
0x
E3A4
0x
E3A8
0x
E3AC
0x
E3B0
0x
E3B4
0x
E3B8
0x
E3BC
0x
E3C0
0x
E3C4
0x
E3C8
0x
E3CC
0x
E3D0
0x
E3D4
0x
E3D8
0x
E3DC
0x
E3E0
0x
E3E4
0x
E3E8
0x
E3EC
0x
E3F0
0x
E3F4
0x
E3F8
0x
E3FC
0x
E1F0
0x
E1E8
0x
E404
0x
E408
0x
E40C
0x
E410
0x
E414
0x
E418
0x
E41C
0x
E420
0x
E424
0x
E428
0x
E42C
0x
E430
0x
E438
0x
E43C
0x
E440
0x
E444
0x
E448
0x
E44C
0x
E450
0x
E454
0x
E458
0x
E45C
0x
E460
0x
E464
0x
E468
0x
E46C
0x
E470
0x
E474
0x
E478
0x
E47C
0x
E480
0x
E484
0x
E488
0x
E48C
0x
E490
0x
E494
0x
E498
0x
E49C
0x
E4A0
0x
E4A4
0x
E4A8
0x
E4AC
0x
E4B0
0x
E4B4
0x
E4B8
0x
E4BC
0x
E4C0
0x
E4C4
0x
E4D0
0x
E4D4
0x
E4D8
0x
E4DC
0x
E4E0
0x
E4E4
0x
E4E8
0x
E4EC
0x
E4F0
0x
E4F4
0x
E4F8
0x
E4FC
0x
E500
0x
E504
0x
E508
0x
E50C
0x
E518
0x
E51C
0x
E520
0x
E524
0x
E528
0x
E52C
0x
E530
0x
E534
0x
E538
0x
E53C
0x
E540
0x
E544
0x
E548
0x
E54C
0x
E550
0x
E554
0x
E558
0x
E55C
0x
E560
0x
E564
0x
E568
0x
E56C
0x
E570
0x
E574
0x
E578
0x
E57C
0x
E580
0x
E584
0x
E588
0x
E58C
0x
E590
0x
E594
0x
E598
0x
E59C
0x
E5A0
0x
E5A4
0x
E5A8
0x
E5AC
0x
E5B0
0x
E5B4
0x
E5B8
0x
E5BC
0x
E5C0
0x
E5C4
0x
E5C8
0x
E5CC
0x
E5D0
0x
E5D4
0x
E5D8
0x
E5DC
0x
E5E0
0x
E5E4
0x
E5E8
0x
E5EC
0x
E5F0
0x
E5F4
0x
E5F8
0x
E5FC
0x
E600
0x
E604
0x
E608
0x
E60C
0x
E610
0x
E614
0x
E618
0x
E61C
0x
E620
0x
E624
0x
E628
0x
E62C
0x
E630
0x
E634
0x
E638
0x
E63C
0x
E640
0x
E644
0x
E648
0x
E64C
0x
E664
0x
E668
0x
E66C
0x
E670
0x
E674
0x
E678
0x
E67C
0x
E680
0x
E684
0x
E688
0x
E68C
0x
E690
0x
E694
0x
E698
0x
E69C
0x
E6A0
0x
E6A4
0x
E6A8
0x
E6AC
0x
E6B0
0x
E6B4
0x
E6B8
0x
E6BC
0x
E6C0
0x
E6C4
0x
E6C8
0x
E6CC
0x
E6D0
0x
E6D4
0x
E6D8
0x
E6DC
0x
E6E0
0x
E6E4
0x
E6E8
0x
E6EC
0x
E6F0
0x
E6F4
0x
E6F8
0x
E6FC
0x
E704
0x
E708
0x
E70C
0x
E710
0x
E714
0x
E718
0x
E71C
0x
E720
0x
E724
0x
E728
0x
E72C
0x
E730
0x
E738
0x
E73C
0x
E740
0x
E744
0x
E748
0x
E74C
0x
E750
0x
E754
0x
E758
0x
E75C
0x
E760
0x
E764
0x
E768
0x
E76C
0x
E770
0x
E774
0x
E778
0x
E77C
0x
E780
0x
E784
0x
E788
0x
E78C
0x
E790
0x
E794
0x
E798
0x
E79C
0x
E7A0
0x
E7A4
0x
E7A8
0x
E7AC
0x
E7B4
0x
E7B8
0x
E7BC
0x
E7C0
0x
E7C4
0x
E7C8
0x
E7CC
0x
E7D0
0x
E7D4
0x
E7D8
0x
E7DC
0x
E7E0
0x
E7E4
0x
E7E8
0x
E7EC
0x
E7F0
0x
E7F4
0x
E7F8
0x
E7FC
0x
DD9C
0x
764C
0x
AA20
0x
8300
0x
E804
0x
E808
0x
E80C
0x
E810
0x
E814
0x
E818
0x
E81C
0x
E820
0x
E824
0x
E828
0x
E82C
0x
E830
0x
E834
0x
E838
0x
E83C
0x
E840
0x
E844
0x
E848
0x
E84C
0x
E850
0x
E854
0x
E858
0x
E85C
0x
E860
0x
E864
0x
E868
0x
E86C
0x
E870
0x
E874
0x
E878
0x
E87C
0x
E880
0x
E884
0x
E888
0x
E88C
0x
E890
0x
E894
0x
E898
0x
E89C
0x
E8A0
0x
E8A4
0x
E8A8
0x
E8AC
0x
E8B0
0x
E8B4
0x
E8B8
0x
E8BC
0x
E8C0
0x
E8C4
0x
E8C8
0x
E8CC
0x
E8D0
0x
E8D4
0x
E8D8
0x
E8DC
0x
E8E0
0x
E8E4
0x
E8E8
0x
E8EC
0x
E8F0
0x
E8F4
0x
E8F8
0x
E8FC
0x
E900
0x
E904
0x
E908
0x
E90C
0x
E910
0x
E914
0x
E918
0x
E91C
0x
E920
0x
E924
0x
E928
0x
E92C
0x
E930
0x
E934
0x
E938
0x
E93C
0x
E940
0x
E944
0x
E948
0x
E94C
0x
E950
0x
E954
0x
E958
0x
E95C
0x
E960
0x
E964
0x
E968
0x
E96C
0x
E970
0x
E974
0x
E978
0x
E97C
0x
E980
0x
E984
0x
E988
0x
E98C
0x
E990
0x
E994
0x
E998
0x
E99C
0x
E9A0
0x
E9A4
0x
E9A8
0x
E9AC
0x
E9B0
0x
E9B4
0x
E9B8
0x
E9BC
0x
E9C0
0x
E9C4
0x
E9C8
0x
E9CC
0x
E9D0
0x
E9D4
0x
E9D8
0x
E9DC
0x
E9E0
0x
E9E4
0x
E9E8
0x
E9EC
0x
E9F0
0x
E9F8
0x
E9FC
0x
EA00
0x
EA04
0x
EA08
0x
EA0C
0x
EA10
0x
EA14
0x
EA18
0x
EA1C
0x
EA20
0x
EA24
0x
EA28
0x
EA2C
0x
EA30
0x
EA34
0x
EA38
0x
EA3C
0x
EA40
0x
EA44
0x
EA48
0x
EA4C
0x
EA50
0x
EA54
0x
EA58
0x
EA5C
0x
EA60
0x
EA64
0x
EA68
0x
EA6C
0x
EA70
0x
EA74
0x
EA78
0x
EA7C
0x
EA80
0x
EA84
0x
EA88
0x
EA8C
0x
EA90
0x
EA94
0x
EA98
0x
EA9C
0x
EAA0
0x
EAA4
0x
EAA8
0x
EAAC
0x
EAB0
0x
EAB4
0x
EAB8
0x
EABC
0x
EAC0
0x
EAC4
0x
EAC8
0x
EACC
0x
EAD0
0x
EAD4
0x
EAD8
0x
EADC
0x
EAE0
0x
EAE4
0x
EAE8
0x
EAEC
0x
EAF0
0x
EAF4
0x
EAF8
0x
EAFC
0x
EB00
0x
EB04
0x
EB08
0x
EB0C
0x
EB10
0x
EB14
0x
EB18
0x
EB1C
0x
EB20
0x
EB24
0x
EB28
0x
EB2C
0x
EB30
0x
EB34
0x
EB38
0x
EB3C
0x
EB40
0x
EB44
0x
EB48
0x
EB4C
0x
EB50
0x
EB54
0x
EB58
0x
EB5C
0x
EB60
0x
EB64
0x
EB68
0x
EB70
0x
EB74
0x
EB78
0x
EB7C
0x
EB80
0x
EB88
0x
EB8C
0x
EB90
0x
EB94
0x
EB98
0x
EB9C
0x
EBA0
0x
EBA4
0x
EBA8
0x
EBAC
0x
EBB0
0x
EBB4
0x
EBB8
0x
EBBC
0x
EBC0
0x
EBC4
0x
EBC8
0x
EBCC
0x
EBD0
0x
EBD4
0x
EBD8
0x
EBDC
0x
EBE0
0x
EBE4
0x
EBE8
0x
EBEC
0x
EBF0
0x
EBF4
0x
EBF8
0x
EBFC
0x
DD88
0x
E65C
0x
E660
0x
DE68
0x
E654
0x
E658
0x
E734
0x
E650
0x
DE70
0x
E208
0x
E514
0x
E350
0x
E510
0x
E204
0x
DE64
0x
E298
0x
DE6C
0x
E434
0x
E1F4
0x
E1E4
0x
E348
0x
E200
0x
EC04
0x
EC08
0x
EC0C
0x
EC10
0x
EC14
0x
EC18
0x
EC1C
0x
EC20
0x
EC24
0x
EC28
0x
EC2C
0x
EC30
0x
EC34
0x
EC38
0x
EC3C
0x
EC40
0x
EC48
0x
EC4C
0x
EC50
0x
EC54
0x
EC58
0x
EC5C
0x
EC60
0x
EC64
0x
EC68
0x
EC6C
0x
EC70
0x
EC74
0x
EC78
0x
EC7C
0x
EC80
0x
EC84
0x
EC8C
0x
EC90
0x
EC94
0x
EC98
0x
EC9C
0x
ECA0
0x
ECA4
0x
ECA8
0x
ECAC
0x
ECB0
0x
ECB4
0x
ECB8
0x
ECBC
0x
ECC0
0x
ECC4
0x
ECC8
0x
ECCC
0x
ECD0
0x
ECD4
0x
ECD8
0x
ECDC
0x
ECE0
0x
ECE4
0x
ECE8
0x
ECEC
0x
ECF0
0x
ECF4
0x
ECF8
0x
ECFC
0x
ED00
0x
ED04
0x
ED08
0x
ED0C
0x
ED10
0x
ED14
0x
ED18
0x
ED1C
0x
ED20
0x
ED24
0x
ED28
0x
ED2C
0x
ED30
0x
ED34
0x
ED38
0x
ED3C
0x
ED40
0x
ED44
0x
ED48
0x
ED54
0x
ED58
0x
ED5C
0x
ED60
0x
ED64
0x
ED68
0x
ED6C
0x
ED70
0x
ED74
0x
ED78
0x
ED7C
0x
ED80
0x
ED84
0x
ED88
0x
ED8C
0x
ED90
0x
ED94
0x
ED98
0x
ED9C
0x
EDA0
0x
EDA4
0x
EDA8
0x
EDAC
0x
EDB0
0x
EDB4
0x
EDB8
0x
EDBC
0x
EDC0
0x
EDC4
0x
EDC8
0x
EDCC
0x
EDD0
0x
EDD4
0x
EDD8
0x
EDDC
0x
EDE0
0x
EDE4
0x
EDE8
0x
EDF0
0x
EDF4
0x
EDF8
0x
EDFC
0x
EE00
0x
EE04
0x
EE08
0x
EE0C
0x
EE10
0x
EE14
0x
EE18
0x
EE1C
0x
EE20
0x
EE24
0x
EE28
0x
EE2C
0x
EE30
0x
EE34
0x
EE38
0x
EE3C
0x
EE40
0x
EE44
0x
EE48
0x
EE4C
0x
EE50
0x
EE54
0x
EE58
0x
EE5C
0x
EE60
0x
EE64
0x
EE68
0x
EE6C
0x
EE70
0x
EE74
0x
EE78
0x
EE7C
0x
EE80
0x
EE84
0x
EE88
0x
EE8C
0x
EE90
0x
EE94
0x
EE98
0x
EE9C
0x
EEA0
0x
EEA4
0x
EEA8
0x
EEAC
0x
EEB0
0x
EEB4
0x
EEB8
0x
EEBC
0x
EEC0
0x
EEC4
0x
EEC8
0x
EECC
0x
EED0
0x
EED4
0x
EED8
0x
EEDC
0x
EEE0
0x
EEE4
0x
EEE8
0x
EEEC
0x
EEF0
0x
EEF4
0x
EEF8
0x
EEFC
0x
EF00
0x
EF04
0x
EF08
0x
EF0C
0x
EF10
0x
EF14
0x
EF18
0x
EF1C
0x
EF20
0x
EF24
0x
EF28
0x
EF2C
0x
EF30
0x
EF34
0x
EF38
0x
EF3C
0x
EF40
0x
EF44
0x
EF48
0x
EF4C
0x
EF50
0x
EF54
0x
EF58
0x
EF5C
0x
EF60
0x
EF64
0x
EF68
0x
EF6C
0x
EF70
0x
EF74
0x
EF78
0x
EF7C
0x
EF80
0x
EF84
0x
EF88
0x
EF8C
0x
EF90
0x
EF94
0x
EF98
0x
EF9C
0x
EFA0
0x
EFA4
0x
EFA8
0x
EFAC
0x
EFB0
0x
EFB4
0x
EFB8
0x
EFBC
0x
EFC0
0x
EFC4
0x
EFC8
0x
EFCC
0x
EFD0
0x
EFD4
0x
EFD8
0x
EFDC
0x
EFE0
0x
EFE4
0x
EFE8
0x
EFEC
0x
EFF0
0x
EFF4
0x
EFF8
0x
EFFC
0x
F004
0x
F008
0x
F00C
0x
F010
0x
F014
0x
F018
0x
F01C
0x
F020
0x
F024
0x
F028
0x
F02C
0x
F030
0x
F034
0x
F038
0x
F03C
0x
F040
0x
F044
0x
F048
0x
F04C
0x
F050
0x
F054
0x
F058
0x
F05C
0x
F060
0x
F064
0x
F068
0x
F06C
0x
F070
0x
F074
0x
F078
0x
F07C
0x
F080
0x
F084
0x
F088
0x
F08C
0x
F090
0x
F094
0x
F098
0x
F09C
0x
F0A0
0x
F0A4
0x
F0A8
0x
F0AC
0x
F0B0
0x
F0B4
0x
F0B8
0x
F0BC
0x
F0C0
0x
F0C4
0x
F0C8
0x
F0CC
0x
F0D0
0x
F0D4
0x
F0D8
0x
F0DC
0x
F0E0
0x
F0E4
0x
F0E8
0x
F0EC
0x
F0F0
0x
F0F4
0x
F0F8
0x
F0FC
0x
F100
0x
F104
0x
F108
0x
F10C
0x
F110
0x
F114
0x
F118
0x
F11C
0x
F120
0x
F124
0x
F128
0x
F12C
0x
F130
0x
F134
0x
F138
0x
F13C
0x
F140
0x
F144
0x
F148
0x
F14C
0x
F150
0x
F154
0x
F158
0x
F15C
0x
F160
0x
F164
0x
F168
0x
F16C
0x
F170
0x
F174
0x
F178
0x
F17C
0x
F180
0x
F184
0x
F188
0x
F18C
0x
F190
0x
F194
0x
F198
0x
F19C
0x
F1A0
0x
F1A4
0x
F1A8
0x
F1AC
0x
F1B0
0x
F1B4
0x
F1B8
0x
F1BC
0x
F1C0
0x
F1C4
0x
F1C8
0x
F1CC
0x
F1D0
0x
F1D4
0x
F1D8
0x
F1DC
0x
F1E0
0x
F1E4
0x
F1E8
0x
F1EC
0x
F1F0
0x
F1F4
0x
F1F8
0x
F1FC
0x
F200
0x
F204
0x
F208
0x
F20C
0x
F210
0x
F214
0x
F218
0x
F21C
0x
F220
0x
F224
0x
F228
0x
F22C
0x
F230
0x
F234
0x
F238
0x
F23C
0x
F240
0x
F244
0x
F248
0x
F24C
0x
F250
0x
F254
0x
F258
0x
F25C
0x
F260
0x
F264
0x
F268
0x
F26C
0x
F270
0x
F274
0x
F278
0x
F27C
0x
F280
0x
F284
0x
F288
0x
F28C
0x
F290
0x
F294
0x
F298
0x
F29C
0x
F2A0
0x
F2A4
0x
F2A8
0x
F2AC
0x
F2B0
0x
F2B4
0x
F2B8
0x
F2BC
0x
F2C0
0x
F2C4
0x
F2C8
0x
F2CC
0x
F2D0
0x
F2D4
0x
F2D8
0x
F2DC
0x
F2E0
0x
F2E4
0x
F2E8
0x
F2EC
0x
F2F0
0x
F2F4
0x
F2F8
0x
F2FC
0x
F300
0x
F304
0x
F308
0x
F30C
0x
F310
0x
F314
0x
F318
0x
F31C
0x
F320
0x
F324
0x
F328
0x
F32C
0x
F330
0x
F334
0x
F338
0x
F33C
0x
F340
0x
F344
0x
F348
0x
F34C
0x
F350
0x
F354
0x
F358
0x
F35C
0x
F360
0x
F368
0x
F36C
0x
F370
0x
F374
0x
F378
0x
F37C
0x
F380
0x
F384
0x
F388
0x
F38C
0x
F390
0x
F394
0x
F398
0x
F39C
0x
F3A0
0x
F3A4
0x
F3A8
0x
F3AC
0x
F3B0
0x
F3B4
0x
F3B8
0x
F3BC
0x
F3C0
0x
F3C4
0x
F3C8
0x
F3CC
0x
F3D0
0x
F3D4
0x
F3D8
0x
F3DC
0x
F3E0
0x
F3E4
0x
F3E8
0x
F3EC
0x
F3F0
0x
F3F4
0x
F3F8
0x
F3FC
0x
E0DC
0x
F404
0x
F408
0x
F40C
0x
F410
0x
F414
0x
F418
0x
F41C
0x
F420
0x
F424
0x
F428
0x
F42C
0x
F430
0x
F434
0x
F438
0x
F43C
0x
F440
0x
F444
0x
F448
0x
F44C
0x
F450
0x
F454
0x
F458
0x
F45C
0x
F460
0x
F464
0x
F468
0x
F46C
0x
F470
0x
F474
0x
F478
0x
F47C
0x
F480
0x
F484
0x
F488
0x
F48C
0x
F490
0x
F494
0x
F498
0x
F49C
0x
F4A0
0x
F4B4
0x
F4B8
0x
F4BC
0x
F4C0
0x
F4C4
0x
F4C8
0x
F4CC
0x
F4D0
0x
F4D4
0x
F4D8
0x
F4EC
0x
F4F0
0x
F4F4
0x
F4F8
0x
F4FC
0x
F500
0x
F504
0x
F508
0x
F50C
0x
F510
0x
F514
0x
F518
0x
F51C
0x
F520
0x
F524
0x
F528
0x
F52C
0x
F530
0x
F534
0x
F538
0x
F53C
0x
F540
0x
F544
0x
F548
0x
F54C
0x
F550
0x
F554
0x
F560
0x
F564
0x
F568
0x
F56C
0x
F570
0x
F574
0x
F578
0x
F57C
0x
F580
0x
F584
0x
F588
0x
F58C
0x
F590
0x
F594
0x
F598
0x
F59C
0x
F5A0
0x
F5A4
0x
F5A8
0x
F5AC
0x
F5B0
0x
F5B4
0x
F5B8
0x
F5BC
0x
F5C0
0x
F5C4
0x
F5C8
0x
F5CC
0x
F5D0
0x
F5D4
0x
F5D8
0x
F5DC
0x
F5E0
0x
F5E4
0x
F5E8
0x
F5EC
0x
F5F0
0x
F5F4
0x
F5F8
0x
F5FC
0x
F604
0x
F608
0x
F60C
0x
F610
0x
F614
0x
F618
0x
F61C
0x
F620
0x
F624
0x
F628
0x
F62C
0x
F630
0x
F634
0x
F638
0x
F63C
0x
F640
0x
F644
0x
F648
0x
F64C
0x
F650
0x
F654
0x
F658
0x
F65C
0x
F660
0x
F664
0x
F668
0x
F66C
0x
F670
0x
F674
0x
F678
0x
F67C
0x
F680
0x
F684
0x
F688
0x
F68C
0x
F690
0x
F694
0x
F698
0x
F69C
0x
F6A0
0x
F6A4
0x
F6AC
0x
F6B0
0x
F6B4
0x
F6B8
0x
F6BC
0x
F6C0
0x
F6C4
0x
F6C8
0x
F6CC
0x
F6D0
0x
F6D4
0x
F6D8
0x
F6DC
0x
F6E0
0x
F6E4
0x
F6E8
0x
F6EC
0x
F6F0
0x
F6F4
0x
F6F8
0x
F6FC
0x
F700
0x
F704
0x
F708
0x
F70C
0x
F710
0x
F714
0x
F718
0x
F71C
0x
F720
0x
F724
0x
F728
0x
F72C
0x
F730
0x
F734
0x
F738
0x
F73C
0x
F740
0x
F744
0x
F748
0x
F74C
0x
F750
0x
F754
0x
F758
0x
F75C
0x
F760
0x
F764
0x
F768
0x
F76C
0x
F770
0x
F774
0x
F778
0x
F77C
0x
F780
0x
F784
0x
F788
0x
F78C
0x
F790
0x
F794
0x
F798
0x
F79C
0x
F7A0
0x
F7A4
0x
F7A8
0x
F7AC
0x
F7B0
0x
F7B4
0x
F7B8
0x
F7BC
0x
F7C0
0x
F7C4
0x
F7C8
0x
F7CC
0x
F7D0
0x
F7D4
0x
F7D8
0x
F7DC
0x
F7E0
0x
F7E4
0x
F7E8
0x
F7EC
0x
F7F0
0x
F7F4
0x
F7FC
0x
F36C
0x
F4E8
0x
F804
0x
F808
0x
F80C
0x
F810
0x
F814
0x
F818
0x
F81C
0x
F820
0x
F824
0x
F828
0x
F82C
0x
F830
0x
F834
0x
F838
0x
F83C
0x
F840
0x
F844
0x
F848
0x
F84C
0x
F850
0x
F854
0x
F858
0x
F85C
0x
F860
0x
F864
0x
F868
0x
F86C
0x
F870
0x
F874
0x
F878
0x
F87C
0x
F880
0x
F884
0x
F888
0x
F88C
0x
F894
0x
F898
0x
F89C
0x
F8A0
0x
F8A4
0x
F8A8
0x
F8AC
0x
F8B0
0x
F8B4
0x
F8B8
0x
F8BC
0x
F8C0
0x
F8C4
0x
F8C8
0x
F8CC
0x
F8D0
0x
F8D4
0x
F8D8
0x
F8DC
0x
F8E0
0x
F8E4
0x
F8E8
0x
F8EC
0x
F8F0
0x
F8F4
0x
F8F8
0x
F8FC
0x
F900
0x
F904
0x
F908
0x
F90C
0x
F910
0x
F914
0x
F918
0x
F920
0x
F924
0x
F928
0x
F92C
0x
F930
0x
F934
0x
F938
0x
F93C
0x
F940
0x
F944
0x
F948
0x
F94C
0x
F950
0x
F954
0x
F958
0x
F95C
0x
F960
0x
F964
0x
F968
0x
F96C
0x
F970
0x
F974
0x
F978
0x
F97C
0x
F980
0x
F984
0x
F988
0x
F98C
0x
F990
0x
F994
0x
F998
0x
F99C
0x
F9A0
0x
F9A4
0x
F9A8
0x
F9B4
0x
F9B8
0x
F9BC
0x
F9C0
0x
F9C4
0x
F9C8
0x
F9CC
0x
F9D0
0x
F9D4
0x
F9D8
0x
F9DC
0x
F9E0
0x
F9E4
0x
F9E8
0x
F9EC
0x
F9F0
0x
F9F4
0x
F9F8
0x
F9FC
0x
FA00
0x
FA04
0x
FA08
0x
FA0C
0x
FA10
0x
FA14
0x
FA18
0x
FA1C
0x
FA20
0x
FA24
0x
FA28
0x
FA2C
0x
FA30
0x
FA34
0x
FA38
0x
FA3C
0x
FA40
0x
FA48
0x
FA4C
0x
FA50
0x
FA54
0x
FA58
0x
FA5C
0x
FA60
0x
FA64
0x
FA68
0x
FA6C
0x
FA70
0x
FA74
0x
FA78
0x
FA7C
0x
FA80
0x
FA84
0x
FA88
0x
FA8C
0x
FA90
0x
FA94
0x
FA98
0x
FA9C
0x
FAA0
0x
FAA4
0x
FAA8
0x
FAAC
0x
FAB0
0x
FAB4
0x
FAB8
0x
FABC
0x
FAC0
0x
FAC4
0x
FAC8
0x
FACC
0x
FAD0
0x
FAD4
0x
FADC
0x
FAE0
0x
FAE4
0x
FAE8
0x
FAEC
0x
FAF0
0x
FAF4
0x
FAF8
0x
FAFC
0x
FB00
0x
FB04
0x
FB08
0x
FB0C
0x
FB10
0x
FB14
0x
FB18
0x
FB1C
0x
FB20
0x
FB24
0x
FB28
0x
FB2C
0x
FB30
0x
FB34
0x
FB38
0x
FB3C
0x
FB40
0x
FB44
0x
FB48
0x
FB4C
0x
FB50
0x
FB54
0x
FB58
0x
FB5C
0x
FB60
0x
FB64
0x
FB68
0x
FB70
0x
FB74
0x
FB78
0x
FB7C
0x
FB80
0x
FB84
0x
FB88
0x
FB8C
0x
FB90
0x
FB94
0x
FB98
0x
FB9C
0x
FBA0
0x
FBA4
0x
FBA8
0x
FBAC
0x
FBB0
0x
FBB4
0x
FBB8
0x
FBBC
0x
FBC0
0x
FBC4
0x
FBC8
0x
FBCC
0x
FBD0
0x
FBD4
0x
FBD8
0x
FBDC
0x
FBE0
0x
FBE4
0x
FBE8
0x
FBEC
0x
FBF0
0x
FBF4
0x
FBF8
0x
FBFC
0x
F4E0
0x
FC04
0x
FC08
0x
FC0C
0x
FC10
0x
FC14
0x
FC18
0x
FC1C
0x
FC20
0x
FC24
0x
FC28
0x
FC2C
0x
FC30
0x
FC3C
0x
FC40
0x
FC44
0x
FC48
0x
FC4C
0x
FC50
0x
FC54
0x
FC58
0x
FC5C
0x
FC60
0x
FC64
0x
FC68
0x
FC6C
0x
FC70
0x
FC74
0x
FC78
0x
FC7C
0x
FC80
0x
FC84
0x
FC88
0x
FC8C
0x
FC90
0x
FC94
0x
FC98
0x
FC9C
0x
FCA0
0x
FCA4
0x
FCA8
0x
FCAC
0x
FCB0
0x
FCB4
0x
FCB8
0x
FCBC
0x
FCC0
0x
FCC4
0x
FCC8
0x
FCCC
0x
FCD0
0x
FCD4
0x
FCD8
0x
FCDC
0x
FCE0
0x
FCE4
0x
FCE8
0x
FCEC
0x
FCF0
0x
FCF4
0x
FCF8
0x
FCFC
0x
FD00
0x
FD04
0x
FD08
0x
FD0C
0x
FD10
0x
FD14
0x
FD18
0x
FD1C
0x
FD20
0x
FD24
0x
FD28
0x
FD2C
0x
FD30
0x
FD34
0x
FD38
0x
FD3C
0x
FD40
0x
FD44
0x
FD48
0x
FD4C
0x
FD50
0x
FD54
0x
FD58
0x
FD5C
0x
FD60
0x
FD64
0x
FD68
0x
FD6C
0x
FD70
0x
FD74
0x
FD80
0x
FD84
0x
FD88
0x
FD8C
0x
FD90
0x
FD94
0x
FD98
0x
FD9C
0x
FDA0
0x
FDA4
0x
FDA8
0x
FDAC
0x
FDB0
0x
FDB4
0x
FDB8
0x
FDBC
0x
FDC0
0x
FDC4
0x
FDC8
0x
FDCC
0x
FDD0
0x
FDD4
0x
FDD8
0x
FDDC
0x
FDE0
0x
FDE4
0x
FDE8
0x
FDEC
0x
FDF0
0x
FDF4
0x
FDF8
0x
FDFC
0x
FE00
0x
FE04
0x
FE08
0x
FE0C
0x
FE10
0x
FE14
0x
FE18
0x
FE1C
0x
FE20
0x
FE24
0x
FE28
0x
FE2C
0x
FE30
0x
FE34
0x
FE38
0x
FE3C
0x
FE40
0x
FE44
0x
FE48
0x
FE4C
0x
FE50
0x
FE54
0x
FE58
0x
FE5C
0x
FE60
0x
FE64
0x
FE68
0x
FE6C
0x
FE70
0x
FE74
0x
FE78
0x
FE7C
0x
FE80
0x
FE84
0x
FE88
0x
FE8C
0x
FE90
0x
FE94
0x
FEA0
0x
FEA4
0x
FEA8
0x
FEAC
0x
FEB0
0x
FEB4
0x
FEB8
0x
FEBC
0x
FEC0
0x
FEC4
0x
FEC8
0x
FECC
0x
FED0
0x
FED4
0x
FED8
0x
FEDC
0x
FEE0
0x
FEE4
0x
FEE8
0x
FEEC
0x
FEF0
0x
FEF4
0x
FEF8
0x
FEFC
0x
FF00
0x
FF04
0x
FF08
0x
FF0C
0x
FF10
0x
FF14
0x
FF18
0x
FF1C
0x
FF20
0x
FF24
0x
FF28
0x
FF2C
0x
FF30
0x
FF34
0x
FF38
0x
FF3C
0x
FF40
0x
FF44
0x
FF48
0x
FF4C
0x
FF50
0x
FF54
0x
FF58
0x
FF5C
0x
FF60
0x
FF64
0x
FF68
0x
FF6C
0x
FF70
0x
FF74
0x
FF78
0x
FF7C
0x
FF80
0x
FF84
0x
FF88
0x
FF8C
0x
FF90
0x
FF94
0x
FF98
0x
FF9C
0x
FFA0
0x
FFA4
0x
FFA8
0x
FFAC
0x
FFB0
0x
FFB4
0x
FFB8
0x
FFBC
0x
FFC0
0x
FFC4
0x
FFC8
0x
FFCC
0x
FFD0
0x
FFD4
0x
FFD8
0x
FFDC
0x
FFE0
0x
FFE4
0x
FFE8
0x
FFEC
0x
FFF0
0x
FFF4
0x
FFF8
0x
FFFC
0x
F368
0x
10004
0x
10008
0x
1000C
0x
10010
0x
10014
0x
10018
0x
1001C
0x
10020
0x
10024
0x
10028
0x
1002C
0x
10030
0x
10034
0x
10038
0x
1003C
0x
10040
0x
10044
0x
10048
0x
1004C
0x
10050
0x
10054
0x
10058
0x
1005C
0x
10060
0x
10064
0x
10068
0x
1006C
0x
10070
0x
10074
0x
10078
0x
1007C
0x
10080
0x
10084
0x
10088
0x
10090
0x
10094
0x
10098
0x
1009C
0x
100A0
0x
100A4
0x
100A8
0x
100AC
0x
100B0
0x
100B4
0x
100B8
0x
100BC
0x
100C0
0x
100C4
0x
100C8
0x
100CC
0x
100D0
0x
100D4
0x
100D8
0x
100DC
0x
100E0
0x
100E4
0x
100E8
0x
100EC
0x
100F0
0x
100F4
0x
100F8
0x
100FC
0x
10100
0x
10104
0x
10108
0x
1010C
0x
10110
0x
10114
0x
10118
0x
10120
0x
10124
0x
10128
0x
1012C
0x
10130
0x
10134
0x
10138
0x
1013C
0x
10140
0x
10144
0x
10148
0x
1014C
0x
10150
0x
10154
0x
10158
0x
1015C
0x
10160
0x
10164
0x
10168
0x
1016C
0x
10170
0x
10174
0x
10178
0x
1017C
0x
10180
0x
10184
0x
10188
0x
1018C
0x
10190
0x
10194
0x
10198
0x
1019C
0x
101A0
0x
101A4
0x
101A8
0x
101AC
0x
101B0
0x
101B4
0x
101B8
0x
101BC
0x
101C0
0x
101C4
0x
101C8
0x
101CC
0x
101D0
0x
101D4
0x
101D8
0x
101DC
0x
101E0
0x
101E4
0x
101E8
0x
101EC
0x
101F0
0x
101F4
0x
101F8
0x
101FC
0x
10200
0x
10204
0x
10208
0x
1020C
0x
10210
0x
10214
0x
10218
0x
1021C
0x
10220
0x
10224
0x
10228
0x
1022C
0x
10230
0x
10234
0x
10238
0x
1023C
0x
10240
0x
10244
0x
10248
0x
1024C
0x
10250
0x
10254
0x
10258
0x
1025C
0x
10260
0x
10264
0x
10268
0x
1026C
0x
10270
0x
10274
0x
10278
0x
1027C
0x
10280
0x
10284
0x
10288
0x
1028C
0x
10290
0x
10294
0x
10298
0x
1029C
0x
102A0
0x
102A4
0x
102A8
0x
102AC
0x
102B0
0x
102B4
0x
102B8
0x
102BC
0x
102C0
0x
102C4
0x
102C8
0x
102CC
0x
102D0
0x
102D4
0x
102D8
0x
102DC
0x
102E0
0x
102E4
0x
102E8
0x
102EC
0x
102F0
0x
102F4
0x
102F8
0x
102FC
0x
10300
0x
10304
0x
10308
0x
1030C
0x
10310
0x
10314
0x
10318
0x
1031C
0x
10320
0x
10324
0x
10328
0x
1032C
0x
10330
0x
10334
0x
10338
0x
1033C
0x
10340
0x
10344
0x
10348
0x
1034C
0x
10350
0x
10354
0x
10358
0x
1035C
0x
10360
0x
10364
0x
10368
0x
1036C
0x
10370
0x
10374
0x
10378
0x
1037C
0x
10380
0x
10384
0x
10388
0x
1038C
0x
10390
0x
10394
0x
10398
0x
1039C
0x
103A0
0x
103A4
0x
103A8
0x
103AC
0x
103B0
0x
103B4
0x
103B8
0x
103BC
0x
103C0
0x
103C4
0x
103C8
0x
103CC
0x
103D0
0x
103D4
0x
103D8
0x
103DC
0x
103E0
0x
103E4
0x
103E8
0x
103EC
0x
103F0
0x
103F4
0x
103F8
0x
103FC
0x
10404
0x
10408
0x
1040C
0x
10410
0x
10414
0x
10418
0x
1041C
0x
10420
0x
10424
0x
10428
0x
1042C
0x
10430
0x
10434
0x
10438
0x
1043C
0x
10440
0x
10444
0x
10448
0x
1044C
0x
10450
0x
10454
0x
10458
0x
1045C
0x
10460
0x
10464
0x
10468
0x
1046C
0x
10470
0x
10474
0x
10478
0x
1047C
0x
10480
0x
10484
0x
10488
0x
1048C
0x
10490
0x
10494
0x
10498
0x
1049C
0x
104A0
0x
104A4
0x
104A8
0x
104AC
0x
104B0
0x
104B4
0x
104B8
0x
104BC
0x
104C0
0x
104C4
0x
104C8
0x
104CC
0x
104D0
0x
104D4
0x
104D8
0x
104DC
0x
104E0
0x
104E4
0x
104E8
0x
104EC
0x
104F0
0x
104F4
0x
104F8
0x
104FC
0x
10500
0x
10504
0x
10508
0x
1050C
0x
10510
0x
10514
0x
10518
0x
1051C
0x
10520
0x
10524
0x
10528
0x
1052C
0x
10530
0x
10534
0x
10538
0x
1053C
0x
10540
0x
10544
0x
10548
0x
1054C
0x
10550
0x
10554
0x
10558
0x
1055C
0x
10560
0x
10564
0x
10568
0x
1056C
0x
10570
0x
10574
0x
10578
0x
1057C
0x
10580
0x
10584
0x
10588
0x
1058C
0x
10590
0x
10594
0x
10598
0x
1059C
0x
105A0
0x
105A4
0x
105A8
0x
105AC
0x
105B0
0x
105B4
0x
105B8
0x
105BC
0x
105C0
0x
105C4
0x
105C8
0x
105CC
0x
105D0
0x
105D4
0x
105D8
0x
105DC
0x
105E0
0x
105E4
0x
105E8
0x
105EC
0x
105F0
0x
105F4
0x
105F8
0x
105FC
0x
10600
0x
10604
0x
10608
0x
1060C
0x
10610
0x
10614
0x
10618
0x
1061C
0x
10620
0x
10624
0x
10628
0x
1062C
0x
10630
0x
10634
0x
10638
0x
1063C
0x
10640
0x
10644
0x
10648
0x
1064C
0x
10650
0x
10654
0x
10658
0x
1065C
0x
10660
0x
10664
0x
10668
0x
1066C
0x
10670
0x
10674
0x
10678
0x
1067C
0x
10680
0x
10684
0x
10688
0x
1068C
0x
10690
0x
10694
0x
10698
0x
1069C
0x
106A0
0x
106A4
0x
106A8
0x
106AC
0x
106B0
0x
106B4
0x
106B8
0x
106BC
0x
106C0
0x
106C4
0x
106C8
0x
106CC
0x
106D0
0x
106D4
0x
106D8
0x
106DC
0x
106E0
0x
106E4
0x
106E8
0x
106EC
0x
106F0
0x
106F4
0x
106F8
0x
106FC
0x
10700
0x
10704
0x
10708
0x
1070C
0x
10710
0x
10714
0x
10718
0x
1071C
0x
10720
0x
10724
0x
10728
0x
1072C
0x
10730
0x
10734
0x
10738
0x
1073C
0x
10740
0x
10744
0x
10748
0x
1074C
0x
10750
0x
10754
0x
10758
0x
1075C
0x
10760
0x
10764
0x
10768
0x
1076C
0x
10770
0x
10774
0x
10778
0x
1077C
0x
10780
0x
10784
0x
10788
0x
1078C
0x
10790
0x
10794
0x
10798
0x
1079C
0x
107A0
0x
107A4
0x
107A8
0x
107AC
0x
107B0
0x
107B4
0x
107B8
0x
107BC
0x
107C0
0x
107C4
0x
107C8
0x
107CC
0x
107D0
0x
107D4
0x
107D8
0x
107DC
0x
107E0
0x
107E4
0x
107E8
0x
107EC
0x
107F0
0x
107F4
0x
107F8
0x
107FC
0x
6A6C
0x
10804
0x
10808
0x
1080C
0x
10810
0x
10814
0x
10818
0x
1081C
0x
10820
0x
10824
0x
10828
0x
1082C
0x
10830
0x
10834
0x
10838
0x
1083C
0x
10840
0x
10844
0x
10848
0x
1084C
0x
10850
0x
10854
0x
10858
0x
1085C
0x
10860
0x
10864
0x
10868
0x
1086C
0x
10870
0x
10874
0x
10878
0x
1087C
0x
10880
0x
10884
0x
10888
0x
1088C
0x
10890
0x
10894
0x
10898
0x
1089C
0x
108A0
0x
108A4
0x
108A8
0x
108AC
0x
108B0
0x
108B4
0x
108B8
0x
108BC
0x
108C0
0x
108C4
0x
108C8
0x
108CC
0x
108D0
0x
108D4
0x
108D8
0x
108DC
0x
108E0
0x
108E4
0x
108E8
0x
108EC
0x
108F0
0x
108F4
0x
108F8
0x
108FC
0x
10900
0x
10904
0x
10908
0x
1090C
0x
10910
0x
10914
0x
10918
0x
1091C
0x
10920
0x
10924
0x
10928
0x
10930
0x
10934
0x
10938
0x
1093C
0x
10940
0x
10944
0x
10948
0x
1094C
0x
10950
0x
10954
0x
10958
0x
1095C
0x
10960
0x
10964
0x
10968
0x
1096C
0x
10970
0x
10974
0x
10978
0x
1097C
0x
10980
0x
10984
0x
10988
0x
1098C
0x
10990
0x
10994
0x
10998
0x
1099C
0x
109A0
0x
109A4
0x
109A8
0x
109AC
0x
109B0
0x
109B4
0x
109B8
0x
109BC
0x
109C0
0x
109C4
0x
109C8
0x
109CC
0x
109D0
0x
109D4
0x
109D8
0x
109DC
0x
109E0
0x
109E4
0x
109E8
0x
109EC
0x
109F0
0x
109F4
0x
109F8
0x
109FC
0x
10A00
0x
10A04
0x
10A08
0x
10A0C
0x
10A10
0x
10A14
0x
10A18
0x
10A1C
0x
10A20
0x
10A24
0x
10A28
0x
10A2C
0x
10A30
0x
10A3C
0x
10A40
0x
10A44
0x
10A48
0x
10A4C
0x
10A50
0x
10A54
0x
10A58
0x
10A5C
0x
10A60
0x
10A64
0x
10A68
0x
10A6C
0x
10A70
0x
10A74
0x
10A78
0x
10A7C
0x
10A80
0x
10A84
0x
10A88
0x
10A8C
0x
10A90
0x
10A94
0x
10A98
0x
10A9C
0x
10AA0
0x
10AA4
0x
10AA8
0x
10AAC
0x
10AB0
0x
10AB4
0x
10AB8
0x
10ABC
0x
10AC0
0x
10AC4
0x
10AC8
0x
10ACC
0x
10AD0
0x
10AD4
0x
10AD8
0x
10ADC
0x
10AE0
0x
10AE4
0x
10AE8
0x
10AEC
0x
10AF0
0x
10AF4
0x
10AF8
0x
10AFC
0x
10B00
0x
10B04
0x
10B08
0x
10B0C
0x
10B10
0x
10B14
0x
10B18
0x
10B1C
0x
10B20
0x
10B24
0x
10B28
0x
10B2C
0x
10B30
0x
10B34
0x
10B38
0x
10B3C
0x
10B40
0x
10B44
0x
10B48
0x
10B4C
0x
10B50
0x
10B54
0x
10B58
0x
10B5C
0x
10B60
0x
10B64
0x
10B68
0x
10B6C
0x
10B70
0x
10B74
0x
10B78
0x
10B7C
0x
10B80
0x
10B84
0x
10B88
0x
10B8C
0x
10B90
0x
10B94
0x
10B98
0x
10B9C
0x
10BA0
0x
10BA4
0x
10BA8
0x
10BAC
0x
10BB0
0x
10BB4
0x
10BB8
0x
10BBC
0x
10BC0
0x
10BC4
0x
10BC8
0x
10BCC
0x
10BD0
0x
10BD8
0x
10BDC
0x
10BE0
0x
10BE4
0x
10BE8
0x
10BEC
0x
10BF0
0x
10BF4
0x
10BF8
0x
10BFC
0x
FD7C
0x
1008C
0x
FD78
0x
F4B0
0x
FE9C
0x
1011C
0x
FE98
0x
F4A8
0x
F6A8
0x
FAD8
0x
F91C
0x
FC38
0x
F7F8
0x
F4AC
0x
F9B0
0x
F4A4
0x
F9AC
0x
F55C
0x
F4E4
0x
FA44
0x
F558
0x
F4DC
0x
10C04
0x
10C08
0x
10C0C
0x
10C10
0x
10C14
0x
10C18
0x
10C1C
0x
10C20
0x
10C24
0x
10C28
0x
10C2C
0x
10C30
0x
10C34
0x
10C38
0x
10C3C
0x
10C40
0x
10C44
0x
10C48
0x
10C4C
0x
10C50
0x
10C54
0x
10C58
0x
10C5C
0x
10C60
0x
10C64
0x
10C68
0x
10C6C
0x
10C70
0x
10C74
0x
10C78
0x
10C7C
0x
10C80
0x
10C84
0x
10C88
0x
10C8C
0x
10C90
0x
10C94
0x
10C98
0x
10C9C
0x
10CA0
0x
10CA4
0x
10CA8
0x
10CAC
0x
10CB0
0x
10CB4
0x
10CB8
0x
10CBC
0x
10CC0
0x
10CC4
0x
10CC8
0x
10CCC
0x
10CD0
0x
10CD4
0x
10CD8
0x
10CDC
0x
10CE0
0x
10CE4
0x
10CE8
0x
10CEC
0x
10CF0
0x
10CF4
0x
10CF8
0x
10CFC
0x
10D00
0x
10D04
0x
10D08
0x
10D0C
0x
10D10
0x
10D14
0x
10D18
0x
10D1C
0x
10D20
0x
10D24
0x
10D28
0x
10D2C
0x
10D30
0x
10D34
0x
10D38
0x
10D3C
0x
10D40
0x
10D44
0x
10D48
0x
10D4C
0x
10D50
0x
10D54
0x
10D58
0x
10D5C
0x
10D60
0x
10D64
0x
10D68
0x
10D6C
0x
10D70
0x
10D74
0x
10D78
0x
10D7C
0x
10D80
0x
10D84
0x
10D88
0x
10D8C
0x
10D90
0x
10D94
0x
10D98
0x
10D9C
0x
10DA0
0x
10DA4
0x
10DA8
0x
10DAC
0x
10DB0
0x
10DB4
0x
10DB8
0x
10DBC
0x
10DC0
0x
10DC4
0x
10DC8
0x
10DCC
0x
10DD0
0x
10DD4
0x
10DD8
0x
10DDC
0x
10DE0
0x
10DE4
0x
10DE8
0x
10DEC
0x
10DF0
0x
10DF4
0x
10DF8
0x
10DFC
0x
10E00
0x
10E04
0x
10E08
0x
10E0C
0x
10E10
0x
10E14
0x
10E18
0x
10E1C
0x
10E20
0x
10E24
0x
10E28
0x
10E2C
0x
10E30
0x
10E34
0x
10E38
0x
10E3C
0x
10E40
0x
10E44
0x
10E48
0x
10E4C
0x
10E50
0x
10E54
0x
10E58
0x
10E5C
0x
10E60
0x
10E64
0x
10E68
0x
10E6C
0x
10E70
0x
10E74
0x
10E78
0x
10E7C
0x
10E80
0x
10E84
0x
10E88
0x
10E8C
0x
10E90
0x
10E94
0x
10E98
0x
10E9C
0x
10EA0
0x
10EA4
0x
10EA8
0x
10EAC
0x
10EB0
0x
10EB4
0x
10EB8
0x
10EBC
0x
10EC0
0x
10EC4
0x
10EC8
0x
10ECC
0x
10ED0
0x
10ED4
0x
10ED8
0x
10EDC
0x
10EE0
0x
10EE4
0x
10EE8
0x
10EEC
0x
10EF0
0x
10EF4
0x
10EF8
0x
10EFC
0x
10F00
0x
10F04
0x
10F08
0x
10F0C
0x
10F10
0x
10F14
0x
10F18
0x
10F1C
0x
10F20
0x
10F24
0x
10F28
0x
10F2C
0x
10F30
0x
10F34
0x
10F38
0x
10F3C
0x
10F40
0x
10F44
0x
10F48
0x
10F4C
0x
10F50
0x
10F54
0x
10F58
0x
10F5C
0x
10F60
0x
10F64
0x
10F68
0x
10F6C
0x
10F70
0x
10F74
0x
10F78
0x
10F7C
0x
10F80
0x
10F84
0x
10F88
0x
10F8C
0x
10F90
0x
10F94
0x
10F98
0x
10F9C
0x
10FA0
0x
10FA4
0x
10FA8
0x
10FAC
0x
10FB0
0x
10FB4
0x
10FB8
0x
10FBC
0x
10FC0
0x
10FC4
0x
10FC8
0x
10FCC
0x
10FD0
0x
10FD4
0x
10FD8
0x
10FDC
0x
10FE0
0x
10FE4
0x
10FE8
0x
10FEC
0x
10FF0
0x
10FF4
0x
10FF8
0x
10FFC
0x
11004
0x
11008
0x
1100C
0x
11010
0x
11014
0x
11018
0x
1101C
0x
11020
0x
11024
0x
11028
0x
1102C
0x
11030
0x
11034
0x
11038
0x
1103C
0x
11040
0x
11044
0x
11048
0x
1104C
0x
11050
0x
11054
0x
11058
0x
1105C
0x
11060
0x
11064
0x
11068
0x
1106C
0x
11070
0x
11074
0x
11078
0x
1107C
0x
11080
0x
11084
0x
11088
0x
1108C
0x
11090
0x
11094
0x
11098
0x
1109C
0x
110A0
0x
110A4
0x
110A8
0x
110AC
0x
110B0
0x
110B4
0x
110B8
0x
110BC
0x
110C0
0x
110C4
0x
110C8
0x
110CC
0x
110D0
0x
110D4
0x
110D8
0x
110DC
0x
110E0
0x
110E4
0x
110E8
0x
110EC
0x
110F0
0x
110F4
0x
110F8
0x
110FC
0x
11100
0x
11104
0x
11108
0x
1110C
0x
11110
0x
11114
0x
11118
0x
1111C
0x
11120
0x
11124
0x
11128
0x
1112C
0x
11130
0x
11134
0x
11138
0x
1113C
0x
11140
0x
11144
0x
11148
0x
1114C
0x
11150
0x
11154
0x
11158
0x
1115C
0x
11160
0x
11164
0x
11168
0x
1116C
0x
11170
0x
11174
0x
11178
0x
1117C
0x
11180
0x
11184
0x
11188
0x
1118C
0x
11190
0x
11194
0x
11198
0x
1119C
0x
111A0
0x
111A4
0x
111A8
0x
111AC
0x
111B0
0x
111B4
0x
111B8
0x
111BC
0x
111C0
0x
111C4
0x
111C8
0x
111CC
0x
111D0
0x
111D4
0x
111D8
0x
111DC
0x
111E0
0x
111E4
0x
111E8
0x
111EC
0x
111F0
0x
111F4
0x
111F8
0x
111FC
0x
11200
0x
11204
0x
11208
0x
1120C
0x
11210
0x
11214
0x
11218
0x
1121C
0x
11220
0x
11224
0x
11228
0x
1122C
0x
11230
0x
11234
0x
11238
0x
1123C
0x
11240
0x
11244
0x
11248
0x
1124C
0x
11250
0x
11254
0x
11258
0x
1125C
0x
11260
0x
11264
0x
11268
0x
1126C
0x
11270
0x
11274
0x
11278
0x
1127C
0x
11280
0x
11284
0x
11288
0x
1128C
0x
11290
0x
11294
0x
11298
0x
1129C
0x
112A0
0x
112A4
0x
112A8
0x
112AC
0x
112B0
0x
112B4
0x
112B8
0x
112BC
0x
112C0
0x
112C4
0x
112C8
0x
112CC
0x
112D0
0x
112D4
0x
112D8
0x
112E4
0x
112E8
0x
112EC
0x
112F0
0x
112F4
0x
112F8
0x
112FC
0x
11300
0x
11304
0x
11308
0x
1130C
0x
11310
0x
11314
0x
11318
0x
1131C
0x
11320
0x
11324
0x
11330
0x
11334
0x
11338
0x
1133C
0x
11340
0x
11344
0x
11348
0x
1134C
0x
11350
0x
11354
0x
11358
0x
1135C
0x
11360
0x
11364
0x
11368
0x
1136C
0x
11370
0x
11374
0x
11378
0x
1137C
0x
11380
0x
11384
0x
11388
0x
1138C
0x
11390
0x
11394
0x
11398
0x
1139C
0x
113A0
0x
113A4
0x
113A8
0x
113AC
0x
113B0
0x
113B4
0x
113B8
0x
113BC
0x
113C0
0x
113C4
0x
113C8
0x
113CC
0x
113D0
0x
113D4
0x
113D8
0x
113DC
0x
113E0
0x
113E4
0x
113E8
0x
113EC
0x
113F0
0x
113F4
0x
113F8
0x
113FC
0x
112DC
0x
FB6C
0x
D234
0x
B010
0x
1874
0x
7424
0x
11404
0x
11408
0x
1140C
0x
11410
0x
11414
0x
11418
0x
1141C
0x
11420
0x
11424
0x
11428
0x
1142C
0x
11430
0x
11434
0x
11438
0x
1143C
0x
11440
0x
11444
0x
11448
0x
1144C
0x
11450
0x
11454
0x
11458
0x
1145C
0x
11460
0x
11464
0x
11468
0x
1146C
0x
11470
0x
11474
0x
11478
0x
1147C
0x
11480
0x
11484
0x
11488
0x
1148C
0x
11490
0x
11494
0x
11498
0x
1149C
0x
114A0
0x
114A4
0x
114A8
0x
114AC
0x
114B0
0x
114B4
0x
114B8
0x
114BC
0x
114C0
0x
114C4
0x
114C8
0x
114CC
0x
114D0
0x
114D4
0x
114D8
0x
114DC
0x
114E0
0x
114E4
0x
114E8
0x
114EC
0x
114F0
0x
114F4
0x
114F8
0x
114FC
0x
11500
0x
11504
0x
11508
0x
1150C
0x
11510
0x
11514
0x
11518
0x
1151C
0x
11520
0x
11528
0x
1152C
0x
11530
0x
11534
0x
11538
0x
1153C
0x
11540
0x
11544
0x
11548
0x
1154C
0x
11550
0x
11554
0x
11558
0x
1155C
0x
11560
0x
11564
0x
11568
0x
1156C
0x
11570
0x
11574
0x
11578
0x
1157C
0x
11580
0x
11584
0x
11588
0x
1158C
0x
11590
0x
11594
0x
11598
0x
1159C
0x
115A0
0x
115A4
0x
115A8
0x
115AC
0x
115B0
0x
115B4
0x
115B8
0x
115BC
0x
115C0
0x
115C4
0x
115C8
0x
115CC
0x
115D0
0x
115D4
0x
115D8
0x
115DC
0x
115E0
0x
115E4
0x
115E8
0x
115EC
0x
115F0
0x
115F4
0x
115F8
0x
115FC
0x
11600
0x
11604
0x
11608
0x
1160C
0x
11610
0x
11614
0x
11618
0x
1161C
0x
11620
0x
11624
0x
11628
0x
1162C
0x
11630
0x
11634
0x
11638
0x
1163C
0x
11640
0x
11644
0x
11648
0x
1164C
0x
11650
0x
11654
0x
11658
0x
1165C
0x
11660
0x
11664
0x
11668
0x
1166C
0x
11670
0x
11674
0x
11678
0x
1167C
0x
11680
0x
11684
0x
11688
0x
1168C
0x
11690
0x
11694
0x
11698
0x
1169C
0x
116A0
0x
116A4
0x
116A8
0x
116AC
0x
116B0
0x
116B4
0x
116B8
0x
116BC
0x
116C0
0x
116C4
0x
116C8
0x
116CC
0x
116D0
0x
116D4
0x
116D8
0x
116DC
0x
116E0
0x
116E4
0x
116E8
0x
116EC
0x
116F0
0x
116F4
0x
116F8
0x
116FC
0x
11700
0x
11704
0x
11708
0x
1170C
0x
11710
0x
11714
0x
11718
0x
1171C
0x
11720
0x
11724
0x
11728
0x
1172C
0x
11730
0x
11734
0x
11738
0x
1173C
0x
11740
0x
11744
0x
11748
0x
1174C
0x
11750
0x
11754
0x
11758
0x
1175C
0x
11760
0x
11764
0x
11768
0x
1176C
0x
11770
0x
11774
0x
11778
0x
1177C
0x
11780
0x
11784
0x
11788
0x
1178C
0x
11790
0x
11794
0x
11798
0x
1179C
0x
117A0
0x
117A4
0x
117A8
0x
117AC
0x
117B0
0x
117B4
0x
117B8
0x
117BC
0x
117C0
0x
117C4
0x
117C8
0x
117CC
0x
117D0
0x
117D4
0x
117D8
0x
117DC
0x
117E0
0x
117E4
0x
117E8
0x
117EC
0x
117F0
0x
117F4
0x
117F8
0x
117FC
0x
71C
0x
A5A4
0x
A0F0
0x
D74
0x
11524
0x
F7C
0x
F9C
0x
11804
0x
11808
0x
1180C
0x
11810
0x
11814
0x
11818
0x
1181C
0x
11820
0x
11824
0x
11828
0x
1182C
0x
11830
0x
11834
0x
11838
0x
1183C
0x
11840
0x
11844
0x
11848
0x
1184C
0x
11850
0x
11854
0x
11858
0x
1185C
0x
11860
0x
11864
0x
11868
0x
1186C
0x
11870
0x
11874
0x
11878
0x
1187C
0x
11880
0x
11884
0x
11888
0x
1188C
0x
11890
0x
11894
0x
11898
0x
1189C
0x
118A0
0x
118A4
0x
118A8
0x
118AC
0x
118B0
0x
118B4
0x
118B8
0x
118BC
0x
118C0
0x
118C4
0x
118C8
0x
118CC
0x
118D0
0x
118D4
0x
118D8
0x
118DC
0x
118E0
0x
118E4
0x
118E8
0x
118EC
0x
118F0
0x
118F4
0x
118F8
0x
118FC
0x
11900
0x
11904
0x
11908
0x
1190C
0x
11910
0x
11914
0x
11918
0x
1191C
0x
11920
0x
11924
0x
11928
0x
1192C
0x
11930
0x
11934
0x
11938
0x
1193C
0x
11940
0x
11944
0x
11948
0x
1194C
0x
11950
0x
11954
0x
11958
0x
1195C
0x
11960
0x
11964
0x
11968
0x
1196C
0x
11970
0x
11974
0x
11978
0x
1197C
0x
11980
0x
11984
0x
11988
0x
1198C
0x
11990
0x
11994
0x
11998
0x
1199C
0x
119A0
0x
119A4
0x
119A8
0x
119AC
0x
119B0
0x
119B4
0x
119B8
0x
119BC
0x
119C0
0x
119C4
0x
119C8
0x
119CC
0x
119D0
0x
119D4
0x
119D8
0x
119DC
0x
119E0
0x
119E4
0x
119E8
0x
119EC
0x
119F0
0x
119F4
0x
119F8
0x
119FC
0x
11A00
0x
11A04
0x
11A08
0x
11A0C
0x
11A10
0x
11A14
0x
11A18
0x
11A1C
0x
11A20
0x
11A24
0x
11A28
0x
11A2C
0x
11A30
0x
11A34
0x
11A38
0x
11A3C
0x
11A40
0x
11A44
0x
11A48
0x
11A4C
0x
11A50
0x
11A54
0x
11A58
0x
11A5C
0x
11A60
0x
11A64
0x
11A68
0x
11A6C
0x
11A70
0x
11A74
0x
11A78
0x
11A7C
0x
11A80
0x
11A84
0x
11A88
0x
11A8C
0x
11A90
0x
11A94
0x
11A98
0x
11A9C
0x
11AA0
0x
11AA4
0x
11AA8
0x
11AAC
0x
11AB0
0x
11AB4
0x
11AB8
0x
11ABC
0x
11AC0
0x
11AC4
0x
11AC8
0x
11ACC
0x
11AD0
0x
11AD4
0x
11AD8
0x
11ADC
0x
11AE0
0x
11AE4
0x
11AE8
0x
11AEC
0x
11AF0
0x
11AF4
0x
11AF8
0x
11AFC
0x
11B00
0x
11B04
0x
11B08
0x
11B0C
0x
11B10
0x
11B14
0x
11B18
0x
11B1C
0x
11B20
0x
11B24
0x
11B28
0x
11B2C
0x
11B30
0x
11B34
0x
11B38
0x
11B3C
0x
11B40
0x
11B44
0x
11B48
0x
11B4C
0x
11B50
0x
11B54
0x
11B58
0x
11B5C
0x
11B60
0x
11B64
0x
11B68
0x
11B6C
0x
11B70
0x
11B74
0x
11B78
0x
11B7C
0x
11B80
0x
11B84
0x
11B88
0x
11B8C
0x
11B90
0x
11B94
0x
11B98
0x
11B9C
0x
11BA0
0x
11BA4
0x
11BA8
0x
11BAC
0x
11BB0
0x
11BB4
0x
11BB8
0x
11BBC
0x
11BC0
0x
11BC4
0x
11BC8
0x
11BCC
0x
11BD0
0x
11BD4
0x
11BD8
0x
11BDC
0x
11BE0
0x
11BE4
0x
11BE8
0x
11BEC
0x
11BF0
0x
11BF4
0x
11BF8
0x
11BFC
0x
FBC
0x
FD0
0x
FA8
0x
FAC
0x
910
0x
FA4
0x
490
0x
68C
0x
11C04
0x
11C08
0x
11C0C
0x
11C10
0x
11C14
0x
11C18
0x
11C1C
0x
11C20
0x
11C24
0x
11C28
0x
11C2C
0x
11C30
0x
11C34
0x
11C38
0x
11C3C
0x
11C40
0x
11C44
0x
11C48
0x
11C4C
0x
11C50
0x
11C54
0x
11C58
0x
11C5C
0x
11C60
0x
11C64
0x
11C68
0x
11C6C
0x
11C70
0x
11C74
0x
11C78
0x
11C7C
0x
11C80
0x
11C84
0x
11C88
0x
11C8C
0x
11C90
0x
11C94
0x
11C98
0x
11C9C
0x
11CA0
0x
11CA4
0x
11CA8
0x
11CAC
0x
11CB0
0x
11CB4
0x
11CB8
0x
11CBC
0x
11CC0
0x
11CC4
0x
11CC8
0x
11CCC
0x
11CD0
0x
11CD4
0x
11CD8
0x
11CDC
0x
11CE0
0x
11CE4
0x
11CE8
0x
11CEC
0x
11CF0
0x
11CF4
0x
11CF8
0x
11CFC
0x
11D00
0x
11D04
0x
11D08
0x
11D0C
0x
11D10
0x
11D14
0x
11D18
0x
11D1C
0x
11D20
0x
11D24
0x
11D28
0x
11D2C
0x
11D30
0x
11D34
0x
11D38
0x
11D3C
0x
11D40
0x
11D44
0x
11D48
0x
11D4C
0x
11D50
0x
11D54
0x
11D58
0x
11D5C
0x
11D60
0x
11D64
0x
11D68
0x
11D6C
0x
11D70
0x
11D74
0x
11D78
0x
11D7C
0x
11D80
0x
11D84
0x
11D88
0x
11D8C
0x
11D90
0x
11D94
0x
11D98
0x
11D9C
0x
11DA0
0x
11DA4
0x
11DA8
0x
11DAC
0x
11DB0
0x
11DB4
0x
11DB8
0x
11DBC
0x
11DC0
0x
11DC4
0x
11DC8
0x
11DCC
0x
11DD0
0x
11DD4
0x
11DD8
0x
11DDC
0x
11DE0
0x
11DE4
0x
11DE8
0x
11DEC
0x
11DF0
0x
11DF4
0x
11DF8
0x
11DFC
0x
11E00
0x
11E04
0x
11E08
0x
11E0C
0x
11E10
0x
11E14
0x
11E18
0x
11E1C
0x
11E20
0x
11E24
0x
11E28
0x
11E2C
0x
11E30
0x
11E34
0x
11E38
0x
11E3C
0x
11E40
0x
11E44
0x
11E48
0x
11E4C
0x
11E50
0x
11E54
0x
11E58
0x
11E5C
0x
11E60
0x
11E64
0x
11E68
0x
11E6C
0x
11E70
0x
11E74
0x
11E78
0x
11E7C
0x
11E80
0x
11E84
0x
11E88
0x
11E8C
0x
11E90
0x
11E94
0x
11E98
0x
11E9C
0x
11EA0
0x
11EA4
0x
11EA8
0x
11EAC
0x
11EB0
0x
11EB4
0x
11EB8
0x
11EBC
0x
11EC0
0x
11EC4
0x
11EC8
0x
11ECC
0x
11ED0
0x
11ED4
0x
11ED8
0x
11EDC
0x
11EE0
0x
11EE4
0x
11EE8
0x
11EEC
0x
11EF0
0x
11EF4
0x
11EF8
0x
11EFC
0x
11F00
0x
11F04
0x
11F08
0x
11F0C
0x
11F10
0x
11F14
0x
11F18
0x
11F1C
0x
11F20
0x
11F24
0x
11F28
0x
11F2C
0x
11F30
0x
11F34
0x
11F38
0x
11F3C
0x
11F40
0x
11F44
0x
11F48
0x
11F4C
0x
11F50
0x
11F54
0x
11F58
0x
11F5C
0x
11F60
0x
11F64
0x
11F68
0x
11F6C
0x
11F70
0x
11F74
0x
11F78
0x
11F7C
0x
11F80
0x
11F84
0x
11F88
0x
11F8C
0x
11F90
0x
11F94
0x
11F98
0x
11F9C
0x
11FA0
0x
11FA4
0x
11FA8
0x
11FAC
0x
11FB0
0x
11FB4
0x
11FB8
0x
11FBC
0x
11FC0
0x
11FC4
0x
11FC8
0x
11FCC
0x
11FD0
0x
11FD4
0x
11FD8
0x
11FDC
0x
11FE0
0x
11FE4
0x
11FE8
0x
11FEC
0x
11FF0
0x
11FF4
0x
11FF8
0x
11FFC
0x
DE3C
0x
12004
0x
12008
0x
1200C
0x
12010
0x
12014
0x
12018
0x
1201C
0x
12020
0x
12024
0x
12028
0x
1202C
0x
12030
0x
12034
0x
12038
0x
1203C
0x
12040
0x
12044
0x
12048
0x
1204C
0x
12050
0x
12054
0x
12058
0x
1205C
0x
12060
0x
12064
0x
12068
0x
1206C
0x
12070
0x
12074
0x
12078
0x
1207C
0x
12080
0x
12084
0x
12088
0x
1208C
0x
12090
0x
12094
0x
12098
0x
1209C
0x
120A0
0x
120A4
0x
120A8
0x
120AC
0x
120B0
0x
120B4
0x
120B8
0x
120BC
0x
120C0
0x
120C4
0x
120C8
0x
120CC
0x
120D0
0x
120D4
0x
120E0
0x
120E4
0x
120E8
0x
120EC
0x
120F0
0x
120F4
0x
120F8
0x
120FC
0x
12100
0x
12104
0x
12108
0x
1210C
0x
12110
0x
12114
0x
12118
0x
1211C
0x
12120
0x
12124
0x
12128
0x
1212C
0x
12130
0x
12134
0x
12138
0x
1213C
0x
12140
0x
12144
0x
12148
0x
1214C
0x
12150
0x
12154
0x
12168
0x
1216C
0x
12170
0x
12174
0x
12178
0x
1217C
0x
12180
0x
12184
0x
12188
0x
1218C
0x
12190
0x
12194
0x
12198
0x
1219C
0x
121A0
0x
121A4
0x
121A8
0x
121AC
0x
121B0
0x
121B4
0x
121B8
0x
121BC
0x
121C0
0x
121C4
0x
121C8
0x
121CC
0x
121D0
0x
121D4
0x
121D8
0x
121DC
0x
121E0
0x
121F0
0x
121F4
0x
121F8
0x
121FC
0x
12200
0x
12204
0x
12208
0x
1220C
0x
12210
0x
12214
0x
12218
0x
1221C
0x
12220
0x
12224
0x
12228
0x
1222C
0x
12230
0x
12234
0x
12238
0x
1223C
0x
12240
0x
12244
0x
12248
0x
1224C
0x
12250
0x
12254
0x
12258
0x
12260
0x
12264
0x
12268
0x
1226C
0x
12270
0x
12274
0x
12278
0x
1227C
0x
12280
0x
12284
0x
12288
0x
1228C
0x
12290
0x
12294
0x
12298
0x
1229C
0x
122A0
0x
122A4
0x
122A8
0x
122AC
0x
122B0
0x
122B4
0x
122B8
0x
122BC
0x
122C0
0x
122C4
0x
122C8
0x
122CC
0x
122D0
0x
122D4
0x
122D8
0x
122DC
0x
122E0
0x
122E4
0x
122E8
0x
122EC
0x
122F0
0x
122F4
0x
12300
0x
12304
0x
12308
0x
1230C
0x
12310
0x
12314
0x
12318
0x
1231C
0x
12320
0x
12324
0x
12328
0x
1232C
0x
12330
0x
12334
0x
12338
0x
1233C
0x
12340
0x
12344
0x
12350
0x
12354
0x
12358
0x
1235C
0x
12360
0x
12364
0x
12368
0x
1236C
0x
12370
0x
12374
0x
12378
0x
1237C
0x
12380
0x
12384
0x
12388
0x
1238C
0x
12390
0x
12394
0x
12398
0x
1239C
0x
123A4
0x
123A8
0x
123AC
0x
123B0
0x
123B4
0x
123B8
0x
123BC
0x
123C0
0x
123C4
0x
123C8
0x
123CC
0x
123D0
0x
123D4
0x
123D8
0x
123DC
0x
123E0
0x
123E4
0x
123E8
0x
123EC
0x
123F0
0x
123F4
0x
123F8
0x
123FC
0x
121E8
0x
12164
0x
11450
0x
12404
0x
12408
0x
1240C
0x
12410
0x
12414
0x
12418
0x
1241C
0x
12420
0x
12424
0x
12428
0x
1242C
0x
12430
0x
12434
0x
12438
0x
1243C
0x
12440
0x
12444
0x
12448
0x
1244C
0x
12450
0x
1245C
0x
12460
0x
12464
0x
12468
0x
1246C
0x
12470
0x
12474
0x
12478
0x
1247C
0x
12480
0x
12484
0x
12488
0x
1248C
0x
12490
0x
12494
0x
12498
0x
1249C
0x
124A0
0x
124A4
0x
124A8
0x
124AC
0x
124B0
0x
124B4
0x
124B8
0x
124BC
0x
124C0
0x
124CC
0x
124D0
0x
124D4
0x
124D8
0x
124DC
0x
124E0
0x
124E4
0x
124E8
0x
124EC
0x
124F0
0x
124F4
0x
124F8
0x
124FC
0x
12500
0x
12504
0x
12508
0x
1250C
0x
12510
0x
12514
0x
12518
0x
1251C
0x
12520
0x
12524
0x
12528
0x
1252C
0x
12530
0x
12534
0x
12538
0x
1253C
0x
12540
0x
12544
0x
12548
0x
1254C
0x
12550
0x
12554
0x
12558
0x
1255C
0x
12560
0x
12564
0x
12568
0x
1256C
0x
12570
0x
12574
0x
12578
0x
1257C
0x
12580
0x
12584
0x
12588
0x
1258C
0x
12590
0x
1259C
0x
125A0
0x
125A4
0x
125A8
0x
125AC
0x
125B0
0x
125B4
0x
125B8
0x
125BC
0x
125C0
0x
125C4
0x
125C8
0x
125CC
0x
125D0
0x
125D4
0x
125D8
0x
125DC
0x
125E0
0x
125E4
0x
125E8
0x
125EC
0x
125F0
0x
125F4
0x
125F8
0x
125FC
0x
12600
0x
12604
0x
12608
0x
1260C
0x
12610
0x
12614
0x
12618
0x
1261C
0x
12620
0x
12624
0x
12628
0x
1262C
0x
12630
0x
12634
0x
12638
0x
1263C
0x
12640
0x
12644
0x
12648
0x
1264C
0x
12650
0x
12654
0x
12658
0x
1265C
0x
12660
0x
12664
0x
12668
0x
1266C
0x
12670
0x
12674
0x
12678
0x
1267C
0x
12680
0x
12684
0x
12688
0x
1268C
0x
12690
0x
12694
0x
12698
0x
1269C
0x
126A0
0x
126A4
0x
126B0
0x
126B4
0x
126B8
0x
126BC
0x
126C0
0x
126C4
0x
126C8
0x
126CC
0x
126D0
0x
126D4
0x
126D8
0x
126DC
0x
126E0
0x
126E4
0x
126E8
0x
126EC
0x
126F0
0x
126F4
0x
126F8
0x
126FC
0x
12700
0x
12704
0x
12708
0x
1270C
0x
12710
0x
12714
0x
12718
0x
1271C
0x
12720
0x
12724
0x
12728
0x
1272C
0x
12730
0x
12734
0x
12738
0x
1273C
0x
12740
0x
12744
0x
12748
0x
1274C
0x
12750
0x
12754
0x
12758
0x
1275C
0x
12760
0x
12764
0x
12768
0x
1276C
0x
12770
0x
12774
0x
12778
0x
1277C
0x
12780
0x
12784
0x
12788
0x
1278C
0x
12790
0x
12794
0x
12798
0x
1279C
0x
127A0
0x
127A4
0x
127A8
0x
127AC
0x
127B0
0x
127B4
0x
127B8
0x
127BC
0x
127C0
0x
127C4
0x
127C8
0x
127CC
0x
127D0
0x
127D4
0x
127D8
0x
127DC
0x
127E0
0x
127E4
0x
127E8
0x
127EC
0x
127F0
0x
127F4
0x
127F8
0x
127FC
0x
ED50
0x
DE90
0x
12804
0x
12808
0x
1280C
0x
12810
0x
12814
0x
12818
0x
1281C
0x
12820
0x
12824
0x
12828
0x
1282C
0x
12830
0x
12834
0x
12838
0x
1283C
0x
12840
0x
12844
0x
12848
0x
1284C
0x
12850
0x
12854
0x
12858
0x
1285C
0x
12860
0x
12864
0x
12868
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| v19v.exe | 0x7FF742DB0000 | 0x7FF743087FFF | Relevant Image | - | 64-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | 41.96 KB |
MD5:
25a7db3cd169a69d06ae2fbd4b3cba52
SHA1: 4e590d99214bbec818b3bdab0bf6757488fe4df5 SHA256: 6d27633a10117d78ce9e891ea137fa604fe33dc277ee77973aaa104ac1c95676 SSDeep: 768:GDB+CNe0pbOcV+J1gM6vjwZJtpGAlfVVmdEYtbnskP8/jxi/HGEa3n8Qt:KB1RzkulvUJndfVVmdx1nR5a38Qt |
|
|
| C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | 6.14 KB |
MD5:
ba49efa1cc27cfa7f93afc00726908de
SHA1: 3280eeea2adf66f90c0e35a1b440d4c77852f216 SHA256: 9d869966e9b68aedcfbcb6ef864fd2a478b1d2a68cfe16a0ea2e23bba4cd2c11 SSDeep: 192:SqJ3ucYOQEgOPIh/RaSa/3dr+St8kQ7I8z:1YOQNtYpnQlz |
|
|
| C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | 322 bytes |
MD5:
ad256d13b067bdda752412436eb90c30
SHA1: f4a3a35323fd88278d07af1d9066d8130b8b3aa7 SHA256: a069ca3ef35363c27d5bb2841c23bde9cf240f51c843121a4394d2a918ab3bd0 SSDeep: 6:YHq3dwBP9nD/a6jjTX+MbGWmBmhZZO008V0gmGUMYbyTIa:wgd0lD/Vj+WUt0NByja |
|
|
| C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | 866 bytes |
MD5:
42957f67ba2f7a08f14d4389200c7b48
SHA1: a8433c7dd065eee96f753945bf92aa103d746d0d SHA256: 57a907507fb9866ff7735ea096995ea1903399f52f57cf877554998cb8ab49ea SSDeep: 24:G4j2dJsMSeOaoWB7IZTMlT7hJswyoqF1wiz:GXHIZTMlfhHyoo1wiz |
|
|
| C:\$GetCurrent\SafeOS\preoobe.cmd | 354 bytes |
MD5:
b2c2e05c36464fd72f28205c79864325
SHA1: 6c7c0aa891b54f4603f7b149ecabcfac01a2eaaf SHA256: 5a274b038bf14bd5d0e24a23eb9f7a1c162fb3c902084c69f489ee25f1ddf323 SSDeep: 6:CpkDUj46++74tgkyfJYsr51kutRSwusZK0bZbqOimvbp+FKKUgsspuH+a:CpRPuaJY616wu4nFGd3wKd0N |
|
|
| C:\$GetCurrent\SafeOS\SetupComplete.cmd | 594 bytes |
MD5:
2ffc5e7650e59c034bea1c7b2fafd5a2
SHA1: 90d97583d3716b0a0fc341112f306393aed9a917 SHA256: 885594cc07254bb9cca5d7d7c6b8be0c2dd7a58e09fcb221cb35f492f506bf6d SSDeep: 12:fAPhJQjXM0V5BrAb2HhdzU10xNU/EVTf/8+Dq015fH3/bKbAUhFBDQMfr:YPhA7Bs6HTg0xu/KX1GM/2TFBLfr |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.66 KB |
MD5:
44689920c4070083ded1342266382ee6
SHA1: bfe30b347884d975933e70bffeb089eeda735fa5 SHA256: 3b4bf2a437a116e115abcec82f34a7fffe6d0c92d60c3e4069e13e6e3768e0d8 SSDeep: 192:XJOakbLrl3EobJYkcSCcm3AuYsboXbUFw157ngt2xrn:mjbJdCZAuYsAYFcBgirn |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.75 KB |
MD5:
05fd5a5a16461eb2c3c11b94f7e4e1fc
SHA1: b7c198a16bb66a20f9719221e53f7d211ad7ec75 SHA256: ae28fc854550b4445ae926e516e3f9644d3fbc1e4ef9b16ade0560258d98cd4e SSDeep: 1536:zdfL/fmwO8/Gm0uOrigywPtNOVCyEWhFZQKEhDGRNJzor/9RXVUDK:zdfL3mwO8+piXwVIVC5W32tSdsr/9RlB |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.44 KB |
MD5:
bcb36a6164a6f5387e2cb673728f746f
SHA1: d6438726f29733027cbf8ba24db713b833e7e8e0 SHA256: a97e4f0ce7669bec82799b87efb3b864b853a76b7a921c53600c69c4c3c5f50e SSDeep: 192:zgbRw7zE/foQgujS2rkjNBMb/1gHdel7iX+xWJIx:zH7zkgQgT2rkpBc1dhiuVx |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.67 KB |
MD5:
5c4d66c59269d08ad1920a2db2d54158
SHA1: 922fce583dda6e62331fb82a1a14af30b85d0e68 SHA256: 800d6058ba7646dd8176a22c9ade2f259098da81b1f873762d543168624db4ea SSDeep: 1536:nc6/li5bStu5jqQrrzdFn4ykbCWUxvsq2/APMU4ln55:nB/QGQrrRFn2bCWYsqwxV5 |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.91 KB |
MD5:
998abe7d2e0708b64632ec115cb26309
SHA1: f4cd060218b30fd5779d1491f9941701da3aaa49 SHA256: 7006b20b825a9ba590098258f22865edbf594134778194d3f386cb0742a3dd81 SSDeep: 96:LZ4Yt/iu89TxVHvbrWyPh6ZwmxRuDZFt6NA7BtBvzpIEG+69/z70O:kTPHDayP0RKv7NzpSbzX |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.35 KB |
MD5:
a671025f8547c0d431d032048e5172d0
SHA1: e3fef7347ca01cf98b97225e27289bdecc66f514 SHA256: 1ee3e57a18ed3132291cacb19cc3b734239f665c048e1fbcda3b8fb3a5509699 SSDeep: 1536:lEZsNilm3zlE5t9lFv3xaj6rIQwovONvbclY0:CZ+ii5mVv3xaekQtGNA+0 |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.52 KB |
MD5:
b34e17ee02f069acbce09b3d64acea7a
SHA1: 938de5a217704ec372bd3e6f785c3048652129a5 SHA256: 859ff787f035f816a0c611c6f55048e9a0dea04a4cd20694ebb7172e208d333b SSDeep: 48:HnIBol3iHsCNRuSBJ6+RF3q1xy/z22kOssy+euq8FNwQ1JpWfMrIoI59o5Wbk2fP:Ws3uDDnrqFWY8L9izKWoWaUQPVu |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 76.21 KB |
MD5:
c90934f875ac391868fe2f3d1e5c307a
SHA1: ed9198e303f39e7848c089890b2256b15f0c7d3a SHA256: 13c96fb6fb2e6036f2ccd04f69b4140c14547f819962f75cc9569122d88421d9 SSDeep: 1536:p+clSIyIyqm6DWknrQ3kzkCNyTZOMP9l6o3pYZ8BkWnMNNNRMRpKpf54U:noIyOpDWarQ3kzdNkOMP9lTpYKFMNNLb |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.61 KB |
MD5:
941959113420129de18d6b68e1b23d82
SHA1: 84151945c68b1235e4366123bf76f6c966374fb0 SHA256: e59f4df4a566aa442068992499f31da1f33e3bf6b5d556a4406a51619ad42559 SSDeep: 96:+WCgL36rI0rMokcYtslSa0ouvZwcCp/oFDxFygPfvz:fb6c0Qvla34SNo9xFygnvz |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.69 KB |
MD5:
08e52eded8504e97c8aff55544b7b04b
SHA1: ad6caa597efd5d9fd4fa396f83926f330d8d206c SHA256: 499d1380fd0e90f080bebe970ad7f6d3a4093de3211af08e545563487216fe2e SSDeep: 1536:vGiZNXgpxDflMr2oDBt2rbBoNUfCxzeIn/aNu82ufpOWcjTx/DP:v9ZN0DNGq/+/L8LpFcB/DP |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.94 KB |
MD5:
bfa35dd6894e7644516b080d9e990556
SHA1: 45367b07d32d51a2541363f140b475616fbe3acb SHA256: 03e3ade4237b0e8e22668f53b268879f9ff54d4a3aa30fb5b69dd8e8c5a24813 SSDeep: 192:foeMdzxLiSbVI1ct6Xnv4i7RINevkhigQYACeR:1MdzFikI+4XnrINeqigQYAlR |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.53 KB |
MD5:
b89193196bb0d657222090f693d5f61e
SHA1: fa25caa49eb55a5d7cd5f04d95c51618f8ffe58c SHA256: 31c1955cfa386528b4af40ffe726a8c333f53c9b6ed9c8788d18174ac53e3c1c SSDeep: 1536:bGT8BiLAdVA+yPrOJu6CoLnt2cSmElAcDQ7vouXq3rn4LXFaZUApOjT:6teA+yPrPiQcSN2cDQroR30aqAaT |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.89 KB |
MD5:
8739f2d22d69030ba7cd912929c28f64
SHA1: a1b97a382b3676beb5122380e4a7333fc395b9e2 SHA256: 5b971a6154758f36481fc2dac8e7119e784451859a719747acbefeef111502cc SSDeep: 96:tPZ4EXtHwx6zyyC2NVbYlGd3OyGK9NIq90SXLq0:tx4gZ3uyC4Vb9vNIkm0 |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.72 KB |
MD5:
b717c290cc6977f8794477e2a8c5cf00
SHA1: 832b169d2d0f02e149e064d0f27eefb9cf90c6cf SHA256: bc049aed462bbcc5a2f0341e028ddfcd00aeb685f41d47ae31bd03b004696060 SSDeep: 96:AYh3RgK82QUScHLsOMymOZlzBZ0k0q2OPxQK64V6nOEQr1zMPSm:Aw3RSGHLsszBZ03q2Qu4VPEe1zMPSm |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.42 KB |
MD5:
e4fb1b258c1789b14f19a7648a8e28b9
SHA1: 468ed0390398f1fad4fc7af9d4e93c4765f5af5d SHA256: 771bf7a58adff66feaf093b66f814f3267f2538cbe9a8c56a400552e1d2355e4 SSDeep: 96:7dpqNemxuNP2U8lmO+S7EvkklabLqD/UfnjATgNWR4qrbwe8I2TD:/P2Ukz+SY/aigfnjCR42bwwe |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.97 KB |
MD5:
eca6b13241cade07b8401130f7318bf7
SHA1: 99a7066fd549127cfce020adb15a292b447aa25d SHA256: c83e6882d63185df707bdfff9d709499bb4d6170fc8b3cb017becf4c11cfd957 SSDeep: 192:nmpG9Y1VHkn63kJjne/H0Bc5DnKmrqOWLI7xg:nmQSHk601efsc5lrqdLIC |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.66 KB |
MD5:
252d705476752c2a73d9acdcee9234c9
SHA1: 4633bf08bbf8e46279e55dd91d2bf7ac94b011d8 SHA256: 3533a29c4321adef4cdebd4bafee6ea4a6fbdcca526fdb419313c986c1731be3 SSDeep: 1536:0sydCyGTEvBO0YoYw+GtEgIsbUuVkmDzhQXpbQP00zGr79GDa4:adCTTEvc0YoYw+G+gxbd3DzhQZbIewa4 |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.69 KB |
MD5:
0ff644a7b044a89d2714d8e9661fd128
SHA1: 1993af5e254d639b4d0fa8159afd8b72a9f81b18 SHA256: db249e401983e63ed1e589c4061d7106e9f696f5847b8a9bf2e1dbaea9f1b28f SSDeep: 1536:5E9V/wzVezAUuWjNRGuzPwfh5gH/S2lcubfLlS6QyRyFykOZr8bpH7e:G9VUBFWpXgh5gqYxbfLQ6edUr8lbe |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.30 KB |
MD5:
f40e1e7cf0a035fcd219d968b4cdf658
SHA1: 17a6a144c2c44dfd109d4c751b64394e6c455b25 SHA256: 726c23b2a47af9f9bf59ef31885c94927ab1cb9b808e6ea68aa3231f9d85e7e7 SSDeep: 1536:8FwD5uBRvuaSyMoTqEqYEP5IKRkb/FzZJSVnZsBtAb5PCR/MOl+hZ7bx7:UwDYvvuaSDATAJRY/fJSVSB4M27bx7 |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.49 KB |
MD5:
c37d11c2442e572c7b89ed98a64a1619
SHA1: 1c53e42d3552901dda722506c12584ed0340237c SHA256: 46830b153e45d8d28d7e92a93eb2c5c8113366f75babfed64f747870bada9a8e SSDeep: 1536:hmwCBfWBgcpf3o2pPkl11Y4rhptNSPjdA1dozRJ4Nm:AbcBgK3o2hW11LdptNSP5Sdoj4Nm |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.39 KB |
MD5:
f1dd1950b9acc650b637018496908219
SHA1: d33cdd954d0c3d5dd96c2bf068d3a2a79dcbaaf2 SHA256: b4a7c41b03fe135778771e338e18d35986a72953658e3ea040223329945e62b7 SSDeep: 48:3UXhhDbneMA+YLs0gYWVuiDel1yoyVG3uEoxyJ/B3QMl8xtkumSs2rfLCh1gdrAM:3iNeNfLmBuiKlGEVJRBl8RTs3Lgz |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.71 KB |
MD5:
74426d8c3a57313f9ec433df2989e3fb
SHA1: 15260cd2965cb465bad8a6920df51229fb645f08 SHA256: ea3fab2433da8fefe2f3d145959b0dc19f9cd14d2c6aa1adaf74e89ba94cd13f SSDeep: 1536:OfepKHQNOrRLPShddskSf3oKfjwjzkgKiTx28FsXXiJp3sPn:ODHQyRLadRijwjwgKiTIYsXSQn |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.83 KB |
MD5:
cc4ff553fe8d25e7f7c75d401f8e0cef
SHA1: bb1b12a02a830a725fa4a98b121daa4f0a74f3da SHA256: 64f649f74332b66ba2755acbfcee0cb3a945756252184be33b00d6540d5d0c69 SSDeep: 96:cHzy3lvWx3wHGaOtNDaxanI0xrDRnXpW02TXZw6Z7ELV:cTLwpOtNGxeZNRnqQLV |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.46 KB |
MD5:
252de569b92e2667673f48619ce6cf47
SHA1: e39c0ff5850ed09c2f3befbee4c6e1d7dadb338b SHA256: 40be74f2ba9c64efd0d6c86e41fb20252766a9fa65e15fdea4ff85c19534053e SSDeep: 1536:wbNsQKJQmJabmrrIesHNflHyyoBcZAw/ypZsyGHK4do2ghQdUWioEpf:2Nspjt3IxtflS7Bcaw/yv7GHVghHdlf |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 10.16 KB |
MD5:
f2372d9a3ec941638e8821ac56160af6
SHA1: f74c694ea446b5738230ad4398f864d5375debfd SHA256: 45f61a5c7a6bba5c79ff23130bb1e1cc6f322d24a81b1b5c469975372a328330 SSDeep: 192:Ry3F5t5ESeCCCY0E8ihuWis9SGzos1vUQDVDDP6DWcyM7zWKosA4jo33laDP:Ct51kuWisgtsp6DWNIzWrYj4wP |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.91 KB |
MD5:
da86aefd6a7851061f96bb6754eb2feb
SHA1: 2d6c65eef3540ac8d9921e514bc2bc93bea26a28 SHA256: 60610f936eb36d19bfc0898f03a09fa9eb3f2b2cdd9ec88f5409fcf1cc926c9f SSDeep: 1536:olrBYIjOUPT07CoQe91nNtV1wHMNQzA1n1Xxjux9QSb:olmUPT07Cje91nDLkM6zAl1XxqjRb |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.66 KB |
MD5:
6f8d62c1143f832972a981c156af1159
SHA1: c37ac25cfeeeded7ed178e5743bb52bd90666018 SHA256: c425f8c09dff9692f936df074c2e7f815aed1705cd36c3e1a638d650b28b814a SSDeep: 192:XaNGHqFoLAujlyMsRLuS0n4EuU8jjb68opaxMowS/1TsJaYWpf:KKEslyJav4EuO8kUMoPOfyf |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.99 KB |
MD5:
aef175b7369cf9a6ebb9a2547e537e72
SHA1: 44864575be6c28c144fcb13af752ea0db5659791 SHA256: 481b9e978864edf9de3253eb1847bd3a7371ae4b5c8484246977e09834de858c SSDeep: 1536:090SU6RTbG+gW7PW2I2nCT11Nbggre6tMdmeQreWVoQM0N:FXqizSe23CTvNbbVtreQ5NMq |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.74 KB |
MD5:
c0b3bc3612bc47dcb6168e866756c465
SHA1: c12cc7e128d73312ddaac0303c980baa14171538 SHA256: 00370edaae0c5eb20c567ba703a7ad7e804594227da7db85c0c1d28a961fad27 SSDeep: 96:wxMjvBNQhdfWOijQoGYtNQT2fMTqn5+fTAsl8:wij5Ed4/USEuIfTAM8 |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 78.05 KB |
MD5:
a03e53c0ff62e641ad8b0c029fd02469
SHA1: 45f30f12188632585017cbe3c32c8c803088a2a9 SHA256: ab1b2d876971a3311b1f28ef26a459e5f028e6f94c583c5d2e751ea5347e14e0 SSDeep: 1536:0vLuph3Y14XQfSX1WryjMonsdr9PgWhpTRrG8RjrBM7WRf:0vLu47KXgj9dr9PgWhR1RjrO7WRf |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 3.25 KB |
MD5:
08df2a781b11ceeb37448c620030608d
SHA1: bcda95f325275ae5ea06ab22febf5f085b0a8345 SHA256: 087299c771eb198043e2791349aff756298266e0e1199be16ab901d711159965 SSDeep: 96:2T3HXRyDa6VcTR0R6XAkrBPheS5z0IjKrYbtMFt:GnkDNc2RH4PRbjKqg |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.72 KB |
MD5:
11ce9ca393daa040e7e7a5db058aaa24
SHA1: b9b1a6a8396734b1170519e9443f67f7b2ae5d98 SHA256: ce5f231bb7ccff75b2828df7d58c5fa0e81229d7afa6a6048c0c2d8d21215593 SSDeep: 1536:wQQi9bP1BKmPhM5TrQupmpHaua7Mf5ZReO0hdzQLhU660pz6G/RRak3wt0bysiQP:wYbNBKIirQuEpHBa65PH0lCIaRRak3hP |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 4.22 KB |
MD5:
ff004ac11cdd6f469bba5e11e099cfef
SHA1: c3920c72e04e4da7038e5b001c5c9422d8a4d087 SHA256: 188df77a26c625e7bb6511bb5d4929a9689036523fd0ceb09c94b0ac9c2ca55b SSDeep: 96:4t/ZRYAgtKwrXFnmgKVANwvEeuQx8IElG0K8niXcXOU:4NZngt9VmTWwvEeu5IEklXY |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.72 KB |
MD5:
148480fda5563f0d3e05245c54e9b3a4
SHA1: aebae3b7df547be770e97f97cae3464326abf3f0 SHA256: 1d5a12eb9ae12c9eb8eff7f38001df2d0d7685fb1732907411aa0fb59a4ed8f4 SSDeep: 1536:ayHOsWiQpWNZ93ZKsBd0+FJfidXsFpkfMJ63I6z8YotNHX:aeFW3MNZ93Z3wqidXsbE40oX |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.88 KB |
MD5:
f26a70c21f71ca930c334d44aff1b960
SHA1: 2333e2b4e18a37a3a9be500442ff55b65764d3fe SHA256: ee7177bbfaeceb30a2f8d4afd26323ce35fe82c39eccd66386d4130e0bcf2feb SSDeep: 96:u3H9WoQU/msDvyF5gWDkTSdvMj+De8LZLt3tRfx9b:uNWBzmyF1kTSdve+Pr3XfxR |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 79.13 KB |
MD5:
95ebf1d6912cf0d06277e5ac360e2169
SHA1: 9887564cb149c955d0a1841e50d44d350242e300 SHA256: aa86e17a17ca793cc74ce83e3d93f3c34efd5094e371f46c8958c944817ccca2 SSDeep: 1536:imQSIt8d/j0Auh0YKWhZ7NKNEc7uU8v1A+yo1mZaZHfcSBPtZpQftWSvxz:iZt8d/j0Ac0YKWhaTfK1Uo1mZeEShel3 |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.46 KB |
MD5:
e85eb87a1f96a8c283d9612aeac399c7
SHA1: 8021319b44e8895eb0d0526fe675a83d48e5f64f SHA256: f6595b668600db1966bb0cd36b9133fddb617b8f0f45171f257e86901f4f61e2 SSDeep: 1536:aDG6CHnbVJDs8Sn4zapBsfWT+V6r0DlR+R:aD7q3D4pgWT+UOlRE |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.85 KB |
MD5:
7cad6b275a34f62cbbd356705b592265
SHA1: 65d5240efe606ade4b04904f7ad78645e8cd6689 SHA256: 1166da6a60926e04ebabe4f33577e9272ab24073e6f492bc18e80595dc4454e5 SSDeep: 1536:CZ51U5UKApCyzYHee2KDGSG1iLzpddmL4t3sFX3x0wHkkcuXG9FwUt:G5GUxzae2G1iBbmLe3sFXL94w8 |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 4.05 KB |
MD5:
afbc93a4657b89e6977d87c2fb266df4
SHA1: 0e2cd0a207ea5f76d97e6ab3d5769657b9e751ad SHA256: d3f621f004f0a1481dc97c737f1e13a5bb520646bd2f06e8b0d9a83b74aad820 SSDeep: 96:Ol8Py1mlZ0dfO1TkmPaQFuaC91tDTrQeksNiG0gL4e7FjtUlK:jPvWdG1wmPa6u19vDTOsNkOV |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 76.14 KB |
MD5:
0746a7f3e0aca936442d2e871743a45c
SHA1: 5fbc97265c1715bec4d1745e03a64789dea7147c SHA256: 6fe5321ff83da91dd1b9a338b84e639a12854b2ccad7d6fb3b59ca278f1b0eb9 SSDeep: 1536:mSgPnrSG6SLXS55Y/aGM8Q4yavjA3rViBJYpmaZjiJ2mGGMT/:3yltLSTKhQ0BJizZs2mnM7 |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 4.05 KB |
MD5:
c428da81228ce457f6ede31158908b75
SHA1: f1b9f0277b403a52e871766543e9a8647ec8e8cc SHA256: 16fbe2644b5f42591202ffa1ef369ac3b3a735127ebebb8ba9c8a5843089fc16 SSDeep: 96:AZ9EqPBUzqFNjvxukRJLsaMJFy/7/jTdgXFpPXyWR5mN:AZ9rPBUErxJJLoJFC/jpgXFpqwG |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.30 KB |
MD5:
d777ce8f10a2894755467d1f57acabeb
SHA1: 6b22f9d4d77bb98be8d4c9058422d4606851137f SHA256: 3904ef84259708e2ed8548e12d77d7c97317bfdddcf53cda6fad0367edea0c68 SSDeep: 1536:3G7WbKt2JFGQ3j/ZV3TfzeNOIr51+kHvhfD9bfz7WgqMJQK16ZrqjyZN:3GqsQPD3TfiNOIb+kPtxqDMJ6lcm |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.97 KB |
MD5:
8cfa3f68237a7a981f06318f21f6f214
SHA1: 944acfbc551c188d73788768f972ef456fca91b6 SHA256: 648f8487f7ea98d5c39e195a8a6ff1762f2e87c3e9226f0b48692746a469a325 SSDeep: 96:iP86Qumio0HCI2/K28/qvTRsnRXy2lNFCZbCTOhW1g+OC6XtHZKoc9h36448Lx:wtmisI2rBi53lX+e6AgD9HIoc2dWx |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.53 KB |
MD5:
33a0d85911e376018d16af3cea5fb54c
SHA1: 44f7e51392a7af1bbfd0ceb1ec75f7d049e98b69 SHA256: eba4531c632404c891c4ad112936dfe1c8325e86966a43b7b8860ab1f0992fb5 SSDeep: 1536:iBj6GEFW8Q0nSlD6aD2aVQBsav/CwH/1G2svqoHctT14RY:U6F60nSl3D/UmvhvLHcz4RY |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 4.19 KB |
MD5:
6650785308d474d6d85ba04c56a3df5e
SHA1: 2ea55183d704e36f8c2c315b27291e979e6d1880 SHA256: 7752c410f4e0286100cb71513f2ea98a1c88614f32672304ac900feedb5bc031 SSDeep: 96:NDdvToivBVXRpl4f/t93a10pqHEQ3Auhf+OvPKn9UsaxuK5bpbFfSXaG:NDpoeVXRpl4f/jA0pqkcAOfNHZ/xpMqG |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.64 KB |
MD5:
d4670a46f9087c2c1e4cff2eddc38d71
SHA1: 101d63b08c9a3991889aa79c0e178ee31c563bc3 SHA256: e7988aae2911618fa6c1d303044f2749441dc63342800cfac9016cfc9f518b28 SSDeep: 1536:6C7qWG14MXZF7BUTUlkjI9ZoFiIR3O/xyIT/QaJms+lniMtc:3iWQZF71ijI6vReZTlmbNiMtc |
|
|
| C:\588bce7c90097ed212\3076\eula.rtf | 6.44 KB |
MD5:
abb78fb1ed01dbdcd55e26bcc38cb4bf
SHA1: d1b33e7d4d1570572b3c6c831060ccf903edcdd0 SHA256: e40865db34fd0669edd0ae983fa66b19f765056b029b451457ef8c64e8a26d7b SSDeep: 192:pqzWcIvy49albVUmylR1uR7DFLS/6/dxG9Qv9hK2rY:pqbIKAjuRFLS/ak+LU |
|
|
| C:\588bce7c90097ed212\3076\LocalizedData.xml | 59.67 KB |
MD5:
0444696bcd957757de9b5a6be54a77d5
SHA1: f2843907311010b13dd466f499689e4152fbde35 SHA256: c776ba009b2e1fc340f2c938e2ea64f955ff01605dfe58324038b80f49f5e935 SSDeep: 1536:yaLXgCtyzHkZg5p1P7Jj5KVnNHfI8/yGrfImtTNK4:3g/k0pwVN/ITGrfIET7 |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.27 KB |
MD5:
9a14c4b38926ca65e6793f18d25f00c1
SHA1: 7d0804bc964555634da631bc343585c81d45bee0 SHA256: bbe7bc707dcdfc347d339a46a44383f1af43414a8f6a61de4e595e8e17b91add SSDeep: 96:qZkSoIWIdoAW61hQ4RT4amVQWTnweLRJnC:ql73W6FZmVQWTnwiJnC |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.39 KB |
MD5:
2b436fe28b6d756e7fbf9d216cb6f048
SHA1: 4dc440eb8eced8d3ef1544acf7a381d287090646 SHA256: c3c8356e4f24a0a8dc6710033facb8bce99b03ec643e30a8cdde7f7c87a57ec1 SSDeep: 1536:lAe2gEIzwPxV+SOxkTRiLSXfGxmcHsTd6PNto5wJjvk5:lA1Iu6bxmiLSPGTa8PNto5+js5 |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 197.35 KB |
MD5:
584dd610728d480898eb62e464cd55ac
SHA1: 95c8e364d17e4e6059c9e21f0bce67f159949dd4 SHA256: ef5f4da0363687ad09096dd4389a330ad326e15d0ec5db2a148a964d5d5fa118 SSDeep: 6144:q9RUckGV25nexixdQ1GqwdWcAk9zM2u09F7:q9dVA+IQ1RHcABl0b7 |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 38.41 KB |
MD5:
a146c7fa58aafd4e0a31819e8b769d8b
SHA1: 8e2a250f0dea19bed012e8afbce7bae162716a0f SHA256: c9b5b3fc659fabd0ec77ca773bd2459c0b1a485c85855a10e062e7fcd1d647ec SSDeep: 768:gKRntwL1hVL5ZUtYHYV/WmqzTDMUsyqu/BIjvPGLKFN:gYntMTHowXM8q/HFN |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 16.02 KB |
MD5:
99810204c0da515add1ee22a8943d74b
SHA1: 442be9cde4723f18731820d8bb85f2bbbb72072d SHA256: ceca2e52b2c3089790c7430a769a8405f6ea3cc8d1f1cb5625748a4bcd495a46 SSDeep: 384:XBssC+1iTlPFFWlpyMp6TyOLmn8RRxEADOEaEBSgUK99zTY5Saz1:ysCoiTVHWSLN3xBnSgUK9BTYfx |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.74 KB |
MD5:
3edf862d188d71422e9c97ff721c1cc9
SHA1: e956f644cff6142eec24e019960e8e0671e6a33b SHA256: 3519fba560387dac13629a768dfc02e91843e06504acf86febdb4fad87aa1e13 SSDeep: 1536:ZaOpDn8xKHkCtSEQhf+/5n6cOPW/Pagq6sNJ4zMr+VrezF5mQbQuyYci7Ht:wr9CAEQkxMmP8oU+xepVvjp |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 91.41 KB |
MD5:
097a27c63196a6a5dd5f13f5a76ef9e8
SHA1: 519cd983fefbed5d4a31dbe7121349f34082c912 SHA256: 4ccb39fcfe31be0facebd54a59dfbe87b6721fe41b7758038477928b279cf703 SSDeep: 1536:S9Iy1wiWN+RQG8U3jFtPvDdtEouaL9CZ2r3Zw+H3nGdb55uNXZTB7u/s8rnKYc:S51wiu+REyj7DMoZpg2aQEkjqs89c |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 38.41 KB |
MD5:
e999abe16bffb011f046e011e438df90
SHA1: 892944543e8d83e68526036d2d28426538203987 SHA256: 3e50debf835c485689a936dc4cd47872091df45b4ea8f267343735c6bf9a2287 SSDeep: 768:ZhzUuWEpvaGzyLtsrBee3wmIdjqvIDgyNVVg50eoqIry30g+Py:Xou3Lzwtyw1djqvIDf7a50hqu+Rsy |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 1.39 KB |
MD5:
49f8fbb8eae68dbc0e06415d9876c6b2
SHA1: e813bf0f74fd8d17ab88bc9af6c3c13c9b1fd614 SHA256: 551b30b5d9930a9c35a1f425c662d8148b995df7144b5adb1f58e6d4c28c5466 SSDeep: 24:qXS2guYfthHzGqgcHJQ1nhSWQjHYCWq5t09GlXy9vnAShWmLIOoHrl72t:qjguithzGoHaSWKHYCWq5eQXJo3LINS |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 1.14 KB |
MD5:
494abde11252539130825806f6b75ae4
SHA1: 02842efadd7608c6f98a76f7d910108a458cfef2 SHA256: 6c279579aa4cc6e3ce762161b2751a69bfd06a951ce7060838695a5ac00e9619 SSDeep: 24:jwg9aYnpWfOo/vQGK04Szha73Y27N9Foq6OmvaaHfRBkDcg:jwg9aYpOOmpKXS4skyrH5c |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 1.14 KB |
MD5:
a65e7bbd5d7d7f1fd0ae7f70ed61a77e
SHA1: 00e0844d420978578d615b8dd7be30a89b37b0c8 SHA256: 84ae743488bbb1c8a924d6bf6e69209ce2a663f6a347369b411c03e65fce2c40 SSDeep: 24:QLBtlXO3TKI7EcVEX76LiZEo6HbYAZ7Xy8+NnY9LliV:QJe3b7wLQSPwb7dqSLlk |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 1.14 KB |
MD5:
44ded9f3889b83e0ec113c3fe58b9e77
SHA1: 10a5911b84748bc64e1affed2ce41d234b43ab97 SHA256: b11f99f71c582341788d4a380a0ae51a765ed0176e338f8147ffec82bd7251d2 SSDeep: 24:AAMrNMjjQGEHrECXi18uTRTZV5VAAj2OouFc8s7H6K9FfkbCugnxaRMh:APrSjiDXaF5xiy9y2b7qxRh |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 1.14 KB |
MD5:
06fbf865c15744bd08219a6a8856b757
SHA1: 75453302fd9794ee4ac25df6e033591397877ff3 SHA256: e70b269478fad28e0406f4d325979caa539fecec6ba365837c14dce4faa49b78 SSDeep: 24:0SPPPAeG8qdOcGjOAl6o1ZFASwefOiGyoorwlBCLVmCY1H:08HvG8qdLGjLZ1ZeSLOryVrwlBc+ |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 1.14 KB |
MD5:
b9db361a86c2cb176cb915930f932ba3
SHA1: 90a4e02c84858b065c7857a25c99244db836586f SHA256: 2ca53998ea3471b9326505c206a67af94f146a0b0d8b2973cfa0b247d3be6c22 SSDeep: 24:TA3RuOal8p1TxnwVOoXbtKUlGFSbErm9w3vIGbQ41LqmBD45Kv:TTlS1+lXhKMGAb8mCQ8UmL |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 1.14 KB |
MD5:
86a45373a71450c6f5acfb27cc2ca849
SHA1: 96265744d07b162058f696553dd4f7375ee923bb SHA256: 78ea45206d5c6c32c02892b7d83d3d0f15f4384f0c31e699cbfaebe49d47ba64 SSDeep: 24:Iy+GqFjUnnp8gNH6h2O/lIM5RshOpM28WeAftx+M7JB+6LsJRfujkt1f:mFOxNHh8qBhO+28WeAfH+SJ7LoRB |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 1.14 KB |
MD5:
c7a07b02933e341c067d137315728085
SHA1: 2819e64a5a706bef86bb3b474a910d8e941510ce SHA256: 876128383daa87f470f2ad67cc3da99326d6964ee7ec86cd56cd2f07ba94c656 SSDeep: 24:aPMoO74SA8w8qu0GyYqXhSRG+FyR5HKua3CI09+miec164mnsxR6:aUTpxqu0fxSXFyRkuIsUmN4Mf |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico | 1.14 KB |
MD5:
0338683cc5e80fedc95d0e612fbfd110
SHA1: 5f75464aca84e8c61c74fa47a75b667b9a66099c SHA256: 3c8eefb9a4e6620d6fa73c850775fd2be4f9ffbca387a7109048e218d9177b0e SSDeep: 24:plJ22VBUTMokNCJMp+lnaUzNJshQVhWrWGgXq1xMmfIaedeVm:plJRV4MokNYMp+l2QVhWrW3XOOFaedH |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico | 1.39 KB |
MD5:
10531cc4910e810e6f35190234ad19b8
SHA1: 8512f853b4ea9a4472247bac0e9b2be4b72ab40c SHA256: dcb1bf98fdf3ced1563d5354a9c9887adaba913b0947d8679bb67b9993d330b6 SSDeep: 24:E4lM9JBnn1S4UZoEZjGw+LLm8SX5bj0U7DEkE68FPkXeKuOWgkXrh44Ppao:E4+9vnn1U3jmLCJbjrP9cPku7Z4Aao |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico | 36.13 KB |
MD5:
b461bfd87fb352e5f33fdeff616850e8
SHA1: 08a2b3e87e71caf591605baa459061a3a78c897c SHA256: d7e0f2e7f0bb0bc80fbebb2aece124d33947330cbbc499d294ea6c6b44b75554 SSDeep: 768:URhYPgEbzGYIj/VBPNWjF6JrmaoZLVIuS+JtHDEdpjc:URhYvbzyj/TZmdZjYe |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico | 10.17 KB |
MD5:
c0729b474843e27b6a81dbefff5c5a29
SHA1: 94f38db0173fefe3f3f6a165d90d35e768085063 SHA256: 8296de883a9c4f6b599f6191c2e72341a6a88da1ddeee4253da6bcd53c69a8b0 SSDeep: 192:dHeRfff7pdywZQ8rlK1OFwpA8hXMInI8s1qbmMfPXJnBJih:dHuff7pdyGbKO2pMf8zKgJnBJih |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico | 1.39 KB |
MD5:
c96a2f77bbcbcb776067c40f25e12ba8
SHA1: 232372667cb3995c4725bb502fed0d3c696cfe1a SHA256: c0305cb14cf9ad09f0a2df72b12df27a0d40affa2248b6bd7b6651b4b7f91820 SSDeep: 24:l+RkOW21g85nLCpQ+DEt6WtYYU66sF6svR3q7WS93zY9cfAP04RuvbA2W2xkWV9v:uW21gnpQYrqg66sFr1aWS9jYSfAMsgbx |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | 1.39 KB |
MD5:
ab66dcff74631fd7e07733646e21e906
SHA1: f091a8e2d2d3356dc1de140e69a35808b1c05a88 SHA256: 0146b1fa9bb7e2f567e31ce26a644f7d777af61662ee4025a6c7efda91ba1e1b SSDeep: 24:fNo/ucfKib95PwNXz/DcwOJs12epLnfAiyAlCWtDjj3H8GV94K6CJ:fcucKibPwNXQ+TpTfeAgksy4VCJ |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico | 10.17 KB |
MD5:
5149d80bc341668f64361dab15a82408
SHA1: bcb64ef4c638fa5ee9b38a2d59acd0ba39b8a555 SHA256: c539dc78120b5b7c063657c5c9bd3410901d4e389b4e5b0bccb6a76bebe169e6 SSDeep: 192:hup+4qrrxKhLMwE0h/2QxvFVb20MIev8MnNSSBUGcHhe2pvTwat3BXriDM:hupcrxKhLA0h/2QP52uWNjBAHhntODM |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.81 KB |
MD5:
4636b32ebbc081ea02c1c95d247b4d52
SHA1: 7cdde4a8ed092a7fa5e81588acbb194974334107 SHA256: df528e700e20978f55409c1b69da41e3d7912f3fcb7b134f505cf682105d91a1 SSDeep: 96:+AwBhxeIA9ljCv/UOhquI15hks+b0z7hwh6/k/+fIel8UVZ7w6WmLOj3HO57:2BhQIA3jCvVquI15nZZwWkGQBUVZ7wkb |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
87bc6fc112a554b392f970a85b70d24d
SHA1: a3f8da4f4e56c2b3ad3ab0f7d414fc519f5257b0 SHA256: d71a6a44b3bed080745bec406f8d0762b7631da88bd236a2b6be4a8fa69d3afa SSDeep: 24576:AJGOpaSR0R+cc3Jogls2dmv/bas7geB06Hh4BY:nSR03gl/mv2egeB06CS |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.28 KB |
MD5:
35fedba135994a9256179377c1110140
SHA1: fe6aafb1d0c4bf8b9dfb8c582284abe456fbba6d SHA256: 19a2f86d0e77da09bad1a59d34a979a407b999475aa9ae1ab18e07215f0dc300 SSDeep: 24576:QgJYs6Kn3l867TKdbz/uvJuN2mXyCqFcglicJxQHErx:Q3Kn3lJT634uN2syCUiAxlx |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.28 KB |
MD5:
67e5612046a008bf87f402b899e61932
SHA1: 061ed5bdba75bed8fde12f39fd7b160a7a61dc4e SHA256: 10dd800fcbed28059cec2b9ae21cf2cbea38e18d2162a8a2552e4cda2b75fceb SSDeep: 12288:EjzbAXU1/fJo7bU/Bo+vQlTIS7YVG0UpQFSbL6quZ:EnbAEro7bU/eUQRISY4xbeJ |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.94 KB |
MD5:
44e77325fb9358c1358057712d4e8749
SHA1: 305dea1405bb9dd7724f285633db529492425224 SHA256: b87e8e27921cc81a85dead581f4b7fe6601cca648a9764714f396ceb7ee25868 SSDeep: 6144:wSPiCuvDzxOuXyUlveLliWaIvicxXgPLASrtgbte4bA:wOuvD4TvliWaIvF6DPwe4c |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.78 KB |
MD5:
ace73fcc2588b74696c9c1bd7e3af34e
SHA1: ce96e287ae44dc6a674688401378a775de47629f SHA256: 20a26796363de059f37cbf615c8779d6e601681ab95ff0f0998529847d193a50 SSDeep: 3072:LEBzYjRpVMOW4odK7C2N+WedDmV8OZGPXfC11gGOM2eEhbDSq1rgDjnFix8eeB:LEBzY/qbdM9N+WegLZKfCoM2jJBr6FA6 |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.78 KB |
MD5:
1dac8c43daca924ddf83d172f2552f0e
SHA1: 61ff34a77b33d2e19cb5a8efaf7e6f6dee655fda SHA256: 786d7337bb7002f1f8f9ff845f15278be0ce9d9aa7459c94fd373fe13146cf4b SSDeep: 1536:oudOujL3OAGnhSALPLoTEZgiiIr51Hm9kTm+3SHBbmZCLsG6fUiANe55QEYm0AqU:ouv3zkMAnoT3+H9PShhsGdlNUdY/TPI |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.69 KB |
MD5:
b583c364a5502f669e0ffcddf099e1e9
SHA1: 0eef5f42d0fc9584e7125afffe7968885aa144c2 SHA256: 84b08fe00ae4ad54692fc3a36f2677e44ed87bf08526dd303718c606fa051f1a SSDeep: 384:Ki8FTuvKyvvncUzORd/xBf0Qbp/2fyOcRgdFRn/KMWOMDS3HGLZmNFOrbvMVAnkL:CyKmcYYd30QbAmgBTxMeTNFEgcKXWM |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.39 KB |
MD5:
213106469d9f51733f68212f49068d7a
SHA1: d657349d78e46991e41d0cc1720ef4617aece344 SHA256: d426d11290169dc3518d917734528e5f0e0a102a715cb70fba5a97cc4fd8d8aa SSDeep: 768:c8rtS70GCEEpgDjEFHfdCexxSUpMf/ewLY8aj8z+W95Im8bfJYonf9ODgZf:c8r40EnDj+/oqxSUpMf/3LY8agz+c5BM |
|
|
| C:\588bce7c90097ed212\Strings.xml | 14.03 KB |
MD5:
8ed43cc43107dbc4f86b6e2ab38e6ab5
SHA1: 2783887df70f188177b3134e532bb1c127a8fa9a SHA256: 35283f621d6c44ba0b32a642912c5ab9ee27d38f54c84451707ac7cbbb8902f2 SSDeep: 384:pjrMAmXnwXMbJgXmAXsTT+sBiyz86yEDMXJzdigzjFQu:pjrKwXMbIl8nBo6MDj |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 38.27 KB |
MD5:
a5dd3afdf11e0617031f72c820f96193
SHA1: f065dae833637146ddc287d0df27749bddc7445b SHA256: 308adc9c7bb41544054ca6de12153304fb11254a5b8f38b99b89e589053516a5 SSDeep: 768:LEuO1+cXxCawK99xOwqo02ykbE6Pu1HHYil8EU8BzM7yMhd04lX7f5p:zcXEawKHxuobXm1HHYQ8Vt7nTlX7n |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.91 KB |
MD5:
350ae3771e92767c4d9016f44c81390f
SHA1: 40f81f26fc9ce5f5a09f677f7db8e035225a8657 SHA256: 5d7bb6b1c43cc46b72e13070a3250b8c0fa7f3d5edb5d8d0e7982679ed811e0a SSDeep: 3072:jDKWEetB2rC35Z33OL1IjL7XAu2HL+gRu:PKsBEC3fmsWHV4 |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
56fb3500c62b80a0cd7608b32aa68775
SHA1: 011dbdd4302616860a8ce12abe38be83c9021d32 SHA256: 2af58a8b7dbf0420ed125e41d8b828bec679a61064b49f4975e155b308aad616 SSDeep: 49152:zC6v3oTD8e9QyTihvwkJAvG0lfwrsyNFrS+rsNDwCt:BvYXbBqbAd4zOhwCt |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
88611d5b2afb62131690bbb8a7208d70
SHA1: 7edf31b88a6e3b9273e21edccce7989ccd738c61 SHA256: 297efe922c075e39cb540f98dda94a7f6d7d066f0ed3ea636000971f9070f319 SSDeep: 49152:nslyOVOtb/huVDiQaG91DJjxwD1NqI8sf0Rdansn:sAGOl/QiQaG9Xx2N0Rdu+ |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
f61fe91e411f9f415b0b69b3e35833cc
SHA1: 389a0325582be11b7550f9f01871dd44863119d2 SHA256: 16e92f69b6e9027ce830f65d97ce30aaec1295fa2e5b3ecdb48f60aa3bc3b9e9 SSDeep: 1536:g4qSHKQOesU55Ex4jzIn0zjdGTkKMDsQZ:g4qoKTsOizIwd3KMfZ |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
137c46b0d6ae6508297975aa9073320c
SHA1: fad260a6de32cda8b5dfa7b814337739f62faa83 SHA256: 1017703c5c5c8f2a9804f9bfe695c5dea383fad6e708b190b6cc00bda9355f52 SSDeep: 49152:OVb/DlkO0+hgm6dz4kWz+dJPKxiCYyqbs/p9rQ9x3xtVdQvFZWKSG3lsE7a6JE+:OtDl+m6dzM+qLibuOZVdIie2tb+ |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
a014415ffd463357f4b49b08e2854925
SHA1: 79fffe2f7dd0b169bff437ee239d5860e8edadab SHA256: c0c4f9d87261637cc48085b1649f0b6fab64a853814ebefe5f2e34aaa857a51f SSDeep: 98304:AtXrBxK99Kf6MW48YSuhYGn8yF1W6K6PTSE3HMb401Y7woXly:A1zK99O6d48ZuhYMLWcr3sb4VwoXly |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
52f9bcfe509d330918cd0164e6ff66e8
SHA1: ea75e223db576b8beca0ffa740434ec7496b8819 SHA256: 02e53962e2d5427986c631921fcd160e391ebb7b229bf5b54da3d42a45bb877f SSDeep: 192:pFmrIKGkk4swRi+ei6uFSFXutnVO3hwLUoZ1jmUZz8ReSd5Q:pgszBFi4e7+iLUymnReSd5Q |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
039363de8f4bf007914d5f452f977141
SHA1: 544156786b939849e234130e86ded9c6d58fb543 SHA256: 9c2981f652cf9d571485ff24a368c56e77364c37caed4cc4828e8843c840d312 SSDeep: 98304:BdIQb8aX/pQSLHQLBzvfCg+QCly8kQ+HMFGjceTOukhWbN/coewGTOmaU5LjQ:B+oXxreBb+QukdHqGPQhWbJcRwGTDaUO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK | 14.89 KB |
MD5:
bfba17753438f50c0a9f07c49a92c62c
SHA1: f96ec0a214b79083a238574728c3b31094a42a41 SHA256: af2fe2ec5c3a7112791c156ea92a78c74b5bed95ca75bee2cc1606f81661f259 SSDeep: 384:80hzdW/mxO4ZizWgw/Kg68wTktdc3hf/yQiE4CHK85:8QdAmTCv+wAqf/yzE4Tu |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK | 14.89 KB |
MD5:
8f008f267107f6b45bc8202b929a7e01
SHA1: 001853f0566a05bedb62e6aa65fe81df0b3e14f3 SHA256: aa9654a47ed6e703b50a06576742ac1634add34c472e003f8b12669f63353f5f SSDeep: 384:tfija2uEB8Rw1j7UqOPmKhhdVVRwtjgpems5:RijaMUwHofhhdAjK5s5 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK | 8.28 KB |
MD5:
42e28d703cf58a718c84d793a790c2da
SHA1: b6a54c9268383a152da2e584cf45ff24d5694fba SHA256: a8f558fb1c10330233bc6dad83326df2a798561b77b28272a362dd3439dac952 SSDeep: 192:ujwqmlNk2WekUNNUHfmH5bc7ZBfI5JQrK5QjZKZzzTVFG:jqmXB5NcqbsXwOrHYvXG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.002.etl.RYK | 12.28 KB |
MD5:
dffb73be2263b0c81394a09d5e23931b
SHA1: edf60385d269d06641fb45066e53cf7d287e692b SHA256: d16338839e51d81ee6ef8a69cf7120e060e9acdb5e5a156650b5fcb61369a59f SSDeep: 192:y+twS1OGLs9SW9YYw8nbn6LP4Zl/2WZbe78e4frg3Xl3z/4yPUknm1gabwxP30E7:pzOGUDwqnggDsp4Tg3Xl8yPUknmWW5i |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK | 1.63 KB |
MD5:
ef6522743cb4de2f2d71ece493678bbe
SHA1: c9e57188cd655ee1affa5e4655589e9c158ba4c2 SHA256: cb7c538f87df1d28e08b4b0362ca52befab3479e95b7b02d4be23dd720078c65 SSDeep: 48:P0og1TjSAsNzMcg+GxsLQzAlxNY7UO440wbZon:P0oaChC/sL37uW40eon |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK | 2.21 KB |
MD5:
1bb435ac12252334792e576d83b45205
SHA1: 5792deebd161af22b8c6f191a704f44230a17f8b SHA256: c34999e4065e0a572ddcc610d4c14238867ec73b2fac6a60021affb647ee91db SSDeep: 48:dd4p4ojhajUdy3aoR6TKHbY44jnn5DljaK6hdnEZkHHFsad3R2wV2fsN:34pHVajUd6aoMT+h4jnRJVD4lssVX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK | 2.21 KB |
MD5:
341822ea1c669fbc5b13b757b8fad000
SHA1: a7a4d5dd821fbd489db0a1251bd06cf7ef2a15b2 SHA256: d3bf0dcd4ca03ef2a716cf38b89838aab991318112b9365f3f4bb278a2d7d6cb SSDeep: 48:6mQq5QcTSq0iyW05aljpClzAWSgrtw6pmWZG5mU9cRKWfZ:oqHD02ca2zAWmY8539c0iZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbtmp.log.RYK | 1.25 MB |
MD5:
923ecf00d4ab0bcb6d0424a1102af64d
SHA1: 5e4d9635aec6b8324e98057d8a5304a7ba72fa1a SHA256: 2561405bb0bb642dd6aee63bff7aefb5abc01447cf2eb2328ddc2f9ff8580ed1 SSDeep: 24576:loAmvom0PcvP6bG86UQOv040Tl0XAys3bIsFurGbs1GVKqN1OH6qhHD564K422Fq:ekm0UPQGPUR0TUArbRArp10KqzOaqx5+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.RYK | 8.28 KB |
MD5:
2b18665141a7f93a86392f9b666a878e
SHA1: 2064cac6130622bd76d05962f1e93a7b22728eef SHA256: 8c74d7333be7c68fcc1f017866a0639a945be50f4f7754445e4da642e1184016 SSDeep: 192:f71ZvTJLMTSFwrkl+lmcQNWcZskzJ+fI5Y3tu5RLfvBlv+xGc9:DjJgTZrE+lmc+sk8fI5WtgRLfvBx9C |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs.RYK | 1.25 MB |
MD5:
eb92284c91054dd621f680f2d0c6636e
SHA1: 426d969c430e695de52adbace5156615e134dc61 SHA256: 139054219f7368d2cfc9a5e7baa491844d585c298f05f57b3fd0aad575448094 SSDeep: 24576:MUuXy2zwt45j74kv/fnkoshqbmpRkl/DyGBRS3mHR3+UhGbjUTJX7jTOwr:Mt+taH/agbaRkZDxECROUhG8JDr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs.RYK | 1.25 MB |
MD5:
ae9419a28f365dcf8ccbebb392e02fa9
SHA1: 982b5ba00ff76586bcb77aae984eff7ec4ffa697 SHA256: 52d3b58804767bca3fbc67fa216401918a491372f369a61be5664d82c99cc157 SSDeep: 24576:b1HOl1UrrXTLLnbPoSi3Bw5/lm+m/tEEPxZfP7l:b1He1anLiRwPy/mEL7l |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\StorageEventsArchive.dat.RYK | 5.64 KB |
MD5:
0f9bf4b3a140654570dd392409dc2b04
SHA1: a9270b758dd65c6a92f31ef5d7af05e4cd4e0a89 SHA256: ade10a87fec78e08965d47c00041aade90645252274058b010fe94374ccca845 SSDeep: 96:EsZ44DbMJTY2JoeMJQC0KIWvwzegboQapf+C+zURqxc988UbTKJPVwhobNcLAEPO:N4ASYQoeMJ6WvwL3a4CM5xTRbeJcTD6 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Default User.dat.RYK | 588.49 KB |
MD5:
2e1ae9295916dc063ee829edfa61eeb5
SHA1: 4296f196469528a7fbef71e8965c0dfb2ec9cbdf SHA256: 4e0e4cd613b16c6ff958ab872ff088f3d86dd1685ffe7d6e93f9f96e52d041eb SSDeep: 12288:J2bDC7darbhigRKzdJ6B0PXltGXOWftHSezGRcE97GYLt1A1Ne:J2bDCZ0wImPS0Pw3y0Y7GYLt1qNe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK | 588.33 KB |
MD5:
756b6d582148ced83228865acae5918d
SHA1: 7f8a2cd8991d8fdf14efc82590ff87474a20a0e6 SHA256: e24186994740e2f4d7eba15c8c25846ee40fb30ef24a25c1505fa7aeb172ae7d SSDeep: 12288:qlaN+FswD8ly4AFj4bfqS6nSENiJnjYSeSPHmlG6vSmlBES:8E+FjDIy4AFM3OSOiJjremHZKTX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK | 5.55 KB |
MD5:
69f8936dfbe90426e311d2648a2c4dd7
SHA1: 199531e527eecf5ba7401da91aaffb777605e0d2 SHA256: a545d4a57bd5c9e2f1127082ef81de653a67d156bf8ff59a8ff487f5659fd905 SSDeep: 96:uMyIC4Ik40GjUPifCd7Tw/qFQ07wRzivZEFpW7gzrJChQXQ5C6enu:QOIkzG0KCNV0lKopWMzrJYQm |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK | 2.63 KB |
MD5:
0e634a93106120770bd1e6e3b299cc05
SHA1: 7046811c311f9008a16d4f9ac96a84fabdbc63ae SHA256: 7451be399ac66251f58014abbf3a7fe926b41392999847c78a9b9aaaa8ba3dba SSDeep: 48:Eq27tnxidsCmonVpTkvSTIRtLsEzWJhZtxx06A/IWJ+rpKSdG0O:EFtx2V6kmLsEiDbx062kKSdHO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK | 690 bytes |
MD5:
12bde3475a528943d7c5f58e941545bf
SHA1: 9ec6d637ea66b7f220ef50bff3f9792eba7a24d7 SHA256: 099f8806c8b9269208eade0891900f738573b9d07d696d408d589d530379943f SSDeep: 12:UVOc64Rz1ymhjI25FqlsZy5QiQiu/uHOv4tONj+3E9wFpo4fmzCCh+V/:Uj//dhI25QSZUD5OvgwAuSoXCCh+V/ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK | 722 bytes |
MD5:
3ac9efaca887bb65b801b719ad21669f
SHA1: c16d2a52457ed26797d0772159b6de287b989a13 SHA256: 91f459d52f402289089c7043c732f10f07c1743ce6e1e67fd0f1152117eb037a SSDeep: 12:GpybyUxReLe5hjX7AdQOmm1xs3PuG/s3eNJe9MA/XcDRprQQL5tTgSZkpzQ5bxPu:blHeC5hjrAdQRmA3GCs3/9X/XcDRprLk |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK | 786 bytes |
MD5:
a07b427f657e34db251ad460e6d58fcf
SHA1: e15aeabad8a9324eb870b28cc52d2e8c3bd9caca SHA256: 6dbdb615427145a0006127e46a7e4e23d0cbf38ac1256cb61d8b8b349a49803a SSDeep: 24:toR9Rm/mb1cRCG/7Rdp5I7SRiL6I4uhgEFe:tmRm/m+RCG/795I7SRiL6Nu6Ek |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK | 588.33 KB |
MD5:
99f85f924a224be08cf2f2d564d8e0f8
SHA1: 10a6dca29401b278868c3bfe09c3cf4573065262 SHA256: a5b5a7c69d8e11aaf56e114251f2f35b67cb5ccb6a2dc7af5c4f5adb9128e298 SSDeep: 12288:SqInzXDQGbPjc1k8pVM/6lyd/U3829Tv+/zYmGk:DInzDCi/Wyd/K829TSR |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK | 5.55 KB |
MD5:
e57896550aa500cf586f3f6391aedf69
SHA1: 5a4480c4bc9a686df5856624e68c292506a7b270 SHA256: 482eefdcc472ea32edde30fb4e15d5d96cb037eb320e289c2f06dad15626e05b SSDeep: 96:bDz6ZSGVmeabO+PJ4FcTi5w1yOY5SFlVmooDIW2ut7Nq6Yh3pGig2+TP:bDgAea6SRW5w1bY5SzIVIAyfjGrTP |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK | 4.83 KB |
MD5:
703f1f5d809fe01104d4a7c445123b16
SHA1: 022d11e3ffa60046be517fc21197473ba2b21f31 SHA256: 0764897e8a94c3826d6f7c29b958cf461638991533ce8ed518c722a4bf978912 SSDeep: 96:jmQudSA42Jl8vufpQfwGd+KyEriT4cwq5zUhVlFbpD2xZu67xsxRgYk0NbBnPwyZ:dudSdywEcwGd+KyMix/AdCJdso/0NbBB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK | 466 bytes |
MD5:
95c83cfe209d63e8d21072243f10623e
SHA1: 15f0357a188aa4b9f1f587bc58ece4244d3ef6c7 SHA256: 337a425226e34d46477e8a06e70e4c0d0453292eabb4e50b6d3c5369afc7294a SSDeep: 12:IGYq90ZAJ+IG4JAx7Uoj8xJZ4lSQ42X0cWUAEx0V6:vSZAJPBApUG8jZ4lSQ4m0crx0s |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK | 466 bytes |
MD5:
63e4cb522519bcf73a1f76e662e6aefb
SHA1: fe2592a80f07d5da350d0d8118805b34ec1dda10 SHA256: 2e3550e995b1d84c189b403de931be11fc7de2350c945eb21c208a0acf2a6db0 SSDeep: 12:1v1Z8N5VCZZSHiXt/xLJHVKGuxwiz0YBw9/ft1:zZ+VeFNVKGLiz0YBiF1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\UpdateCspStore.xml.RYK | 306 bytes |
MD5:
80364645faaf2e0cbfc6cbae635159a6
SHA1: 8a2d23045f3a271691834b24b03ddbdacf9a06da SHA256: 71f96bc2c165be6cd6ab6af851bd84e8c07ac56a3d9538510c03b70b53513b8d SSDeep: 6:L45n6AZZUWQcZJCBXGz1l1MsB2erVw7BWQjXRu6xFwNogfmgGW1CzG:L4xXZtzZABXGzzWEUWOVuOgB1CzG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.001.etl.RYK | 8.28 KB |
MD5:
c491555d78c7788168dd70d82ad1b02b
SHA1: ba6579d76145443f5ab7fc01c4ff05eceeb27338 SHA256: 33bb688662adf85313961b8cbf9a42ae2b316cb99c49c4b7e84af03ddeb908da SSDeep: 192:7Ybf/n4r1KiEl/ai2gy3zLRBcPys8YwOE5xHaGNbJY22Qadw7BytPHB/p:7q4xKJ/FMvYPys/wOg6GZJYpQadwKPhx |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.002.etl.RYK | 8.28 KB |
MD5:
46c2b94e00e4e1a5b8ba15f1fd304ef9
SHA1: e2dfa28707701aa76f7195cad5a35e7032354fd7 SHA256: 100b2ba128ba1daef13f562d5815967c8a32e7db6d6df62586367130c3ee83d3 SSDeep: 192:cu7t0EYdo3xRJBesGJTI3fB/fR+9LmRA8g4OBhFK:cu7t0dohRJosQTIBRWr8g43 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.001.etl.RYK | 8.28 KB |
MD5:
695beae53d8931edfbb188190205fdba
SHA1: d4eaab5f521c2b2591f5c5fc7e099e9f32a9ecf3 SHA256: 1a5405f5ef1fb9c8d7eaf2e778aaae227e44713a738db20a05ac0df4fffeb5b8 SSDeep: 192:4IZyMRE2bMf2xBpl99NjuvlQeL6gu4uFlfBya34pru2gX/HiUpF/voEM:4IZTRae3H99UQeL6x34privlp+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.002.etl.RYK | 8.28 KB |
MD5:
25d5a00e0174604721d305c3f541a624
SHA1: 534c6af51c43659cfd858c366ab938b02cfc335a SHA256: 77e3ca73c66440eb77e1b463e3681ca051107e3d36b5999aca14b38c524af85c SSDeep: 192:CkSAzv0q3k9PwBbWOY5/88z2ytjtXx7xZCbY79mdpApA:CJPq0WPYR88KeDLCbRdpj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.003.etl.RYK | 8.28 KB |
MD5:
716f6680abfc57725b92895313f37bbd
SHA1: 892f48776dfb60e985bbae2d4ece2e7dd7ebd701 SHA256: 9abdd6838b30ee1d700ec9f264dd891459e113cdc4e543dad0096046abb59eec SSDeep: 192:T2JzyUKYsBq9t2PE+9ouXzsvgHNTNBHjyVlQIKP:qNffmvKoicNTNBmV3KP |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.004.etl.RYK | 8.28 KB |
MD5:
de42ae0123aa4874173d335c5990c8f5
SHA1: 8bd12fdbd9a6b60172825a26523b07bce406baf7 SHA256: 7bcd68846ddd82b6289be53ce1f677b58d5a150207f9156a6960a107e3fa5ce4 SSDeep: 192:IBdz7OCoUHoCF36WJenBJ9pywZ/5ELKPz8tEVkUrCdUvUHJYFbDdkewQ3:WzqltCl/kbpywZ/GLZ/UWOKeb |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.017.etl.RYK | 12.28 KB |
MD5:
d364c545296c52859ba25f10f73feaa6
SHA1: a1e87c4dd4214ca31b8595eb973783b86517b59f SHA256: 39f0b92e4070b5a60bcae1115b4bfaa6395491dbde7b51ca8c547526aea0da49 SSDeep: 384:iDZKQY9WZQQNtjzZmVA+XVFjYFxrCqQqxHW2TzoI:EZKP9WZQQNtobXVKL+InJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.016.etl.RYK | 8.28 KB |
MD5:
cd1d5ad7e526e53ba3b444094beec0bb
SHA1: ca8bc0ee5b3c5077ad5e88ceff642ee0e2aeff2b SHA256: b04b36dd0b6e1fb7bcbddd674e2597f9faca7c1740ff60bfb31bd9d8b27ceb99 SSDeep: 192:f52nuYtP2RS05XF1yTjCU5MZ9EejDuh+qsWd+Q0ItkU6H5vW:xvbnXjYuHjlVYoItt6Hw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.015.etl.RYK | 8.28 KB |
MD5:
1cc97641c3f8bbe3356bd3283287fe25
SHA1: 6dda8b0cd797d52760a9c8334bb8d84a2348603b SHA256: a8a7c6222569e5501faac17f2a115aafecb193e0355a4f0610bea405e8b3705f SSDeep: 96:6g5Vv/+N3un4R/EVO+/6rn3r+rru81yB3+61U4j9LHgCcW36oX18OSEblR3AXqC:6g5FU1Tv73r+rZyBrzBLHsa18OJblx/C |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.013.etl.RYK | 8.28 KB |
MD5:
85c4a313638070f509b724c0263738ff
SHA1: 31ca39bea3ceb3f87868ccad62e7454f22bc8422 SHA256: c22b3f6a0ad9be900bab70a18f1cb0563ded3c03b29ccfb184dcc87f755452ff SSDeep: 96:j2kvv41iMCUgynMgcghBTVy4UvuwRab6QuqBHRVN/42ZpNz2MUfNIQtZ9mUqhHlV:jpg+UbrTI49b6BqBRzZnz2h9Kh/QO0W |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.014.etl.RYK | 8.28 KB |
MD5:
d3bcbbbf7c5ae3f23a313d25ad23d885
SHA1: 98ee4bf8169f0dbe21fb42a74da98ae3ca759eae SHA256: d8ea9c9c41a7114f090270fae85e82e7f4d58153ba73e97b3921cb32905dc637 SSDeep: 192:Z+Ah13e7PEdDEwSycWKznWyW+X7bhcsKylRIXHUeTq:USu7gww7szm+rOsvI3Fe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.012.etl.RYK | 8.28 KB |
MD5:
49e615e40ed20f10e219a4705d380c50
SHA1: 6377cec1ca475228b1a6d1f0a7760b7970c27e25 SHA256: dd42f0b56cdbaa0e87281a4828467df1359476d1beb341613d053d460e4cf43a SSDeep: 192:WIFvX3++t/DhA4WXemrOZH2qj/qzGP9uRJ2NWDL5yrXrQ1DuVFO:WIFP3++hhOSZWqj/dP94J2NaQLeDN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.010.etl.RYK | 8.28 KB |
MD5:
0ce1eb59b8a5f9ba9ebf1b4f5cd55595
SHA1: e84fb08bf3117540be99b3809f3a8dfc86f7e192 SHA256: b4e427fd36db05c687b2986fb61f60ff14202dc0dc2c99438ba4719104ff0fb8 SSDeep: 192:Bj7+THYBiwo9TuWsyR+K+0dqcksQVjYiVMk5bTh94/JyQcEF/n:cqoJuWXQKlE9BjYwvf1Bs/n |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.009.etl.RYK | 8.28 KB |
MD5:
d323f88655f0339aee2824bca23057ad
SHA1: 46b8dff434c98e6ee804dfad4a05bc87bd47638c SHA256: bbe028eef05f99c9ebb61cb109796fd0013a72727d1dd1f35381f5de135358b6 SSDeep: 192:qo7+roWBYol+p4Rb0w3iWk+h21SXAnHiS67Qzh65RKhRfLO:bWJJ0okF1fHibQzM6fK |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.008.etl.RYK | 8.28 KB |
MD5:
a04b3f2ad971e9b8cfba2d349894eac2
SHA1: cd5787738686c1f3084f31206ac9545a1c752be7 SHA256: bca56f5ccad7cec1cb6798c349b8cd74e673c3c2b0dd048e129b0859ff974e0d SSDeep: 192:XWRS/Mip8tyKClOirqvT0kyZzPp2Ge7wvxHpkwjDO1Fw8o:mRwlpz/SvQtoOvPPSpo |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.007.etl.RYK | 8.28 KB |
MD5:
2a6ea39e3789131a5457bb9b13da5afd
SHA1: 647b1ee5666794d75c244e63d1fbd0910cc4b29c SHA256: 289fd52139f56e04bb37dffe34527a7699e2d357e7d0be7cf51d3754cd85bcff SSDeep: 192:TwMhpJGnDEKEyN4vVMx0pBpRsBF5TstvSS4U6geg0z:UYIV6jGT2v8glY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.006.etl.RYK | 8.28 KB |
MD5:
cb3866351f0f715d490b4f157035f8a3
SHA1: b43bc334b34bae708bdc21e284d5873e61dde604 SHA256: fbc5560ff80f6a27aa3e785f5e937faa02415f7b0b3e20636364ecd44b507a84 SSDeep: 192:oRMrHMpMVX/AxPrtc0lebbnQsp0JoVz7D7AxLieWjSXQdpAnJ8:oRMVXo5O0knreiV/DoTWD2nJ8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK | 8.28 KB |
MD5:
9636b7eabac088b6de1c528ee7916609
SHA1: d686b6ed8cf972266bf4289802b840959e7c13f7 SHA256: 864bb8c904221622b004d30cdc697686e73feb23b891ac5defa4c9cbbac5542c SSDeep: 192:j4VOlaW3K9q3OC+e0YQxSRAuwIB2LDB6Yudlp6:j4VOlZK9qweJQpleDr6 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.005.etl.RYK | 8.28 KB |
MD5:
92c6be93c839179ca255edea2b68075b
SHA1: bef15cf12a364990b13dd14cdb312455e8978cc9 SHA256: 22e173aec782b9b677e60361a5c1b8eb26a13c353f921a402cf84aa22e94ddcf SSDeep: 192:vC9F3nL+Tm21TtkJB1U8iH/LrYYD38qtX9b5ePIZ8Xg0i:vQnL+F16f1UTH/LvRbZ8X1i |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.011.etl.RYK | 8.28 KB |
MD5:
c112cfb0e4345d79c1f2c67864f9436c
SHA1: dadb15fad2660723c1eff6709d1acea1c73fa3d3 SHA256: 5e9a2d4fdd8d4c16b70ce6c732932510adfea53a7065cdadc6d8493c2c09ae5f SSDeep: 192:v8Q5o02zjk7wm+nwGfD2ULPt15x+f9NZx4eaaTV6wNIB:UQmW7wmZGfD9tQNZ6erTVaB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK | 8.28 KB |
MD5:
377aebee7f7428dd2220e44001c1a884
SHA1: 63adde05c6b382622504f3369c0e7347f97fc1ba SHA256: ab1188b784fb35176dc1b3638c4a1604331b7c53a8084c5eb91cf43f0bfefb22 SSDeep: 192:XLk2t9Hp5VTMswQQuRdyDahZTWZ9Ur15Hwmg6RweXQNAL6a8Q0H:H9JadGomTWAomgcLxHs |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK | 12.28 KB |
MD5:
b0e387e030ec07bcdee510d9ced37c01
SHA1: a252ffd8499abf2e393e241f8aad7bb445e57970 SHA256: a8bb55e69d04909e83603022e9cc337aa347c82431009ec8e76f94c8a286684b SSDeep: 384:pfhcvj/LySc69/228SXXmXCu7brQCcQ6t:ijDySc69/fdmyeICcFt |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK | 4.28 KB |
MD5:
cb7b627e80d0da2cff1a2256f3685803
SHA1: 911d7a66cf918eff1a1d802e31f08f214e443d1c SHA256: cee19fc00c7e5c8f9a5b66467bbbe0e0099cdfbba95dca0dc0916b6f3880da52 SSDeep: 96:7TRQklmrPQwyRX8RPIYbX6UGSPinvnx/yWjT2kA4s/w4YD+L4xM0:787uX8RP57nFGx/yWjdAlw4PL4xH |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK | 8.28 KB |
MD5:
9f881eb624a295f18eb3c5e7245f4a43
SHA1: e3bc1a9e056a9d6632723f9e1ada47d6d9d0ce6c SHA256: 62962f4d2b01fb0f8c4afbcf0cb49c82a57ced5f3dbc6ea4c062808e312c7b6c SSDeep: 192:S+qg3i5+ZqjqJY5GK6felMOzFrOnyAsSzAaWecoV4AXD/Fo:wg3j5YFlunypwAoV4Ua |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK | 12.28 KB |
MD5:
01ccfd5ccf032a2afc9ccd949942255c
SHA1: 72d7ffd535bafa9ba773055914ba9de4c010da65 SHA256: 854fa27292f53b5b26fbec1886509922f643b65ac6e9e1624dc6f27a3c600336 SSDeep: 192:ABUPyUj4Q5LIuUYA6jZ2BxWyfG0EmBcoXzKTrH/qc4hZD3ozIOsPCR3D3SA+RbK:ABUPys5LTUYA6Z2Bx+rdzYD3om+3+RbK |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK | 8.28 KB |
MD5:
db4d77307d3b2dce1c75c11370c946fc
SHA1: 2530b74b3c9582ee2cef98dab981ad068b0a7a35 SHA256: 351df90723e875f5db08c3b55965373c3694f3b62aacf499d4223277d52cdf51 SSDeep: 192:ryPKIRCPBg/NRbpyrLBA+gIJ5oJ9OXLNrVZTO8HOMHs1F8ie:raZCBsNRbpW+I8J9ObhT1/s16ie |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK | 12.28 KB |
MD5:
4dbe7c75dd1c476ffd8916ad7e76c59a
SHA1: 5fe486be06e17a4ba97c29f666e1d36b5ba93106 SHA256: d54d7ffcd2a3bc8be2ed09e3e4bc121a1dc862b3b9ee3660836c42ded15040b3 SSDeep: 384:iiOB9aZhH2AF3+XAjiM1kI2faOrwA9kUNH6b+DgQ0O1:jO0tF3hSI2f98A0b+DOO1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK | 4.28 KB |
MD5:
12227222601c9e55919edbd698ff0c52
SHA1: a7cf49f094c549acaf7603cfd44f1114743b440a SHA256: adb3b0ed3b8281ee50f28a263f4f3e35e908798eed43dde178a74cd293ab0785 SSDeep: 96:Zq9qxsFtB1OuQdSu9x0tPgb5Al0Amb3/x3C1Dwt6e:Zg/Td/u92tq5AlyOwtd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK | 8.28 KB |
MD5:
c326e4b6d7fe2b5ecaaece85d1c7eff2
SHA1: 3caefae0c6ce5a7867ef20f493b213fee851959a SHA256: ac97b447912b991b420de37777c7aa64a00b0753c7366e76552916796ea7a761 SSDeep: 192:GXi0qv1DgdffaJzHtEO7AE00tyX1GsBbvPTfFwkodGvy:1rg5faBD7lw1GavL+Pdr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK | 12.28 KB |
MD5:
c9d65d34b12378bf77d77c5c3655ecc1
SHA1: 09317b5a946637fa106127e81f82cd00707094c1 SHA256: 9c9f3d6c3e708f420801a9c1e1639efe8d5630219f270232cc9d8cffee93d6a6 SSDeep: 384:20UVUtgEknvanLQM3nFmXqVy8/go68fMSL0Onf5L:KVU6EknvaLhAX/Wgo5fMSLXf5L |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK | 12.28 KB |
MD5:
37e9fffbec0158d246e7bc5b4da5aa73
SHA1: 1d6b1a2fcef75327264fe6fe496b3d8b5c9648cc SHA256: 8daf4bc39a6fb227540026fba02db566db1b2ce0da9afc062c5bd51ba220fc9e SSDeep: 192:zOIlLf8EcXvvMGwBK08l76WH1EZ3NetrUjFnw9TSi8+81ZaExBnEF/vi1Tg:pf8EcH/08lN2cN0nwQi8Tgi1Tg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK | 8.28 KB |
MD5:
f70b4728210c4b9e15124e84d9c876c4
SHA1: 52deb4b45c881809ebce258baa0faea88f2eedc1 SHA256: 0c920d0f3444942d164514c98f33e23dd2e355b041e790cf332e3c61fbe4be64 SSDeep: 192:Ayj+bn3lw1qzneY/FzSASo/yvRZpkJHLtV+zzC8b:A5SNVAryvRZpkJrv+zzC8b |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK | 12.28 KB |
MD5:
61fcc883a59ee5b108baf79a20ebe3f6
SHA1: 2ff33e56ea8af939f656738e2c5ce812ebaf77e3 SHA256: 1651cd685c6a0399fe5baa5374aedf6b2bfdc98b515156db0563af059e281515 SSDeep: 384:f/axTXDi7oaCdXPj7w65lGXeq/DSLw1Rh:nahDiMaCdLFlGXeE+I |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK | 4.28 KB |
MD5:
34a95de89d7dd80ef5dbb37fc4f5aecc
SHA1: be559e7fe0e4177ec6f91a95891b8e8f227d8f38 SHA256: 7bb8bcca9d6243222a5c1d95e36b5ce3971c21085c1ce6123fb6e6d3e514d4b2 SSDeep: 96:n2vubd/P3tY8BVyrJTZpuYVpI+DcgIH7XCBF6w8w3R7eGibizwBQhYgZJ:n2Id9K0n+XQCBF6Qti6rh/ZJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK | 20.28 KB |
MD5:
1d2257212c026865133e69f0f8982afe
SHA1: 4ba8258c21e48fb72c9cdcfa6bb8dc603191d66b SHA256: 4dc23521235a975e2f6cb02ce50a0a3fbd4d7de7fa5e49c467892b66e050e96c SSDeep: 384:jMyc0xTBCG4AWfIUbWJCi4uhfj5aPiWcDTv0TP9xFM/PgFhzVl/EonM346f:4yc0Z4ZflbWX4uttaV8vUPfFM/4Fhxt2 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK | 8.28 KB |
MD5:
b108087989311404c69f87c32d535ad6
SHA1: c8159437210b13374452bcdce49fa0d7fce5045a SHA256: bc8341be3becda56d741a09e273396c75c63dcda51430987417c4604def60d5b SSDeep: 192:jF4eLKEXm3eZGaJYBmG+3jsTmOvgMSce0w+qfvC+q:p4DHjBmGbTmOIjWw+caB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK | 16.28 KB |
MD5:
25cd593413b96e075d05f7d79433294f
SHA1: 4bdf25657d4798e6c524a47a9bd68bf1aa9abd8c SHA256: 8338de3ccbfc29370885c6b50f53b008f2c404ae3ff27d9136fc8467bd64a381 SSDeep: 384:iIYn/I3wVbLtKahPYUbFAb7xBpCScOKTcLCcE7sQlh:i1I3wVbhXRjSFBT2TzHnz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK | 8.28 KB |
MD5:
d3a42a05f3b8a8b15e738c85ba342136
SHA1: c4047981b6806ffe3bcf78028fdd57a573752e33 SHA256: b8184b66e44814e81d723057a6a7f1cc26ef3cd75af6ebe58360fb64ff4c0f20 SSDeep: 192:08aYPuA2OTKvVUxwmA8a/iSOPnYmQJqm7bUzHLVwHp9:0FYP3NAOy/XSQf3MHJ29 |
|
|
| c:\programdata\microsoft\crypto\rsa\machinekeys\08e575673cce10c72090304839888e02_33d770d0-06bc-47c5-8714-222cdac43a71 | 52 bytes |
MD5:
93a5aadeec082ffc1bca5aa27af70f52
SHA1: 47a92aee3ea4d1c1954ed4da9f86dd79d9277d31 SHA256: a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294 SSDeep: 3:/lE7L6N:+L6N |
|
|
| C:\588bce7c90097ed212\netfx_Extended.mzz | 41.13 MB |
MD5:
e5a41d0322da527c25a4295d166369e4
SHA1: fe2f0e1425da8844bdc768ed7399c175edf5a607 SHA256: 960cb070265c8ddea580e0a0f96bdb067b90f137cd17fac481ba780413dccd6c SSDeep: 196608:NMkXsCYSub3b2Gd23RDY+ZWneIsbxmGRF0VhYO1gUU289Xu6uz64VM4AxkHIQ:NMkXsPb3KGM5IeFx/F0VhL1g99YQ+1/n |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
a31bfba9764d9a64da82da09f80eca55
SHA1: 04e882e688a2bf5989bf1f559ce1ff2f91b7d011 SHA256: c08ec047e13dc63944dbaf917e911de0ec5464f90d4a3f573d5988e73d6bb361 SSDeep: 196608:3Apme1qxXaQhCw4iq9V1mT2/E3HmKEqxu09AaHGamnK9GgAhGN6bFHs:3jec5vdTdGK7xuPiG6GggBs |
|
|
| C:\Users\FD1HVy\AppData\Local\Temp\RyukReadMe.html | 627 bytes |
MD5:
8c9f94e9288f5242143834cf7f1e56de
SHA1: feb4407ff93771aef0ce4254b2a7ca9964c74c70 SHA256: d21962a440451ff84fc29c0ef6660d95dad5b83fe35788527bd1fe388707897a SSDeep: 12:kJlzqNmFC2/UV2/CbHeIH/GJHbr+OsKXUM:kJlYiCmUVmYHzbM |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | 41.96 KB |
MD5:
25a7db3cd169a69d06ae2fbd4b3cba52
SHA1: 4e590d99214bbec818b3bdab0bf6757488fe4df5 SHA256: 6d27633a10117d78ce9e891ea137fa604fe33dc277ee77973aaa104ac1c95676 SSDeep: 768:GDB+CNe0pbOcV+J1gM6vjwZJtpGAlfVVmdEYtbnskP8/jxi/HGEa3n8Qt:KB1RzkulvUJndfVVmdx1nR5a38Qt |
|
|
| C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | 6.14 KB |
MD5:
ba49efa1cc27cfa7f93afc00726908de
SHA1: 3280eeea2adf66f90c0e35a1b440d4c77852f216 SHA256: 9d869966e9b68aedcfbcb6ef864fd2a478b1d2a68cfe16a0ea2e23bba4cd2c11 SSDeep: 192:SqJ3ucYOQEgOPIh/RaSa/3dr+St8kQ7I8z:1YOQNtYpnQlz |
|
|
| C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | 322 bytes |
MD5:
ad256d13b067bdda752412436eb90c30
SHA1: f4a3a35323fd88278d07af1d9066d8130b8b3aa7 SHA256: a069ca3ef35363c27d5bb2841c23bde9cf240f51c843121a4394d2a918ab3bd0 SSDeep: 6:YHq3dwBP9nD/a6jjTX+MbGWmBmhZZO008V0gmGUMYbyTIa:wgd0lD/Vj+WUt0NByja |
|
|
| C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | 866 bytes |
MD5:
42957f67ba2f7a08f14d4389200c7b48
SHA1: a8433c7dd065eee96f753945bf92aa103d746d0d SHA256: 57a907507fb9866ff7735ea096995ea1903399f52f57cf877554998cb8ab49ea SSDeep: 24:G4j2dJsMSeOaoWB7IZTMlT7hJswyoqF1wiz:GXHIZTMlfhHyoo1wiz |
|
|
| C:\$GetCurrent\SafeOS\preoobe.cmd | 354 bytes |
MD5:
b2c2e05c36464fd72f28205c79864325
SHA1: 6c7c0aa891b54f4603f7b149ecabcfac01a2eaaf SHA256: 5a274b038bf14bd5d0e24a23eb9f7a1c162fb3c902084c69f489ee25f1ddf323 SSDeep: 6:CpkDUj46++74tgkyfJYsr51kutRSwusZK0bZbqOimvbp+FKKUgsspuH+a:CpRPuaJY616wu4nFGd3wKd0N |
|
|
| C:\$GetCurrent\SafeOS\SetupComplete.cmd | 594 bytes |
MD5:
2ffc5e7650e59c034bea1c7b2fafd5a2
SHA1: 90d97583d3716b0a0fc341112f306393aed9a917 SHA256: 885594cc07254bb9cca5d7d7c6b8be0c2dd7a58e09fcb221cb35f492f506bf6d SSDeep: 12:fAPhJQjXM0V5BrAb2HhdzU10xNU/EVTf/8+Dq015fH3/bKbAUhFBDQMfr:YPhA7Bs6HTg0xu/KX1GM/2TFBLfr |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.66 KB |
MD5:
44689920c4070083ded1342266382ee6
SHA1: bfe30b347884d975933e70bffeb089eeda735fa5 SHA256: 3b4bf2a437a116e115abcec82f34a7fffe6d0c92d60c3e4069e13e6e3768e0d8 SSDeep: 192:XJOakbLrl3EobJYkcSCcm3AuYsboXbUFw157ngt2xrn:mjbJdCZAuYsAYFcBgirn |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.75 KB |
MD5:
05fd5a5a16461eb2c3c11b94f7e4e1fc
SHA1: b7c198a16bb66a20f9719221e53f7d211ad7ec75 SHA256: ae28fc854550b4445ae926e516e3f9644d3fbc1e4ef9b16ade0560258d98cd4e SSDeep: 1536:zdfL/fmwO8/Gm0uOrigywPtNOVCyEWhFZQKEhDGRNJzor/9RXVUDK:zdfL3mwO8+piXwVIVC5W32tSdsr/9RlB |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.44 KB |
MD5:
bcb36a6164a6f5387e2cb673728f746f
SHA1: d6438726f29733027cbf8ba24db713b833e7e8e0 SHA256: a97e4f0ce7669bec82799b87efb3b864b853a76b7a921c53600c69c4c3c5f50e SSDeep: 192:zgbRw7zE/foQgujS2rkjNBMb/1gHdel7iX+xWJIx:zH7zkgQgT2rkpBc1dhiuVx |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.67 KB |
MD5:
5c4d66c59269d08ad1920a2db2d54158
SHA1: 922fce583dda6e62331fb82a1a14af30b85d0e68 SHA256: 800d6058ba7646dd8176a22c9ade2f259098da81b1f873762d543168624db4ea SSDeep: 1536:nc6/li5bStu5jqQrrzdFn4ykbCWUxvsq2/APMU4ln55:nB/QGQrrRFn2bCWYsqwxV5 |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.91 KB |
MD5:
998abe7d2e0708b64632ec115cb26309
SHA1: f4cd060218b30fd5779d1491f9941701da3aaa49 SHA256: 7006b20b825a9ba590098258f22865edbf594134778194d3f386cb0742a3dd81 SSDeep: 96:LZ4Yt/iu89TxVHvbrWyPh6ZwmxRuDZFt6NA7BtBvzpIEG+69/z70O:kTPHDayP0RKv7NzpSbzX |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.35 KB |
MD5:
a671025f8547c0d431d032048e5172d0
SHA1: e3fef7347ca01cf98b97225e27289bdecc66f514 SHA256: 1ee3e57a18ed3132291cacb19cc3b734239f665c048e1fbcda3b8fb3a5509699 SSDeep: 1536:lEZsNilm3zlE5t9lFv3xaj6rIQwovONvbclY0:CZ+ii5mVv3xaekQtGNA+0 |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.52 KB |
MD5:
b34e17ee02f069acbce09b3d64acea7a
SHA1: 938de5a217704ec372bd3e6f785c3048652129a5 SHA256: 859ff787f035f816a0c611c6f55048e9a0dea04a4cd20694ebb7172e208d333b SSDeep: 48:HnIBol3iHsCNRuSBJ6+RF3q1xy/z22kOssy+euq8FNwQ1JpWfMrIoI59o5Wbk2fP:Ws3uDDnrqFWY8L9izKWoWaUQPVu |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 76.21 KB |
MD5:
c90934f875ac391868fe2f3d1e5c307a
SHA1: ed9198e303f39e7848c089890b2256b15f0c7d3a SHA256: 13c96fb6fb2e6036f2ccd04f69b4140c14547f819962f75cc9569122d88421d9 SSDeep: 1536:p+clSIyIyqm6DWknrQ3kzkCNyTZOMP9l6o3pYZ8BkWnMNNNRMRpKpf54U:noIyOpDWarQ3kzdNkOMP9lTpYKFMNNLb |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.61 KB |
MD5:
941959113420129de18d6b68e1b23d82
SHA1: 84151945c68b1235e4366123bf76f6c966374fb0 SHA256: e59f4df4a566aa442068992499f31da1f33e3bf6b5d556a4406a51619ad42559 SSDeep: 96:+WCgL36rI0rMokcYtslSa0ouvZwcCp/oFDxFygPfvz:fb6c0Qvla34SNo9xFygnvz |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.69 KB |
MD5:
08e52eded8504e97c8aff55544b7b04b
SHA1: ad6caa597efd5d9fd4fa396f83926f330d8d206c SHA256: 499d1380fd0e90f080bebe970ad7f6d3a4093de3211af08e545563487216fe2e SSDeep: 1536:vGiZNXgpxDflMr2oDBt2rbBoNUfCxzeIn/aNu82ufpOWcjTx/DP:v9ZN0DNGq/+/L8LpFcB/DP |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.94 KB |
MD5:
bfa35dd6894e7644516b080d9e990556
SHA1: 45367b07d32d51a2541363f140b475616fbe3acb SHA256: 03e3ade4237b0e8e22668f53b268879f9ff54d4a3aa30fb5b69dd8e8c5a24813 SSDeep: 192:foeMdzxLiSbVI1ct6Xnv4i7RINevkhigQYACeR:1MdzFikI+4XnrINeqigQYAlR |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.53 KB |
MD5:
b89193196bb0d657222090f693d5f61e
SHA1: fa25caa49eb55a5d7cd5f04d95c51618f8ffe58c SHA256: 31c1955cfa386528b4af40ffe726a8c333f53c9b6ed9c8788d18174ac53e3c1c SSDeep: 1536:bGT8BiLAdVA+yPrOJu6CoLnt2cSmElAcDQ7vouXq3rn4LXFaZUApOjT:6teA+yPrPiQcSN2cDQroR30aqAaT |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.89 KB |
MD5:
8739f2d22d69030ba7cd912929c28f64
SHA1: a1b97a382b3676beb5122380e4a7333fc395b9e2 SHA256: 5b971a6154758f36481fc2dac8e7119e784451859a719747acbefeef111502cc SSDeep: 96:tPZ4EXtHwx6zyyC2NVbYlGd3OyGK9NIq90SXLq0:tx4gZ3uyC4Vb9vNIkm0 |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.72 KB |
MD5:
b717c290cc6977f8794477e2a8c5cf00
SHA1: 832b169d2d0f02e149e064d0f27eefb9cf90c6cf SHA256: bc049aed462bbcc5a2f0341e028ddfcd00aeb685f41d47ae31bd03b004696060 SSDeep: 96:AYh3RgK82QUScHLsOMymOZlzBZ0k0q2OPxQK64V6nOEQr1zMPSm:Aw3RSGHLsszBZ03q2Qu4VPEe1zMPSm |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.42 KB |
MD5:
e4fb1b258c1789b14f19a7648a8e28b9
SHA1: 468ed0390398f1fad4fc7af9d4e93c4765f5af5d SHA256: 771bf7a58adff66feaf093b66f814f3267f2538cbe9a8c56a400552e1d2355e4 SSDeep: 96:7dpqNemxuNP2U8lmO+S7EvkklabLqD/UfnjATgNWR4qrbwe8I2TD:/P2Ukz+SY/aigfnjCR42bwwe |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.97 KB |
MD5:
eca6b13241cade07b8401130f7318bf7
SHA1: 99a7066fd549127cfce020adb15a292b447aa25d SHA256: c83e6882d63185df707bdfff9d709499bb4d6170fc8b3cb017becf4c11cfd957 SSDeep: 192:nmpG9Y1VHkn63kJjne/H0Bc5DnKmrqOWLI7xg:nmQSHk601efsc5lrqdLIC |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.66 KB |
MD5:
252d705476752c2a73d9acdcee9234c9
SHA1: 4633bf08bbf8e46279e55dd91d2bf7ac94b011d8 SHA256: 3533a29c4321adef4cdebd4bafee6ea4a6fbdcca526fdb419313c986c1731be3 SSDeep: 1536:0sydCyGTEvBO0YoYw+GtEgIsbUuVkmDzhQXpbQP00zGr79GDa4:adCTTEvc0YoYw+G+gxbd3DzhQZbIewa4 |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.69 KB |
MD5:
0ff644a7b044a89d2714d8e9661fd128
SHA1: 1993af5e254d639b4d0fa8159afd8b72a9f81b18 SHA256: db249e401983e63ed1e589c4061d7106e9f696f5847b8a9bf2e1dbaea9f1b28f SSDeep: 1536:5E9V/wzVezAUuWjNRGuzPwfh5gH/S2lcubfLlS6QyRyFykOZr8bpH7e:G9VUBFWpXgh5gqYxbfLQ6edUr8lbe |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.30 KB |
MD5:
f40e1e7cf0a035fcd219d968b4cdf658
SHA1: 17a6a144c2c44dfd109d4c751b64394e6c455b25 SHA256: 726c23b2a47af9f9bf59ef31885c94927ab1cb9b808e6ea68aa3231f9d85e7e7 SSDeep: 1536:8FwD5uBRvuaSyMoTqEqYEP5IKRkb/FzZJSVnZsBtAb5PCR/MOl+hZ7bx7:UwDYvvuaSDATAJRY/fJSVSB4M27bx7 |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.49 KB |
MD5:
c37d11c2442e572c7b89ed98a64a1619
SHA1: 1c53e42d3552901dda722506c12584ed0340237c SHA256: 46830b153e45d8d28d7e92a93eb2c5c8113366f75babfed64f747870bada9a8e SSDeep: 1536:hmwCBfWBgcpf3o2pPkl11Y4rhptNSPjdA1dozRJ4Nm:AbcBgK3o2hW11LdptNSP5Sdoj4Nm |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.39 KB |
MD5:
f1dd1950b9acc650b637018496908219
SHA1: d33cdd954d0c3d5dd96c2bf068d3a2a79dcbaaf2 SHA256: b4a7c41b03fe135778771e338e18d35986a72953658e3ea040223329945e62b7 SSDeep: 48:3UXhhDbneMA+YLs0gYWVuiDel1yoyVG3uEoxyJ/B3QMl8xtkumSs2rfLCh1gdrAM:3iNeNfLmBuiKlGEVJRBl8RTs3Lgz |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.71 KB |
MD5:
74426d8c3a57313f9ec433df2989e3fb
SHA1: 15260cd2965cb465bad8a6920df51229fb645f08 SHA256: ea3fab2433da8fefe2f3d145959b0dc19f9cd14d2c6aa1adaf74e89ba94cd13f SSDeep: 1536:OfepKHQNOrRLPShddskSf3oKfjwjzkgKiTx28FsXXiJp3sPn:ODHQyRLadRijwjwgKiTIYsXSQn |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.83 KB |
MD5:
cc4ff553fe8d25e7f7c75d401f8e0cef
SHA1: bb1b12a02a830a725fa4a98b121daa4f0a74f3da SHA256: 64f649f74332b66ba2755acbfcee0cb3a945756252184be33b00d6540d5d0c69 SSDeep: 96:cHzy3lvWx3wHGaOtNDaxanI0xrDRnXpW02TXZw6Z7ELV:cTLwpOtNGxeZNRnqQLV |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.46 KB |
MD5:
252de569b92e2667673f48619ce6cf47
SHA1: e39c0ff5850ed09c2f3befbee4c6e1d7dadb338b SHA256: 40be74f2ba9c64efd0d6c86e41fb20252766a9fa65e15fdea4ff85c19534053e SSDeep: 1536:wbNsQKJQmJabmrrIesHNflHyyoBcZAw/ypZsyGHK4do2ghQdUWioEpf:2Nspjt3IxtflS7Bcaw/yv7GHVghHdlf |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 10.16 KB |
MD5:
f2372d9a3ec941638e8821ac56160af6
SHA1: f74c694ea446b5738230ad4398f864d5375debfd SHA256: 45f61a5c7a6bba5c79ff23130bb1e1cc6f322d24a81b1b5c469975372a328330 SSDeep: 192:Ry3F5t5ESeCCCY0E8ihuWis9SGzos1vUQDVDDP6DWcyM7zWKosA4jo33laDP:Ct51kuWisgtsp6DWNIzWrYj4wP |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.91 KB |
MD5:
da86aefd6a7851061f96bb6754eb2feb
SHA1: 2d6c65eef3540ac8d9921e514bc2bc93bea26a28 SHA256: 60610f936eb36d19bfc0898f03a09fa9eb3f2b2cdd9ec88f5409fcf1cc926c9f SSDeep: 1536:olrBYIjOUPT07CoQe91nNtV1wHMNQzA1n1Xxjux9QSb:olmUPT07Cje91nDLkM6zAl1XxqjRb |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.66 KB |
MD5:
6f8d62c1143f832972a981c156af1159
SHA1: c37ac25cfeeeded7ed178e5743bb52bd90666018 SHA256: c425f8c09dff9692f936df074c2e7f815aed1705cd36c3e1a638d650b28b814a SSDeep: 192:XaNGHqFoLAujlyMsRLuS0n4EuU8jjb68opaxMowS/1TsJaYWpf:KKEslyJav4EuO8kUMoPOfyf |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.99 KB |
MD5:
aef175b7369cf9a6ebb9a2547e537e72
SHA1: 44864575be6c28c144fcb13af752ea0db5659791 SHA256: 481b9e978864edf9de3253eb1847bd3a7371ae4b5c8484246977e09834de858c SSDeep: 1536:090SU6RTbG+gW7PW2I2nCT11Nbggre6tMdmeQreWVoQM0N:FXqizSe23CTvNbbVtreQ5NMq |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.74 KB |
MD5:
c0b3bc3612bc47dcb6168e866756c465
SHA1: c12cc7e128d73312ddaac0303c980baa14171538 SHA256: 00370edaae0c5eb20c567ba703a7ad7e804594227da7db85c0c1d28a961fad27 SSDeep: 96:wxMjvBNQhdfWOijQoGYtNQT2fMTqn5+fTAsl8:wij5Ed4/USEuIfTAM8 |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 78.05 KB |
MD5:
a03e53c0ff62e641ad8b0c029fd02469
SHA1: 45f30f12188632585017cbe3c32c8c803088a2a9 SHA256: ab1b2d876971a3311b1f28ef26a459e5f028e6f94c583c5d2e751ea5347e14e0 SSDeep: 1536:0vLuph3Y14XQfSX1WryjMonsdr9PgWhpTRrG8RjrBM7WRf:0vLu47KXgj9dr9PgWhR1RjrO7WRf |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 3.25 KB |
MD5:
08df2a781b11ceeb37448c620030608d
SHA1: bcda95f325275ae5ea06ab22febf5f085b0a8345 SHA256: 087299c771eb198043e2791349aff756298266e0e1199be16ab901d711159965 SSDeep: 96:2T3HXRyDa6VcTR0R6XAkrBPheS5z0IjKrYbtMFt:GnkDNc2RH4PRbjKqg |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.72 KB |
MD5:
11ce9ca393daa040e7e7a5db058aaa24
SHA1: b9b1a6a8396734b1170519e9443f67f7b2ae5d98 SHA256: ce5f231bb7ccff75b2828df7d58c5fa0e81229d7afa6a6048c0c2d8d21215593 SSDeep: 1536:wQQi9bP1BKmPhM5TrQupmpHaua7Mf5ZReO0hdzQLhU660pz6G/RRak3wt0bysiQP:wYbNBKIirQuEpHBa65PH0lCIaRRak3hP |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 4.22 KB |
MD5:
ff004ac11cdd6f469bba5e11e099cfef
SHA1: c3920c72e04e4da7038e5b001c5c9422d8a4d087 SHA256: 188df77a26c625e7bb6511bb5d4929a9689036523fd0ceb09c94b0ac9c2ca55b SSDeep: 96:4t/ZRYAgtKwrXFnmgKVANwvEeuQx8IElG0K8niXcXOU:4NZngt9VmTWwvEeu5IEklXY |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.72 KB |
MD5:
148480fda5563f0d3e05245c54e9b3a4
SHA1: aebae3b7df547be770e97f97cae3464326abf3f0 SHA256: 1d5a12eb9ae12c9eb8eff7f38001df2d0d7685fb1732907411aa0fb59a4ed8f4 SSDeep: 1536:ayHOsWiQpWNZ93ZKsBd0+FJfidXsFpkfMJ63I6z8YotNHX:aeFW3MNZ93Z3wqidXsbE40oX |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.88 KB |
MD5:
f26a70c21f71ca930c334d44aff1b960
SHA1: 2333e2b4e18a37a3a9be500442ff55b65764d3fe SHA256: ee7177bbfaeceb30a2f8d4afd26323ce35fe82c39eccd66386d4130e0bcf2feb SSDeep: 96:u3H9WoQU/msDvyF5gWDkTSdvMj+De8LZLt3tRfx9b:uNWBzmyF1kTSdve+Pr3XfxR |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 79.13 KB |
MD5:
95ebf1d6912cf0d06277e5ac360e2169
SHA1: 9887564cb149c955d0a1841e50d44d350242e300 SHA256: aa86e17a17ca793cc74ce83e3d93f3c34efd5094e371f46c8958c944817ccca2 SSDeep: 1536:imQSIt8d/j0Auh0YKWhZ7NKNEc7uU8v1A+yo1mZaZHfcSBPtZpQftWSvxz:iZt8d/j0Ac0YKWhaTfK1Uo1mZeEShel3 |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.46 KB |
MD5:
e85eb87a1f96a8c283d9612aeac399c7
SHA1: 8021319b44e8895eb0d0526fe675a83d48e5f64f SHA256: f6595b668600db1966bb0cd36b9133fddb617b8f0f45171f257e86901f4f61e2 SSDeep: 1536:aDG6CHnbVJDs8Sn4zapBsfWT+V6r0DlR+R:aD7q3D4pgWT+UOlRE |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.85 KB |
MD5:
7cad6b275a34f62cbbd356705b592265
SHA1: 65d5240efe606ade4b04904f7ad78645e8cd6689 SHA256: 1166da6a60926e04ebabe4f33577e9272ab24073e6f492bc18e80595dc4454e5 SSDeep: 1536:CZ51U5UKApCyzYHee2KDGSG1iLzpddmL4t3sFX3x0wHkkcuXG9FwUt:G5GUxzae2G1iBbmLe3sFXL94w8 |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 4.05 KB |
MD5:
afbc93a4657b89e6977d87c2fb266df4
SHA1: 0e2cd0a207ea5f76d97e6ab3d5769657b9e751ad SHA256: d3f621f004f0a1481dc97c737f1e13a5bb520646bd2f06e8b0d9a83b74aad820 SSDeep: 96:Ol8Py1mlZ0dfO1TkmPaQFuaC91tDTrQeksNiG0gL4e7FjtUlK:jPvWdG1wmPa6u19vDTOsNkOV |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 76.14 KB |
MD5:
0746a7f3e0aca936442d2e871743a45c
SHA1: 5fbc97265c1715bec4d1745e03a64789dea7147c SHA256: 6fe5321ff83da91dd1b9a338b84e639a12854b2ccad7d6fb3b59ca278f1b0eb9 SSDeep: 1536:mSgPnrSG6SLXS55Y/aGM8Q4yavjA3rViBJYpmaZjiJ2mGGMT/:3yltLSTKhQ0BJizZs2mnM7 |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 4.05 KB |
MD5:
c428da81228ce457f6ede31158908b75
SHA1: f1b9f0277b403a52e871766543e9a8647ec8e8cc SHA256: 16fbe2644b5f42591202ffa1ef369ac3b3a735127ebebb8ba9c8a5843089fc16 SSDeep: 96:AZ9EqPBUzqFNjvxukRJLsaMJFy/7/jTdgXFpPXyWR5mN:AZ9rPBUErxJJLoJFC/jpgXFpqwG |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.30 KB |
MD5:
d777ce8f10a2894755467d1f57acabeb
SHA1: 6b22f9d4d77bb98be8d4c9058422d4606851137f SHA256: 3904ef84259708e2ed8548e12d77d7c97317bfdddcf53cda6fad0367edea0c68 SSDeep: 1536:3G7WbKt2JFGQ3j/ZV3TfzeNOIr51+kHvhfD9bfz7WgqMJQK16ZrqjyZN:3GqsQPD3TfiNOIb+kPtxqDMJ6lcm |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.97 KB |
MD5:
8cfa3f68237a7a981f06318f21f6f214
SHA1: 944acfbc551c188d73788768f972ef456fca91b6 SHA256: 648f8487f7ea98d5c39e195a8a6ff1762f2e87c3e9226f0b48692746a469a325 SSDeep: 96:iP86Qumio0HCI2/K28/qvTRsnRXy2lNFCZbCTOhW1g+OC6XtHZKoc9h36448Lx:wtmisI2rBi53lX+e6AgD9HIoc2dWx |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.53 KB |
MD5:
33a0d85911e376018d16af3cea5fb54c
SHA1: 44f7e51392a7af1bbfd0ceb1ec75f7d049e98b69 SHA256: eba4531c632404c891c4ad112936dfe1c8325e86966a43b7b8860ab1f0992fb5 SSDeep: 1536:iBj6GEFW8Q0nSlD6aD2aVQBsav/CwH/1G2svqoHctT14RY:U6F60nSl3D/UmvhvLHcz4RY |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 4.19 KB |
MD5:
6650785308d474d6d85ba04c56a3df5e
SHA1: 2ea55183d704e36f8c2c315b27291e979e6d1880 SHA256: 7752c410f4e0286100cb71513f2ea98a1c88614f32672304ac900feedb5bc031 SSDeep: 96:NDdvToivBVXRpl4f/t93a10pqHEQ3Auhf+OvPKn9UsaxuK5bpbFfSXaG:NDpoeVXRpl4f/jA0pqkcAOfNHZ/xpMqG |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.64 KB |
MD5:
d4670a46f9087c2c1e4cff2eddc38d71
SHA1: 101d63b08c9a3991889aa79c0e178ee31c563bc3 SHA256: e7988aae2911618fa6c1d303044f2749441dc63342800cfac9016cfc9f518b28 SSDeep: 1536:6C7qWG14MXZF7BUTUlkjI9ZoFiIR3O/xyIT/QaJms+lniMtc:3iWQZF71ijI6vReZTlmbNiMtc |
|
|
| C:\588bce7c90097ed212\3076\eula.rtf | 6.44 KB |
MD5:
abb78fb1ed01dbdcd55e26bcc38cb4bf
SHA1: d1b33e7d4d1570572b3c6c831060ccf903edcdd0 SHA256: e40865db34fd0669edd0ae983fa66b19f765056b029b451457ef8c64e8a26d7b SSDeep: 192:pqzWcIvy49albVUmylR1uR7DFLS/6/dxG9Qv9hK2rY:pqbIKAjuRFLS/ak+LU |
|
|
| C:\588bce7c90097ed212\3076\LocalizedData.xml | 59.67 KB |
MD5:
0444696bcd957757de9b5a6be54a77d5
SHA1: f2843907311010b13dd466f499689e4152fbde35 SHA256: c776ba009b2e1fc340f2c938e2ea64f955ff01605dfe58324038b80f49f5e935 SSDeep: 1536:yaLXgCtyzHkZg5p1P7Jj5KVnNHfI8/yGrfImtTNK4:3g/k0pwVN/ITGrfIET7 |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.27 KB |
MD5:
9a14c4b38926ca65e6793f18d25f00c1
SHA1: 7d0804bc964555634da631bc343585c81d45bee0 SHA256: bbe7bc707dcdfc347d339a46a44383f1af43414a8f6a61de4e595e8e17b91add SSDeep: 96:qZkSoIWIdoAW61hQ4RT4amVQWTnweLRJnC:ql73W6FZmVQWTnwiJnC |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.39 KB |
MD5:
2b436fe28b6d756e7fbf9d216cb6f048
SHA1: 4dc440eb8eced8d3ef1544acf7a381d287090646 SHA256: c3c8356e4f24a0a8dc6710033facb8bce99b03ec643e30a8cdde7f7c87a57ec1 SSDeep: 1536:lAe2gEIzwPxV+SOxkTRiLSXfGxmcHsTd6PNto5wJjvk5:lA1Iu6bxmiLSPGTa8PNto5+js5 |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 197.35 KB |
MD5:
584dd610728d480898eb62e464cd55ac
SHA1: 95c8e364d17e4e6059c9e21f0bce67f159949dd4 SHA256: ef5f4da0363687ad09096dd4389a330ad326e15d0ec5db2a148a964d5d5fa118 SSDeep: 6144:q9RUckGV25nexixdQ1GqwdWcAk9zM2u09F7:q9dVA+IQ1RHcABl0b7 |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 38.41 KB |
MD5:
a146c7fa58aafd4e0a31819e8b769d8b
SHA1: 8e2a250f0dea19bed012e8afbce7bae162716a0f SHA256: c9b5b3fc659fabd0ec77ca773bd2459c0b1a485c85855a10e062e7fcd1d647ec SSDeep: 768:gKRntwL1hVL5ZUtYHYV/WmqzTDMUsyqu/BIjvPGLKFN:gYntMTHowXM8q/HFN |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 16.02 KB |
MD5:
99810204c0da515add1ee22a8943d74b
SHA1: 442be9cde4723f18731820d8bb85f2bbbb72072d SHA256: ceca2e52b2c3089790c7430a769a8405f6ea3cc8d1f1cb5625748a4bcd495a46 SSDeep: 384:XBssC+1iTlPFFWlpyMp6TyOLmn8RRxEADOEaEBSgUK99zTY5Saz1:ysCoiTVHWSLN3xBnSgUK9BTYfx |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.74 KB |
MD5:
3edf862d188d71422e9c97ff721c1cc9
SHA1: e956f644cff6142eec24e019960e8e0671e6a33b SHA256: 3519fba560387dac13629a768dfc02e91843e06504acf86febdb4fad87aa1e13 SSDeep: 1536:ZaOpDn8xKHkCtSEQhf+/5n6cOPW/Pagq6sNJ4zMr+VrezF5mQbQuyYci7Ht:wr9CAEQkxMmP8oU+xepVvjp |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 91.41 KB |
MD5:
097a27c63196a6a5dd5f13f5a76ef9e8
SHA1: 519cd983fefbed5d4a31dbe7121349f34082c912 SHA256: 4ccb39fcfe31be0facebd54a59dfbe87b6721fe41b7758038477928b279cf703 SSDeep: 1536:S9Iy1wiWN+RQG8U3jFtPvDdtEouaL9CZ2r3Zw+H3nGdb55uNXZTB7u/s8rnKYc:S51wiu+REyj7DMoZpg2aQEkjqs89c |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 38.41 KB |
MD5:
e999abe16bffb011f046e011e438df90
SHA1: 892944543e8d83e68526036d2d28426538203987 SHA256: 3e50debf835c485689a936dc4cd47872091df45b4ea8f267343735c6bf9a2287 SSDeep: 768:ZhzUuWEpvaGzyLtsrBee3wmIdjqvIDgyNVVg50eoqIry30g+Py:Xou3Lzwtyw1djqvIDf7a50hqu+Rsy |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 1.39 KB |
MD5:
49f8fbb8eae68dbc0e06415d9876c6b2
SHA1: e813bf0f74fd8d17ab88bc9af6c3c13c9b1fd614 SHA256: 551b30b5d9930a9c35a1f425c662d8148b995df7144b5adb1f58e6d4c28c5466 SSDeep: 24:qXS2guYfthHzGqgcHJQ1nhSWQjHYCWq5t09GlXy9vnAShWmLIOoHrl72t:qjguithzGoHaSWKHYCWq5eQXJo3LINS |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 1.14 KB |
MD5:
494abde11252539130825806f6b75ae4
SHA1: 02842efadd7608c6f98a76f7d910108a458cfef2 SHA256: 6c279579aa4cc6e3ce762161b2751a69bfd06a951ce7060838695a5ac00e9619 SSDeep: 24:jwg9aYnpWfOo/vQGK04Szha73Y27N9Foq6OmvaaHfRBkDcg:jwg9aYpOOmpKXS4skyrH5c |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 1.14 KB |
MD5:
a65e7bbd5d7d7f1fd0ae7f70ed61a77e
SHA1: 00e0844d420978578d615b8dd7be30a89b37b0c8 SHA256: 84ae743488bbb1c8a924d6bf6e69209ce2a663f6a347369b411c03e65fce2c40 SSDeep: 24:QLBtlXO3TKI7EcVEX76LiZEo6HbYAZ7Xy8+NnY9LliV:QJe3b7wLQSPwb7dqSLlk |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 1.14 KB |
MD5:
44ded9f3889b83e0ec113c3fe58b9e77
SHA1: 10a5911b84748bc64e1affed2ce41d234b43ab97 SHA256: b11f99f71c582341788d4a380a0ae51a765ed0176e338f8147ffec82bd7251d2 SSDeep: 24:AAMrNMjjQGEHrECXi18uTRTZV5VAAj2OouFc8s7H6K9FfkbCugnxaRMh:APrSjiDXaF5xiy9y2b7qxRh |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 1.14 KB |
MD5:
06fbf865c15744bd08219a6a8856b757
SHA1: 75453302fd9794ee4ac25df6e033591397877ff3 SHA256: e70b269478fad28e0406f4d325979caa539fecec6ba365837c14dce4faa49b78 SSDeep: 24:0SPPPAeG8qdOcGjOAl6o1ZFASwefOiGyoorwlBCLVmCY1H:08HvG8qdLGjLZ1ZeSLOryVrwlBc+ |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 1.14 KB |
MD5:
b9db361a86c2cb176cb915930f932ba3
SHA1: 90a4e02c84858b065c7857a25c99244db836586f SHA256: 2ca53998ea3471b9326505c206a67af94f146a0b0d8b2973cfa0b247d3be6c22 SSDeep: 24:TA3RuOal8p1TxnwVOoXbtKUlGFSbErm9w3vIGbQ41LqmBD45Kv:TTlS1+lXhKMGAb8mCQ8UmL |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 1.14 KB |
MD5:
86a45373a71450c6f5acfb27cc2ca849
SHA1: 96265744d07b162058f696553dd4f7375ee923bb SHA256: 78ea45206d5c6c32c02892b7d83d3d0f15f4384f0c31e699cbfaebe49d47ba64 SSDeep: 24:Iy+GqFjUnnp8gNH6h2O/lIM5RshOpM28WeAftx+M7JB+6LsJRfujkt1f:mFOxNHh8qBhO+28WeAfH+SJ7LoRB |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 1.14 KB |
MD5:
c7a07b02933e341c067d137315728085
SHA1: 2819e64a5a706bef86bb3b474a910d8e941510ce SHA256: 876128383daa87f470f2ad67cc3da99326d6964ee7ec86cd56cd2f07ba94c656 SSDeep: 24:aPMoO74SA8w8qu0GyYqXhSRG+FyR5HKua3CI09+miec164mnsxR6:aUTpxqu0fxSXFyRkuIsUmN4Mf |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico | 1.14 KB |
MD5:
0338683cc5e80fedc95d0e612fbfd110
SHA1: 5f75464aca84e8c61c74fa47a75b667b9a66099c SHA256: 3c8eefb9a4e6620d6fa73c850775fd2be4f9ffbca387a7109048e218d9177b0e SSDeep: 24:plJ22VBUTMokNCJMp+lnaUzNJshQVhWrWGgXq1xMmfIaedeVm:plJRV4MokNYMp+l2QVhWrW3XOOFaedH |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico | 1.39 KB |
MD5:
10531cc4910e810e6f35190234ad19b8
SHA1: 8512f853b4ea9a4472247bac0e9b2be4b72ab40c SHA256: dcb1bf98fdf3ced1563d5354a9c9887adaba913b0947d8679bb67b9993d330b6 SSDeep: 24:E4lM9JBnn1S4UZoEZjGw+LLm8SX5bj0U7DEkE68FPkXeKuOWgkXrh44Ppao:E4+9vnn1U3jmLCJbjrP9cPku7Z4Aao |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico | 36.13 KB |
MD5:
b461bfd87fb352e5f33fdeff616850e8
SHA1: 08a2b3e87e71caf591605baa459061a3a78c897c SHA256: d7e0f2e7f0bb0bc80fbebb2aece124d33947330cbbc499d294ea6c6b44b75554 SSDeep: 768:URhYPgEbzGYIj/VBPNWjF6JrmaoZLVIuS+JtHDEdpjc:URhYvbzyj/TZmdZjYe |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico | 10.17 KB |
MD5:
c0729b474843e27b6a81dbefff5c5a29
SHA1: 94f38db0173fefe3f3f6a165d90d35e768085063 SHA256: 8296de883a9c4f6b599f6191c2e72341a6a88da1ddeee4253da6bcd53c69a8b0 SSDeep: 192:dHeRfff7pdywZQ8rlK1OFwpA8hXMInI8s1qbmMfPXJnBJih:dHuff7pdyGbKO2pMf8zKgJnBJih |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico | 1.39 KB |
MD5:
c96a2f77bbcbcb776067c40f25e12ba8
SHA1: 232372667cb3995c4725bb502fed0d3c696cfe1a SHA256: c0305cb14cf9ad09f0a2df72b12df27a0d40affa2248b6bd7b6651b4b7f91820 SSDeep: 24:l+RkOW21g85nLCpQ+DEt6WtYYU66sF6svR3q7WS93zY9cfAP04RuvbA2W2xkWV9v:uW21gnpQYrqg66sFr1aWS9jYSfAMsgbx |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | 1.39 KB |
MD5:
ab66dcff74631fd7e07733646e21e906
SHA1: f091a8e2d2d3356dc1de140e69a35808b1c05a88 SHA256: 0146b1fa9bb7e2f567e31ce26a644f7d777af61662ee4025a6c7efda91ba1e1b SSDeep: 24:fNo/ucfKib95PwNXz/DcwOJs12epLnfAiyAlCWtDjj3H8GV94K6CJ:fcucKibPwNXQ+TpTfeAgksy4VCJ |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico | 10.17 KB |
MD5:
5149d80bc341668f64361dab15a82408
SHA1: bcb64ef4c638fa5ee9b38a2d59acd0ba39b8a555 SHA256: c539dc78120b5b7c063657c5c9bd3410901d4e389b4e5b0bccb6a76bebe169e6 SSDeep: 192:hup+4qrrxKhLMwE0h/2QxvFVb20MIev8MnNSSBUGcHhe2pvTwat3BXriDM:hupcrxKhLA0h/2QP52uWNjBAHhntODM |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.81 KB |
MD5:
4636b32ebbc081ea02c1c95d247b4d52
SHA1: 7cdde4a8ed092a7fa5e81588acbb194974334107 SHA256: df528e700e20978f55409c1b69da41e3d7912f3fcb7b134f505cf682105d91a1 SSDeep: 96:+AwBhxeIA9ljCv/UOhquI15hks+b0z7hwh6/k/+fIel8UVZ7w6WmLOj3HO57:2BhQIA3jCvVquI15nZZwWkGQBUVZ7wkb |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
87bc6fc112a554b392f970a85b70d24d
SHA1: a3f8da4f4e56c2b3ad3ab0f7d414fc519f5257b0 SHA256: d71a6a44b3bed080745bec406f8d0762b7631da88bd236a2b6be4a8fa69d3afa SSDeep: 24576:AJGOpaSR0R+cc3Jogls2dmv/bas7geB06Hh4BY:nSR03gl/mv2egeB06CS |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.28 KB |
MD5:
35fedba135994a9256179377c1110140
SHA1: fe6aafb1d0c4bf8b9dfb8c582284abe456fbba6d SHA256: 19a2f86d0e77da09bad1a59d34a979a407b999475aa9ae1ab18e07215f0dc300 SSDeep: 24576:QgJYs6Kn3l867TKdbz/uvJuN2mXyCqFcglicJxQHErx:Q3Kn3lJT634uN2syCUiAxlx |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.28 KB |
MD5:
67e5612046a008bf87f402b899e61932
SHA1: 061ed5bdba75bed8fde12f39fd7b160a7a61dc4e SHA256: 10dd800fcbed28059cec2b9ae21cf2cbea38e18d2162a8a2552e4cda2b75fceb SSDeep: 12288:EjzbAXU1/fJo7bU/Bo+vQlTIS7YVG0UpQFSbL6quZ:EnbAEro7bU/eUQRISY4xbeJ |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.94 KB |
MD5:
44e77325fb9358c1358057712d4e8749
SHA1: 305dea1405bb9dd7724f285633db529492425224 SHA256: b87e8e27921cc81a85dead581f4b7fe6601cca648a9764714f396ceb7ee25868 SSDeep: 6144:wSPiCuvDzxOuXyUlveLliWaIvicxXgPLASrtgbte4bA:wOuvD4TvliWaIvF6DPwe4c |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.78 KB |
MD5:
ace73fcc2588b74696c9c1bd7e3af34e
SHA1: ce96e287ae44dc6a674688401378a775de47629f SHA256: 20a26796363de059f37cbf615c8779d6e601681ab95ff0f0998529847d193a50 SSDeep: 3072:LEBzYjRpVMOW4odK7C2N+WedDmV8OZGPXfC11gGOM2eEhbDSq1rgDjnFix8eeB:LEBzY/qbdM9N+WegLZKfCoM2jJBr6FA6 |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.78 KB |
MD5:
1dac8c43daca924ddf83d172f2552f0e
SHA1: 61ff34a77b33d2e19cb5a8efaf7e6f6dee655fda SHA256: 786d7337bb7002f1f8f9ff845f15278be0ce9d9aa7459c94fd373fe13146cf4b SSDeep: 1536:oudOujL3OAGnhSALPLoTEZgiiIr51Hm9kTm+3SHBbmZCLsG6fUiANe55QEYm0AqU:ouv3zkMAnoT3+H9PShhsGdlNUdY/TPI |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.69 KB |
MD5:
b583c364a5502f669e0ffcddf099e1e9
SHA1: 0eef5f42d0fc9584e7125afffe7968885aa144c2 SHA256: 84b08fe00ae4ad54692fc3a36f2677e44ed87bf08526dd303718c606fa051f1a SSDeep: 384:Ki8FTuvKyvvncUzORd/xBf0Qbp/2fyOcRgdFRn/KMWOMDS3HGLZmNFOrbvMVAnkL:CyKmcYYd30QbAmgBTxMeTNFEgcKXWM |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.39 KB |
MD5:
213106469d9f51733f68212f49068d7a
SHA1: d657349d78e46991e41d0cc1720ef4617aece344 SHA256: d426d11290169dc3518d917734528e5f0e0a102a715cb70fba5a97cc4fd8d8aa SSDeep: 768:c8rtS70GCEEpgDjEFHfdCexxSUpMf/ewLY8aj8z+W95Im8bfJYonf9ODgZf:c8r40EnDj+/oqxSUpMf/3LY8agz+c5BM |
|
|
| C:\588bce7c90097ed212\Strings.xml | 14.03 KB |
MD5:
8ed43cc43107dbc4f86b6e2ab38e6ab5
SHA1: 2783887df70f188177b3134e532bb1c127a8fa9a SHA256: 35283f621d6c44ba0b32a642912c5ab9ee27d38f54c84451707ac7cbbb8902f2 SSDeep: 384:pjrMAmXnwXMbJgXmAXsTT+sBiyz86yEDMXJzdigzjFQu:pjrKwXMbIl8nBo6MDj |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 38.27 KB |
MD5:
a5dd3afdf11e0617031f72c820f96193
SHA1: f065dae833637146ddc287d0df27749bddc7445b SHA256: 308adc9c7bb41544054ca6de12153304fb11254a5b8f38b99b89e589053516a5 SSDeep: 768:LEuO1+cXxCawK99xOwqo02ykbE6Pu1HHYil8EU8BzM7yMhd04lX7f5p:zcXEawKHxuobXm1HHYQ8Vt7nTlX7n |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.91 KB |
MD5:
350ae3771e92767c4d9016f44c81390f
SHA1: 40f81f26fc9ce5f5a09f677f7db8e035225a8657 SHA256: 5d7bb6b1c43cc46b72e13070a3250b8c0fa7f3d5edb5d8d0e7982679ed811e0a SSDeep: 3072:jDKWEetB2rC35Z33OL1IjL7XAu2HL+gRu:PKsBEC3fmsWHV4 |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
56fb3500c62b80a0cd7608b32aa68775
SHA1: 011dbdd4302616860a8ce12abe38be83c9021d32 SHA256: 2af58a8b7dbf0420ed125e41d8b828bec679a61064b49f4975e155b308aad616 SSDeep: 49152:zC6v3oTD8e9QyTihvwkJAvG0lfwrsyNFrS+rsNDwCt:BvYXbBqbAd4zOhwCt |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
88611d5b2afb62131690bbb8a7208d70
SHA1: 7edf31b88a6e3b9273e21edccce7989ccd738c61 SHA256: 297efe922c075e39cb540f98dda94a7f6d7d066f0ed3ea636000971f9070f319 SSDeep: 49152:nslyOVOtb/huVDiQaG91DJjxwD1NqI8sf0Rdansn:sAGOl/QiQaG9Xx2N0Rdu+ |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
f61fe91e411f9f415b0b69b3e35833cc
SHA1: 389a0325582be11b7550f9f01871dd44863119d2 SHA256: 16e92f69b6e9027ce830f65d97ce30aaec1295fa2e5b3ecdb48f60aa3bc3b9e9 SSDeep: 1536:g4qSHKQOesU55Ex4jzIn0zjdGTkKMDsQZ:g4qoKTsOizIwd3KMfZ |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
137c46b0d6ae6508297975aa9073320c
SHA1: fad260a6de32cda8b5dfa7b814337739f62faa83 SHA256: 1017703c5c5c8f2a9804f9bfe695c5dea383fad6e708b190b6cc00bda9355f52 SSDeep: 49152:OVb/DlkO0+hgm6dz4kWz+dJPKxiCYyqbs/p9rQ9x3xtVdQvFZWKSG3lsE7a6JE+:OtDl+m6dzM+qLibuOZVdIie2tb+ |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
a014415ffd463357f4b49b08e2854925
SHA1: 79fffe2f7dd0b169bff437ee239d5860e8edadab SHA256: c0c4f9d87261637cc48085b1649f0b6fab64a853814ebefe5f2e34aaa857a51f SSDeep: 98304:AtXrBxK99Kf6MW48YSuhYGn8yF1W6K6PTSE3HMb401Y7woXly:A1zK99O6d48ZuhYMLWcr3sb4VwoXly |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
52f9bcfe509d330918cd0164e6ff66e8
SHA1: ea75e223db576b8beca0ffa740434ec7496b8819 SHA256: 02e53962e2d5427986c631921fcd160e391ebb7b229bf5b54da3d42a45bb877f SSDeep: 192:pFmrIKGkk4swRi+ei6uFSFXutnVO3hwLUoZ1jmUZz8ReSd5Q:pgszBFi4e7+iLUymnReSd5Q |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
039363de8f4bf007914d5f452f977141
SHA1: 544156786b939849e234130e86ded9c6d58fb543 SHA256: 9c2981f652cf9d571485ff24a368c56e77364c37caed4cc4828e8843c840d312 SSDeep: 98304:BdIQb8aX/pQSLHQLBzvfCg+QCly8kQ+HMFGjceTOukhWbN/coewGTOmaU5LjQ:B+oXxreBb+QukdHqGPQhWbJcRwGTDaUO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK | 14.89 KB |
MD5:
bfba17753438f50c0a9f07c49a92c62c
SHA1: f96ec0a214b79083a238574728c3b31094a42a41 SHA256: af2fe2ec5c3a7112791c156ea92a78c74b5bed95ca75bee2cc1606f81661f259 SSDeep: 384:80hzdW/mxO4ZizWgw/Kg68wTktdc3hf/yQiE4CHK85:8QdAmTCv+wAqf/yzE4Tu |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK | 14.89 KB |
MD5:
8f008f267107f6b45bc8202b929a7e01
SHA1: 001853f0566a05bedb62e6aa65fe81df0b3e14f3 SHA256: aa9654a47ed6e703b50a06576742ac1634add34c472e003f8b12669f63353f5f SSDeep: 384:tfija2uEB8Rw1j7UqOPmKhhdVVRwtjgpems5:RijaMUwHofhhdAjK5s5 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK | 8.28 KB |
MD5:
42e28d703cf58a718c84d793a790c2da
SHA1: b6a54c9268383a152da2e584cf45ff24d5694fba SHA256: a8f558fb1c10330233bc6dad83326df2a798561b77b28272a362dd3439dac952 SSDeep: 192:ujwqmlNk2WekUNNUHfmH5bc7ZBfI5JQrK5QjZKZzzTVFG:jqmXB5NcqbsXwOrHYvXG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.002.etl.RYK | 12.28 KB |
MD5:
dffb73be2263b0c81394a09d5e23931b
SHA1: edf60385d269d06641fb45066e53cf7d287e692b SHA256: d16338839e51d81ee6ef8a69cf7120e060e9acdb5e5a156650b5fcb61369a59f SSDeep: 192:y+twS1OGLs9SW9YYw8nbn6LP4Zl/2WZbe78e4frg3Xl3z/4yPUknm1gabwxP30E7:pzOGUDwqnggDsp4Tg3Xl8yPUknmWW5i |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK | 1.63 KB |
MD5:
ef6522743cb4de2f2d71ece493678bbe
SHA1: c9e57188cd655ee1affa5e4655589e9c158ba4c2 SHA256: cb7c538f87df1d28e08b4b0362ca52befab3479e95b7b02d4be23dd720078c65 SSDeep: 48:P0og1TjSAsNzMcg+GxsLQzAlxNY7UO440wbZon:P0oaChC/sL37uW40eon |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK | 2.21 KB |
MD5:
1bb435ac12252334792e576d83b45205
SHA1: 5792deebd161af22b8c6f191a704f44230a17f8b SHA256: c34999e4065e0a572ddcc610d4c14238867ec73b2fac6a60021affb647ee91db SSDeep: 48:dd4p4ojhajUdy3aoR6TKHbY44jnn5DljaK6hdnEZkHHFsad3R2wV2fsN:34pHVajUd6aoMT+h4jnRJVD4lssVX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK | 2.21 KB |
MD5:
341822ea1c669fbc5b13b757b8fad000
SHA1: a7a4d5dd821fbd489db0a1251bd06cf7ef2a15b2 SHA256: d3bf0dcd4ca03ef2a716cf38b89838aab991318112b9365f3f4bb278a2d7d6cb SSDeep: 48:6mQq5QcTSq0iyW05aljpClzAWSgrtw6pmWZG5mU9cRKWfZ:oqHD02ca2zAWmY8539c0iZ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbtmp.log.RYK | 1.25 MB |
MD5:
923ecf00d4ab0bcb6d0424a1102af64d
SHA1: 5e4d9635aec6b8324e98057d8a5304a7ba72fa1a SHA256: 2561405bb0bb642dd6aee63bff7aefb5abc01447cf2eb2328ddc2f9ff8580ed1 SSDeep: 24576:loAmvom0PcvP6bG86UQOv040Tl0XAys3bIsFurGbs1GVKqN1OH6qhHD564K422Fq:ekm0UPQGPUR0TUArbRArp10KqzOaqx5+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.RYK | 8.28 KB |
MD5:
2b18665141a7f93a86392f9b666a878e
SHA1: 2064cac6130622bd76d05962f1e93a7b22728eef SHA256: 8c74d7333be7c68fcc1f017866a0639a945be50f4f7754445e4da642e1184016 SSDeep: 192:f71ZvTJLMTSFwrkl+lmcQNWcZskzJ+fI5Y3tu5RLfvBlv+xGc9:DjJgTZrE+lmc+sk8fI5WtgRLfvBx9C |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs.RYK | 1.25 MB |
MD5:
eb92284c91054dd621f680f2d0c6636e
SHA1: 426d969c430e695de52adbace5156615e134dc61 SHA256: 139054219f7368d2cfc9a5e7baa491844d585c298f05f57b3fd0aad575448094 SSDeep: 24576:MUuXy2zwt45j74kv/fnkoshqbmpRkl/DyGBRS3mHR3+UhGbjUTJX7jTOwr:Mt+taH/agbaRkZDxECROUhG8JDr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs.RYK | 1.25 MB |
MD5:
ae9419a28f365dcf8ccbebb392e02fa9
SHA1: 982b5ba00ff76586bcb77aae984eff7ec4ffa697 SHA256: 52d3b58804767bca3fbc67fa216401918a491372f369a61be5664d82c99cc157 SSDeep: 24576:b1HOl1UrrXTLLnbPoSi3Bw5/lm+m/tEEPxZfP7l:b1He1anLiRwPy/mEL7l |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\StorageEventsArchive.dat.RYK | 5.64 KB |
MD5:
0f9bf4b3a140654570dd392409dc2b04
SHA1: a9270b758dd65c6a92f31ef5d7af05e4cd4e0a89 SHA256: ade10a87fec78e08965d47c00041aade90645252274058b010fe94374ccca845 SSDeep: 96:EsZ44DbMJTY2JoeMJQC0KIWvwzegboQapf+C+zURqxc988UbTKJPVwhobNcLAEPO:N4ASYQoeMJ6WvwL3a4CM5xTRbeJcTD6 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Default User.dat.RYK | 588.49 KB |
MD5:
2e1ae9295916dc063ee829edfa61eeb5
SHA1: 4296f196469528a7fbef71e8965c0dfb2ec9cbdf SHA256: 4e0e4cd613b16c6ff958ab872ff088f3d86dd1685ffe7d6e93f9f96e52d041eb SSDeep: 12288:J2bDC7darbhigRKzdJ6B0PXltGXOWftHSezGRcE97GYLt1A1Ne:J2bDCZ0wImPS0Pw3y0Y7GYLt1qNe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK | 588.33 KB |
MD5:
756b6d582148ced83228865acae5918d
SHA1: 7f8a2cd8991d8fdf14efc82590ff87474a20a0e6 SHA256: e24186994740e2f4d7eba15c8c25846ee40fb30ef24a25c1505fa7aeb172ae7d SSDeep: 12288:qlaN+FswD8ly4AFj4bfqS6nSENiJnjYSeSPHmlG6vSmlBES:8E+FjDIy4AFM3OSOiJjremHZKTX |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK | 5.55 KB |
MD5:
69f8936dfbe90426e311d2648a2c4dd7
SHA1: 199531e527eecf5ba7401da91aaffb777605e0d2 SHA256: a545d4a57bd5c9e2f1127082ef81de653a67d156bf8ff59a8ff487f5659fd905 SSDeep: 96:uMyIC4Ik40GjUPifCd7Tw/qFQ07wRzivZEFpW7gzrJChQXQ5C6enu:QOIkzG0KCNV0lKopWMzrJYQm |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png.RYK | 2.63 KB |
MD5:
0e634a93106120770bd1e6e3b299cc05
SHA1: 7046811c311f9008a16d4f9ac96a84fabdbc63ae SHA256: 7451be399ac66251f58014abbf3a7fe926b41392999847c78a9b9aaaa8ba3dba SSDeep: 48:Eq27tnxidsCmonVpTkvSTIRtLsEzWJhZtxx06A/IWJ+rpKSdG0O:EFtx2V6kmLsEiDbx062kKSdHO |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK | 690 bytes |
MD5:
12bde3475a528943d7c5f58e941545bf
SHA1: 9ec6d637ea66b7f220ef50bff3f9792eba7a24d7 SHA256: 099f8806c8b9269208eade0891900f738573b9d07d696d408d589d530379943f SSDeep: 12:UVOc64Rz1ymhjI25FqlsZy5QiQiu/uHOv4tONj+3E9wFpo4fmzCCh+V/:Uj//dhI25QSZUD5OvgwAuSoXCCh+V/ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK | 722 bytes |
MD5:
3ac9efaca887bb65b801b719ad21669f
SHA1: c16d2a52457ed26797d0772159b6de287b989a13 SHA256: 91f459d52f402289089c7043c732f10f07c1743ce6e1e67fd0f1152117eb037a SSDeep: 12:GpybyUxReLe5hjX7AdQOmm1xs3PuG/s3eNJe9MA/XcDRprQQL5tTgSZkpzQ5bxPu:blHeC5hjrAdQRmA3GCs3/9X/XcDRprLk |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK | 786 bytes |
MD5:
a07b427f657e34db251ad460e6d58fcf
SHA1: e15aeabad8a9324eb870b28cc52d2e8c3bd9caca SHA256: 6dbdb615427145a0006127e46a7e4e23d0cbf38ac1256cb61d8b8b349a49803a SSDeep: 24:toR9Rm/mb1cRCG/7Rdp5I7SRiL6I4uhgEFe:tmRm/m+RCG/795I7SRiL6Nu6Ek |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK | 588.33 KB |
MD5:
99f85f924a224be08cf2f2d564d8e0f8
SHA1: 10a6dca29401b278868c3bfe09c3cf4573065262 SHA256: a5b5a7c69d8e11aaf56e114251f2f35b67cb5ccb6a2dc7af5c4f5adb9128e298 SSDeep: 12288:SqInzXDQGbPjc1k8pVM/6lyd/U3829Tv+/zYmGk:DInzDCi/Wyd/K829TSR |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK | 5.55 KB |
MD5:
e57896550aa500cf586f3f6391aedf69
SHA1: 5a4480c4bc9a686df5856624e68c292506a7b270 SHA256: 482eefdcc472ea32edde30fb4e15d5d96cb037eb320e289c2f06dad15626e05b SSDeep: 96:bDz6ZSGVmeabO+PJ4FcTi5w1yOY5SFlVmooDIW2ut7Nq6Yh3pGig2+TP:bDgAea6SRW5w1bY5SzIVIAyfjGrTP |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK | 4.83 KB |
MD5:
703f1f5d809fe01104d4a7c445123b16
SHA1: 022d11e3ffa60046be517fc21197473ba2b21f31 SHA256: 0764897e8a94c3826d6f7c29b958cf461638991533ce8ed518c722a4bf978912 SSDeep: 96:jmQudSA42Jl8vufpQfwGd+KyEriT4cwq5zUhVlFbpD2xZu67xsxRgYk0NbBnPwyZ:dudSdywEcwGd+KyMix/AdCJdso/0NbBB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK | 466 bytes |
MD5:
95c83cfe209d63e8d21072243f10623e
SHA1: 15f0357a188aa4b9f1f587bc58ece4244d3ef6c7 SHA256: 337a425226e34d46477e8a06e70e4c0d0453292eabb4e50b6d3c5369afc7294a SSDeep: 12:IGYq90ZAJ+IG4JAx7Uoj8xJZ4lSQ42X0cWUAEx0V6:vSZAJPBApUG8jZ4lSQ4m0crx0s |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK | 466 bytes |
MD5:
63e4cb522519bcf73a1f76e662e6aefb
SHA1: fe2592a80f07d5da350d0d8118805b34ec1dda10 SHA256: 2e3550e995b1d84c189b403de931be11fc7de2350c945eb21c208a0acf2a6db0 SSDeep: 12:1v1Z8N5VCZZSHiXt/xLJHVKGuxwiz0YBw9/ft1:zZ+VeFNVKGLiz0YBiF1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\UpdateCspStore.xml.RYK | 306 bytes |
MD5:
80364645faaf2e0cbfc6cbae635159a6
SHA1: 8a2d23045f3a271691834b24b03ddbdacf9a06da SHA256: 71f96bc2c165be6cd6ab6af851bd84e8c07ac56a3d9538510c03b70b53513b8d SSDeep: 6:L45n6AZZUWQcZJCBXGz1l1MsB2erVw7BWQjXRu6xFwNogfmgGW1CzG:L4xXZtzZABXGzzWEUWOVuOgB1CzG |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.001.etl.RYK | 8.28 KB |
MD5:
c491555d78c7788168dd70d82ad1b02b
SHA1: ba6579d76145443f5ab7fc01c4ff05eceeb27338 SHA256: 33bb688662adf85313961b8cbf9a42ae2b316cb99c49c4b7e84af03ddeb908da SSDeep: 192:7Ybf/n4r1KiEl/ai2gy3zLRBcPys8YwOE5xHaGNbJY22Qadw7BytPHB/p:7q4xKJ/FMvYPys/wOg6GZJYpQadwKPhx |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.002.etl.RYK | 8.28 KB |
MD5:
46c2b94e00e4e1a5b8ba15f1fd304ef9
SHA1: e2dfa28707701aa76f7195cad5a35e7032354fd7 SHA256: 100b2ba128ba1daef13f562d5815967c8a32e7db6d6df62586367130c3ee83d3 SSDeep: 192:cu7t0EYdo3xRJBesGJTI3fB/fR+9LmRA8g4OBhFK:cu7t0dohRJosQTIBRWr8g43 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.001.etl.RYK | 8.28 KB |
MD5:
695beae53d8931edfbb188190205fdba
SHA1: d4eaab5f521c2b2591f5c5fc7e099e9f32a9ecf3 SHA256: 1a5405f5ef1fb9c8d7eaf2e778aaae227e44713a738db20a05ac0df4fffeb5b8 SSDeep: 192:4IZyMRE2bMf2xBpl99NjuvlQeL6gu4uFlfBya34pru2gX/HiUpF/voEM:4IZTRae3H99UQeL6x34privlp+ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.002.etl.RYK | 8.28 KB |
MD5:
25d5a00e0174604721d305c3f541a624
SHA1: 534c6af51c43659cfd858c366ab938b02cfc335a SHA256: 77e3ca73c66440eb77e1b463e3681ca051107e3d36b5999aca14b38c524af85c SSDeep: 192:CkSAzv0q3k9PwBbWOY5/88z2ytjtXx7xZCbY79mdpApA:CJPq0WPYR88KeDLCbRdpj |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.003.etl.RYK | 8.28 KB |
MD5:
716f6680abfc57725b92895313f37bbd
SHA1: 892f48776dfb60e985bbae2d4ece2e7dd7ebd701 SHA256: 9abdd6838b30ee1d700ec9f264dd891459e113cdc4e543dad0096046abb59eec SSDeep: 192:T2JzyUKYsBq9t2PE+9ouXzsvgHNTNBHjyVlQIKP:qNffmvKoicNTNBmV3KP |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.004.etl.RYK | 8.28 KB |
MD5:
de42ae0123aa4874173d335c5990c8f5
SHA1: 8bd12fdbd9a6b60172825a26523b07bce406baf7 SHA256: 7bcd68846ddd82b6289be53ce1f677b58d5a150207f9156a6960a107e3fa5ce4 SSDeep: 192:IBdz7OCoUHoCF36WJenBJ9pywZ/5ELKPz8tEVkUrCdUvUHJYFbDdkewQ3:WzqltCl/kbpywZ/GLZ/UWOKeb |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.017.etl.RYK | 12.28 KB |
MD5:
d364c545296c52859ba25f10f73feaa6
SHA1: a1e87c4dd4214ca31b8595eb973783b86517b59f SHA256: 39f0b92e4070b5a60bcae1115b4bfaa6395491dbde7b51ca8c547526aea0da49 SSDeep: 384:iDZKQY9WZQQNtjzZmVA+XVFjYFxrCqQqxHW2TzoI:EZKP9WZQQNtobXVKL+InJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.016.etl.RYK | 8.28 KB |
MD5:
cd1d5ad7e526e53ba3b444094beec0bb
SHA1: ca8bc0ee5b3c5077ad5e88ceff642ee0e2aeff2b SHA256: b04b36dd0b6e1fb7bcbddd674e2597f9faca7c1740ff60bfb31bd9d8b27ceb99 SSDeep: 192:f52nuYtP2RS05XF1yTjCU5MZ9EejDuh+qsWd+Q0ItkU6H5vW:xvbnXjYuHjlVYoItt6Hw |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.015.etl.RYK | 8.28 KB |
MD5:
1cc97641c3f8bbe3356bd3283287fe25
SHA1: 6dda8b0cd797d52760a9c8334bb8d84a2348603b SHA256: a8a7c6222569e5501faac17f2a115aafecb193e0355a4f0610bea405e8b3705f SSDeep: 96:6g5Vv/+N3un4R/EVO+/6rn3r+rru81yB3+61U4j9LHgCcW36oX18OSEblR3AXqC:6g5FU1Tv73r+rZyBrzBLHsa18OJblx/C |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.013.etl.RYK | 8.28 KB |
MD5:
85c4a313638070f509b724c0263738ff
SHA1: 31ca39bea3ceb3f87868ccad62e7454f22bc8422 SHA256: c22b3f6a0ad9be900bab70a18f1cb0563ded3c03b29ccfb184dcc87f755452ff SSDeep: 96:j2kvv41iMCUgynMgcghBTVy4UvuwRab6QuqBHRVN/42ZpNz2MUfNIQtZ9mUqhHlV:jpg+UbrTI49b6BqBRzZnz2h9Kh/QO0W |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.014.etl.RYK | 8.28 KB |
MD5:
d3bcbbbf7c5ae3f23a313d25ad23d885
SHA1: 98ee4bf8169f0dbe21fb42a74da98ae3ca759eae SHA256: d8ea9c9c41a7114f090270fae85e82e7f4d58153ba73e97b3921cb32905dc637 SSDeep: 192:Z+Ah13e7PEdDEwSycWKznWyW+X7bhcsKylRIXHUeTq:USu7gww7szm+rOsvI3Fe |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.012.etl.RYK | 8.28 KB |
MD5:
49e615e40ed20f10e219a4705d380c50
SHA1: 6377cec1ca475228b1a6d1f0a7760b7970c27e25 SHA256: dd42f0b56cdbaa0e87281a4828467df1359476d1beb341613d053d460e4cf43a SSDeep: 192:WIFvX3++t/DhA4WXemrOZH2qj/qzGP9uRJ2NWDL5yrXrQ1DuVFO:WIFP3++hhOSZWqj/dP94J2NaQLeDN |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.010.etl.RYK | 8.28 KB |
MD5:
0ce1eb59b8a5f9ba9ebf1b4f5cd55595
SHA1: e84fb08bf3117540be99b3809f3a8dfc86f7e192 SHA256: b4e427fd36db05c687b2986fb61f60ff14202dc0dc2c99438ba4719104ff0fb8 SSDeep: 192:Bj7+THYBiwo9TuWsyR+K+0dqcksQVjYiVMk5bTh94/JyQcEF/n:cqoJuWXQKlE9BjYwvf1Bs/n |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.009.etl.RYK | 8.28 KB |
MD5:
d323f88655f0339aee2824bca23057ad
SHA1: 46b8dff434c98e6ee804dfad4a05bc87bd47638c SHA256: bbe028eef05f99c9ebb61cb109796fd0013a72727d1dd1f35381f5de135358b6 SSDeep: 192:qo7+roWBYol+p4Rb0w3iWk+h21SXAnHiS67Qzh65RKhRfLO:bWJJ0okF1fHibQzM6fK |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.008.etl.RYK | 8.28 KB |
MD5:
a04b3f2ad971e9b8cfba2d349894eac2
SHA1: cd5787738686c1f3084f31206ac9545a1c752be7 SHA256: bca56f5ccad7cec1cb6798c349b8cd74e673c3c2b0dd048e129b0859ff974e0d SSDeep: 192:XWRS/Mip8tyKClOirqvT0kyZzPp2Ge7wvxHpkwjDO1Fw8o:mRwlpz/SvQtoOvPPSpo |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.007.etl.RYK | 8.28 KB |
MD5:
2a6ea39e3789131a5457bb9b13da5afd
SHA1: 647b1ee5666794d75c244e63d1fbd0910cc4b29c SHA256: 289fd52139f56e04bb37dffe34527a7699e2d357e7d0be7cf51d3754cd85bcff SSDeep: 192:TwMhpJGnDEKEyN4vVMx0pBpRsBF5TstvSS4U6geg0z:UYIV6jGT2v8glY |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.006.etl.RYK | 8.28 KB |
MD5:
cb3866351f0f715d490b4f157035f8a3
SHA1: b43bc334b34bae708bdc21e284d5873e61dde604 SHA256: fbc5560ff80f6a27aa3e785f5e937faa02415f7b0b3e20636364ecd44b507a84 SSDeep: 192:oRMrHMpMVX/AxPrtc0lebbnQsp0JoVz7D7AxLieWjSXQdpAnJ8:oRMVXo5O0knreiV/DoTWD2nJ8 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK | 8.28 KB |
MD5:
9636b7eabac088b6de1c528ee7916609
SHA1: d686b6ed8cf972266bf4289802b840959e7c13f7 SHA256: 864bb8c904221622b004d30cdc697686e73feb23b891ac5defa4c9cbbac5542c SSDeep: 192:j4VOlaW3K9q3OC+e0YQxSRAuwIB2LDB6Yudlp6:j4VOlZK9qweJQpleDr6 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.005.etl.RYK | 8.28 KB |
MD5:
92c6be93c839179ca255edea2b68075b
SHA1: bef15cf12a364990b13dd14cdb312455e8978cc9 SHA256: 22e173aec782b9b677e60361a5c1b8eb26a13c353f921a402cf84aa22e94ddcf SSDeep: 192:vC9F3nL+Tm21TtkJB1U8iH/LrYYD38qtX9b5ePIZ8Xg0i:vQnL+F16f1UTH/LvRbZ8X1i |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.011.etl.RYK | 8.28 KB |
MD5:
c112cfb0e4345d79c1f2c67864f9436c
SHA1: dadb15fad2660723c1eff6709d1acea1c73fa3d3 SHA256: 5e9a2d4fdd8d4c16b70ce6c732932510adfea53a7065cdadc6d8493c2c09ae5f SSDeep: 192:v8Q5o02zjk7wm+nwGfD2ULPt15x+f9NZx4eaaTV6wNIB:UQmW7wmZGfD9tQNZ6erTVaB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK | 8.28 KB |
MD5:
377aebee7f7428dd2220e44001c1a884
SHA1: 63adde05c6b382622504f3369c0e7347f97fc1ba SHA256: ab1188b784fb35176dc1b3638c4a1604331b7c53a8084c5eb91cf43f0bfefb22 SSDeep: 192:XLk2t9Hp5VTMswQQuRdyDahZTWZ9Ur15Hwmg6RweXQNAL6a8Q0H:H9JadGomTWAomgcLxHs |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK | 12.28 KB |
MD5:
b0e387e030ec07bcdee510d9ced37c01
SHA1: a252ffd8499abf2e393e241f8aad7bb445e57970 SHA256: a8bb55e69d04909e83603022e9cc337aa347c82431009ec8e76f94c8a286684b SSDeep: 384:pfhcvj/LySc69/228SXXmXCu7brQCcQ6t:ijDySc69/fdmyeICcFt |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK | 4.28 KB |
MD5:
cb7b627e80d0da2cff1a2256f3685803
SHA1: 911d7a66cf918eff1a1d802e31f08f214e443d1c SHA256: cee19fc00c7e5c8f9a5b66467bbbe0e0099cdfbba95dca0dc0916b6f3880da52 SSDeep: 96:7TRQklmrPQwyRX8RPIYbX6UGSPinvnx/yWjT2kA4s/w4YD+L4xM0:787uX8RP57nFGx/yWjdAlw4PL4xH |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK | 8.28 KB |
MD5:
9f881eb624a295f18eb3c5e7245f4a43
SHA1: e3bc1a9e056a9d6632723f9e1ada47d6d9d0ce6c SHA256: 62962f4d2b01fb0f8c4afbcf0cb49c82a57ced5f3dbc6ea4c062808e312c7b6c SSDeep: 192:S+qg3i5+ZqjqJY5GK6felMOzFrOnyAsSzAaWecoV4AXD/Fo:wg3j5YFlunypwAoV4Ua |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK | 12.28 KB |
MD5:
01ccfd5ccf032a2afc9ccd949942255c
SHA1: 72d7ffd535bafa9ba773055914ba9de4c010da65 SHA256: 854fa27292f53b5b26fbec1886509922f643b65ac6e9e1624dc6f27a3c600336 SSDeep: 192:ABUPyUj4Q5LIuUYA6jZ2BxWyfG0EmBcoXzKTrH/qc4hZD3ozIOsPCR3D3SA+RbK:ABUPys5LTUYA6Z2Bx+rdzYD3om+3+RbK |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK | 8.28 KB |
MD5:
db4d77307d3b2dce1c75c11370c946fc
SHA1: 2530b74b3c9582ee2cef98dab981ad068b0a7a35 SHA256: 351df90723e875f5db08c3b55965373c3694f3b62aacf499d4223277d52cdf51 SSDeep: 192:ryPKIRCPBg/NRbpyrLBA+gIJ5oJ9OXLNrVZTO8HOMHs1F8ie:raZCBsNRbpW+I8J9ObhT1/s16ie |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK | 12.28 KB |
MD5:
4dbe7c75dd1c476ffd8916ad7e76c59a
SHA1: 5fe486be06e17a4ba97c29f666e1d36b5ba93106 SHA256: d54d7ffcd2a3bc8be2ed09e3e4bc121a1dc862b3b9ee3660836c42ded15040b3 SSDeep: 384:iiOB9aZhH2AF3+XAjiM1kI2faOrwA9kUNH6b+DgQ0O1:jO0tF3hSI2f98A0b+DOO1 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK | 4.28 KB |
MD5:
12227222601c9e55919edbd698ff0c52
SHA1: a7cf49f094c549acaf7603cfd44f1114743b440a SHA256: adb3b0ed3b8281ee50f28a263f4f3e35e908798eed43dde178a74cd293ab0785 SSDeep: 96:Zq9qxsFtB1OuQdSu9x0tPgb5Al0Amb3/x3C1Dwt6e:Zg/Td/u92tq5AlyOwtd |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK | 8.28 KB |
MD5:
c326e4b6d7fe2b5ecaaece85d1c7eff2
SHA1: 3caefae0c6ce5a7867ef20f493b213fee851959a SHA256: ac97b447912b991b420de37777c7aa64a00b0753c7366e76552916796ea7a761 SSDeep: 192:GXi0qv1DgdffaJzHtEO7AE00tyX1GsBbvPTfFwkodGvy:1rg5faBD7lw1GavL+Pdr |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK | 12.28 KB |
MD5:
c9d65d34b12378bf77d77c5c3655ecc1
SHA1: 09317b5a946637fa106127e81f82cd00707094c1 SHA256: 9c9f3d6c3e708f420801a9c1e1639efe8d5630219f270232cc9d8cffee93d6a6 SSDeep: 384:20UVUtgEknvanLQM3nFmXqVy8/go68fMSL0Onf5L:KVU6EknvaLhAX/Wgo5fMSLXf5L |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK | 12.28 KB |
MD5:
37e9fffbec0158d246e7bc5b4da5aa73
SHA1: 1d6b1a2fcef75327264fe6fe496b3d8b5c9648cc SHA256: 8daf4bc39a6fb227540026fba02db566db1b2ce0da9afc062c5bd51ba220fc9e SSDeep: 192:zOIlLf8EcXvvMGwBK08l76WH1EZ3NetrUjFnw9TSi8+81ZaExBnEF/vi1Tg:pf8EcH/08lN2cN0nwQi8Tgi1Tg |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK | 8.28 KB |
MD5:
f70b4728210c4b9e15124e84d9c876c4
SHA1: 52deb4b45c881809ebce258baa0faea88f2eedc1 SHA256: 0c920d0f3444942d164514c98f33e23dd2e355b041e790cf332e3c61fbe4be64 SSDeep: 192:Ayj+bn3lw1qzneY/FzSASo/yvRZpkJHLtV+zzC8b:A5SNVAryvRZpkJrv+zzC8b |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK | 12.28 KB |
MD5:
61fcc883a59ee5b108baf79a20ebe3f6
SHA1: 2ff33e56ea8af939f656738e2c5ce812ebaf77e3 SHA256: 1651cd685c6a0399fe5baa5374aedf6b2bfdc98b515156db0563af059e281515 SSDeep: 384:f/axTXDi7oaCdXPj7w65lGXeq/DSLw1Rh:nahDiMaCdLFlGXeE+I |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK | 4.28 KB |
MD5:
34a95de89d7dd80ef5dbb37fc4f5aecc
SHA1: be559e7fe0e4177ec6f91a95891b8e8f227d8f38 SHA256: 7bb8bcca9d6243222a5c1d95e36b5ce3971c21085c1ce6123fb6e6d3e514d4b2 SSDeep: 96:n2vubd/P3tY8BVyrJTZpuYVpI+DcgIH7XCBF6w8w3R7eGibizwBQhYgZJ:n2Id9K0n+XQCBF6Qti6rh/ZJ |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK | 20.28 KB |
MD5:
1d2257212c026865133e69f0f8982afe
SHA1: 4ba8258c21e48fb72c9cdcfa6bb8dc603191d66b SHA256: 4dc23521235a975e2f6cb02ce50a0a3fbd4d7de7fa5e49c467892b66e050e96c SSDeep: 384:jMyc0xTBCG4AWfIUbWJCi4uhfj5aPiWcDTv0TP9xFM/PgFhzVl/EonM346f:4yc0Z4ZflbWX4uttaV8vUPfFM/4Fhxt2 |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK | 8.28 KB |
MD5:
b108087989311404c69f87c32d535ad6
SHA1: c8159437210b13374452bcdce49fa0d7fce5045a SHA256: bc8341be3becda56d741a09e273396c75c63dcda51430987417c4604def60d5b SSDeep: 192:jF4eLKEXm3eZGaJYBmG+3jsTmOvgMSce0w+qfvC+q:p4DHjBmGbTmOIjWw+caB |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK | 16.28 KB |
MD5:
25cd593413b96e075d05f7d79433294f
SHA1: 4bdf25657d4798e6c524a47a9bd68bf1aa9abd8c SHA256: 8338de3ccbfc29370885c6b50f53b008f2c404ae3ff27d9136fc8467bd64a381 SSDeep: 384:iIYn/I3wVbLtKahPYUbFAb7xBpCScOKTcLCcE7sQlh:i1I3wVbhXRjSFBT2TzHnz |
|
|
| C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK | 8.28 KB |
MD5:
d3a42a05f3b8a8b15e738c85ba342136
SHA1: c4047981b6806ffe3bcf78028fdd57a573752e33 SHA256: b8184b66e44814e81d723057a6a7f1cc26ef3cd75af6ebe58360fb64ff4c0f20 SSDeep: 192:08aYPuA2OTKvVUxwmA8a/iSOPnYmQJqm7bUzHLVwHp9:0FYP3NAOy/XSQf3MHJ29 |
|
|
| C:\588bce7c90097ed212\netfx_Extended.mzz | 41.13 MB |
MD5:
e5a41d0322da527c25a4295d166369e4
SHA1: fe2f0e1425da8844bdc768ed7399c175edf5a607 SHA256: 960cb070265c8ddea580e0a0f96bdb067b90f137cd17fac481ba780413dccd6c SSDeep: 196608:NMkXsCYSub3b2Gd23RDY+ZWneIsbxmGRF0VhYO1gUU289Xu6uz64VM4AxkHIQ:NMkXsPb3KGM5IeFx/F0VhL1g99YQ+1/n |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
a31bfba9764d9a64da82da09f80eca55
SHA1: 04e882e688a2bf5989bf1f559ce1ff2f91b7d011 SHA256: c08ec047e13dc63944dbaf917e911de0ec5464f90d4a3f573d5988e73d6bb361 SSDeep: 196608:3Apme1qxXaQhCw4iq9V1mT2/E3HmKEqxu09AaHGamnK9GgAhGN6bFHs:3jec5vdTdGK7xuPiG6GggBs |
|
|
Host Behavior
File (7893)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Local\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\$GetCurrent\Logs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\588bce7c90097ed212\1025\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\preoobe.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\SetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1025\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\588bce7c90097ed212\1029\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1025\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$WINRE_BACKUP_PARTITION.MARKER | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1029\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1029\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\588bce7c90097ed212\1035\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1035\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1035\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1040\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1041\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1042\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1040\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1040\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1041\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1041\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1042\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1042\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
8 | |
| Create | C:\588bce7c90097ed212\1044\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1045\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1044\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1044\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1045\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1045\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\588bce7c90097ed212\3076\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3082\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3076\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3076\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3082\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3082\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Extended\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\DHtmlHeader.html | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\DisplayIcon.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Extended\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Extended\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Print.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate1.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate2.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate3.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate4.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate5.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate6.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate7.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate8.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Save.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Setup.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\stop.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\SysReqMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\warn.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\header.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Core.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Core_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Core_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Extended.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Extended_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Extended_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\ParameterInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RGB9RAST_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RGB9Rast_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\SetupUi.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\SplashScreen.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Strings.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\watermark.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\bg-BG\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
17 | |
| Create | C:\Boot\cs-CZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\da-DK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\de-DE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\el-GR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-GB\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-ES\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-MX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\et-EE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
20 | |
| Create | C:\Boot\fi-FI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\malgunn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\malgun_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\meiryon_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\meiryo_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msjhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msjh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msyhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msyh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\segmono_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\segoen_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\segoe_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-CA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-FR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hr-HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hu-HU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\it-IT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ja-JP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ko-KR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\lt-LT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\lv-LV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nb-NO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nl-NL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pl-PL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-BR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-PT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\qps-ploc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Resources\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Resources\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Resources\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ro-RO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ru-RU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sk-SK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sl-SI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sr-Latn-CS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sr-Latn-RS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sv-SE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\tr-TR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\uk-UA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-CN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-HK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\updaterevokesipolicy.p7b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-TW\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTNXT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
16 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
16 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.007.20033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_15.023.20070\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\S\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
35 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DeviceSync\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\Server\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MapData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Spectrum\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WDF\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender Advanced Threat Protection\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Security Health\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath_target_474984\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
19 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\SoftwareDistribution\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WindowsHolographicDevices\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.022.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.023.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.024.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.025.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.026.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.027.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.028.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
34 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Integration\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\UserData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\OfficeIntegrator.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\MachineKeys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\Keys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_33d770d0-06bc-47c5-8714-222cdac43a71 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e8d761b7-8a68-4187-8c95-75a3788ac267 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\PaidWiFi\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DeviceSync\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\AsimovUploader\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\LocalTraceStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_CostDeferred.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_Normal.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_NormalCritical.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_Realtime.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\osver.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\parse.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Sideload\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Siufloc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLandingStage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\TenantStorage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\Server\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\Views\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\Views\ApplicationViewsRootNode\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MapData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Connections\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Connections\Cm\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Connections\CM_old\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
19 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\VortexSchemaRequests.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_show.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbtmp.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr.jfm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ClickToRunPackageLocker | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\countrytable.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\Accounts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Spectrum\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edb00002.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\edbtmp.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\StorageEventsArchive.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\StorageHealthModel.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\DesktopSettings2013.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\EaseOfAccessSettings2013.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftInternetExplorer2013Backup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2010.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftLync2013Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftNotepad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2010Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013BackupWin64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Office365Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2013Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016BackupWin64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOffice2016Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2013CAWin64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftOutlook2016CAWin64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win32.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftSkypeForBusiness2016Win64.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\MicrosoftWordpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\NetworkPrinters.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ThemeSettings2013.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\VdiState.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\RegisterInboxTemplates.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\SettingsLocationTemplate2013A.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WDF\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
19 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppRepository\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppRepository\Downlevel\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppRepository\Families\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\Default User.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\FD1HVy.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-192.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\AppRepository\Packages\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Archive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\GenuineTicket\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Import\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Import\InApp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\ClipSVC\Install\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DeviceMetadataCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\DeviceMetadataStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\LfSvc\Geofence\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\PackagedEventProviders\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Parental Controls\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Power Efficiency Diagnostics\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\SleepStudy\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Sqm\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Sqm\Manifest\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Sqm\Sessions\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Sqm\Upload\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu Places\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\SystemData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\SystemData\S-1-5-18\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportQueue\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\wfp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
10 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Clean Store\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Features\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Quarantine\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\CleanFileTelemetry\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\CleanStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.67 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.79 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.7C | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.7E | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.83 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.87 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.5B | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.80 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.A0 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.CB | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.CC | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\RtSigs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender Advanced Threat Protection\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.5B | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.67 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.79 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.7C | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.7E | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.80 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.83 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.87 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.A0 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.CB | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.CC | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
8 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Inbox\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Queue\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Queue_Migrated\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\SentItems\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Security Health\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\Server\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\DMProfiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\WelcomeScan.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\javapath_target_474984\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
18 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\.oracle_jre_usage\17dfc292991c7c46.timestamp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\SoftwareDistribution\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
9 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Tablet PC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Templates\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\UpdateCspStore.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotificationUxBroker.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.023.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WindowsHolographicDevices\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\WindowsHolographicDevices\SpatialStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
7 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Integration\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\MachineData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.022.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.024.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.025.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.026.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.027.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.028.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\OfficeIntegrator.ps1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.002.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\A6A87302-92AE-41F2-AC52-73F5EE18259F\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\ProductReleases\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\UserData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\MachineKeys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\Keys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_33d770d0-06bc-47c5-8714-222cdac43a71 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e8d761b7-8a68-4187-8c95-75a3788ac267 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\PaidWiFi\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DataMart\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DeviceSync\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\AsimovUploader\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\LocalTraceStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-31f8f00f75ee43d4996762625b6917f2-ce77d96f-eec8-4063-a05a-09720f5bbf1b-7138.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_CostDeferred.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_Normal.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_NormalCritical.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Events_Realtime.rbs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Sideload\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Siufloc\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Write | C:\588bce7c90097ed212\2052\LocalizedData.xml | size = 60688 |
|
1 | |
|
For performance reasons, the remaining 4004 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (2)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language\ | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language\ | value_name = InstallLanguage, data = 48 |
|
1 |
Process (2331)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | net | show_window = SW_HIDE |
|
2 | |
| Create | net | show_window = SW_HIDE |
|
29 | |
| Enumerate Processes | - | - |
|
2162 | |
| Enumerate Processes | - | - |
|
30 | |
| Open | System | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\fontdrvhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\fontdrvhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\audiodg.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\sihost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\securityhealthservice.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | - | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\runtimebroker.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\usoclient.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\root\office16\msoia.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\devicecensus.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\root\office16\msoia.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\apphostregistrationverifier.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\unp\unpcampaignmanager.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows security\screensaverfireplace.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows mail\suite.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows photo viewer\religion.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\msbuild\forces.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows nt\guests-production-meanwhile.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\miniature tim.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows photo viewer\spiescircuscourage.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\mozilla maintenance service\thorough petition swap.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dllhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\reference assemblies\tasks.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\uninstall information\parental geo sector.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows media player\blade_mexican_volkswagen.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\unp\charity aging tracked.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows defender advanced threat protection\receiptgenealogydavis.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\indication.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows mail\emission determine keyboard.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows mail\theta.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows photo viewer\burning rank scale.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows nt\distributed.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows security\dim-hindu-customize.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windowspowershell\resorts-trick-documents.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\ball.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows defender\prozac-paris-proprietary.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\mozilla firefox\arrested greeting.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\conhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\conhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\sihost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\runtimebroker.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhostw.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\root\office16\msoia.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\root\office16\msoia.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\apphostregistrationverifier.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows security\screensaverfireplace.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows mail\suite.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows photo viewer\religion.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\msbuild\forces.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows nt\guests-production-meanwhile.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\miniature tim.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows photo viewer\spiescircuscourage.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\mozilla maintenance service\thorough petition swap.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dllhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\reference assemblies\tasks.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\uninstall information\parental geo sector.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows media player\blade_mexican_volkswagen.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\unp\charity aging tracked.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows defender advanced threat protection\receiptgenealogydavis.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\indication.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows mail\emission determine keyboard.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows mail\theta.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows photo viewer\burning rank scale.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows nt\distributed.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows security\dim-hindu-customize.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windowspowershell\resorts-trick-documents.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft office\ball.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows defender\prozac-paris-proprietary.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\mozilla firefox\arrested greeting.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 |
Thread (11)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | c:\windows\system32\sihost.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\svchost.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\taskhostw.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\runtimebroker.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\taskhostw.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\microsoft office\root\office16\msoia.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\program files\microsoft office\root\office16\msoia.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\apphostregistrationverifier.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\dllhost.exe | proc_address = 0x7ff742db22e0, proc_parameter = 140699955298304, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
Memory (45)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | c:\windows\system32\sihost.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\windows\system32\svchost.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\windows\system32\taskhostw.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\windows\system32\runtimebroker.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\windows\system32\taskhostw.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\microsoft office\root\office16\msoia.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\microsoft office\root\office16\msoia.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\windows\system32\apphostregistrationverifier.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\windows security\screensaverfireplace.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files (x86)\windows mail\suite.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\windows photo viewer\religion.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\msbuild\forces.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files (x86)\windows nt\guests-production-meanwhile.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files (x86)\reference assemblies\miniature tim.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\windows photo viewer\spiescircuscourage.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files (x86)\mozilla maintenance service\thorough petition swap.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\windows\system32\dllhost.exe | address = 140699955298304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\reference assemblies\tasks.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\uninstall information\parental geo sector.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files (x86)\windows media player\blade_mexican_volkswagen.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\unp\charity aging tracked.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\windows defender advanced threat protection\receiptgenealogydavis.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\microsoft office\indication.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files (x86)\windows mail\emission determine keyboard.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files (x86)\windows mail\theta.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\windows photo viewer\burning rank scale.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\windows nt\distributed.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\windows security\dim-hindu-customize.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files (x86)\windowspowershell\resorts-trick-documents.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\microsoft office\ball.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files (x86)\windows defender\prozac-paris-proprietary.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Allocate | c:\program files\mozilla firefox\arrested greeting.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2981888 |
|
1 | |
| Write | c:\windows\system32\sihost.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\windows\system32\svchost.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\windows\system32\taskhostw.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\windows\system32\runtimebroker.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\windows\system32\taskhostw.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\program files\microsoft office\root\office16\msoia.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\program files\microsoft office\root\office16\msoia.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\windows\system32\apphostregistrationverifier.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Write | c:\windows\system32\dllhost.exe | address = 0x7ff742db0000, size = 2981888 |
|
1 |
Module (127)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x7ff92f150000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\v19v.exe | base_address = 0x7ff742db0000 |
|
34 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\v19v.exe, file_name_orig = C:\Users\FD1HVy\Desktop\v19V.exe, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\v19v.exe, file_name_orig = C:\Users\FD1HVy\Desktop\v19V.exe, size = 100 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsGetValue, address_out = 0x7ff92f192340 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = LCMapStringEx, address_out = 0x7ff92f17c800 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
Service (87)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (101)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
2 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
34 | |
| Sleep | duration = 150 milliseconds (0.150 seconds) |
|
31 | |
| Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
29 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
2 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #2: sihost.exe
86
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\sihost.exe |
| Command Line | sihost.exe |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:40, Reason: Injection |
| Unmonitor | End Time: 00:01:03, Reason: Crashed |
| Monitor Duration | 00:00:22 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6fc |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AF8
0x
AF4
0x
8D8
0x
8A8
0x
8A4
0x
810
0x
4CC
0x
750
0x
73C
0x
728
0x
724
0x
710
0x
70C
0x
708
0x
700
0x
AF0
0x
BE4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x7FF742DB0000 | 0x7FF743087FFF | First Execution | - | 64-bit | 0x7FF742DBCDA8, 0x7FF742DBDAD4, ... |
|
|
|
| sihost.exe | 0x7FF751860000 | 0x7FF751876FFF | Relevant Image | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
1 |
Process #3: svchost.exe
100
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:41, Reason: Injection |
| Unmonitor | End Time: 00:02:41, Reason: Crashed |
| Monitor Duration | 00:02:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x718 |
| Parent PID | 0x250 (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
CD4
0x
C50
0x
C10
0x
608
0x
638
0x
77C
0x
774
0x
754
0x
74C
0x
748
0x
740
0x
71C
0x
8F0
0x
D9C
0x
D74
0x
8A8
0x
DA4
0x
DA4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| svchost.exe | 0x7FF7CA630000 | 0x7FF7CA63EFFF | Relevant Image | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
5 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (13)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
5 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
6 |
Process #5: taskhostw.exe
145
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\taskhostw.exe |
| Command Line | taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E} |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:42, Reason: Injection |
| Unmonitor | End Time: 00:04:14, Reason: Crashed |
| Monitor Duration | 00:03:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7ac |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A34
0x
98C
0x
8EC
0x
8B4
0x
B78
0x
B14
0x
830
0x
82C
0x
820
0x
818
0x
814
0x
780
0x
6B0
0x
680
0x
40C
0x
7B0
0x
26C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| taskhostw.exe | 0x7FF638680000 | 0x7FF638697FFF | Relevant Image | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Host Behavior
File (21)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
20 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (43)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
20 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
21 |
Process #6: shellexperiencehost.exe
0
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe |
| Command Line | "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca |
| Initial Working Directory | C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:00:43, Reason: Injection |
| Unmonitor | End Time: 00:01:30, Reason: Self Terminated |
| Monitor Duration | 00:00:47 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb50 |
| Parent PID | 0x2b4 (Unknown) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
E34
0x
DE8
0x
DE4
0x
DE0
0x
CB4
0x
CB0
0x
CA8
0x
CA4
0x
C08
0x
6E0
0x
6D0
0x
8C8
0x
69C
0x
79C
0x
634
0x
BE0
0x
BDC
0x
BD4
0x
BD0
0x
BA4
0x
BA0
0x
B9C
0x
B94
0x
B8C
0x
B88
0x
B68
0x
B54
0x
324
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Process #7: net.exe
0
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:43, Reason: Child Process |
| Unmonitor | End Time: 00:01:01, Reason: Self Terminated |
| Monitor Duration | 00:00:18 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4c8 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
468
0x
D80
|
Process #9: net.exe
0
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:44, Reason: Child Process |
| Unmonitor | End Time: 00:00:48, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x210 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3A8
0x
D18
|
Process #11: net1.exe
81
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:45, Reason: Child Process |
| Unmonitor | End Time: 00:01:01, Reason: Self Terminated |
| Monitor Duration | 00:00:15 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbec |
| Parent PID | 0x4c8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DB0
0x
F60
|
Host Behavior
File (36)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
17 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 169 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
7 | |
| Write | STD_OUTPUT_HANDLE | size = 16 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 37 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 1 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 53 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 54 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 70 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x28625100002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (38)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Control | service_name = Audiosrv |
|
1 | |
| Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
3 | |
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Info | service_name = Audiosrv |
|
1 | |
| Get Info | service_name = Audiosrv |
|
1 | |
| Get Info | service_name = Audiosrv |
|
1 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
4 |
Process #12: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:45, Reason: Child Process |
| Unmonitor | End Time: 00:00:48, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xda4 |
| Parent PID | 0x210 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
39C
0x
C38
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x214bfe30002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #13: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 1788 -s 796 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:46, Reason: Child Process |
| Unmonitor | End Time: 00:01:02, Reason: Self Terminated |
| Monitor Duration | 00:00:16 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x548 |
| Parent PID | 0x6fc (c:\windows\system32\sihost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E88
0x
1A4
0x
42C
0x
E60
0x
668
0x
5B4
0x
56C
0x
564
|
Process #14: sihost.exe
0
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\sihost.exe |
| Command Line | sihost.exe |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:47, Reason: Child Process |
| Unmonitor | End Time: 00:01:08, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x504 |
| Parent PID | 0x6fc (c:\windows\system32\sihost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs | - |
Process #15: searchui.exe
0
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe |
| Command Line | "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca |
| Initial Working Directory | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ |
| Monitor | Start Time: 00:00:48, Reason: Injection |
| Unmonitor | End Time: 00:01:35, Reason: Self Terminated |
| Monitor Duration | 00:00:47 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb58 |
| Parent PID | 0x2b4 (Unknown) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Low |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DD4
0x
DD0
0x
B74
0x
B70
0x
590
0x
578
0x
6C4
0x
6D4
0x
588
0x
828
0x
630
0x
7C4
0x
7A0
0x
438
0x
7FC
0x
778
0x
50C
0x
BF0
0x
BEC
0x
BE4
0x
BD8
0x
BCC
0x
BC8
0x
BC4
0x
BC0
0x
BB8
0x
BB4
0x
BB0
0x
BAC
0x
BA8
0x
B84
0x
B7C
0x
B6C
0x
B5C
0x
200
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Process #16: runtimebroker.exe
91
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\system32\runtimebroker.exe |
| Command Line | C:\Windows\System32\RuntimeBroker.exe -Embedding |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:53, Reason: Injection |
| Unmonitor | End Time: 00:01:33, Reason: Crashed |
| Monitor Duration | 00:00:39 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbf4 |
| Parent PID | 0x2b4 (Unknown) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
734
0x
A0C
0x
8AC
0x
57C
0x
61C
0x
BF8
0x
8E8
0x
A90
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| runtimebroker.exe | 0x7FF7D7FC0000 | 0x7FF7D7FD5FFF | Relevant Image | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
2 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
2 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
3 |
Process #17: taskhostw.exe
115
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\taskhostw.exe |
| Command Line | taskhostw.exe |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:54, Reason: Injection |
| Unmonitor | End Time: 00:04:09, Reason: Crashed |
| Monitor Duration | 00:03:14 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf78 |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
68C
0x
490
0x
910
0x
FE8
0x
FE4
0x
FBC
0x
FAC
0x
FA8
0x
FA4
0x
F9C
0x
F84
0x
F7C
0x
3A8
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| taskhostw.exe | 0x7FF638680000 | 0x7FF638697FFF | Relevant Image | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Host Behavior
File (11)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
10 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (23)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
10 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
11 |
Process #18: msoia.exe
0
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\program files\microsoft office\root\office16\msoia.exe |
| Command Line | "C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload mininterval:2880 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:55, Reason: Injection |
| Unmonitor | End Time: 00:01:36, Reason: Self Terminated |
| Monitor Duration | 00:00:41 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfd4 |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
344
0x
A98
0x
FD8
0x
D58
0x
E60
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| msoia.exe | 0x7FF691BF0000 | 0x7FF691C59FFF | Relevant Image | - | 64-bit | - |
|
|
|
| msoia.exe | 0x7FF691BF0000 | 0x7FF691C59FFF | Process Termination | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Process #19: net.exe
0
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9fc |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
524
0x
E3C
|
Process #21: msoia.exe
0
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\program files\microsoft office\root\office16\msoia.exe |
| Command Line | "C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan upload |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:56, Reason: Injection |
| Unmonitor | End Time: 00:01:15, Reason: Self Terminated |
| Monitor Duration | 00:00:18 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xff8 |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
DB8
0x
BE8
0x
D20
0x
FFC
0x
FB0
0x
524
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| msoia.exe | 0x7FF691BF0000 | 0x7FF691C59FFF | Relevant Image | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Process #22: net.exe
0
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe38 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DEC
0x
CFC
|
Process #24: apphostregistrationverifier.exe
82
0
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\windows\system32\apphostregistrationverifier.exe |
| Command Line | C:\WINDOWS\system32\AppHostRegistrationVerifier.exe |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:00:57, Reason: Injection |
| Unmonitor | End Time: 00:01:54, Reason: Self Terminated |
| Monitor Duration | 00:00:56 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc14 |
| Parent PID | 0x3c0 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
4A0
0x
770
0x
F2C
0x
F48
0x
9C0
0x
6B8
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| apphostregistrationverifier.exe | 0x7FF782A00000 | 0x7FF782A1DFFF | Relevant Image | - | 64-bit | - |
|
|
|
| apphostregistrationverifier.exe | 0x7FF782A00000 | 0x7FF782A1DFFF | Process Termination | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Host Behavior
File (1)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
1 |
Process #25: net1.exe
22
0
| Information | Value |
|---|---|
| ID | #25 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc48 |
| Parent PID | 0x9fc (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6B4
0x
6AC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 60 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x19e9a630002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #26: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6a4 |
| Parent PID | 0xe38 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
500
0x
570
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1d04f830002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #27: dllhost.exe
85
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\system32\dllhost.exe |
| Command Line | C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:03, Reason: Injection |
| Unmonitor | End Time: 00:01:20, Reason: Crashed |
| Monitor Duration | 00:00:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xce4 |
| Parent PID | 0x2b4 (Unknown) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B64
0x
D54
0x
D30
0x
D44
0x
D48
0x
D34
0x
AC8
0x
CE8
0x
CFC
0x
FCC
0x
DA4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| dllhost.exe | 0x7FF6FB010000 | 0x7FF6FB018FFF | Relevant Image | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db0000, size = 2981888 |
|
1 | |
| Create Remote Thread | #1: c:\users\fd1hvy\desktop\v19v.exe | 0x2d4 | address = 0x7ff742db22e0 |
|
1 |
Host Behavior
File (1)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x7ff92fdd0000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7ff9232d0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7ff931520000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7ff9315e0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7ff9300e0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7ff92da00000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x7ff92fdee490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x7ff92fde33c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x7ff92fdea3e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7ff931535410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x7ff92fdf2130 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x7ff92fdf22c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x7ff92fdedbe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x7ff92fdebf50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x7ff92fdf2230 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x7ff92fde97f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7ff9315622e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x7ff92fdec0d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x7ff92fe07cd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x7ff92fdeb190 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7ff92da0fcc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x7ff92fde9a70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7ff92fe07cc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x7ff92fdee860 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7ff9315353c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x7ff92fdf2480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7ff9315354e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x7ff92fdf1ea0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7ff931535370 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7ff931534c50 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x7ff92fe2a370 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x7ff92fdf24f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x7ff92fe2e3b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7ff93154a740 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7ff931539be0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x7ff92fde3410 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x7ff92fdf1e00 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7ff9301df5d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x7ff92fdf2320 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x7ff92fde7fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x7ff92fdf2160 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x7ff92fdf2070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x7ff92fdee000 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7ff9302a1600 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x7ff92fdec1a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x7ff92fdebfa0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x7ff92fdf20f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x7ff92fdf2330 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x7ff92fdf2570 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x7ff92fde8dd0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7ff9232d12d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7ff931534aa0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7ff9232d14f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x7ff92fdee9f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x7ff92fdf24e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7ff9315353b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x7ff92fdf2510 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x7ff92fde33d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x7ff92fdf2300 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x7ff92fdf21e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7ff931535a10 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x7ff92fdeec60 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7ff9232d15e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7ff9315e7e20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7ff931539b10 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7ff9315353f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x7ff92fdf2520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x7ff92fdf2770 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x7ff92fdebf60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x7ff92fdeba30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x7ff92fdf20d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x7ff92fde9940 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7ff9315357e0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7ff92fad5110 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x7ff92fdf2100 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x7ff92fdf22d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7ff93153a1a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7ff9315382d0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
1 |
Process #28: net.exe
0
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:08, Reason: Child Process |
| Unmonitor | End Time: 00:01:14, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb08 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
564
0x
728
|
Process #30: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #30 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 3300 -s 1296 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:08, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:12 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1a4 |
| Parent PID | 0xce4 (c:\windows\system32\dllhost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
710
0x
724
0x
4CC
0x
C68
0x
FE4
0x
F34
0x
504
0x
548
0x
388
|
Process #31: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:09, Reason: Child Process |
| Unmonitor | End Time: 00:01:12, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x73c |
| Parent PID | 0xb08 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
70C
0x
810
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1ea62b00002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #32: dllhost.exe
0
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\system32\dllhost.exe |
| Command Line | C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:10, Reason: Child Process |
| Unmonitor | End Time: 00:01:19, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x708 |
| Parent PID | 0xce4 (c:\windows\system32\dllhost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs | - |
Process #34: net.exe
0
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:19, Reason: Child Process |
| Unmonitor | End Time: 00:01:30, Reason: Self Terminated |
| Monitor Duration | 00:00:11 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9e4 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7BC
0x
CDC
|
Process #36: net.exe
0
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:20, Reason: Child Process |
| Unmonitor | End Time: 00:01:31, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa10 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9BC
0x
105C
|
Process #37: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #37 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 3060 -s 620 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:20, Reason: Child Process |
| Unmonitor | End Time: 00:01:32, Reason: Self Terminated |
| Monitor Duration | 00:00:11 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4e0 |
| Parent PID | 0xbf4 (c:\windows\system32\runtimebroker.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F54
0x
EB0
0x
1058
|
Process #39: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:21, Reason: Child Process |
| Unmonitor | End Time: 00:01:30, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x974 |
| Parent PID | 0x9e4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
ACC
0x
1050
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1775d470002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #40: runtimebroker.exe
0
0
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\system32\runtimebroker.exe |
| Command Line | C:\Windows\System32\RuntimeBroker.exe -Embedding |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:24, Reason: Child Process |
| Unmonitor | End Time: 00:01:31, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x104c |
| Parent PID | 0xbf4 (c:\windows\system32\runtimebroker.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs | - |
Process #41: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #41 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:01:31, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1074 |
| Parent PID | 0xa10 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1078
0x
1150
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x24b87ae0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #42: net.exe
0
0
| Information | Value |
|---|---|
| ID | #42 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:30, Reason: Child Process |
| Unmonitor | End Time: 00:01:37, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x137c |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1380
0x
1468
|
Process #44: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:32, Reason: Child Process |
| Unmonitor | End Time: 00:01:38, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x14c4 |
| Parent PID | 0x137c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
14C8
0x
1560
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x241408d0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #45: net.exe
0
0
| Information | Value |
|---|---|
| ID | #45 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:33, Reason: Child Process |
| Unmonitor | End Time: 00:01:40, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1550 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1554
0x
1604
|
Process #47: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #47 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:35, Reason: Child Process |
| Unmonitor | End Time: 00:01:40, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1678 |
| Parent PID | 0x1550 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
167C
0x
1778
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x18adb930002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #48: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #48 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 1816 -s 1352 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:38, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Self Terminated |
| Monitor Duration | 00:00:56 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x19a0 |
| Parent PID | 0x718 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
19A4
0x
19C8
0x
1FCC
0x
3578
0x
3B44
0x
4520
0x
63C0
0x
67AC
|
Process #49: svchost.exe
0
0
| Information | Value |
|---|---|
| ID | #49 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:41, Reason: Child Process |
| Unmonitor | End Time: 00:02:39, Reason: Self Terminated |
| Monitor Duration | 00:00:58 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1ae8 |
| Parent PID | 0x718 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs | - |
Process #50: net.exe
0
0
| Information | Value |
|---|---|
| ID | #50 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:41, Reason: Child Process |
| Unmonitor | End Time: 00:01:48, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe80 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A78
0x
1E70
|
Process #52: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #52 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:43, Reason: Child Process |
| Unmonitor | End Time: 00:01:48, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1f24 |
| Parent PID | 0xe80 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1F28
0x
1FA4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1cd30a10002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #53: net.exe
0
0
| Information | Value |
|---|---|
| ID | #53 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:44, Reason: Child Process |
| Unmonitor | End Time: 00:01:51, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf68 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6C8
0x
224C
|
Process #55: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #55 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:47, Reason: Child Process |
| Unmonitor | End Time: 00:01:51, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2328 |
| Parent PID | 0xf68 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
232C
0x
2480
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x147d3480002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #56: net.exe
0
0
| Information | Value |
|---|---|
| ID | #56 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:55, Reason: Child Process |
| Unmonitor | End Time: 00:02:01, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x30ac |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
30B0
0x
33F0
|
Process #58: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #58 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:57, Reason: Child Process |
| Unmonitor | End Time: 00:02:00, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3528 |
| Parent PID | 0x30ac (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
352C
0x
36C0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x2752e850002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #59: net.exe
0
0
| Information | Value |
|---|---|
| ID | #59 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:58, Reason: Child Process |
| Unmonitor | End Time: 00:02:10, Reason: Self Terminated |
| Monitor Duration | 00:00:11 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3838 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
383C
0x
3C30
|
Process #61: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #61 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:00, Reason: Child Process |
| Unmonitor | End Time: 00:02:07, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3d64 |
| Parent PID | 0x3838 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3D68
0x
3EB4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x242aab60002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #62: net.exe
0
0
| Information | Value |
|---|---|
| ID | #62 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:13, Reason: Child Process |
| Unmonitor | End Time: 00:02:21, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4518 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
451C
0x
491C
|
Process #63: net.exe
0
0
| Information | Value |
|---|---|
| ID | #63 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:13, Reason: Child Process |
| Unmonitor | End Time: 00:02:21, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4574 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4578
0x
4918
|
Process #66: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #66 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:15, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4a58 |
| Parent PID | 0x4574 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4A5C
0x
1FE0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x18caf220002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #67: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #67 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:15, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4a60 |
| Parent PID | 0x4518 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4A64
0x
4364
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x29da68e0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #68: net.exe
0
0
| Information | Value |
|---|---|
| ID | #68 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:25, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x58c8 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
58CC
0x
5D24
|
Process #69: net.exe
0
0
| Information | Value |
|---|---|
| ID | #69 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:26, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5938 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
593C
0x
5D28
|
Process #72: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #72 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:28, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5e88 |
| Parent PID | 0x58c8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5E8C
0x
602C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x18a6f200002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #73: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #73 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:28, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5e90 |
| Parent PID | 0x5938 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5E94
0x
6030
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x203e2140002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #74: net.exe
0
0
| Information | Value |
|---|---|
| ID | #74 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:39, Reason: Child Process |
| Unmonitor | End Time: 00:02:50, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1ae8 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
19A0
0x
73FC
|
Process #75: net.exe
0
0
| Information | Value |
|---|---|
| ID | #75 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:40, Reason: Child Process |
| Unmonitor | End Time: 00:02:50, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x708c |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7090
0x
7420
|
Process #78: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #78 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 3960 -s 812 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:43, Reason: Child Process |
| Unmonitor | End Time: 00:04:08, Reason: Self Terminated |
| Monitor Duration | 00:01:25 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd74 |
| Parent PID | 0xf78 (c:\windows\system32\taskhostw.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
71C
0x
7424
0x
7700
0x
A0F0
0x
A5A4
0x
B010
0x
D234
0x
FB6C
0x
112DC
|
Process #79: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #79 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:43, Reason: Child Process |
| Unmonitor | End Time: 00:02:49, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7480 |
| Parent PID | 0x1ae8 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7484
0x
75D4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1c03ae40002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #80: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #80 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:44, Reason: Child Process |
| Unmonitor | End Time: 00:02:49, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x74c4 |
| Parent PID | 0x708c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
74C8
0x
75E0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1e1953b0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #81: net.exe
0
0
| Information | Value |
|---|---|
| ID | #81 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:57, Reason: Child Process |
| Unmonitor | End Time: 00:03:05, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8818 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
881C
0x
8BF4
|
Process #82: net.exe
0
0
| Information | Value |
|---|---|
| ID | #82 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:57, Reason: Child Process |
| Unmonitor | End Time: 00:03:05, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x886c |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8870
0x
8C3C
|
Process #85: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #85 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:59, Reason: Child Process |
| Unmonitor | End Time: 00:03:04, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8d0c |
| Parent PID | 0x8818 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8D10
0x
8EE4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1950a170002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #86: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #86 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:59, Reason: Child Process |
| Unmonitor | End Time: 00:03:04, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8d68 |
| Parent PID | 0x886c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8D6C
0x
8F38
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x20487840002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #87: net.exe
0
0
| Information | Value |
|---|---|
| ID | #87 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:12, Reason: Child Process |
| Unmonitor | End Time: 00:03:20, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb100 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B104
0x
BDAC
|
Process #88: net.exe
0
0
| Information | Value |
|---|---|
| ID | #88 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:12, Reason: Child Process |
| Unmonitor | End Time: 00:03:20, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb124 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B128
0x
BCB0
|
Process #91: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #91 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:15, Reason: Child Process |
| Unmonitor | End Time: 00:03:19, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc134 |
| Parent PID | 0xb124 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C138
0x
C54C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1def97e0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #92: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #92 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:16, Reason: Child Process |
| Unmonitor | End Time: 00:03:19, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc280 |
| Parent PID | 0xb100 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C284
0x
C640
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x22d1b340002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #94: net.exe
0
0
| Information | Value |
|---|---|
| ID | #94 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:27, Reason: Child Process |
| Unmonitor | End Time: 00:03:32, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd158 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D15C
0x
D258
|
Process #95: net.exe
0
0
| Information | Value |
|---|---|
| ID | #95 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:27, Reason: Child Process |
| Unmonitor | End Time: 00:03:32, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd170 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D174
0x
D254
|
Process #98: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #98 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:29, Reason: Child Process |
| Unmonitor | End Time: 00:03:32, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd310 |
| Parent PID | 0xd170 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D314
0x
D374
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1ec25b90002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #99: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #99 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:29, Reason: Child Process |
| Unmonitor | End Time: 00:03:32, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd31c |
| Parent PID | 0xd158 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D320
0x
D380
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x18e4f810002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #102: net.exe
0
0
| Information | Value |
|---|---|
| ID | #102 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:39, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Self Terminated |
| Monitor Duration | 00:00:09 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xde64 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DE68
0x
E514
|
Process #103: net.exe
0
0
| Information | Value |
|---|---|
| ID | #103 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:39, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xde6c |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DE70
0x
E510
|
Process #108: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #108 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:46, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe650 |
| Parent PID | 0xde6c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E654
0x
E734
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x178ec220002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #109: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #109 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:46, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe658 |
| Parent PID | 0xde64 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E65C
0x
E660
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x2c2d1980002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #110: net.exe
0
0
| Information | Value |
|---|---|
| ID | #110 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:56, Reason: Child Process |
| Unmonitor | End Time: 00:04:03, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf4a4 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F4A8
0x
FC38
|
Process #111: net.exe
0
0
| Information | Value |
|---|---|
| ID | #111 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:56, Reason: Child Process |
| Unmonitor | End Time: 00:04:03, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf4ac |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F4B0
0x
FAD8
|
Process #114: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #114 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:58, Reason: Child Process |
| Unmonitor | End Time: 00:04:02, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfd78 |
| Parent PID | 0xf4ac (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FD7C
0x
1008C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x1abe1be0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #115: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #115 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\WINDOWS\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:59, Reason: Child Process |
| Unmonitor | End Time: 00:04:02, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfe98 |
| Parent PID | 0xf4a4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FE9C
0x
1011C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x13c37de0002 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0x7ff6e9930000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\WINDOWS\system32\net1.exe, size = 260 |
|
1 |
Service (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Control | service_name = SAMSS |
|
1 | |
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #116: net.exe
0
0
| Information | Value |
|---|---|
| ID | #116 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:11, Reason: Child Process |
| Unmonitor | End Time: 00:04:14, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x120d8 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
120DC
0x
126AC
|
Process #117: net.exe
0
0
| Information | Value |
|---|---|
| ID | #117 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:11, Reason: Child Process |
| Unmonitor | End Time: 00:04:14, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x12158 |
| Parent PID | 0x7fc (c:\users\fd1hvy\desktop\v19v.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1215C
0x
126A8
|
Process #120: werfault.exe
0
0
| Information | Value |
|---|---|
| ID | #120 |
| File Name | c:\windows\system32\werfault.exe |
| Command Line | C:\WINDOWS\system32\WerFault.exe -u -p 1964 -s 1432 |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:04:12, Reason: Child Process |
| Unmonitor | End Time: 00:04:14, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x12348 |
| Parent PID | 0x7ac (c:\windows\system32\taskhostw.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1234C
0x
123A0
|
