jsworm.exe
Windows Exe (x86-32)
Created at 2019-07-18T07:39:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: jsworm.exe
27611
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\jsworm.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\jsworm.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:34, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb08 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D54
0x
D18
0x
EA0
0x
F94
0x
F90
0x
F7C
0x
FF4
0x
174
0x
E00
0x
DF0
0x
FB0
0x
FC0
0x
8AC
0x
8F0
0x
D2C
0x
CE8
0x
2AC
0x
7A4
0x
D04
0x
58
0x
D34
0x
AC8
0x
E98
0x
7EC
0x
1004
0x
1008
0x
100C
0x
1010
0x
1014
0x
1018
0x
101C
0x
1020
0x
1024
0x
1028
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| jsworm.exe | 0x01320000 | 0x01346FFF | Content Changed | - | 32-bit | 0x013333B1 |
|
|
|
| jsworm.exe | 0x01320000 | 0x01346FFF | Content Changed | - | 32-bit | 0x01340817, 0x01332F8F |
|
|
|
| jsworm.exe | 0x01320000 | 0x01346FFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\ProgramData\key.9A8I36E.JSWRM | 706 bytes |
MD5:
ae500a23217cd8e490103c9515367873
SHA1: 28c3acec91e8a596f27bd8c2e06e727e5eb5f650 SHA256: 5d5e845f23a1cc3dc1ea4ec9caf7f1d1e786bfea5c411ab35635d1bf82767a5b SSDeep: 12:pCXV3JDmM8KewKYWznrSE6qBd04JDfKXBGCbRcvFlo/kGyX:pCjDmy5irp6qfXVfKcCbOPakGM |
|
|
| C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | 156 bytes |
MD5:
0e1355627c7261214f61a7e83c7af623
SHA1: 64aed878a844d8da448c16e25c1e5c849ca309a0 SHA256: 66f2e360b58bee5e39c301c36b63efa50d1a7918df2a65c0713900ccba91cfd7 SSDeep: 3:/o+3nZAZhh895GbgQOiALPR+f299sydzMhSSM06+DOx8+T1qn3bWr:92qbTQb7fWTdzMh+06+DSMir |
|
|
| C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | 577 bytes |
MD5:
d93e9475f60b53a8538bc63b2320e7b2
SHA1: 759ca85599b4b552e294de76fba81e9a32c3773c SHA256: 9ea8002f99f1af28fb7901f46fd3c0c4110b264b215db393c060a93c493153a4 SSDeep: 12:YLNNE4r/7k5MHgOGZYVQGe+cLChl8gYskuit79COnXhYhfVL/UAfMBbpUA/Mm:YLY4r/7k6AOmh+cLCggYskVtv89LItpv |
|
|
| C:\$GetCurrent\SafeOS\preoobe.cmd | 74 bytes |
MD5:
8885806a34ffbd4eb4d2fedacc168009
SHA1: 374405953a5dc7f4bc48f902268b50ea4c9556ea SHA256: fd2c247aa8959eac5a7de921531842eca63b2f16842cfcf8a18c038b50e5b736 SSDeep: 3:GbkGrzlFjk6kHsV+UuYPhENOxv:b+Hg6x4YPhE8 |
|
|
| C:\$GetCurrent\SafeOS\SetupComplete.cmd | 307 bytes |
MD5:
eb0517b2eedf6f4a19a65de1b65461f8
SHA1: 37a21d5f0cd27e82d5f4115b316e6fa0c4122977 SHA256: 71f71e54c40605b7c6586d2b55b24be2fb0bd5d4856e5bbb3aaaa1482b16e6d4 SSDeep: 6:YPjNax45o8oO0jSQ1NiTBTC0t3kfKPIiacvOMGYou1NzPnG2nH5pYhsgDceHUyCy:YLN64S8oOOiJ9t33PIiaEOMPRjG2H5On |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.39 KB |
MD5:
dd160c840cc5c51256eb56cd1225b999
SHA1: a705aab7946a9c0a1142468a42b2a32ea9a3416c SHA256: cf234c184e85a98fcb21a2e39d6969ef821fe6731e64dfd61dbd8b8c7c2546ad SSDeep: 192:MToyaqiyAavgeELdtXrHEJiGgkVzfbXzoCO7IT6/ol2:4oqpgeELdtrExPFaW2 |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.47 KB |
MD5:
44716000de27e59d22a366fe0ccb54b7
SHA1: a3d033708f639a05690fda91901d8b0977e8983d SHA256: 1c30705b551a92ce9fa7f9ec9c9cc04a6020495a1a3bead97689ad6a657e3c77 SSDeep: 1536:zQTlFXRoHozWMymVcbEj9Na5Hld/xEv08:YR+oz3hVcbERNa5Hld/v8 |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.64 KB |
MD5:
fc6adfd5e8e7cffe644307019a3d9a38
SHA1: 4037b2f0abf50da60a9943e1952be434237befea SHA256: 8d43f7ef6ea3f347a004f9bf176e6713bd8eee014b2976e4b02a9ccc8d8f4280 SSDeep: 48:RaOlO9nGoN3cweUL6fGYLDRtjNfQHDtDXKFHBj6GQjgDhn3D40uKfSmJNvAG88e4:8ES+m2GYLDRtwmHN113kDKfSmJqG88o2 |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.07 KB |
MD5:
6f6c764800b137f217b9af83ccf5409d
SHA1: f1e6e29821989cd0bb0798b4888f1389e7286998 SHA256: 70422dd7a9e63e3ae32e81a633f1e69fe5cf06b11b1817cd6f7cb59728589e5b SSDeep: 1536:pIinLVJQhcadexQTik6f78YIlyH/446ifJok1XZT:pI8BJFxA74RxdfKMXt |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 75.93 KB |
MD5:
4e6fe79ad5fd3ae28a426315ce4c251b
SHA1: 0042f58c7e65e338d9e78aaf57cebdca7ac20d73 SHA256: 8ebd95e53309960a22746baa76cc95b2b5d5f019af49c2ab428f579bd3b7350b SSDeep: 768:3SkGxsz7QXQ9ZHsZFDA4jxnw5D1qZODnmbrPOBzWYrcNhM6iLTBV0JsyF/Lhs4W0:368ZMZF+StbcoHpstnQCE7xqPXm |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.34 KB |
MD5:
37e4bfaad498054e84ef168540c289b0
SHA1: a678c77f6abdaa445aa61a52d575b31a9c719f65 SHA256: 6d3aafd09d5f90dcdc71932c0436e7114209e74a025ae6ff2aa201e0323920d6 SSDeep: 48:fu4f3wm4GDYgkPGAL+SU5n9a5LLFLL35kXboG4hiwbQZXkfuc/NNNcijek6grBgX:G22gFALgOF34boG1wbIXatFNmHvYG82 |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.42 KB |
MD5:
b6fc45665d72d0a23e346a905335ca68
SHA1: ccb968318a861d012b9fe00231abb2a6262de2a9 SHA256: c7a9995733474946b82b4c46bf63915f3f25ea010815e3fddf0c6c39ee0be091 SSDeep: 768:AaUTSmN4BzIMNa9U2OeuRvcSsXWwaei5xiRGJ301RImwcKoHURyDoX185lNdv2ZW:NUOkXMNRsUmDW1waBYk9ZVQi3T9Zg |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.67 KB |
MD5:
1c5b219f3c8e4abd9b702b4b0b880cb1
SHA1: 40609faebbd73b0ed67415f71f83d0a9e0f75df2 SHA256: 4fff33f7d561253ae4634a9f07ca578aee2863ef7e0945e95dc671f75325f81a SSDeep: 192:9iMhAS4PtMPqKDYwOdNACyp6cuv4VnpnPMH1mFZPc04CNWVHvT5cz4dNu2:9iemtMHJ+Ni6Y5hUVmFZP34CwVPTDdN9 |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.26 KB |
MD5:
b339558cb305af5b22a46b8ab920f20b
SHA1: 69592ef75ef8fc79e1c620eff34a1fcf9f6ba212 SHA256: ffa4c4dc3093d0b35110895b11d008ff7fb8fb26b75e9cfac7d3399f2f6f8871 SSDeep: 1536:WIv+LYIYvUHjC7mt+CbU/y7jBcaLT1/CZBl:Ww+LYIYvUHCG+Co/+jKaLZCd |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.11 KB |
MD5:
7f271266289f063491d9c93fd2d25cdf
SHA1: 431b833ad3375d4511df34856c63cb5da1d9d668 SHA256: 8f60851890eb03f6f2fd2f127f78251a4650b259aac078914c5c5e41ab58aae8 SSDeep: 96:GpBHw6brxegOp5QtuvgNHaanmKnauX/xr:YBXbrUgOuuviHnmKF |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.42 KB |
MD5:
35641e917ab0d6eede7df21431158b7e
SHA1: d53c4aa14e6356d7b100193e3d37cb78fb044002 SHA256: cca5fed607dd4503b7e846dabc4f4270d90f0a09f671f548946f7ee5a7eeefe7 SSDeep: 1536:lCnuVwjSExK2qAlKsv/oN0ywwv86kNSRA:lCJDk2qAlKsvQ+yw7D |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.62 KB |
MD5:
562a6ac4e70120a5ac69c5ee15fb9bab
SHA1: b1f08b7e9efd8474ef865db6f7dab60d13205dde SHA256: b51943d3784d6ac69da8da6587ca7441059302c850b1dc3201b7ea6da0f15e1d SSDeep: 96:G2fASxKv+yt638witpSb6Y6kz7H+V01Gp:lIMKmkbSmkn+01Gp |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.22 KB |
MD5:
c96baddba908c4d2336a8e3d6e956887
SHA1: b72fb512fdfb21d0ae54cc65cb67f89f1da326c1 SHA256: eb0d1dc0a92e7814339b40b1292146dd48258cff884002552171c24b023dae64 SSDeep: 768:sYTBOc/75jckNaK/EzRmwT8orGLkNajqWsb/m4YWd02aotLk0LDAiFR0JUhnc+D4:Hw0UGEt6o2aDFX/5JnlxDhvp07 |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.44 KB |
MD5:
6fe510cd793ccec5d69ba9515faed5dc
SHA1: 8f89c081b7063db181055dbdc0e70a73ffb212b6 SHA256: 9560ade9e644e84cd762a10107c864298e0cb381979df183f00e23c54e5cbd0a SSDeep: 96:GcUigBDwRAl42b335+HPzS3q5SKSDKInrTqx7Wcn0b81:vUigGR+J+vJHInrTqxicniy |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.02 KB |
MD5:
601c607e1aa811ee373d7a50ebb87d20
SHA1: 9adc24d61d2840fac3f7f5dfd71db37cd9883041 SHA256: b90aff6dc182653d9c4cb98396436129a161545eb1037f1242821dd285a5ea64 SSDeep: 1536:i7CPCr8k6OC3z5y3lbK2GyRiUgml6jI4ez+U6hbzn3HBY3KN4:p5Cm2ElW3KK |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.69 KB |
MD5:
dad3d7cf3197e75461d613fad936aa48
SHA1: 75ef9b799ce2509b731c5718f3cf1e5b4d7d82e5 SHA256: 0324f8fdea893dc2174533b78626dd54ff52bd96eb56c338f3562c404328bd1a SSDeep: 96:PRMoPh48SA/sD3q+X52GdUGs/1lNXM99gwucHb9gg2I844asBGbuofglUwlWO36:PL/S2sG6DUX/1cU4in44rliDe6 |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.39 KB |
MD5:
9b0e9d1e1062f9fd5a8c64b89410ca0d
SHA1: c6eabe02f2ac083cf06cd7192d9dde1adbfd0787 SHA256: 79403461aed17bef83293c51326607eb6a4ac993316e4fe3b9a95a4110cc45f2 SSDeep: 768:avhNa/PkT6DMUN8TlCPkirrRepkjKMAx4HNQ0engXP/4iQh/x0xosowQIUS7QDVH:C0PlFeeNQ6NZqiTC/Ove/84 |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.15 KB |
MD5:
33bca5d14bb480c8a94b1f7c300f49b3
SHA1: 8ed740ef563e8bc2bdb37e181cf9f69f13194563 SHA256: 096b7a680c03c31bb76b2a97182f5a3098a36c4240e39158101f0c870d65a4be SSDeep: 96:n41XLmUk2/cpbLMr8mJOiba5V4BRW1yNQb9Bcleapt4u2:n41Xa7OkbLMrlOie4AyNQbTHapSu2 |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.42 KB |
MD5:
1601da309c7f939d3d59b1543c42e99b
SHA1: c4ad204cb2bfa28c2f7c3e9915079fcd9f7b97b4 SHA256: bda3e53f2178d876da5d0d7a695e1f2edd60b1fc2fc7991ec59a5d8f75ef11ff SSDeep: 1536:qTihtePQERciMU68cpZftvS3GxAqVXgX55qjJ0udR:zhgQajEVY5MJvdR |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.56 KB |
MD5:
32b608794efedc80837a1d42c9d635ea
SHA1: c4fe230897560023b58dd6905db79a8e6c858f8c SHA256: e5c1ddf7098098e892b893aa5082fb5f149d0d9a871e27c169b9216173cc720d SSDeep: 96:rtdsCDL3edSe9lwa/C0qsm3hd0NgVhLtL047t4vl232:PLLOdTUadm3hdXLtLn8w2 |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.18 KB |
MD5:
a5b0e53f1d8bd3ed5579c1a83930a9c4
SHA1: 6cc233a9f00a424aab40dab020a82aeb38782eda SHA256: 71919cd6c8d86a2d01679f3f6c3b04c43f050f317d9781b75d8abdf918f86006 SSDeep: 768:YWVxkUkOupa8r0ZmWp66LGPvaOsgIKiFQzfKgygA8g1+5zNpmifNgMxP/1cUidF9:bbkOPhkZXaN3FQzwMpwizq |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 9.89 KB |
MD5:
9f76d86e17a2dfe29c3c789be0edb232
SHA1: 10316ab048a46cf5cc532dfa9f9949a619f60321 SHA256: 428466b7f1ee3a6d0d98cde78131cfe956a89017c1d0eae8df14974f5cc30a8b SSDeep: 192:MaAy2rAC0NjQU5/ZuYkknida8j1MPHxSSCr5yGfN/jZh2I7z7HJVmq2:Mab2rACnC/ZRLua8BMPH+5yGfN/jT2IE |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.63 KB |
MD5:
d383958970a26eed6d2fd358e1889ef7
SHA1: 4b0869ba5b9227a8f3944226ac5336a893104e18 SHA256: 97bb5876566d01cf31d43860cb10defd3006683dae333333a0652c7a90dfe643 SSDeep: 768:Qum/wcqZXCKhdzdOViJONi7fduykDdr3bi6Y18g4x5zrMsVltxdKB/4y9564zZhM:QFj4DxkPZrVGL64OoCZ1+LsfMa |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.39 KB |
MD5:
66f472c5c452cf298c11a19a7807d7b5
SHA1: b591d359cadcbe0f4301627a3c19e3eb550df98e SHA256: 3e2f3338289accd6de71f24cdd14232badb4a90d354b3d0ab7bdcb71413bbcf7 SSDeep: 384:auEDHV2vm7aTKSREumQlQ4bLfEOrJi9o3ee4eaYLkpOZ32:yDHc1wGMaV3eeTvQpf |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.71 KB |
MD5:
97a2df74f1edb1a25001f42ccc0371c1
SHA1: 3912767e659f848904c06a9f1a202283d808b4f9 SHA256: 245e8f6f8055bcc215e096ea30f360e20746d617adef5e62395cb34c3e4becb9 SSDeep: 768:qTl/QY9NDmYjeDx7OyIGP5VR6Du1B0BH6YNQ9V/oCl72ugR9hJQNnxFY2LooeW9/:qxVgRN8qOk82lrmI |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.46 KB |
MD5:
c8713cb1532fb8b6f24a43bc92f91e23
SHA1: 83a861c9a561f84c44a01be39dae5119a517eaf2 SHA256: c04c335c350d91181d533aaaae6296c29214a7cc306e5dfffcfcf8a335eed996 SSDeep: 96:radsCDPjrJIuyI1uGPeMo7cHPHK7Oe8O7uhdrp6P2:eLP3JaMeMooPMoO2 |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 77.77 KB |
MD5:
809bae4df46847ecff12cd692cfd3259
SHA1: 532e738c0ac043bae429ea076624faac89e7e957 SHA256: 045a38c4ec7ecaca6c196428e14c4aa7795ead0fe0da856dd68d760cecd7ddaa SSDeep: 768:m0picuzMNYNN2ZwTPr9jlbED7VLvAK04PGZqDh7z0gdHOR8h6FY24kVegukS1Q4z:Qz7Pr23um6i2nytIYwvJWh3p4s |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 2.97 KB |
MD5:
2a054a15f0de4a684ec5de740638e347
SHA1: f38bc3ee5f1ac666ccc45cb8981cd761953c2156 SHA256: 72775306377d1910dff6b5a4ac31190f71d65f950a477ca4c0bee59f585bc6e7 SSDeep: 48:KUtdd0TC2a3IkttatUSZSS77Qn9Xogs1ioQaLTTQkXq9309RffgRzp8Pjad2oEr6:rtddsCDxtASS77QnJghQa/keq93iRff2 |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.44 KB |
MD5:
718433ef4ada5555a9276fb928ad663e
SHA1: 8d25de4231f464584aab95d5bea9c4e02b26c6db SHA256: ab094a11e18a2810792935f1f2a9c742dd144f050bf1833e64efd435ac0ceca4 SSDeep: 768:/R0R/FSulH2wL3ZDnDTyEQ0q65c5KJ7y6MD7TCqIkCsMUCnTWLaq+xjzT8yw77Ug:bIH3z52nIi6KlA8WFwsnujaI |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 3.95 KB |
MD5:
d862163f68caaea30f210ef407fbde12
SHA1: 0932e467852b454c17f7dd5ffae8e59225ec6e61 SHA256: b906bf965d35f2f068217f2f798bf8e362e2c0fb77b0bc945eb26d1958a732c1 SSDeep: 96:rZ1VjBn0DkAOOt/fsTnA+Mf2mIK34NHNpmqzkxP0QifoEoazmyPBJZlyVQ:F1Vtn0DD/CnA+H7J20rgazmyz |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.60 KB |
MD5:
63d21e4e8207e630d6673fdec3fb43f1
SHA1: ca288225cb573e6a379e7b7b4e7a2dea40e88674 SHA256: 67812f32c60a61f917021755594ea9f65f53c2be96ffc9892fd6b57a462ebb05 SSDeep: 96:radsCDfU+/0vwNphx228WoFKRMKtaeeBF/zwO9vu2FOqeE7uh:eLfD/hAERMKt0n7vuBqeU2 |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 78.85 KB |
MD5:
9e6c0d6f0af517dcbb6537304209c5aa
SHA1: 5eaa8cb909fa778a371b8beebecf29abf84761fd SHA256: 224df6580784c100a5b4e647549a0b522d385b8047ec77e98ea6b821ac90e786 SSDeep: 768:BUJ12Dv2S3lzpEsIleb4yEdUgXBO2OgSMRTYPlATZuX20n/Y+ZT4IPe10JrzIVjG:bll28bIYP/P5UX5UD/9/AVhZW0u |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.18 KB |
MD5:
0fa7820f327347d927ecbc2b2e8bb09e
SHA1: 964361e809f84d027b95c8717e6945e36a1ae21f SHA256: 4b8972c7a6dde5864179dce06f4871fb77438a28ae8305378330ef14540a81bd SSDeep: 1536:PWTaGIKm/S9KWaoaseMMddqy21sp6B7VkPfl:PMarcKLseMMnQsp6B4d |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.57 KB |
MD5:
90cc97838a3c692b68eccfe1601018e0
SHA1: c71614be1f2cfcdac8b598300246b50ae118a20f SHA256: 5caed0f0a97071888e6b85640d5cdaef814c55860de0b74e3485f1f6a7f5587f SSDeep: 1536:a2VIDxy9AaPE+LnCyjdzBKsmaZvKnRGmtWiAUyY0Sws:lMxyuaP9nCyjdzBK2vYRG6GUyY0o |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 3.77 KB |
MD5:
776957fe434ce91e9cac992bfef8917d
SHA1: 17beec9f15e82d50bd52531db734a8c16d392480 SHA256: 688c3a5b54a2369bbacb2971263f8187e072af20e54bac42bfaca901c7106fb8 SSDeep: 96:rbdsCDM5IMSMTOOdBoGF/Es9NWpNLqB5o47GIly:VLM5JJTOIln+NuB5oWGIly |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 75.86 KB |
MD5:
2c14da7b4ad7dea2bcebabc32520a0a1
SHA1: cbbb9af046323fd4774bfd5cfff50f4220b624a1 SHA256: fcc47ff0797d0b456303353bb6486b235ceb34c638d40cad31c6011a84644afb SSDeep: 768:EG1/gegcRAoMqpZgpeNQGjg+5AbdhmfLsMs8V2d0MasLg4ZZR+hoUWoXqE50z6kQ:RQklNQ0gNpDz+SHilnYvi4FsgeDp |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 3.77 KB |
MD5:
84aca34268cec5a1215680c91f0a8c62
SHA1: af9733159a35a9249b93021ae5ab39f1246cd4e9 SHA256: d889da3a009d771b11410aa6765eee400ef4e3dca67bfa0a5dbcbdde5e457f50 SSDeep: 96:D0hL7v23juP8bosbdQqlwWVPF8qXTb6MIvo:Dc7e3jG8jdQqFrXv6Q |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.02 KB |
MD5:
5dfd9c9b6d55eb69b748a904798e289d
SHA1: 59ad7181c9e837fb5f8542406de5b53bb75e2412 SHA256: 203d88504c0146a620ffbe9fc84c8ad79fbb6f0db71e41d0bab3b242ea63195c SSDeep: 768:yt+yZosKI2qLjzAaTLzVhoxnopnl30pUOuCsKQ/u3hZzYeXCbXAzalq0Jky1mxIc:yfPRJxi3Lzh9yvp3JVes+UyTevfQXF/Z |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.69 KB |
MD5:
dcf80c19d92a7e8c4cfcd32e790bb6fa
SHA1: df38e7b7b906697bec874feeac315fdb75b0d933 SHA256: b7cbed16a494cb9927fd19177e1a58a593c8307a011e5d9809f6e395ae8e620a SSDeep: 96:GgWwsptJfETf35Q8oYrmbO/WUTS+3+N7iESpyE6K+Jp836r64I:H94a73C8oYMkH2pNmESFopLI |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.26 KB |
MD5:
b4bde9384644fbfc5f1b9b3d8af97b6d
SHA1: e70e38fafdf163ed87756be1bdb1a76ec1ca443e SHA256: a76e705cb32ea28ebcdc5239c760ce1389212666077d9c09dd204f008bc8cc01 SSDeep: 768:o6T1E6iPvTlKx6KjrpqkbFFNbJgW+mHH/0nXiwv/dUNyiQFkb4iWJCbRBsGwhOBK:5fPx53t/MdCEPlTQRbuN5W/JvHir |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 3.92 KB |
MD5:
9093f4de4600188d9ab1a0a89eb498dc
SHA1: a1ef4ad58fc824be3eb2099c268818a1d64dce04 SHA256: 9aabefd77589a071de9e85a36eb1cb1030720b7e24693afb5d270bada620bf46 SSDeep: 96:r6dsCDlGeHzUDRTiso3F7Pfhz7wYZMWQ4wGgxFf+zgod2:uLlGnReHVPfhXwYhQ4ZgxkHd2 |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.37 KB |
MD5:
a514e1cabd97eb0aa53534ee5a0750c2
SHA1: afde8a7b4e0a54322b292ddd96ad61303dc9ed9d SHA256: 8f6f501de11f51bd6e3c988fe27a9a89051e766b49dae56c7a485cd2ce09ea34 SSDeep: 1536:eG/56/g5ooFsJG2Shl+FdqCHClC8r7QfQf:ei56EPFiGR6dqc+B |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.16 KB |
MD5:
8f7a7aaa3ff95f2a98b691ad62b633e4
SHA1: 5fe4827358798ce1b928e30c77ac0c0f67b650cc SHA256: 26be68c3dfa9a2623ee28e84ce4833d781c473bfe03762b6f78ea95d2c4c29cc SSDeep: 96:3z3hyR9hXqfx/zV2YtyodAXUVjWRjyAkvzMff+lphDvk+tJD1ESLJU+h2aItoQ39:jxyRmZ/zA0AOiRtmlDvPtJDR3bIJN |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.39 KB |
MD5:
44e329542d055f86da30ef4fb6889fb4
SHA1: 8035eb7e6f65ed75de1e6bc904c7f6b81b1c4f4b SHA256: a5e5af60e05742f3b3a86da39bb514e0e2d20a439f51d0883bfd8aabd8c1a8a9 SSDeep: 768:VauPD8nzpPYQ5uu5Ss2f0eM01/vBZk1RyWVckMF+81w7DyUDuxeANSfXLXQxwHPj:QndPkJWgjbNO |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.00 KB |
MD5:
6c6cc76c5e7ace2df98c55e22ecf80fd
SHA1: 4c9450abe64d261e6f68e0f7e019711406ba40f9 SHA256: 9b8174e2e3b696d96ccd35146f1bc980d8132b34b2185615a45148635956ded1 SSDeep: 48:fuGf3wVEtnAuo2f1eSSr/OGbf3mraQfjyiqV86qeH4f8yEEK4pXEBw3/Q992:GcwQAz44SSr/OS3xlV86hH4f7EE9pXMw |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.12 KB |
MD5:
a10363b0e634b33329a424450c294b49
SHA1: 0df0a3a9d5e783c2ac259833430e043ad6935933 SHA256: 678378d411708f12ad0671ae3aa9da3832ee8611d5acc36ed26209666577f31f SSDeep: 1536:RoeWxgIE7vOjhTZa2BidOWxfq6FmqKI62Js:RopwCO2BuO8LFDi |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 197.07 KB |
MD5:
217de3a7c58b4b6cfcac9f41ad9da924
SHA1: 69aa393e6de68dc28353f4b11d892744984aaa0c SHA256: d9b88a3575f2feaab5598295f7c54825e8be76f495acb639a9d55043a480160d SSDeep: 3072:LO+EijnX/5GKsHOOcxaNFolaORAadWDKZXUPUaMIl:Fo/pK4Z |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 38.13 KB |
MD5:
c257af920b990b03c6fb069fd84e28a4
SHA1: 02671a2617f08755b1f81a091f383d0b4671a0ad SHA256: 803d578dd6de0c999468effbe346bbcaa08c7639c671475a4c821495736a061c SSDeep: 384:f2JJTuQOWxIQlb81Hw8gMJA8ksJIaY6TnXpu5a+KpPDpzapGUYdpR1Yp+RGZWbQv:OJloWxhb88Mh5NbI6980ut5K1z9Jat |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 15.74 KB |
MD5:
d6a7781c2fd39b6b431d2fbd6cada627
SHA1: fef0262495fa379b56f42ba019484f115f70788c SHA256: 87e7a8102932763df1047f4d955cfba3d5fab2ee6243520a8060661ce34762f2 SSDeep: 384:d88Hq3PAlFf3LnFh5jWfNZ8qXwta5qMZ/agIObNn:dY/6FznFhFuNZ8qXwtESgIObNn |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.46 KB |
MD5:
a8d58fa4821343cbc40294b9097851d3
SHA1: 1738f98b2765d30c239b75a54dff4de4e0fd79ef SHA256: 03d4b496cf6f56a10aa33afe7f65e085e51ba288c15accc3a791beefbf001edc SSDeep: 1536:tc62x7czvqdp2piT8j9VXQbU82jf7NPenibvwcV24Gysd8wl0I:c7gvqnfoxgUJf8nbc4479WZ |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 91.13 KB |
MD5:
b1634ae295a90b4d75bf5d901aac028d
SHA1: 6ff5f076b443fc68ec402ab542b4a96d9073f664 SHA256: d6f040c3cb32b2358dd3ebe1e64485596f4194e57ec3029f1cf8b22f3ce6b73d SSDeep: 1536:fRXiWs8mu5HP3/6gOeHULtWhLZK5MjOGU7H38VowAG9d84GChLZK5MjOGUlWbUY+:pSE5HTU37sYalK |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 38.13 KB |
MD5:
60232f5c6b412b2dfcaa212e0d8c416f
SHA1: 59e3b99135fb456d5aa5c9dce73b469bab5ab76a SHA256: ca0650e42f64f3fee53b17d605a8a953b10da097fecbe6502e381f50ed8e5389 SSDeep: 384:f2JJTuQOpK3lgrebRoYSyuzSceTkQxaYPTGxTtGRMbQ54bQN99tW+MGylKbQLaQU:OJlopK3lgaVHEeFnikly5P5IfePaiA |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 1.12 KB |
MD5:
fc8b4ef4adc5527753fb093bedab5e6f
SHA1: 580702fdd13469c02957c40e438de1f0831ee435 SHA256: 1c3eb2372892a493b4c1e496fceb440e6b7bcb1581db72d2ab1ef3d3f5cdadee SSDeep: 24:8ssssMh4vTDTATORkxohCEkjZ5zZthDz5si1iHssch:CvgOuxoNkjDRtjzh |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 894 bytes |
MD5:
9c16d6c47b91ef97ca786c950931f41a
SHA1: be0012d681b3a57a77e59c43ad903a95f47c0720 SHA256: 769bbb8fed865726fb9e3a8be2d29836e086584964df7745f14dc5546a2786a8 SSDeep: 24:JMssssBsEApQOeZ+Lsx4gwnSL7vhss8idHlYht+slQfM:JOOGQg1lHlJfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 894 bytes |
MD5:
e10a9472636af3b6e29c74b1d9f9cef0
SHA1: 8434f5d9520544dc0f025b576eb22e7938f10b78 SHA256: c0570927ff98b1bd7507468330d04b2ce7869e3a9c75ed3d5f20fc9e62b097c5 SSDeep: 24:JMssssh4vsM0mPkLsWuXUULB3lVssZC3pMIsgQfM:J6wk6VK3GfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 894 bytes |
MD5:
d4a8e5d3857c149bcbab8b1d0df20f90
SHA1: 1c569a0a0008fb93b1d7b90680a5cfe19496df3e SHA256: 23fb03f1067c7c7d4d8cfdf61c6a293824f304c2b1c86d99bb9663c2bbc253c2 SSDeep: 24:JMssssSn6rsCRJKMEDgs8zW7V13ssuaxDW0saQfM:JL6XREMOUaSfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 894 bytes |
MD5:
63cc5e0f024afe787a4c1d1b0f1ac58c
SHA1: dd7d4173cc6549ea13608a13a5628116dff76c04 SHA256: b41ab04c6ebc287305ad838ffd47a6f4e1b86b103b773f31d8b3f76c2d4d56e9 SSDeep: 24:JMssss0fseQmn18sT2lkmRhcxfrwHssa06ylLs3QfM:JjnmIxwnhfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 894 bytes |
MD5:
7823e3301da08cd9590773ac18e7ff50
SHA1: 24ca1db5cc66776ac2d3c37781b56af22523f4d0 SHA256: 1b20ed6c281d73a227212cfefcb91b493f882a14fe4ad78f8a5bed5863afd9f1 SSDeep: 24:JMssssPosdJcansvZXDCEoPssxFutvlYXsLQfM:J/kNuefM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 894 bytes |
MD5:
96a6411fbf707df5c64be3e41e7920e4
SHA1: 147b8253f93da48ff26a9cd27959494c61fc1fea SHA256: f58ac345947e2cea711102dce78f0b89271b132575fb5df40dd7b1888944c715 SSDeep: 24:JMssssW8vsmFEMjh5pTOLdscFzRmZyJssw4UENPM6QHr+hsgNQfM:JJ8vf59Mr3hvN8umfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico | 894 bytes |
MD5:
3e3c72d9a4ce134e39081186aeb34208
SHA1: 7d10d0c989af391728a2b0229bd73387195f48a8 SHA256: 86ac17e8d967230bd7965dfc4062704e7e0e429270cad266816992276bbe0680 SSDeep: 24:JMssssqJs1AuSAM9zQas2vJES3Ztagssx1uqXX/5lsC4QfM:J+SAk32SJXu4v5dPfM |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico | 1.12 KB |
MD5:
f5efa2fd532e74e69b07b6d2e904a1dd
SHA1: bf5f88086c17da1975839eb5b1e90ced7b4f9221 SHA256: 4455c87020661fed3a18078fdf52ccb9626cebb664eadf8955bfce20ac6ab49f SSDeep: 24:8ssss6lyHIL0RgAirsw0RQb2Agh2SGV6tYqrTxssc3L1n:gu1cREGwN8Pm3L1 |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico | 35.85 KB |
MD5:
8e3e32b1a827d5c554bd2124e12eead4
SHA1: ce25182833da0ab5c5ac052ac522c9d24b14e884 SHA256: b1a600a01694cbe7f916295b5f4e992e7a8dc884379dc98870550157ed5e85f2 SSDeep: 768:FXjVyJM2iwj7BCQvq1zB1NHSdZgkiarsR/Gj9VXnnl:FV4M2x7cQvqdp2piT8j9VXl |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico | 9.90 KB |
MD5:
69e79296a8b8e27f10f87818d1d95ede
SHA1: ac9f9560158372e431b82e2ef7e25c085a380fcf SHA256: c994d3ee356aa9389bde6fb72076a5c83cb2fef7d3d933765552bb723b241a1c SSDeep: 192:mgFZLqfAw7dMHs/q6VXmKPGrPooSsIK9gXpW223CMuF4XqxH:pjLqJ/HFmX5B90hz4XqZ |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico | 1.12 KB |
MD5:
adcef012f2501483445532f206582a58
SHA1: d2eddb1879e38f8847362855e27f55ea41401c7f SHA256: f3fed6980587265eecf9e94af894f45d12b5a6298dee3cf8eac1df08229641bf SSDeep: 24:8sXKSZlSrPC+095KYblMmC6b2MCb7hIrPKKfc9kj7cq3s0nPG:jr+rKHK6K6bAb7h4yKfxj7ct |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | 1.12 KB |
MD5:
3b3bfe5f653d115b3b334e8663f25695
SHA1: dc535487513576e7272447b97fc8bb08935e19b7 SHA256: 072a5e65de920399ed4332f992914c815799736797a13a84a4482011176ddfad SSDeep: 24:8sDxN/mYhj3Ewx96c+ep7PqVUnjmMDlKMC8YNOVJYGlg:/Vp3EQUep7PqVUCRMTHWwg |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico | 9.90 KB |
MD5:
ce724d30e74bf1b804f407e026b05866
SHA1: 1f9f81260057c6d86792b9da759688415ee200f4 SHA256: 9d2e2518c08e856cb2a89b79280dc96528f62183dbbecd0dd70f01753ebffcb5 SSDeep: 192:mgFjTEQCKXZHc3+gZOYNRDWCvddBFCnBR:pJXKzkYNJhdnwR |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.54 KB |
MD5:
2fbffb28f0e264565b86ad96acaa7810
SHA1: ec26bc26d8e47f98bd17504c1101e648ee1be80e SHA256: 1e9120899eb36e325b462c13901a32fd9adb32e7ba63867c6d1ce252f012438c SSDeep: 96:+LK0PbxdYpRCQqpR6CroYKollWPlOAyIAPfaq:+ZEsz0dLoSlhpq |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
2c90b5f289242417f9aae20320f2d336
SHA1: baa97283cb21c2ff6b5e9fa744d95b112850894c SHA256: 20f45b6ecd5d7a7acd21b7624a40b325970cf8d791522571a07ac69938a42c31 SSDeep: 196608:htV04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:G4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
57754587a0fa91a6714d074861c3f6a1
SHA1: 35b895e2271298fd92095edef7370e339a07d43e SHA256: b2abd449045479fa3392869f6e1523cbac5ff11e6f90e28a3564dc417f5a12eb SSDeep: 24576:srtvoji6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0:i6tuQpcxisfQf2M6FGoML |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
8a7bc19e1ff121f1f7e658b857d3f49d
SHA1: 3bd52a94fc929bb9109d576b92ccde513f95500b SHA256: 1fd520daa974ebac904de9c5280d289387d7be85f6f7430146baa1592bdb7559 SSDeep: 24576:j0c2/9GaxaoSF0sNbQXcUwabPx9bswH/fd6pxr:RKDo0+QXcWDsK1 |
|
|
| C:\588bce7c90097ed212\netfx_Extended.mzz | 41.13 MB |
MD5:
829bbda44e023bca2da52b30215f5c35
SHA1: 0bdaa18abc341fd6f471dd69127883ac60b236b3 SHA256: a9da5a58b05d9f7f9b0ebbb768b1d0589a3591782815ab63158c178c19bd7500 SSDeep: 49152:Qt2pSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwTse9f:FtZKH2mALErq2nt7rvfI+vZpfQ |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.00 KB |
MD5:
19ef17b040b6387cddaa58878516a81d
SHA1: a9b84e738e4d5bcad2a40e86e9a754c80c35902d SHA256: b5ac8a9c1723683575cb2be3c136cd7e5040e8dd2752975c73f5519ea580e195 SSDeep: 24576:FuvZzojFV6doNrQlcqGRpOQSpKiPBD6txBkkkkk5SV:ZV6dKQlc4Fc216XmS |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.00 KB |
MD5:
0009a47ccc3baaecea1998810a8dbabd
SHA1: 63456cf1f9a36d07d03b41db0e29025974e5ec63 SHA256: b20ca5c78f2318271438ee4c50ee9b2b511e71b364d9c8e50dc680238b8ed408 SSDeep: 12288:7w8c2/AdtxaoGFXxsNz7QXcFxZ+VhjEr:s8c2/AdtxaoGFBsNnQXcwxEr |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.50 KB |
MD5:
2acd8e99f7ce200a586541f7258f43d6
SHA1: b5e914d6ffed647eea08ce3495e777bc87af6cfd SHA256: da604b1faf72aa59f6b7eefe6c27de7229faeefa635091bf9d8f73aa382add1f SSDeep: 3072:+SoHOvUzE/o8ltrxOTmOU0PhYqz6drEEnH9Mz4LFP267B2xnGD7R9x7s5uXp0:+BGaKo8ltITPh6d/nHazEFfqGD7bx7s6 |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.50 KB |
MD5:
922ec4cf26033ae88bc7cc3f3ec6fe38
SHA1: c7addb0ae48424d907d9c340975a59ba3417ff8d SHA256: 3a21070541c9f43d98568a03aecdfb21833bbc188763a9045d12299d0f330532 SSDeep: 1536:VtWEP7kUUMfmhKy6pC+KRoarP5x5QEsu24XJ4OTe3kr7fu0EZu0Ep:VtWE+VhKbpCzSaz5xXAgdTe3o7fcZcp |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.41 KB |
MD5:
dcf91bc6d90d65495655db32c1205ce3
SHA1: 7345b502ec00884d10637dfa7675144b6d12db75 SHA256: df0b492f8b87127951afa365e35c7a0445bcd16938d401fdcded6370a50f6281 SSDeep: 384:fch36QcSvFShv+40F951mBaKJBvHG/H9SwcL82IKJd+7vUVXo3xRflV2dpm+kDi:4366vgLw9GLLvH0SwqIE0VhRflVnji |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.12 KB |
MD5:
ea2fb4d83a8a649e4a8570b566b8cee2
SHA1: d1ca5cbf5f77f2ef168dae720e598ba577aafba7 SHA256: e387d4f6ff873ae01d564c3d09e8fe10206922272d3752c09ef02fb22ab6bdc8 SSDeep: 768:FA1oXsaCMsLU2V10rnUKqjH3ZGRL3JyNNuFTBDCQbp3:qU2b4tqjX+yG5Tp |
|
|
| C:\588bce7c90097ed212\Strings.xml | 13.75 KB |
MD5:
694ae3be660213189afd6504a99c9040
SHA1: 2517c32e1b17e29d2316afcabe328bce9fb2995a SHA256: 96781a8f47626cfa3b92bd1abef843a62297d35932265c65c8f49faca7b84ea2 SSDeep: 192:fEeC3zKwUvvI3+lzactgAbeQtRwZxtQXIhOP48yZgRNVKZWW:fEbmwUvZlz6slwHtQ4hOP485fTW |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 37.99 KB |
MD5:
2b5ba93e09035a2970c156ecb167fad9
SHA1: 0d66e2fe07382182815a2e031a4298dc2b6fc49e SHA256: 6ba3c0081cc96654801df8f587ae0c70a5bbf892a6d64b2352cabf12c3a38f8b SSDeep: 768:OJloTSkDN2dKHma3ZE45lU93Cm0K1z9Jat:OJVkR2dKHmEZE0UxF1z9Et |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.63 KB |
MD5:
ebdbdc1d31109a0eb51a7311b9c5b1a6
SHA1: f2a75b034d00ee15eb80ba7d29b75290d49b6afc SHA256: 23e52b1f41edcb78acbc65484b7fa5cde11cb7f764bacd0c029fcedd5a51815c SSDeep: 1536:VLCD3PUh+V/RyxWXvF8GGBFKG9zsGmcxzpGmLeQMDe53qYsOqS4GUG2kubC:NGRXvF8b3zsG1CQwkqYsOqfGUXhbC |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
7d5cc6e84ee0effae2860bc448e7a279
SHA1: f48e343a282b5710802fdd2b56a68e6556b0d81c SHA256: cea36e1351caa073713f4da5c630992a790cf76785f6d8b5d47090c10ea4e2f3 SSDeep: 98304:PuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhln:P3ZBkOK2Knq45mY4H5OMKkKzln |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
99fdc2acd2b8ff19a046b7d8c673458a
SHA1: 823cf6ce9012aabdcfd5a5a16a12d99dcc95486f SHA256: 004e6a4e6254c54836f0e90da9725f9e2efb82bb6f79656bbc85dbbe32c58a6c SSDeep: 49152:xI9V4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0em:YV4YakTo1PAdXZzKUYxs3pKZnKxfem |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
f32ded67ae8617b78520be02fb21c0da
SHA1: 025118faa1f9e7297ea8e67d626d1e425eecee4c SHA256: 6f41c4ad03d24b409a9dc3f658e16a4a4ab25464484ffedbf42d27769e1dd078 SSDeep: 98304:JQf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCZ:47BBHTK8KXZ4UuY1kB1iKFKma |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
d01ec27c91708a130af037e6218c61bd
SHA1: 0578656757a165dde59f622a1dbeaccff31382a5 SHA256: 98ae4187816aadf388687f3ef17560d65c470c08b050ddd727a4215382a7a5d8 SSDeep: 49152:71Df7P4UJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdN5:Zf7P4UJneDGnRau84KUYcs31KfFKzdN5 |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.00 KB |
MD5:
dc356f119d0c8f70273d857577cbfa17
SHA1: 44fa98a0f1be36c6fc002962f32508bff155d741 SHA256: 57475aa008811a327d29427a150e5f741acc78b2a8273cd4b513f2f443c4f7a2 SSDeep: 48:cxECyt/V61xDvE+kUwjnZVIWY/NKC1NUh4zC+7cm+8h4NxMb9Csy1CJS9:ciCytN6nvEbZeMDGCN8hOAy1Ck9 |
|
|
| C:\Logs\Application.evtx | 68.00 KB |
MD5:
12a0bd84c776662986994f436ca23428
SHA1: 70c86424f0b89a45f64d7218ecb163c502b75c89 SHA256: 8af4b9279f7cb42722611ebe52a60b90afaa7c1a9db0822373ad246a539bf0af SSDeep: 768:2oLJVwrZ0T3WKahkCdlN8ESOkuf3vj7VUfaOza:2Wwr4alKEvHz+u |
|
|
| C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | 1.00 MB |
MD5:
c0f0168cd1d44120b014b051c8a0cd1a
SHA1: 280dad4f236f5493f595916ed540f58d57ee3343 SHA256: 7d417d14c24e83873496aeab269d863d7beacbd8fbdd54e0bace2ea0d25f560e SSDeep: 3072:psyVNIVzqcaAd6mBLRdF/cjTZKPJ5r+5CJn/X3dlvwrTzt5AXqtclb7vF1rum/lu:6XNZi5G |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | 68.00 KB |
MD5:
a037edfc005aa59930f605dde4aa6e4c
SHA1: dd1ccc6a22a4696f99d7acfe7f6492dc9a72fbcb SHA256: 571b909ce01b1d5a7d62442badb307f998aa0c0776a6e9168e72d455f1acd3b2 SSDeep: 192:AhHZ9NWThp7KHITYdUqiPB5a7PBYQcPBSHmPB9TAoPBdRPBKCoPBtyPBF/PPBYuy:uHLqpuBEijUnnzpsrY35uf |
|
|
| C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | 68.00 KB |
MD5:
8aec752bfef5d5cb4f612ac2492342f6
SHA1: 14aec3cace2a574a298ff8459d825507aa471896 SHA256: c9bceb4233fccd42a6778d7652bf5db8bf8d565a90a72584fab77e7bf73e59a9 SSDeep: 384:mgyLqpuGLD79yPoM7I1PIdt2iJnPA8jI+3CESTPDq+p9cVz:9y+phoj7K0pjLSfG+e |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | 68.00 KB |
MD5:
f792266f855cf4b71bd9ba8930088119
SHA1: 5c068d23e3720764897fa383366cb809d0c4f2e3 SHA256: 89463328c7fca457bd28b4cc5be61fd57facc463be81512a1869c11fa8cf366c SSDeep: 384:wFgpLqpud6zJvcxM8quvhyO6ZG+rhmcecq9SnpZcSQw9V:wep+p86zb1QW7Q+V |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | 1.07 MB |
MD5:
24152d0b8cbea065aba080ef9c90636d
SHA1: 9386900f250de8b4e2676fc5f0b85e65c426a8cb SHA256: b3f912f51c89c48b31dccd7b3682a93bd063648b1186f067f7c52c1a2c9f6a7a SSDeep: 24576:otMstMF3ztMRtMM3a67qUglUgGTuUgtUS+Ea2wEUCaJwt6Qz:otMstMF3ztMRtMM3a67qUglUgGTuUgtv |
|
|
| C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | 2.07 MB |
MD5:
efd3b7b28d6d09159cdeb6b250b7cfb4
SHA1: 0743fe328582f57d34a3421589b438f8a13e3416 SHA256: efdd2f81d1057392ac8a5a9e43533cad22d141ac82664b72b9650d18fa81b3ba SSDeep: 3072:J2K9biQD5KrsOKXQbwkqBYxbJ1OAzLU5vQ4LkTK2JNiHim5WN/jAQgskNi+k4/wN:2QDB7cPT |
|
|
| C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | 68.00 KB |
MD5:
ed61f945bcab92cedc6e7e83775044dc
SHA1: fc884caa949384adef0ef2b216b5c99aacced75d SHA256: 46dfd6934ae44a6e19be655b01280883c49bfd22ad4be1bcd335f955fd5f990e SSDeep: 192:e/pOAZMNWThp7KHITxBx02pPoa4JY8HZtBn1Af2tEFYs0D4cNzsVRlMalGYoFI2T:m+qpuEKz |
|
|
| C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | 68.00 KB |
MD5:
04f8a82e54defb3c31ebe928a81d65a4
SHA1: 5da9e837248e3211319e4e637313ac41aebac4e7 SHA256: 67681bdbfff7bc3135154517b93f594eef7990a78cef0fff54f9845c3921a626 SSDeep: 96:BIWg3/pTvdHZ9NWj/m6p7KAwITW9JwtbzTgz6+ke:Bpg3/zZ9NWThp7KHITwJczM5 |
|
|
| C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | 68.00 KB |
MD5:
bfeb256a5fc40e0156cedf317a4f213b
SHA1: 5a9fca3b40f9496de99da1b48dee2516df3542ec SHA256: 719609a3c97de066432686f9f3e7f9bbb4f43a7b146426234eecc0a1d1a85397 SSDeep: 48:9EVD5RqIfLiaO2HZx2iMHtP+j/EXML0QKMJnnyRAwITOxAB0I/E/Rl58:ml/rO2HZMNWj/m6p7KAwITxB3/ERl58 |
|
|
| C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | 68.00 KB |
MD5:
249be9037aede45f9bb808ee0b2879e0
SHA1: 060a21ff5b4174472c8231ecf7c7b682648b6c94 SHA256: 159b7075b7e4df38cac4465bdf0455958e1086abb2240c8953027258d393a505 SSDeep: 96:BI6+/+O2HZMNWj/m6p7KAwITxBUuTPlS4IgXUfI:Bm/+OAZMNWThp7KHITxB/pS4DXUfI |
|
|
| C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx | 68.00 KB |
MD5:
5e3a13c853876757d3ea6e970d50063f
SHA1: bee361a27dad4bbba09e29eed2aab6a8e80d1678 SHA256: 3543c866869d893a4100fb91b7a8a64e3c33543ab1a605e93ade00d58316a14b SSDeep: 96:R/RO2HZMNWj/m6p7KAwITxBj7zUXIO4UifluUX8OmeqIHmauYs:R/ROAZMNWThp7KHITxBHzhUwAveqqup |
|
|
| C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx | 1.00 MB |
MD5:
c58e53eeb528d6d4c9d489c0a79bc477
SHA1: 14725b0db1e5bdaa5a84a684660af33e6c264e53 SHA256: d52382b44ab381e3e52d9b7a038ff2c2ef77dc35e849b9ba429f1b9a91979d82 SSDeep: 1536:KnYOLwtSRDyQhAy3wLfEjleACUuZh4tITxEkUaItk0S3/lzJ+AnMQ3H8M4SQYIPP:kFKSFIT2cqWca3/e3ocM9QXPU |
|
|
| C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx | 68.00 KB |
MD5:
122b6c9828b5d070f1978a24f5282894
SHA1: 652d06a0bbb364aaabef8fa67d9aa762dd319f27 SHA256: b394afd3949dff3f7e2896265761fe955f3bda06c2119c4fa7ee6a678cffe099 SSDeep: 1536:JS2pgoxfzBE5D6QKhzLkm+4Sn1raSZ3YfaX6FU+ldnlF8k2:kv |
|
|
| C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx | 68.00 KB |
MD5:
f5ce7cf2b8c6489572cf66555bd49606
SHA1: eff33509b81a34c84d34a6a56293ea7d4a0cf004 SHA256: ad59f64d4b90ee934952284e2d6817ba45604201f1252f3fac542fec5d0f5408 SSDeep: 192:vcg3/RZ9NWThp7KHITJ6NW6gh6iD1F0gx42aggOM:vcgpLqpu7kh+b |
|
|
| C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx | 68.00 KB |
MD5:
3c3143a313d22c6789698174a471dc82
SHA1: f21b5443960db8bbc77f0fdc130a8668f6d451bf SHA256: 7d43b68e2f7f13e754e0e65c611ecd7d70c2bcaf2abe2530203c1e92feaf0938 SSDeep: 96:5h6g3/QCXdHZ9NWj/m6p7KAwITCP3v82qv1fqjc8j5xhU45I4TmZhv/50P:5h6g3/9Z9NWThp7KHITC3/CTKO6 |
|
|
| C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx | 68.00 KB |
MD5:
0fc06bd9b8b1c2f3eee2d3b9729e83ff
SHA1: ddb46c3c23c347736a083560eca69edb51258424 SHA256: f45a41b0edbb30cbde28bb1c280798aab9d5a52c1d9ef661a661df6596d5534d SSDeep: 192:/tg3/EZ9NWThp7KHITCjnTngykAZSeWHtT87:/tgcLqpuHKcSeutK |
|
|
| C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx | 68.00 KB |
MD5:
e4fbab4f3570620e4b8b15f9d0a80a0f
SHA1: 52135ec2a742b3f10e6766b2177c06b15e991854 SHA256: 33e3e674f56746eebb2fa1b39705383c284ada03d19ccffd38fd1994d56c984a SSDeep: 768:bF+phjcrCX6PtKYVgJO1ILBKCzJxciZadAB2Dv9:bFNrCX6sENiVKCzxa42DF |
|
|
| C:\Logs\Microsoft-Windows-International%4Operational.evtx | 68.00 KB |
MD5:
dc9cb169e95cec34092c2299a21b0efb
SHA1: 70b23a1dcd5af5d6ae92fd44256666289b727c4c SHA256: 13a4e7781931620ae6b0004727c42a4de96571edd8a0c7055fbc364d58963618 SSDeep: 96:pg3/NdHZ9NWj/m6p7KAwITCZ25QR+bZcwJTZgtUL:pg3/fZ9NWThp7KHITCZ2uRX+TStUL |
|
|
| C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx | 68.00 KB |
MD5:
24b5454c66c123452b998401521af48d
SHA1: f77563d9bd9b95235ac14a96f1a2394eed7d479c SHA256: e21af332e1758f75f36c4a11c13baa57f29293c09d30cbb2f662ef71bd4279f3 SSDeep: 96:U/o6O2HZMNWj/m6p7KAwITxBefSMrYLu11:U//OAZMNWThp7KHITxBOSMkA |
|
|
| C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx | 1.00 MB |
MD5:
51058df2cd63762d13bcc74261c4e869
SHA1: e98914b7e4f729e580541222e0f181b2944a1607 SHA256: 6729b4ea23fc0827a86e12b8c3ceb2fd34252d2341a998f7b6698c79118cd0c3 SSDeep: 1536:H5BfGirLSTjCXDHY4uui3z2HEpbj7pz/OnTP7oHHCthw0Uv2Q+qgFZBquL0RYpBj:ZBSiT5y2HpfDCCsEVV2vH0sbW |
|
|
| C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx | 68.00 KB |
MD5:
a344d13bf213224d12147a01d6dee66b
SHA1: a6f8369dd78ef4e87cc42f6c42b244d6bcf0541d SHA256: 9e1b292cdd0e5a8f46fc802c0409b5c6f33fac1ce1efa626c6f3b5755c800cae SSDeep: 48:6AD5Rq1O2HZx2iMHtP+j/EXML0QKMJnnyRAwITOxABdgRv7piJIpm:6+/6O2HZMNWj/m6p7KAwITxBdgnfg |
|
|
| C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx | 68.00 KB |
MD5:
40443403470e35acf14cf28831cd57da
SHA1: bea2080f2b70442f73ac326a3b6586ce05879912 SHA256: 5c4d3cd9f9a2bb718da175c80922071447803814925efeaf4dee6a3e93f1bbeb SSDeep: 192:L/LOAZMNWThp7KHITxB0PKfjl0nlRrkqqVKTWvn8lUabbif:T+qpuESPKfilRo0Lbi |
|
|
| C:\Logs\Microsoft-Windows-Known Folders API Service.evtx | 68.00 KB |
MD5:
8fbdd689eb137a05b4b80bb331a9d874
SHA1: 09545a6a2c1ae27468fb766860f8ed30e45b9ebb SHA256: c21ecd2e939f8bd08820fee70c2d1f445ba493d05d3012483921f1cb64ff56ee SSDeep: 192:tb3E/8OAZMNWThp7KHITxBDllZyL0cbLoYfiC:pd+qpuEJoH |
|
|
| C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx | 68.00 KB |
MD5:
641067274b06169cc5a623c4f3bf9bf0
SHA1: ee0f9b0fa4a88e45169a5bc55fd6be9fdfa47621 SHA256: 0cd5a526cac3eb980b948cb026f7551cd5fbb04391c9c6e5bbaa3bc8f2b3f4af SSDeep: 384:5gpLqpuFK6ZzG37pc+7A7g1B75xJ7x7j7hL7f:qp+p+Kqz0pji6tZPhHf |
|
|
| C:\Logs\Microsoft-Windows-MUI%4Operational.evtx | 68.00 KB |
MD5:
711ad2f83c30314f894cfdeb35b84264
SHA1: 95fd7d9505444d1574f2fa7f1e4c861bc0436012 SHA256: 00b34142439006836b16338c822f6e9879d4ae75e1a45c45808155ccc6b0baf3 SSDeep: 192:Jg3/hNeZ9NWThp7KHIT60qq9PgPfbUpGdFNHhAsxQC4zrc3dqSmub5shmEqxJJkC:Jg5NeLqpuFESLUQT6CII3AqbsKoFEymh |
|
|
| C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx | 68.00 KB |
MD5:
8e4747d453bcb6d5282511f4e969111b
SHA1: ca9802d039f4ef7ab6c8b6d6155f8fe0079c8157 SHA256: 5582664fe4eb9a6006c6cc3462ed3777301b8a1878702763fc6ee0f906253a82 SSDeep: 96:E3a/lO2HZMNWj/m6p7KAwITxBFoVitCL30vGwqIHmavBv4OXP:Aa/lOAZMNWThp7KHITxBFoAtEENqqNzP |
|
|
| C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx | 68.00 KB |
MD5:
2b6dfdd2db520a297d42d43a2bea9b5b
SHA1: bec502d1d927fd341f522984bcebe329e9814495 SHA256: 83d34e4176fe69cd275e7c12cff699bc851a79ff36fc7579217140cb8b887abc SSDeep: 96:E7/oO2HZMNWj/m6p7KAwITxB34vuAFnqa:K/oOAZMNWThp7KHITxB3CN3 |
|
|
| C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx | 68.00 KB |
MD5:
4fc96c1b2d8446f8a9d7c554d761e683
SHA1: c3b97cf4dd71ebcdeb93de1c03e932d95bf9bb36 SHA256: cb2ad27c36c3bf39d6d68e3b9fe696970a9274ac6e90e16375a3f7ce952aa00c SSDeep: 96:ENg3/FDKdHZ9NWj/m6p7KAwITx2/BJi1eYGFO+G2YaHBg:Cg3/SZ9NWThp7KHITNMYEgaHq |
|
|
| C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx | 68.00 KB |
MD5:
0ae5a5c33d30e6d4ac726c2f43ba1834
SHA1: a87f31b4d14690881fdea28c3436a59f075e1884 SHA256: a6eb8179531be6fe7b1f1117df4a15fa0e0cba8c927b95870ebd49eb4d3a0652 SSDeep: 96:BIwg3/PdHZ9NWj/m6p7KAwIT3rB3SXHUzv3:Bzg3/FZ9NWThp7KHIT3rI34v |
|
|
| C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx | 1.00 MB |
MD5:
e9cecd4008b6d23e4fd7bd2d9c5947a5
SHA1: ccb4fffef8ece93b5a73861fa0766fad58473846 SHA256: bbd2207c14c38a8cf9b90cbff0aa7ac21711a93465bbda552fc31b79b2dbb2fc SSDeep: 1536:lE0VD3xqS4Me/YuF5Y7wdYqk1Yxx1Y1MIYzwf6YrlQYCz7YiYVYyONYxkmY2kMWT:LhAtZAy+ct1xoOEaBv/B7VsZf |
|
|
| C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | 68.00 KB |
MD5:
bf8546658a8f34049f6340adda76d3d2
SHA1: 449d71cc390bde52c53e9bbb2ee2890289e4f04d SHA256: c12f4daaf70913d97094fb6f49bea0b88e2479aca4debb0f6513d1abfcd5a394 SSDeep: 1536:/NIUa5whVi/TciM55Pu+8uc/6s0zxrLEajHG:e/TLmV8uc/6lfG |
|
|
| C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx | 68.00 KB |
MD5:
40549177f0084d94e86eb0f17f4f78b5
SHA1: 14e1b13289b776b71396a19205a958675bd00305 SHA256: 518907c9d5506fbd16a8c9a82038f89e86d499c0e254671a52d5ec43f03f9af3 SSDeep: 96:BIqrg3/udHZ9NWj/m6p7KAwIT5Go0Vj7firj7fLqrjigCa:BVrg3/YZ9NWThp7KHIT2iTLqGa |
|
|
| C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx | 68.00 KB |
MD5:
75e8921767a4a889c8b666c4fa0d1a3c
SHA1: cef59e9ecce0fe73bee78c55ea588af68b308356 SHA256: a0a49a4069d7ef747a91d7ef28b526fc1cc5e4b5f1b333a45a2d8a04076ecce3 SSDeep: 192:LrgpVZ9NWThp7KHITn0zaVEjy+CVq9M94v4m:XgpVLqpuC2y+eS |
|
|
| C:\Logs\Microsoft-Windows-Store%4Operational.evtx | 68.00 KB |
MD5:
6bcb5a18c999dead651e6561294a5cf2
SHA1: 564fce2120fceca8963a4f6fe94d6478abf8d1c3 SHA256: b274b70774074516ae271a62f10d3542b42e677d01e69ac0c9c4f2e7412d64bc SSDeep: 96:Cg3/9xdHZ9NWj/m6p7KAwITC6ARN0BOFsu:Cg3/dZ9NWThp7KHITORqBOFsu |
|
|
| C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx | 68.00 KB |
MD5:
e5024e6c25cbfff0b7ac6ba3d4725537
SHA1: a7e1f782f140eecf02938fab522eaedd0e2f5d9f SHA256: c3f2bb44c4a3d175cec5c307a4ebf67264c9b05853c1eddb4ce7a8b902afb6ba SSDeep: 96:pPg3/KldHZ9NWj/m6p7KAwITjvGX81jPJ309VjZZcuLh9VPbZvum:pPg3/KHZ9NWThp7KHITY81jP10PFhPT |
|
|
| C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx | 68.00 KB |
MD5:
e5930030c1aa45f5673583e1542daffc
SHA1: 9d44d0b46eb7ef3e5c574b8c54662be029a8f766 SHA256: f8aeaf0eb77291ba26a32fc0486454d84070b889c450938cbe7292c88a6b8fcf SSDeep: 24:3MisssYrposssssssssssssssssssssssssssssssssssssssssssssssssssss9:5rnRqUroJ5FQ3OHHw |
|
|
| C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx | 68.00 KB |
MD5:
c4e334ac63e1d0b38191a7f2c6504662
SHA1: 0ccb88d7b43b9901f27c293beb4993f80ea34e9f SHA256: 41c712f36471e56092ddaaca458e4c73c0d9dc32084fb419b309eaf730414532 SSDeep: 768:69p8zw0wJwOw9wywswzwfw+wLwwwnwUcwowmKrXXjwZwXwz/0gsmBxhjrw9CwF:60Ta8XC0gsmBxpgz |
|
|
| C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx | 68.00 KB |
MD5:
d365f7b5e615198170dc7de965d353f1
SHA1: 1459261024e02974a681f51a3cab52c458a07786 SHA256: 87e59ebf810bd5cdd044bdff9c915d4446418a14ce50b5a0c9e14bd88d65a56f SSDeep: 192:Balg3/RZ9NWThp7KHITsTEc+5p+/izg+/:BCgJLqpuB8 |
|
|
| C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx | 68.00 KB |
MD5:
a21b38cfb581bacaecdeae35643bf25d
SHA1: 28e375967e7e0380caa2cd46e5addf6c8a928302 SHA256: 74ea269a52f0b0031536f3954a366417e9c8f75fbc1aa03c9c47b857c91f9cdd SSDeep: 96:Ehg3/KwOdHZ9NWj/m6p7KAwIThOji9U/nlLnfDF5gCzQ4:Wg3/Kw4Z9NWThp7KHITB0lLp5gB4 |
|
|
| C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx | 68.00 KB |
MD5:
3e0ddb3cf5e9ce69abc36d0dc05e6d4c
SHA1: 60b485d9e161c581a100e67a0b1ae4072212c146 SHA256: 36e08875ee8241a0def0a53fb9e1f49a7547d19492d2b917618de0803b053004 SSDeep: 192:Sg3/nZ9NWThp7KHIT/cWsDeyPefBt6HI3HA5Y7cHLCPb:SgPLqpuQaAOe |
|
|
| C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx | 68.00 KB |
MD5:
8a464fdc777928b4dc71e2a52d790015
SHA1: 5f2025a3ee6094848246c9e065d39956b1c64015 SHA256: b4a546d64c6bed54682da7aa20aab0a22dbd914362cb2577ae67d35bfe857d0f SSDeep: 96:EYXJ/eO2HZMNWj/m6p7KAwITxBwhhEVqqIHmasAAfQq:NZ/eOAZMNWThp7KHITxBwhyVqqqsA2Qq |
|
|
| C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx | 68.00 KB |
MD5:
42b55597eac505245ced5fa516acbc3b
SHA1: 091407fc4b96e91c31eb798e408b98088c61141d SHA256: f8645f854d579a644cfb88fc46c9a37db9d098b43017cff9a9512c2ca2809f24 SSDeep: 192:P/uOAZMNWThp7KHITxBtrZ5uxIzpxkwqqtt6OrQI6rMlMr7:O+qpuEbIAiA0Ku |
|
|
| C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx | 68.00 KB |
MD5:
8eb3705c0b4e0f3ee88868f956531c02
SHA1: 0492b48249465d3a999697c15e39f92793d2bd67 SHA256: a1d83d51496175eeb1c59c6dacf98682121179c94c568e856a7977d885e3119b SSDeep: 384:oAgRLqpujVgpJP35E9T9pY+HYu7R0Q2h0o1Yh:oPR+pQpR9 |
|
|
| C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx | 68.00 KB |
MD5:
026cb26f46b4b91643df621f7624d8ae
SHA1: 2d32f0a82faf86db7ce6265498e4a6b25f5149a9 SHA256: db356933539c371f55d68969ffa0cbec98698122c96eafae4f99882abecfc1f6 SSDeep: 384:rgp8LqpuOqx/28I1/LYQ9Rmlr69J1ubZWQe:My+pf0aKJEKYQe |
|
|
| C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx | 68.00 KB |
MD5:
ce35bf1954c57c933923e3af1983258d
SHA1: 5a91199c9bfd04b3a06661a10261d88feffe320f SHA256: ea606cda1ccf294980b6edc14f80c9b36c20d42fc2f5cc434c57cf92f51ee42d SSDeep: 96:ng3/moswdHZ9NWj/m6p7KAwITZNqIxhjn5Tq3q25m17Y:ng3/9Z9NWThp7KHITZwIdG3q+q7Y |
|
|
| C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx | 1.00 MB |
MD5:
8b1210925d0de4889b9e7b9461606e07
SHA1: b1c5fef07855cbd8aa93db9a53c2d3a6f7dc7be6 SHA256: 619b0cf553e170841464cf04a47575ad745090e1c1fd6d702ea22876bb91d807 SSDeep: 3072:jz6U2UkU5UrUwctJukNj+bdU1UuU7UD6:juj1g6+fsbdE3y8 |
|
|
| C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx | 1.00 MB |
MD5:
d23ab7f72d5e56db3493df2351a589c3
SHA1: 8b827e2a48d0a71a1ec31e854213f7f2ccd75a64 SHA256: e555a395bda8ea5107d58a4447aa286b83ac2a5e9884ba0d94b1fc4e9e35be4d SSDeep: 24576:s1lNh4gVYClhuAykFVvjw1PMiz0Hn3I+7Kky89CJrP:WlNh4gVYClhuAykFVvjw1PMiz0Hn3I+e |
|
|
| C:\Logs\Security.evtx | 1.07 MB |
MD5:
7d11ce738a4b7729f02f8a615b02ca9d
SHA1: 98c3abdf3d5ca4bf1543977649650b3aa1e8909c SHA256: 96da247d42caa4b3ae135dfb3d8e2c382224afa90ad41658f80df2b261775f14 SSDeep: 3072:MnL85RrTvDUySEI8pLQokMvj+fAnsxfZ1mpc3Q5:Mn0j08pLJ |
|
|
| C:\Logs\Setup.evtx | 68.00 KB |
MD5:
77136245f2f578d8b6414831e08c41a2
SHA1: 47148896425f3e61d087c9e9cc74870e4bc1a37a SHA256: cda7cdd419e7f49ab77189de9f33b7f2cd0894c6676ff752c0b8890c5322dbf5 SSDeep: 192:WIgHnJZ9NWThp7KHITsKaBua2Jt+a1PaxIeE:WIgHJLqpuaaIasPag |
|
|
| C:\Logs\System.evtx | 1.07 MB |
MD5:
3ea6616bcbb89d07cb8b430942f6e9d2
SHA1: 502370d7f003efdab12ff0291ac1b62164167454 SHA256: 97e995d327efa095b1ea8092b0fbd83807f2721ef3f230fbf5682bb587dbde2d SSDeep: 1536:DQ98qfjEKzNayye2XauJMixdmQWWKQvbecjyzXbd89taEzGTuuLYw9Cu4RDX/vYX:klzJzcjyzB89tzGTuu9EYTycjyzB89 |
|
|
| C:\Logs\HardwareEvents.evtx | 68.00 KB |
MD5:
b86b83e6a45cc46d4568fb86f0360b33
SHA1: 4059316266818e6c1d0df13cfcc8d8546b59fb82 SHA256: adb9e471c6246fcbd1d8a56f13587f350bd8f06b10c4f437100e9b1bf20c5f4d SSDeep: 24:3MisssYrposssssssssssssssssssssssssssssssssssssssssssssssssssssq:5rnY |
|
|
| C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | 15.61 KB |
MD5:
2ae1b932715c6ef4661f76e4767aa9c5
SHA1: 5555a2e002ab3da211d0434b3264f364996b5fd5 SHA256: d22f974c25f3aa4c8d6e48be7af5d071090efb31c3801c32469a7553f1ec7201 SSDeep: 384:6mfbc5BBcdQbRwIHXxIvV10xb/YxwJ+DuneF:LiBBcabuohmkb/GwJveF |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml | 4.04 KB |
MD5:
f24e996d0b176f75cdd31409a66cf15c
SHA1: ba5e8c5152e0dcf4c79313ceaf894d0062dea3f8 SHA256: 31ae4a96a5b7277f14fc9a4f4c9bfe510df034ea4f2edf84651b03232c84caeb SSDeep: 96:FgHI3b+vsmVQ/HbUAbqGk893z+iGGi3+/gP4ODRQymD4nh0:zqvsgQ/oAbqzGzMGZowoE42 |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash | 102 bytes |
MD5:
33f2bae58d2a1b0e05116ef8246bce31
SHA1: 08387c3930b8703e20f43425b13a4da6316a258f SHA256: dea8d41d84645a3af564f32d93bfc9b7b9225e47f0df8bbf5e1e975dd867471b SSDeep: 3:M2xRQ8scz8yTM6Q8KZye0UB+c12olvl:Wq8qpQ1lIol9 |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash | 102 bytes |
MD5:
7d2d9a590f63b61c17c1ed64fa9994ad
SHA1: 66077ed3324279f253353d97351585216369673c SHA256: 05abd98a5ef3cedc83f9fbb5cf100742917e5799d1aee90798825c0fc68637c6 SSDeep: 3:GGgmZA0sTReDs9P6vCoJHv2u12olvl:jr3YeDs9yv5JPzIol9 |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml | 4.67 KB |
MD5:
f8032745b800b24978fe1dfe64ee0221
SHA1: f693bda69686ba75f76076f8e8589b8e83ef1324 SHA256: 3d71abf171652e1ed9993e502abcf501b25c476c91efc27f106eb7b43400f6b5 SSDeep: 96:Fy3VNydddxmVX6l3NttUjuonLnID8UPmKrcukyPlszGg+:UadtgKl7tUpzIYUuKguky9szGg+ |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml | 4.35 KB |
MD5:
83461603f102b2bb8512cc24688126e7
SHA1: 8e0c5bb62f0ddf5d300952b06a72b1759205aedf SHA256: 004c64ffbe86ddfd4b05c8ba3ae950af3acfc27dc171621a6ab818af013a22e9 SSDeep: 96:7aS3KPAsI8mVpcx1nAyaAtV7jCfuE8INCgiTG8jejf9layaGwC6aE7M0ahuT:7aSaPI8g8HF20gUQb76JbaC |
|
|
| C:\ProgramData\JSWRM-DECRYPT.hta | 8.76 KB |
MD5:
1054782cd9b2679c948485222138be08
SHA1: f93e95056d1759337b84b9600cdcecf54591e643 SHA256: 40abd1ef8c14d612f97cdd8400d29f58d7bcfe651fef21dee79b116178f9899e SSDeep: 192:bo0GEDyoIDn23bEw1buSNKSf5JBzIHi5GvEGTkgR3t4c2ZS0d0Bo/SpjPoME:bvDyoID23bb1bySnSvEGAg0BmTm |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.24 KB |
MD5:
98a7519a55e5361c2714f75d85c6575e
SHA1: 7a56e88aa1cae621790c93fb55f19cb8a13a2660 SHA256: 8e7257b28a9d3d61f855539ab9ee7f4ae3d4a7ecc2f4f7f55bb101d1902446ce SSDeep: 96:GcsRoEFbeSfUrpVgilOHoulLNDRcmhaNY:vs2EFb5crLgPHjNRcmiY |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.44 KB |
MD5:
80c5f69e62e0b56ac881b2c2b8adc726
SHA1: e6f108058fab62a1eb0be09d2aaa2b7d2e618c36 SHA256: 65af95e5931a39ece6217e3e46b7d0347538a3aabd74a0ba5f78ff176ba5650c SSDeep: 768:Eaa4oJytFUMYhgCxxoBkC5xXe2vbeqvWrPckN+tE7msBzSc/WdgjXjx9JInD6bXG:Ez4NML2bYoSO0XeI45ru3pN0NMwq5CES |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 894 bytes |
MD5:
dfb735e481a2cf000b40ba3ff49f8ad9
SHA1: 4eae3c791407961b542331239c596a29807df9b2 SHA256: 995e96f57437724936b0568ee36d1cf12e87cc24652814bd2d52851b60ba255f SSDeep: 24:JMssssCKinsMB2LI0szvJMlAM7ss9IHZdAWs6f4QfM:JbKO3irWfPfM |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.67 KB |
MD5:
988b652ec72342e62b74be86b8c81d78
SHA1: 1e197885b22a1129fa197cbffdaf4eaeaf4478f5 SHA256: ee00c4cc44e7b15f3d6772dbe809135aa8abb75071e1ee6b893c5bb9b30b2b63 SSDeep: 1536:Ia0KsXZy939HBro1AVSwFikT7zPy2j0R0LdCiHTrnjsuvChcuQwJCiHbe7siHKen:GZYhHlThKxeUhsPbBcJW7Y4TaZIl |
|
|
| C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | 68.00 KB |
MD5:
c15756b8b84340db80365436f537054f
SHA1: 962168ab142c644780f481802666d951d2a7f150 SHA256: f90fa12893f71c5f63eeb24ee8bc4121eee3572c9665b3d166c95b0cf70ab049 SSDeep: 768:tbw+pXTntlNBbn6uz5H6zZDS9e/xlYargUraMgtyD1xcGoiCvFBnZPYYf:tbwmrHDl8lZZ7g+HoHLiy |
|
|
| C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | 68.00 KB |
MD5:
ab7cef79ab9a67eeb334d04be698532a
SHA1: ddcf4f06ff59d726b8bb8f213ab9f6336cfc6f42 SHA256: 9f88e459da3c75d7ebbf1cc0a31505340f0addfda4a83f4858e19c785a8d1784 SSDeep: 192:Acg3/0Z9NWThp7KHITC+zTb48ExeNoxei/pLNCT3akjVA:AcgMLqpumzfM |
|
|
| C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | 68.00 KB |
MD5:
932602e10b597fb1cffe4014bbdf0f70
SHA1: d3f0f6295780e37c6bb66a071d9724fa83499561 SHA256: b42b1cec20e775a02e5027f3d4b823e9ea317ab12305998725087ca9baf6b243 SSDeep: 96:Esg3/+dHZ9NWj/m6p7KAwIThgIRZr8G3gSM+kgHGMK4T:Dg3/IZ9NWThp7KHIThgIJgSigmZE |
|
|
| C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx | 68.00 KB |
MD5:
9e99ca928cc1db9dc44a37ff976e2700
SHA1: 98cf2116edb1ae2af4759a8f4513623017bcfd01 SHA256: db79da555b960ad39dfdf3f4c1e30339c435bb92a4c4be71f1958087eea78098 SSDeep: 96:EvhF/Cu0sO2HZMNWj/m6p7KAwITxBYFC3CNPJC0rL9ul:EF/jOAZMNWThp7KHITxBYFFC0r8l |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | 156 bytes |
MD5:
0e1355627c7261214f61a7e83c7af623
SHA1: 64aed878a844d8da448c16e25c1e5c849ca309a0 SHA256: 66f2e360b58bee5e39c301c36b63efa50d1a7918df2a65c0713900ccba91cfd7 SSDeep: 3:/o+3nZAZhh895GbgQOiALPR+f299sydzMhSSM06+DOx8+T1qn3bWr:92qbTQb7fWTdzMh+06+DSMir |
|
|
| C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | 577 bytes |
MD5:
d93e9475f60b53a8538bc63b2320e7b2
SHA1: 759ca85599b4b552e294de76fba81e9a32c3773c SHA256: 9ea8002f99f1af28fb7901f46fd3c0c4110b264b215db393c060a93c493153a4 SSDeep: 12:YLNNE4r/7k5MHgOGZYVQGe+cLChl8gYskuit79COnXhYhfVL/UAfMBbpUA/Mm:YLY4r/7k6AOmh+cLCggYskVtv89LItpv |
|
|
| C:\$GetCurrent\SafeOS\preoobe.cmd | 74 bytes |
MD5:
8885806a34ffbd4eb4d2fedacc168009
SHA1: 374405953a5dc7f4bc48f902268b50ea4c9556ea SHA256: fd2c247aa8959eac5a7de921531842eca63b2f16842cfcf8a18c038b50e5b736 SSDeep: 3:GbkGrzlFjk6kHsV+UuYPhENOxv:b+Hg6x4YPhE8 |
|
|
| C:\$GetCurrent\SafeOS\SetupComplete.cmd | 307 bytes |
MD5:
eb0517b2eedf6f4a19a65de1b65461f8
SHA1: 37a21d5f0cd27e82d5f4115b316e6fa0c4122977 SHA256: 71f71e54c40605b7c6586d2b55b24be2fb0bd5d4856e5bbb3aaaa1482b16e6d4 SSDeep: 6:YPjNax45o8oO0jSQ1NiTBTC0t3kfKPIiacvOMGYou1NzPnG2nH5pYhsgDceHUyCy:YLN64S8oOOiJ9t33PIiaEOMPRjG2H5On |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.39 KB |
MD5:
dd160c840cc5c51256eb56cd1225b999
SHA1: a705aab7946a9c0a1142468a42b2a32ea9a3416c SHA256: cf234c184e85a98fcb21a2e39d6969ef821fe6731e64dfd61dbd8b8c7c2546ad SSDeep: 192:MToyaqiyAavgeELdtXrHEJiGgkVzfbXzoCO7IT6/ol2:4oqpgeELdtrExPFaW2 |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.47 KB |
MD5:
44716000de27e59d22a366fe0ccb54b7
SHA1: a3d033708f639a05690fda91901d8b0977e8983d SHA256: 1c30705b551a92ce9fa7f9ec9c9cc04a6020495a1a3bead97689ad6a657e3c77 SSDeep: 1536:zQTlFXRoHozWMymVcbEj9Na5Hld/xEv08:YR+oz3hVcbERNa5Hld/v8 |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.64 KB |
MD5:
fc6adfd5e8e7cffe644307019a3d9a38
SHA1: 4037b2f0abf50da60a9943e1952be434237befea SHA256: 8d43f7ef6ea3f347a004f9bf176e6713bd8eee014b2976e4b02a9ccc8d8f4280 SSDeep: 48:RaOlO9nGoN3cweUL6fGYLDRtjNfQHDtDXKFHBj6GQjgDhn3D40uKfSmJNvAG88e4:8ES+m2GYLDRtwmHN113kDKfSmJqG88o2 |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.07 KB |
MD5:
6f6c764800b137f217b9af83ccf5409d
SHA1: f1e6e29821989cd0bb0798b4888f1389e7286998 SHA256: 70422dd7a9e63e3ae32e81a633f1e69fe5cf06b11b1817cd6f7cb59728589e5b SSDeep: 1536:pIinLVJQhcadexQTik6f78YIlyH/446ifJok1XZT:pI8BJFxA74RxdfKMXt |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 75.93 KB |
MD5:
4e6fe79ad5fd3ae28a426315ce4c251b
SHA1: 0042f58c7e65e338d9e78aaf57cebdca7ac20d73 SHA256: 8ebd95e53309960a22746baa76cc95b2b5d5f019af49c2ab428f579bd3b7350b SSDeep: 768:3SkGxsz7QXQ9ZHsZFDA4jxnw5D1qZODnmbrPOBzWYrcNhM6iLTBV0JsyF/Lhs4W0:368ZMZF+StbcoHpstnQCE7xqPXm |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.34 KB |
MD5:
37e4bfaad498054e84ef168540c289b0
SHA1: a678c77f6abdaa445aa61a52d575b31a9c719f65 SHA256: 6d3aafd09d5f90dcdc71932c0436e7114209e74a025ae6ff2aa201e0323920d6 SSDeep: 48:fu4f3wm4GDYgkPGAL+SU5n9a5LLFLL35kXboG4hiwbQZXkfuc/NNNcijek6grBgX:G22gFALgOF34boG1wbIXatFNmHvYG82 |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.42 KB |
MD5:
b6fc45665d72d0a23e346a905335ca68
SHA1: ccb968318a861d012b9fe00231abb2a6262de2a9 SHA256: c7a9995733474946b82b4c46bf63915f3f25ea010815e3fddf0c6c39ee0be091 SSDeep: 768:AaUTSmN4BzIMNa9U2OeuRvcSsXWwaei5xiRGJ301RImwcKoHURyDoX185lNdv2ZW:NUOkXMNRsUmDW1waBYk9ZVQi3T9Zg |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.67 KB |
MD5:
1c5b219f3c8e4abd9b702b4b0b880cb1
SHA1: 40609faebbd73b0ed67415f71f83d0a9e0f75df2 SHA256: 4fff33f7d561253ae4634a9f07ca578aee2863ef7e0945e95dc671f75325f81a SSDeep: 192:9iMhAS4PtMPqKDYwOdNACyp6cuv4VnpnPMH1mFZPc04CNWVHvT5cz4dNu2:9iemtMHJ+Ni6Y5hUVmFZP34CwVPTDdN9 |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.26 KB |
MD5:
b339558cb305af5b22a46b8ab920f20b
SHA1: 69592ef75ef8fc79e1c620eff34a1fcf9f6ba212 SHA256: ffa4c4dc3093d0b35110895b11d008ff7fb8fb26b75e9cfac7d3399f2f6f8871 SSDeep: 1536:WIv+LYIYvUHjC7mt+CbU/y7jBcaLT1/CZBl:Ww+LYIYvUHCG+Co/+jKaLZCd |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.11 KB |
MD5:
7f271266289f063491d9c93fd2d25cdf
SHA1: 431b833ad3375d4511df34856c63cb5da1d9d668 SHA256: 8f60851890eb03f6f2fd2f127f78251a4650b259aac078914c5c5e41ab58aae8 SSDeep: 96:GpBHw6brxegOp5QtuvgNHaanmKnauX/xr:YBXbrUgOuuviHnmKF |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.42 KB |
MD5:
35641e917ab0d6eede7df21431158b7e
SHA1: d53c4aa14e6356d7b100193e3d37cb78fb044002 SHA256: cca5fed607dd4503b7e846dabc4f4270d90f0a09f671f548946f7ee5a7eeefe7 SSDeep: 1536:lCnuVwjSExK2qAlKsv/oN0ywwv86kNSRA:lCJDk2qAlKsvQ+yw7D |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.62 KB |
MD5:
562a6ac4e70120a5ac69c5ee15fb9bab
SHA1: b1f08b7e9efd8474ef865db6f7dab60d13205dde SHA256: b51943d3784d6ac69da8da6587ca7441059302c850b1dc3201b7ea6da0f15e1d SSDeep: 96:G2fASxKv+yt638witpSb6Y6kz7H+V01Gp:lIMKmkbSmkn+01Gp |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.22 KB |
MD5:
c96baddba908c4d2336a8e3d6e956887
SHA1: b72fb512fdfb21d0ae54cc65cb67f89f1da326c1 SHA256: eb0d1dc0a92e7814339b40b1292146dd48258cff884002552171c24b023dae64 SSDeep: 768:sYTBOc/75jckNaK/EzRmwT8orGLkNajqWsb/m4YWd02aotLk0LDAiFR0JUhnc+D4:Hw0UGEt6o2aDFX/5JnlxDhvp07 |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.44 KB |
MD5:
6fe510cd793ccec5d69ba9515faed5dc
SHA1: 8f89c081b7063db181055dbdc0e70a73ffb212b6 SHA256: 9560ade9e644e84cd762a10107c864298e0cb381979df183f00e23c54e5cbd0a SSDeep: 96:GcUigBDwRAl42b335+HPzS3q5SKSDKInrTqx7Wcn0b81:vUigGR+J+vJHInrTqxicniy |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.02 KB |
MD5:
601c607e1aa811ee373d7a50ebb87d20
SHA1: 9adc24d61d2840fac3f7f5dfd71db37cd9883041 SHA256: b90aff6dc182653d9c4cb98396436129a161545eb1037f1242821dd285a5ea64 SSDeep: 1536:i7CPCr8k6OC3z5y3lbK2GyRiUgml6jI4ez+U6hbzn3HBY3KN4:p5Cm2ElW3KK |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.69 KB |
MD5:
dad3d7cf3197e75461d613fad936aa48
SHA1: 75ef9b799ce2509b731c5718f3cf1e5b4d7d82e5 SHA256: 0324f8fdea893dc2174533b78626dd54ff52bd96eb56c338f3562c404328bd1a SSDeep: 96:PRMoPh48SA/sD3q+X52GdUGs/1lNXM99gwucHb9gg2I844asBGbuofglUwlWO36:PL/S2sG6DUX/1cU4in44rliDe6 |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.39 KB |
MD5:
9b0e9d1e1062f9fd5a8c64b89410ca0d
SHA1: c6eabe02f2ac083cf06cd7192d9dde1adbfd0787 SHA256: 79403461aed17bef83293c51326607eb6a4ac993316e4fe3b9a95a4110cc45f2 SSDeep: 768:avhNa/PkT6DMUN8TlCPkirrRepkjKMAx4HNQ0engXP/4iQh/x0xosowQIUS7QDVH:C0PlFeeNQ6NZqiTC/Ove/84 |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.15 KB |
MD5:
33bca5d14bb480c8a94b1f7c300f49b3
SHA1: 8ed740ef563e8bc2bdb37e181cf9f69f13194563 SHA256: 096b7a680c03c31bb76b2a97182f5a3098a36c4240e39158101f0c870d65a4be SSDeep: 96:n41XLmUk2/cpbLMr8mJOiba5V4BRW1yNQb9Bcleapt4u2:n41Xa7OkbLMrlOie4AyNQbTHapSu2 |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.42 KB |
MD5:
1601da309c7f939d3d59b1543c42e99b
SHA1: c4ad204cb2bfa28c2f7c3e9915079fcd9f7b97b4 SHA256: bda3e53f2178d876da5d0d7a695e1f2edd60b1fc2fc7991ec59a5d8f75ef11ff SSDeep: 1536:qTihtePQERciMU68cpZftvS3GxAqVXgX55qjJ0udR:zhgQajEVY5MJvdR |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.56 KB |
MD5:
32b608794efedc80837a1d42c9d635ea
SHA1: c4fe230897560023b58dd6905db79a8e6c858f8c SHA256: e5c1ddf7098098e892b893aa5082fb5f149d0d9a871e27c169b9216173cc720d SSDeep: 96:rtdsCDL3edSe9lwa/C0qsm3hd0NgVhLtL047t4vl232:PLLOdTUadm3hdXLtLn8w2 |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.18 KB |
MD5:
a5b0e53f1d8bd3ed5579c1a83930a9c4
SHA1: 6cc233a9f00a424aab40dab020a82aeb38782eda SHA256: 71919cd6c8d86a2d01679f3f6c3b04c43f050f317d9781b75d8abdf918f86006 SSDeep: 768:YWVxkUkOupa8r0ZmWp66LGPvaOsgIKiFQzfKgygA8g1+5zNpmifNgMxP/1cUidF9:bbkOPhkZXaN3FQzwMpwizq |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 9.89 KB |
MD5:
9f76d86e17a2dfe29c3c789be0edb232
SHA1: 10316ab048a46cf5cc532dfa9f9949a619f60321 SHA256: 428466b7f1ee3a6d0d98cde78131cfe956a89017c1d0eae8df14974f5cc30a8b SSDeep: 192:MaAy2rAC0NjQU5/ZuYkknida8j1MPHxSSCr5yGfN/jZh2I7z7HJVmq2:Mab2rACnC/ZRLua8BMPH+5yGfN/jT2IE |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.63 KB |
MD5:
d383958970a26eed6d2fd358e1889ef7
SHA1: 4b0869ba5b9227a8f3944226ac5336a893104e18 SHA256: 97bb5876566d01cf31d43860cb10defd3006683dae333333a0652c7a90dfe643 SSDeep: 768:Qum/wcqZXCKhdzdOViJONi7fduykDdr3bi6Y18g4x5zrMsVltxdKB/4y9564zZhM:QFj4DxkPZrVGL64OoCZ1+LsfMa |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.39 KB |
MD5:
66f472c5c452cf298c11a19a7807d7b5
SHA1: b591d359cadcbe0f4301627a3c19e3eb550df98e SHA256: 3e2f3338289accd6de71f24cdd14232badb4a90d354b3d0ab7bdcb71413bbcf7 SSDeep: 384:auEDHV2vm7aTKSREumQlQ4bLfEOrJi9o3ee4eaYLkpOZ32:yDHc1wGMaV3eeTvQpf |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.71 KB |
MD5:
97a2df74f1edb1a25001f42ccc0371c1
SHA1: 3912767e659f848904c06a9f1a202283d808b4f9 SHA256: 245e8f6f8055bcc215e096ea30f360e20746d617adef5e62395cb34c3e4becb9 SSDeep: 768:qTl/QY9NDmYjeDx7OyIGP5VR6Du1B0BH6YNQ9V/oCl72ugR9hJQNnxFY2LooeW9/:qxVgRN8qOk82lrmI |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.46 KB |
MD5:
c8713cb1532fb8b6f24a43bc92f91e23
SHA1: 83a861c9a561f84c44a01be39dae5119a517eaf2 SHA256: c04c335c350d91181d533aaaae6296c29214a7cc306e5dfffcfcf8a335eed996 SSDeep: 96:radsCDPjrJIuyI1uGPeMo7cHPHK7Oe8O7uhdrp6P2:eLP3JaMeMooPMoO2 |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 77.77 KB |
MD5:
809bae4df46847ecff12cd692cfd3259
SHA1: 532e738c0ac043bae429ea076624faac89e7e957 SHA256: 045a38c4ec7ecaca6c196428e14c4aa7795ead0fe0da856dd68d760cecd7ddaa SSDeep: 768:m0picuzMNYNN2ZwTPr9jlbED7VLvAK04PGZqDh7z0gdHOR8h6FY24kVegukS1Q4z:Qz7Pr23um6i2nytIYwvJWh3p4s |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 2.97 KB |
MD5:
2a054a15f0de4a684ec5de740638e347
SHA1: f38bc3ee5f1ac666ccc45cb8981cd761953c2156 SHA256: 72775306377d1910dff6b5a4ac31190f71d65f950a477ca4c0bee59f585bc6e7 SSDeep: 48:KUtdd0TC2a3IkttatUSZSS77Qn9Xogs1ioQaLTTQkXq9309RffgRzp8Pjad2oEr6:rtddsCDxtASS77QnJghQa/keq93iRff2 |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.44 KB |
MD5:
718433ef4ada5555a9276fb928ad663e
SHA1: 8d25de4231f464584aab95d5bea9c4e02b26c6db SHA256: ab094a11e18a2810792935f1f2a9c742dd144f050bf1833e64efd435ac0ceca4 SSDeep: 768:/R0R/FSulH2wL3ZDnDTyEQ0q65c5KJ7y6MD7TCqIkCsMUCnTWLaq+xjzT8yw77Ug:bIH3z52nIi6KlA8WFwsnujaI |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 3.95 KB |
MD5:
d862163f68caaea30f210ef407fbde12
SHA1: 0932e467852b454c17f7dd5ffae8e59225ec6e61 SHA256: b906bf965d35f2f068217f2f798bf8e362e2c0fb77b0bc945eb26d1958a732c1 SSDeep: 96:rZ1VjBn0DkAOOt/fsTnA+Mf2mIK34NHNpmqzkxP0QifoEoazmyPBJZlyVQ:F1Vtn0DD/CnA+H7J20rgazmyz |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.60 KB |
MD5:
63d21e4e8207e630d6673fdec3fb43f1
SHA1: ca288225cb573e6a379e7b7b4e7a2dea40e88674 SHA256: 67812f32c60a61f917021755594ea9f65f53c2be96ffc9892fd6b57a462ebb05 SSDeep: 96:radsCDfU+/0vwNphx228WoFKRMKtaeeBF/zwO9vu2FOqeE7uh:eLfD/hAERMKt0n7vuBqeU2 |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 78.85 KB |
MD5:
9e6c0d6f0af517dcbb6537304209c5aa
SHA1: 5eaa8cb909fa778a371b8beebecf29abf84761fd SHA256: 224df6580784c100a5b4e647549a0b522d385b8047ec77e98ea6b821ac90e786 SSDeep: 768:BUJ12Dv2S3lzpEsIleb4yEdUgXBO2OgSMRTYPlATZuX20n/Y+ZT4IPe10JrzIVjG:bll28bIYP/P5UX5UD/9/AVhZW0u |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.18 KB |
MD5:
0fa7820f327347d927ecbc2b2e8bb09e
SHA1: 964361e809f84d027b95c8717e6945e36a1ae21f SHA256: 4b8972c7a6dde5864179dce06f4871fb77438a28ae8305378330ef14540a81bd SSDeep: 1536:PWTaGIKm/S9KWaoaseMMddqy21sp6B7VkPfl:PMarcKLseMMnQsp6B4d |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.57 KB |
MD5:
90cc97838a3c692b68eccfe1601018e0
SHA1: c71614be1f2cfcdac8b598300246b50ae118a20f SHA256: 5caed0f0a97071888e6b85640d5cdaef814c55860de0b74e3485f1f6a7f5587f SSDeep: 1536:a2VIDxy9AaPE+LnCyjdzBKsmaZvKnRGmtWiAUyY0Sws:lMxyuaP9nCyjdzBK2vYRG6GUyY0o |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 3.77 KB |
MD5:
776957fe434ce91e9cac992bfef8917d
SHA1: 17beec9f15e82d50bd52531db734a8c16d392480 SHA256: 688c3a5b54a2369bbacb2971263f8187e072af20e54bac42bfaca901c7106fb8 SSDeep: 96:rbdsCDM5IMSMTOOdBoGF/Es9NWpNLqB5o47GIly:VLM5JJTOIln+NuB5oWGIly |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 75.86 KB |
MD5:
2c14da7b4ad7dea2bcebabc32520a0a1
SHA1: cbbb9af046323fd4774bfd5cfff50f4220b624a1 SHA256: fcc47ff0797d0b456303353bb6486b235ceb34c638d40cad31c6011a84644afb SSDeep: 768:EG1/gegcRAoMqpZgpeNQGjg+5AbdhmfLsMs8V2d0MasLg4ZZR+hoUWoXqE50z6kQ:RQklNQ0gNpDz+SHilnYvi4FsgeDp |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 3.77 KB |
MD5:
84aca34268cec5a1215680c91f0a8c62
SHA1: af9733159a35a9249b93021ae5ab39f1246cd4e9 SHA256: d889da3a009d771b11410aa6765eee400ef4e3dca67bfa0a5dbcbdde5e457f50 SSDeep: 96:D0hL7v23juP8bosbdQqlwWVPF8qXTb6MIvo:Dc7e3jG8jdQqFrXv6Q |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.02 KB |
MD5:
5dfd9c9b6d55eb69b748a904798e289d
SHA1: 59ad7181c9e837fb5f8542406de5b53bb75e2412 SHA256: 203d88504c0146a620ffbe9fc84c8ad79fbb6f0db71e41d0bab3b242ea63195c SSDeep: 768:yt+yZosKI2qLjzAaTLzVhoxnopnl30pUOuCsKQ/u3hZzYeXCbXAzalq0Jky1mxIc:yfPRJxi3Lzh9yvp3JVes+UyTevfQXF/Z |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.69 KB |
MD5:
dcf80c19d92a7e8c4cfcd32e790bb6fa
SHA1: df38e7b7b906697bec874feeac315fdb75b0d933 SHA256: b7cbed16a494cb9927fd19177e1a58a593c8307a011e5d9809f6e395ae8e620a SSDeep: 96:GgWwsptJfETf35Q8oYrmbO/WUTS+3+N7iESpyE6K+Jp836r64I:H94a73C8oYMkH2pNmESFopLI |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.26 KB |
MD5:
b4bde9384644fbfc5f1b9b3d8af97b6d
SHA1: e70e38fafdf163ed87756be1bdb1a76ec1ca443e SHA256: a76e705cb32ea28ebcdc5239c760ce1389212666077d9c09dd204f008bc8cc01 SSDeep: 768:o6T1E6iPvTlKx6KjrpqkbFFNbJgW+mHH/0nXiwv/dUNyiQFkb4iWJCbRBsGwhOBK:5fPx53t/MdCEPlTQRbuN5W/JvHir |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 3.92 KB |
MD5:
9093f4de4600188d9ab1a0a89eb498dc
SHA1: a1ef4ad58fc824be3eb2099c268818a1d64dce04 SHA256: 9aabefd77589a071de9e85a36eb1cb1030720b7e24693afb5d270bada620bf46 SSDeep: 96:r6dsCDlGeHzUDRTiso3F7Pfhz7wYZMWQ4wGgxFf+zgod2:uLlGnReHVPfhXwYhQ4ZgxkHd2 |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.37 KB |
MD5:
a514e1cabd97eb0aa53534ee5a0750c2
SHA1: afde8a7b4e0a54322b292ddd96ad61303dc9ed9d SHA256: 8f6f501de11f51bd6e3c988fe27a9a89051e766b49dae56c7a485cd2ce09ea34 SSDeep: 1536:eG/56/g5ooFsJG2Shl+FdqCHClC8r7QfQf:ei56EPFiGR6dqc+B |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.16 KB |
MD5:
8f7a7aaa3ff95f2a98b691ad62b633e4
SHA1: 5fe4827358798ce1b928e30c77ac0c0f67b650cc SHA256: 26be68c3dfa9a2623ee28e84ce4833d781c473bfe03762b6f78ea95d2c4c29cc SSDeep: 96:3z3hyR9hXqfx/zV2YtyodAXUVjWRjyAkvzMff+lphDvk+tJD1ESLJU+h2aItoQ39:jxyRmZ/zA0AOiRtmlDvPtJDR3bIJN |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.39 KB |
MD5:
44e329542d055f86da30ef4fb6889fb4
SHA1: 8035eb7e6f65ed75de1e6bc904c7f6b81b1c4f4b SHA256: a5e5af60e05742f3b3a86da39bb514e0e2d20a439f51d0883bfd8aabd8c1a8a9 SSDeep: 768:VauPD8nzpPYQ5uu5Ss2f0eM01/vBZk1RyWVckMF+81w7DyUDuxeANSfXLXQxwHPj:QndPkJWgjbNO |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.00 KB |
MD5:
6c6cc76c5e7ace2df98c55e22ecf80fd
SHA1: 4c9450abe64d261e6f68e0f7e019711406ba40f9 SHA256: 9b8174e2e3b696d96ccd35146f1bc980d8132b34b2185615a45148635956ded1 SSDeep: 48:fuGf3wVEtnAuo2f1eSSr/OGbf3mraQfjyiqV86qeH4f8yEEK4pXEBw3/Q992:GcwQAz44SSr/OS3xlV86hH4f7EE9pXMw |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.12 KB |
MD5:
a10363b0e634b33329a424450c294b49
SHA1: 0df0a3a9d5e783c2ac259833430e043ad6935933 SHA256: 678378d411708f12ad0671ae3aa9da3832ee8611d5acc36ed26209666577f31f SSDeep: 1536:RoeWxgIE7vOjhTZa2BidOWxfq6FmqKI62Js:RopwCO2BuO8LFDi |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 197.07 KB |
MD5:
217de3a7c58b4b6cfcac9f41ad9da924
SHA1: 69aa393e6de68dc28353f4b11d892744984aaa0c SHA256: d9b88a3575f2feaab5598295f7c54825e8be76f495acb639a9d55043a480160d SSDeep: 3072:LO+EijnX/5GKsHOOcxaNFolaORAadWDKZXUPUaMIl:Fo/pK4Z |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 38.13 KB |
MD5:
c257af920b990b03c6fb069fd84e28a4
SHA1: 02671a2617f08755b1f81a091f383d0b4671a0ad SHA256: 803d578dd6de0c999468effbe346bbcaa08c7639c671475a4c821495736a061c SSDeep: 384:f2JJTuQOWxIQlb81Hw8gMJA8ksJIaY6TnXpu5a+KpPDpzapGUYdpR1Yp+RGZWbQv:OJloWxhb88Mh5NbI6980ut5K1z9Jat |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 15.74 KB |
MD5:
d6a7781c2fd39b6b431d2fbd6cada627
SHA1: fef0262495fa379b56f42ba019484f115f70788c SHA256: 87e7a8102932763df1047f4d955cfba3d5fab2ee6243520a8060661ce34762f2 SSDeep: 384:d88Hq3PAlFf3LnFh5jWfNZ8qXwta5qMZ/agIObNn:dY/6FznFhFuNZ8qXwtESgIObNn |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.46 KB |
MD5:
a8d58fa4821343cbc40294b9097851d3
SHA1: 1738f98b2765d30c239b75a54dff4de4e0fd79ef SHA256: 03d4b496cf6f56a10aa33afe7f65e085e51ba288c15accc3a791beefbf001edc SSDeep: 1536:tc62x7czvqdp2piT8j9VXQbU82jf7NPenibvwcV24Gysd8wl0I:c7gvqnfoxgUJf8nbc4479WZ |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 91.13 KB |
MD5:
b1634ae295a90b4d75bf5d901aac028d
SHA1: 6ff5f076b443fc68ec402ab542b4a96d9073f664 SHA256: d6f040c3cb32b2358dd3ebe1e64485596f4194e57ec3029f1cf8b22f3ce6b73d SSDeep: 1536:fRXiWs8mu5HP3/6gOeHULtWhLZK5MjOGU7H38VowAG9d84GChLZK5MjOGUlWbUY+:pSE5HTU37sYalK |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 38.13 KB |
MD5:
60232f5c6b412b2dfcaa212e0d8c416f
SHA1: 59e3b99135fb456d5aa5c9dce73b469bab5ab76a SHA256: ca0650e42f64f3fee53b17d605a8a953b10da097fecbe6502e381f50ed8e5389 SSDeep: 384:f2JJTuQOpK3lgrebRoYSyuzSceTkQxaYPTGxTtGRMbQ54bQN99tW+MGylKbQLaQU:OJlopK3lgaVHEeFnikly5P5IfePaiA |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 1.12 KB |
MD5:
fc8b4ef4adc5527753fb093bedab5e6f
SHA1: 580702fdd13469c02957c40e438de1f0831ee435 SHA256: 1c3eb2372892a493b4c1e496fceb440e6b7bcb1581db72d2ab1ef3d3f5cdadee SSDeep: 24:8ssssMh4vTDTATORkxohCEkjZ5zZthDz5si1iHssch:CvgOuxoNkjDRtjzh |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 894 bytes |
MD5:
9c16d6c47b91ef97ca786c950931f41a
SHA1: be0012d681b3a57a77e59c43ad903a95f47c0720 SHA256: 769bbb8fed865726fb9e3a8be2d29836e086584964df7745f14dc5546a2786a8 SSDeep: 24:JMssssBsEApQOeZ+Lsx4gwnSL7vhss8idHlYht+slQfM:JOOGQg1lHlJfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 894 bytes |
MD5:
e10a9472636af3b6e29c74b1d9f9cef0
SHA1: 8434f5d9520544dc0f025b576eb22e7938f10b78 SHA256: c0570927ff98b1bd7507468330d04b2ce7869e3a9c75ed3d5f20fc9e62b097c5 SSDeep: 24:JMssssh4vsM0mPkLsWuXUULB3lVssZC3pMIsgQfM:J6wk6VK3GfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 894 bytes |
MD5:
d4a8e5d3857c149bcbab8b1d0df20f90
SHA1: 1c569a0a0008fb93b1d7b90680a5cfe19496df3e SHA256: 23fb03f1067c7c7d4d8cfdf61c6a293824f304c2b1c86d99bb9663c2bbc253c2 SSDeep: 24:JMssssSn6rsCRJKMEDgs8zW7V13ssuaxDW0saQfM:JL6XREMOUaSfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 894 bytes |
MD5:
63cc5e0f024afe787a4c1d1b0f1ac58c
SHA1: dd7d4173cc6549ea13608a13a5628116dff76c04 SHA256: b41ab04c6ebc287305ad838ffd47a6f4e1b86b103b773f31d8b3f76c2d4d56e9 SSDeep: 24:JMssss0fseQmn18sT2lkmRhcxfrwHssa06ylLs3QfM:JjnmIxwnhfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 894 bytes |
MD5:
7823e3301da08cd9590773ac18e7ff50
SHA1: 24ca1db5cc66776ac2d3c37781b56af22523f4d0 SHA256: 1b20ed6c281d73a227212cfefcb91b493f882a14fe4ad78f8a5bed5863afd9f1 SSDeep: 24:JMssssPosdJcansvZXDCEoPssxFutvlYXsLQfM:J/kNuefM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 894 bytes |
MD5:
96a6411fbf707df5c64be3e41e7920e4
SHA1: 147b8253f93da48ff26a9cd27959494c61fc1fea SHA256: f58ac345947e2cea711102dce78f0b89271b132575fb5df40dd7b1888944c715 SSDeep: 24:JMssssW8vsmFEMjh5pTOLdscFzRmZyJssw4UENPM6QHr+hsgNQfM:JJ8vf59Mr3hvN8umfM |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico | 894 bytes |
MD5:
3e3c72d9a4ce134e39081186aeb34208
SHA1: 7d10d0c989af391728a2b0229bd73387195f48a8 SHA256: 86ac17e8d967230bd7965dfc4062704e7e0e429270cad266816992276bbe0680 SSDeep: 24:JMssssqJs1AuSAM9zQas2vJES3Ztagssx1uqXX/5lsC4QfM:J+SAk32SJXu4v5dPfM |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico | 1.12 KB |
MD5:
f5efa2fd532e74e69b07b6d2e904a1dd
SHA1: bf5f88086c17da1975839eb5b1e90ced7b4f9221 SHA256: 4455c87020661fed3a18078fdf52ccb9626cebb664eadf8955bfce20ac6ab49f SSDeep: 24:8ssss6lyHIL0RgAirsw0RQb2Agh2SGV6tYqrTxssc3L1n:gu1cREGwN8Pm3L1 |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico | 35.85 KB |
MD5:
8e3e32b1a827d5c554bd2124e12eead4
SHA1: ce25182833da0ab5c5ac052ac522c9d24b14e884 SHA256: b1a600a01694cbe7f916295b5f4e992e7a8dc884379dc98870550157ed5e85f2 SSDeep: 768:FXjVyJM2iwj7BCQvq1zB1NHSdZgkiarsR/Gj9VXnnl:FV4M2x7cQvqdp2piT8j9VXl |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico | 9.90 KB |
MD5:
69e79296a8b8e27f10f87818d1d95ede
SHA1: ac9f9560158372e431b82e2ef7e25c085a380fcf SHA256: c994d3ee356aa9389bde6fb72076a5c83cb2fef7d3d933765552bb723b241a1c SSDeep: 192:mgFZLqfAw7dMHs/q6VXmKPGrPooSsIK9gXpW223CMuF4XqxH:pjLqJ/HFmX5B90hz4XqZ |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico | 1.12 KB |
MD5:
adcef012f2501483445532f206582a58
SHA1: d2eddb1879e38f8847362855e27f55ea41401c7f SHA256: f3fed6980587265eecf9e94af894f45d12b5a6298dee3cf8eac1df08229641bf SSDeep: 24:8sXKSZlSrPC+095KYblMmC6b2MCb7hIrPKKfc9kj7cq3s0nPG:jr+rKHK6K6bAb7h4yKfxj7ct |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | 1.12 KB |
MD5:
3b3bfe5f653d115b3b334e8663f25695
SHA1: dc535487513576e7272447b97fc8bb08935e19b7 SHA256: 072a5e65de920399ed4332f992914c815799736797a13a84a4482011176ddfad SSDeep: 24:8sDxN/mYhj3Ewx96c+ep7PqVUnjmMDlKMC8YNOVJYGlg:/Vp3EQUep7PqVUCRMTHWwg |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico | 9.90 KB |
MD5:
ce724d30e74bf1b804f407e026b05866
SHA1: 1f9f81260057c6d86792b9da759688415ee200f4 SHA256: 9d2e2518c08e856cb2a89b79280dc96528f62183dbbecd0dd70f01753ebffcb5 SSDeep: 192:mgFjTEQCKXZHc3+gZOYNRDWCvddBFCnBR:pJXKzkYNJhdnwR |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.54 KB |
MD5:
2fbffb28f0e264565b86ad96acaa7810
SHA1: ec26bc26d8e47f98bd17504c1101e648ee1be80e SHA256: 1e9120899eb36e325b462c13901a32fd9adb32e7ba63867c6d1ce252f012438c SSDeep: 96:+LK0PbxdYpRCQqpR6CroYKollWPlOAyIAPfaq:+ZEsz0dLoSlhpq |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
2c90b5f289242417f9aae20320f2d336
SHA1: baa97283cb21c2ff6b5e9fa744d95b112850894c SHA256: 20f45b6ecd5d7a7acd21b7624a40b325970cf8d791522571a07ac69938a42c31 SSDeep: 196608:htV04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:G4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
57754587a0fa91a6714d074861c3f6a1
SHA1: 35b895e2271298fd92095edef7370e339a07d43e SHA256: b2abd449045479fa3392869f6e1523cbac5ff11e6f90e28a3564dc417f5a12eb SSDeep: 24576:srtvoji6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0:i6tuQpcxisfQf2M6FGoML |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
8a7bc19e1ff121f1f7e658b857d3f49d
SHA1: 3bd52a94fc929bb9109d576b92ccde513f95500b SHA256: 1fd520daa974ebac904de9c5280d289387d7be85f6f7430146baa1592bdb7559 SSDeep: 24576:j0c2/9GaxaoSF0sNbQXcUwabPx9bswH/fd6pxr:RKDo0+QXcWDsK1 |
|
|
| C:\588bce7c90097ed212\netfx_Extended.mzz | 41.13 MB |
MD5:
829bbda44e023bca2da52b30215f5c35
SHA1: 0bdaa18abc341fd6f471dd69127883ac60b236b3 SHA256: a9da5a58b05d9f7f9b0ebbb768b1d0589a3591782815ab63158c178c19bd7500 SSDeep: 49152:Qt2pSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwTse9f:FtZKH2mALErq2nt7rvfI+vZpfQ |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.00 KB |
MD5:
19ef17b040b6387cddaa58878516a81d
SHA1: a9b84e738e4d5bcad2a40e86e9a754c80c35902d SHA256: b5ac8a9c1723683575cb2be3c136cd7e5040e8dd2752975c73f5519ea580e195 SSDeep: 24576:FuvZzojFV6doNrQlcqGRpOQSpKiPBD6txBkkkkk5SV:ZV6dKQlc4Fc216XmS |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.00 KB |
MD5:
0009a47ccc3baaecea1998810a8dbabd
SHA1: 63456cf1f9a36d07d03b41db0e29025974e5ec63 SHA256: b20ca5c78f2318271438ee4c50ee9b2b511e71b364d9c8e50dc680238b8ed408 SSDeep: 12288:7w8c2/AdtxaoGFXxsNz7QXcFxZ+VhjEr:s8c2/AdtxaoGFBsNnQXcwxEr |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.50 KB |
MD5:
2acd8e99f7ce200a586541f7258f43d6
SHA1: b5e914d6ffed647eea08ce3495e777bc87af6cfd SHA256: da604b1faf72aa59f6b7eefe6c27de7229faeefa635091bf9d8f73aa382add1f SSDeep: 3072:+SoHOvUzE/o8ltrxOTmOU0PhYqz6drEEnH9Mz4LFP267B2xnGD7R9x7s5uXp0:+BGaKo8ltITPh6d/nHazEFfqGD7bx7s6 |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.50 KB |
MD5:
922ec4cf26033ae88bc7cc3f3ec6fe38
SHA1: c7addb0ae48424d907d9c340975a59ba3417ff8d SHA256: 3a21070541c9f43d98568a03aecdfb21833bbc188763a9045d12299d0f330532 SSDeep: 1536:VtWEP7kUUMfmhKy6pC+KRoarP5x5QEsu24XJ4OTe3kr7fu0EZu0Ep:VtWE+VhKbpCzSaz5xXAgdTe3o7fcZcp |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.41 KB |
MD5:
dcf91bc6d90d65495655db32c1205ce3
SHA1: 7345b502ec00884d10637dfa7675144b6d12db75 SHA256: df0b492f8b87127951afa365e35c7a0445bcd16938d401fdcded6370a50f6281 SSDeep: 384:fch36QcSvFShv+40F951mBaKJBvHG/H9SwcL82IKJd+7vUVXo3xRflV2dpm+kDi:4366vgLw9GLLvH0SwqIE0VhRflVnji |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.12 KB |
MD5:
ea2fb4d83a8a649e4a8570b566b8cee2
SHA1: d1ca5cbf5f77f2ef168dae720e598ba577aafba7 SHA256: e387d4f6ff873ae01d564c3d09e8fe10206922272d3752c09ef02fb22ab6bdc8 SSDeep: 768:FA1oXsaCMsLU2V10rnUKqjH3ZGRL3JyNNuFTBDCQbp3:qU2b4tqjX+yG5Tp |
|
|
| C:\588bce7c90097ed212\Strings.xml | 13.75 KB |
MD5:
694ae3be660213189afd6504a99c9040
SHA1: 2517c32e1b17e29d2316afcabe328bce9fb2995a SHA256: 96781a8f47626cfa3b92bd1abef843a62297d35932265c65c8f49faca7b84ea2 SSDeep: 192:fEeC3zKwUvvI3+lzactgAbeQtRwZxtQXIhOP48yZgRNVKZWW:fEbmwUvZlz6slwHtQ4hOP485fTW |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 37.99 KB |
MD5:
2b5ba93e09035a2970c156ecb167fad9
SHA1: 0d66e2fe07382182815a2e031a4298dc2b6fc49e SHA256: 6ba3c0081cc96654801df8f587ae0c70a5bbf892a6d64b2352cabf12c3a38f8b SSDeep: 768:OJloTSkDN2dKHma3ZE45lU93Cm0K1z9Jat:OJVkR2dKHmEZE0UxF1z9Et |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.63 KB |
MD5:
ebdbdc1d31109a0eb51a7311b9c5b1a6
SHA1: f2a75b034d00ee15eb80ba7d29b75290d49b6afc SHA256: 23e52b1f41edcb78acbc65484b7fa5cde11cb7f764bacd0c029fcedd5a51815c SSDeep: 1536:VLCD3PUh+V/RyxWXvF8GGBFKG9zsGmcxzpGmLeQMDe53qYsOqS4GUG2kubC:NGRXvF8b3zsG1CQwkqYsOqfGUXhbC |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
7d5cc6e84ee0effae2860bc448e7a279
SHA1: f48e343a282b5710802fdd2b56a68e6556b0d81c SHA256: cea36e1351caa073713f4da5c630992a790cf76785f6d8b5d47090c10ea4e2f3 SSDeep: 98304:PuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhln:P3ZBkOK2Knq45mY4H5OMKkKzln |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
99fdc2acd2b8ff19a046b7d8c673458a
SHA1: 823cf6ce9012aabdcfd5a5a16a12d99dcc95486f SHA256: 004e6a4e6254c54836f0e90da9725f9e2efb82bb6f79656bbc85dbbe32c58a6c SSDeep: 49152:xI9V4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0em:YV4YakTo1PAdXZzKUYxs3pKZnKxfem |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
f32ded67ae8617b78520be02fb21c0da
SHA1: 025118faa1f9e7297ea8e67d626d1e425eecee4c SHA256: 6f41c4ad03d24b409a9dc3f658e16a4a4ab25464484ffedbf42d27769e1dd078 SSDeep: 98304:JQf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCZ:47BBHTK8KXZ4UuY1kB1iKFKma |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
d01ec27c91708a130af037e6218c61bd
SHA1: 0578656757a165dde59f622a1dbeaccff31382a5 SHA256: 98ae4187816aadf388687f3ef17560d65c470c08b050ddd727a4215382a7a5d8 SSDeep: 49152:71Df7P4UJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdN5:Zf7P4UJneDGnRau84KUYcs31KfFKzdN5 |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.00 KB |
MD5:
dc356f119d0c8f70273d857577cbfa17
SHA1: 44fa98a0f1be36c6fc002962f32508bff155d741 SHA256: 57475aa008811a327d29427a150e5f741acc78b2a8273cd4b513f2f443c4f7a2 SSDeep: 48:cxECyt/V61xDvE+kUwjnZVIWY/NKC1NUh4zC+7cm+8h4NxMb9Csy1CJS9:ciCytN6nvEbZeMDGCN8hOAy1Ck9 |
|
|
| C:\Logs\Application.evtx | 68.00 KB |
MD5:
12a0bd84c776662986994f436ca23428
SHA1: 70c86424f0b89a45f64d7218ecb163c502b75c89 SHA256: 8af4b9279f7cb42722611ebe52a60b90afaa7c1a9db0822373ad246a539bf0af SSDeep: 768:2oLJVwrZ0T3WKahkCdlN8ESOkuf3vj7VUfaOza:2Wwr4alKEvHz+u |
|
|
| C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | 1.00 MB |
MD5:
c0f0168cd1d44120b014b051c8a0cd1a
SHA1: 280dad4f236f5493f595916ed540f58d57ee3343 SHA256: 7d417d14c24e83873496aeab269d863d7beacbd8fbdd54e0bace2ea0d25f560e SSDeep: 3072:psyVNIVzqcaAd6mBLRdF/cjTZKPJ5r+5CJn/X3dlvwrTzt5AXqtclb7vF1rum/lu:6XNZi5G |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | 68.00 KB |
MD5:
a037edfc005aa59930f605dde4aa6e4c
SHA1: dd1ccc6a22a4696f99d7acfe7f6492dc9a72fbcb SHA256: 571b909ce01b1d5a7d62442badb307f998aa0c0776a6e9168e72d455f1acd3b2 SSDeep: 192:AhHZ9NWThp7KHITYdUqiPB5a7PBYQcPBSHmPB9TAoPBdRPBKCoPBtyPBF/PPBYuy:uHLqpuBEijUnnzpsrY35uf |
|
|
| C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | 68.00 KB |
MD5:
8aec752bfef5d5cb4f612ac2492342f6
SHA1: 14aec3cace2a574a298ff8459d825507aa471896 SHA256: c9bceb4233fccd42a6778d7652bf5db8bf8d565a90a72584fab77e7bf73e59a9 SSDeep: 384:mgyLqpuGLD79yPoM7I1PIdt2iJnPA8jI+3CESTPDq+p9cVz:9y+phoj7K0pjLSfG+e |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | 68.00 KB |
MD5:
f792266f855cf4b71bd9ba8930088119
SHA1: 5c068d23e3720764897fa383366cb809d0c4f2e3 SHA256: 89463328c7fca457bd28b4cc5be61fd57facc463be81512a1869c11fa8cf366c SSDeep: 384:wFgpLqpud6zJvcxM8quvhyO6ZG+rhmcecq9SnpZcSQw9V:wep+p86zb1QW7Q+V |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | 1.07 MB |
MD5:
24152d0b8cbea065aba080ef9c90636d
SHA1: 9386900f250de8b4e2676fc5f0b85e65c426a8cb SHA256: b3f912f51c89c48b31dccd7b3682a93bd063648b1186f067f7c52c1a2c9f6a7a SSDeep: 24576:otMstMF3ztMRtMM3a67qUglUgGTuUgtUS+Ea2wEUCaJwt6Qz:otMstMF3ztMRtMM3a67qUglUgGTuUgtv |
|
|
| C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | 2.07 MB |
MD5:
efd3b7b28d6d09159cdeb6b250b7cfb4
SHA1: 0743fe328582f57d34a3421589b438f8a13e3416 SHA256: efdd2f81d1057392ac8a5a9e43533cad22d141ac82664b72b9650d18fa81b3ba SSDeep: 3072:J2K9biQD5KrsOKXQbwkqBYxbJ1OAzLU5vQ4LkTK2JNiHim5WN/jAQgskNi+k4/wN:2QDB7cPT |
|
|
| C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | 68.00 KB |
MD5:
ed61f945bcab92cedc6e7e83775044dc
SHA1: fc884caa949384adef0ef2b216b5c99aacced75d SHA256: 46dfd6934ae44a6e19be655b01280883c49bfd22ad4be1bcd335f955fd5f990e SSDeep: 192:e/pOAZMNWThp7KHITxBx02pPoa4JY8HZtBn1Af2tEFYs0D4cNzsVRlMalGYoFI2T:m+qpuEKz |
|
|
| C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | 68.00 KB |
MD5:
04f8a82e54defb3c31ebe928a81d65a4
SHA1: 5da9e837248e3211319e4e637313ac41aebac4e7 SHA256: 67681bdbfff7bc3135154517b93f594eef7990a78cef0fff54f9845c3921a626 SSDeep: 96:BIWg3/pTvdHZ9NWj/m6p7KAwITW9JwtbzTgz6+ke:Bpg3/zZ9NWThp7KHITwJczM5 |
|
|
| C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | 68.00 KB |
MD5:
bfeb256a5fc40e0156cedf317a4f213b
SHA1: 5a9fca3b40f9496de99da1b48dee2516df3542ec SHA256: 719609a3c97de066432686f9f3e7f9bbb4f43a7b146426234eecc0a1d1a85397 SSDeep: 48:9EVD5RqIfLiaO2HZx2iMHtP+j/EXML0QKMJnnyRAwITOxAB0I/E/Rl58:ml/rO2HZMNWj/m6p7KAwITxB3/ERl58 |
|
|
| C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | 68.00 KB |
MD5:
249be9037aede45f9bb808ee0b2879e0
SHA1: 060a21ff5b4174472c8231ecf7c7b682648b6c94 SHA256: 159b7075b7e4df38cac4465bdf0455958e1086abb2240c8953027258d393a505 SSDeep: 96:BI6+/+O2HZMNWj/m6p7KAwITxBUuTPlS4IgXUfI:Bm/+OAZMNWThp7KHITxB/pS4DXUfI |
|
|
| C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx | 68.00 KB |
MD5:
5e3a13c853876757d3ea6e970d50063f
SHA1: bee361a27dad4bbba09e29eed2aab6a8e80d1678 SHA256: 3543c866869d893a4100fb91b7a8a64e3c33543ab1a605e93ade00d58316a14b SSDeep: 96:R/RO2HZMNWj/m6p7KAwITxBj7zUXIO4UifluUX8OmeqIHmauYs:R/ROAZMNWThp7KHITxBHzhUwAveqqup |
|
|
| C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx | 1.00 MB |
MD5:
c58e53eeb528d6d4c9d489c0a79bc477
SHA1: 14725b0db1e5bdaa5a84a684660af33e6c264e53 SHA256: d52382b44ab381e3e52d9b7a038ff2c2ef77dc35e849b9ba429f1b9a91979d82 SSDeep: 1536:KnYOLwtSRDyQhAy3wLfEjleACUuZh4tITxEkUaItk0S3/lzJ+AnMQ3H8M4SQYIPP:kFKSFIT2cqWca3/e3ocM9QXPU |
|
|
| C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx | 68.00 KB |
MD5:
122b6c9828b5d070f1978a24f5282894
SHA1: 652d06a0bbb364aaabef8fa67d9aa762dd319f27 SHA256: b394afd3949dff3f7e2896265761fe955f3bda06c2119c4fa7ee6a678cffe099 SSDeep: 1536:JS2pgoxfzBE5D6QKhzLkm+4Sn1raSZ3YfaX6FU+ldnlF8k2:kv |
|
|
| C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx | 68.00 KB |
MD5:
f5ce7cf2b8c6489572cf66555bd49606
SHA1: eff33509b81a34c84d34a6a56293ea7d4a0cf004 SHA256: ad59f64d4b90ee934952284e2d6817ba45604201f1252f3fac542fec5d0f5408 SSDeep: 192:vcg3/RZ9NWThp7KHITJ6NW6gh6iD1F0gx42aggOM:vcgpLqpu7kh+b |
|
|
| C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx | 68.00 KB |
MD5:
3c3143a313d22c6789698174a471dc82
SHA1: f21b5443960db8bbc77f0fdc130a8668f6d451bf SHA256: 7d43b68e2f7f13e754e0e65c611ecd7d70c2bcaf2abe2530203c1e92feaf0938 SSDeep: 96:5h6g3/QCXdHZ9NWj/m6p7KAwITCP3v82qv1fqjc8j5xhU45I4TmZhv/50P:5h6g3/9Z9NWThp7KHITC3/CTKO6 |
|
|
| C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx | 68.00 KB |
MD5:
0fc06bd9b8b1c2f3eee2d3b9729e83ff
SHA1: ddb46c3c23c347736a083560eca69edb51258424 SHA256: f45a41b0edbb30cbde28bb1c280798aab9d5a52c1d9ef661a661df6596d5534d SSDeep: 192:/tg3/EZ9NWThp7KHITCjnTngykAZSeWHtT87:/tgcLqpuHKcSeutK |
|
|
| C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx | 68.00 KB |
MD5:
e4fbab4f3570620e4b8b15f9d0a80a0f
SHA1: 52135ec2a742b3f10e6766b2177c06b15e991854 SHA256: 33e3e674f56746eebb2fa1b39705383c284ada03d19ccffd38fd1994d56c984a SSDeep: 768:bF+phjcrCX6PtKYVgJO1ILBKCzJxciZadAB2Dv9:bFNrCX6sENiVKCzxa42DF |
|
|
| C:\Logs\Microsoft-Windows-International%4Operational.evtx | 68.00 KB |
MD5:
dc9cb169e95cec34092c2299a21b0efb
SHA1: 70b23a1dcd5af5d6ae92fd44256666289b727c4c SHA256: 13a4e7781931620ae6b0004727c42a4de96571edd8a0c7055fbc364d58963618 SSDeep: 96:pg3/NdHZ9NWj/m6p7KAwITCZ25QR+bZcwJTZgtUL:pg3/fZ9NWThp7KHITCZ2uRX+TStUL |
|
|
| C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx | 68.00 KB |
MD5:
24b5454c66c123452b998401521af48d
SHA1: f77563d9bd9b95235ac14a96f1a2394eed7d479c SHA256: e21af332e1758f75f36c4a11c13baa57f29293c09d30cbb2f662ef71bd4279f3 SSDeep: 96:U/o6O2HZMNWj/m6p7KAwITxBefSMrYLu11:U//OAZMNWThp7KHITxBOSMkA |
|
|
| C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx | 1.00 MB |
MD5:
51058df2cd63762d13bcc74261c4e869
SHA1: e98914b7e4f729e580541222e0f181b2944a1607 SHA256: 6729b4ea23fc0827a86e12b8c3ceb2fd34252d2341a998f7b6698c79118cd0c3 SSDeep: 1536:H5BfGirLSTjCXDHY4uui3z2HEpbj7pz/OnTP7oHHCthw0Uv2Q+qgFZBquL0RYpBj:ZBSiT5y2HpfDCCsEVV2vH0sbW |
|
|
| C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx | 68.00 KB |
MD5:
a344d13bf213224d12147a01d6dee66b
SHA1: a6f8369dd78ef4e87cc42f6c42b244d6bcf0541d SHA256: 9e1b292cdd0e5a8f46fc802c0409b5c6f33fac1ce1efa626c6f3b5755c800cae SSDeep: 48:6AD5Rq1O2HZx2iMHtP+j/EXML0QKMJnnyRAwITOxABdgRv7piJIpm:6+/6O2HZMNWj/m6p7KAwITxBdgnfg |
|
|
| C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx | 68.00 KB |
MD5:
40443403470e35acf14cf28831cd57da
SHA1: bea2080f2b70442f73ac326a3b6586ce05879912 SHA256: 5c4d3cd9f9a2bb718da175c80922071447803814925efeaf4dee6a3e93f1bbeb SSDeep: 192:L/LOAZMNWThp7KHITxB0PKfjl0nlRrkqqVKTWvn8lUabbif:T+qpuESPKfilRo0Lbi |
|
|
| C:\Logs\Microsoft-Windows-Known Folders API Service.evtx | 68.00 KB |
MD5:
8fbdd689eb137a05b4b80bb331a9d874
SHA1: 09545a6a2c1ae27468fb766860f8ed30e45b9ebb SHA256: c21ecd2e939f8bd08820fee70c2d1f445ba493d05d3012483921f1cb64ff56ee SSDeep: 192:tb3E/8OAZMNWThp7KHITxBDllZyL0cbLoYfiC:pd+qpuEJoH |
|
|
| C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx | 68.00 KB |
MD5:
641067274b06169cc5a623c4f3bf9bf0
SHA1: ee0f9b0fa4a88e45169a5bc55fd6be9fdfa47621 SHA256: 0cd5a526cac3eb980b948cb026f7551cd5fbb04391c9c6e5bbaa3bc8f2b3f4af SSDeep: 384:5gpLqpuFK6ZzG37pc+7A7g1B75xJ7x7j7hL7f:qp+p+Kqz0pji6tZPhHf |
|
|
| C:\Logs\Microsoft-Windows-MUI%4Operational.evtx | 68.00 KB |
MD5:
711ad2f83c30314f894cfdeb35b84264
SHA1: 95fd7d9505444d1574f2fa7f1e4c861bc0436012 SHA256: 00b34142439006836b16338c822f6e9879d4ae75e1a45c45808155ccc6b0baf3 SSDeep: 192:Jg3/hNeZ9NWThp7KHIT60qq9PgPfbUpGdFNHhAsxQC4zrc3dqSmub5shmEqxJJkC:Jg5NeLqpuFESLUQT6CII3AqbsKoFEymh |
|
|
| C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx | 68.00 KB |
MD5:
8e4747d453bcb6d5282511f4e969111b
SHA1: ca9802d039f4ef7ab6c8b6d6155f8fe0079c8157 SHA256: 5582664fe4eb9a6006c6cc3462ed3777301b8a1878702763fc6ee0f906253a82 SSDeep: 96:E3a/lO2HZMNWj/m6p7KAwITxBFoVitCL30vGwqIHmavBv4OXP:Aa/lOAZMNWThp7KHITxBFoAtEENqqNzP |
|
|
| C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx | 68.00 KB |
MD5:
2b6dfdd2db520a297d42d43a2bea9b5b
SHA1: bec502d1d927fd341f522984bcebe329e9814495 SHA256: 83d34e4176fe69cd275e7c12cff699bc851a79ff36fc7579217140cb8b887abc SSDeep: 96:E7/oO2HZMNWj/m6p7KAwITxB34vuAFnqa:K/oOAZMNWThp7KHITxB3CN3 |
|
|
| C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx | 68.00 KB |
MD5:
4fc96c1b2d8446f8a9d7c554d761e683
SHA1: c3b97cf4dd71ebcdeb93de1c03e932d95bf9bb36 SHA256: cb2ad27c36c3bf39d6d68e3b9fe696970a9274ac6e90e16375a3f7ce952aa00c SSDeep: 96:ENg3/FDKdHZ9NWj/m6p7KAwITx2/BJi1eYGFO+G2YaHBg:Cg3/SZ9NWThp7KHITNMYEgaHq |
|
|
| C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx | 68.00 KB |
MD5:
0ae5a5c33d30e6d4ac726c2f43ba1834
SHA1: a87f31b4d14690881fdea28c3436a59f075e1884 SHA256: a6eb8179531be6fe7b1f1117df4a15fa0e0cba8c927b95870ebd49eb4d3a0652 SSDeep: 96:BIwg3/PdHZ9NWj/m6p7KAwIT3rB3SXHUzv3:Bzg3/FZ9NWThp7KHIT3rI34v |
|
|
| C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx | 1.00 MB |
MD5:
e9cecd4008b6d23e4fd7bd2d9c5947a5
SHA1: ccb4fffef8ece93b5a73861fa0766fad58473846 SHA256: bbd2207c14c38a8cf9b90cbff0aa7ac21711a93465bbda552fc31b79b2dbb2fc SSDeep: 1536:lE0VD3xqS4Me/YuF5Y7wdYqk1Yxx1Y1MIYzwf6YrlQYCz7YiYVYyONYxkmY2kMWT:LhAtZAy+ct1xoOEaBv/B7VsZf |
|
|
| C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | 68.00 KB |
MD5:
bf8546658a8f34049f6340adda76d3d2
SHA1: 449d71cc390bde52c53e9bbb2ee2890289e4f04d SHA256: c12f4daaf70913d97094fb6f49bea0b88e2479aca4debb0f6513d1abfcd5a394 SSDeep: 1536:/NIUa5whVi/TciM55Pu+8uc/6s0zxrLEajHG:e/TLmV8uc/6lfG |
|
|
| C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx | 68.00 KB |
MD5:
40549177f0084d94e86eb0f17f4f78b5
SHA1: 14e1b13289b776b71396a19205a958675bd00305 SHA256: 518907c9d5506fbd16a8c9a82038f89e86d499c0e254671a52d5ec43f03f9af3 SSDeep: 96:BIqrg3/udHZ9NWj/m6p7KAwIT5Go0Vj7firj7fLqrjigCa:BVrg3/YZ9NWThp7KHIT2iTLqGa |
|
|
| C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx | 68.00 KB |
MD5:
75e8921767a4a889c8b666c4fa0d1a3c
SHA1: cef59e9ecce0fe73bee78c55ea588af68b308356 SHA256: a0a49a4069d7ef747a91d7ef28b526fc1cc5e4b5f1b333a45a2d8a04076ecce3 SSDeep: 192:LrgpVZ9NWThp7KHITn0zaVEjy+CVq9M94v4m:XgpVLqpuC2y+eS |
|
|
| C:\Logs\Microsoft-Windows-Store%4Operational.evtx | 68.00 KB |
MD5:
6bcb5a18c999dead651e6561294a5cf2
SHA1: 564fce2120fceca8963a4f6fe94d6478abf8d1c3 SHA256: b274b70774074516ae271a62f10d3542b42e677d01e69ac0c9c4f2e7412d64bc SSDeep: 96:Cg3/9xdHZ9NWj/m6p7KAwITC6ARN0BOFsu:Cg3/dZ9NWThp7KHITORqBOFsu |
|
|
| C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx | 68.00 KB |
MD5:
e5024e6c25cbfff0b7ac6ba3d4725537
SHA1: a7e1f782f140eecf02938fab522eaedd0e2f5d9f SHA256: c3f2bb44c4a3d175cec5c307a4ebf67264c9b05853c1eddb4ce7a8b902afb6ba SSDeep: 96:pPg3/KldHZ9NWj/m6p7KAwITjvGX81jPJ309VjZZcuLh9VPbZvum:pPg3/KHZ9NWThp7KHITY81jP10PFhPT |
|
|
| C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx | 68.00 KB |
MD5:
e5930030c1aa45f5673583e1542daffc
SHA1: 9d44d0b46eb7ef3e5c574b8c54662be029a8f766 SHA256: f8aeaf0eb77291ba26a32fc0486454d84070b889c450938cbe7292c88a6b8fcf SSDeep: 24:3MisssYrposssssssssssssssssssssssssssssssssssssssssssssssssssss9:5rnRqUroJ5FQ3OHHw |
|
|
| C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx | 68.00 KB |
MD5:
c4e334ac63e1d0b38191a7f2c6504662
SHA1: 0ccb88d7b43b9901f27c293beb4993f80ea34e9f SHA256: 41c712f36471e56092ddaaca458e4c73c0d9dc32084fb419b309eaf730414532 SSDeep: 768:69p8zw0wJwOw9wywswzwfw+wLwwwnwUcwowmKrXXjwZwXwz/0gsmBxhjrw9CwF:60Ta8XC0gsmBxpgz |
|
|
| C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx | 68.00 KB |
MD5:
d365f7b5e615198170dc7de965d353f1
SHA1: 1459261024e02974a681f51a3cab52c458a07786 SHA256: 87e59ebf810bd5cdd044bdff9c915d4446418a14ce50b5a0c9e14bd88d65a56f SSDeep: 192:Balg3/RZ9NWThp7KHITsTEc+5p+/izg+/:BCgJLqpuB8 |
|
|
| C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx | 68.00 KB |
MD5:
a21b38cfb581bacaecdeae35643bf25d
SHA1: 28e375967e7e0380caa2cd46e5addf6c8a928302 SHA256: 74ea269a52f0b0031536f3954a366417e9c8f75fbc1aa03c9c47b857c91f9cdd SSDeep: 96:Ehg3/KwOdHZ9NWj/m6p7KAwIThOji9U/nlLnfDF5gCzQ4:Wg3/Kw4Z9NWThp7KHITB0lLp5gB4 |
|
|
| C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx | 68.00 KB |
MD5:
3e0ddb3cf5e9ce69abc36d0dc05e6d4c
SHA1: 60b485d9e161c581a100e67a0b1ae4072212c146 SHA256: 36e08875ee8241a0def0a53fb9e1f49a7547d19492d2b917618de0803b053004 SSDeep: 192:Sg3/nZ9NWThp7KHIT/cWsDeyPefBt6HI3HA5Y7cHLCPb:SgPLqpuQaAOe |
|
|
| C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx | 68.00 KB |
MD5:
8a464fdc777928b4dc71e2a52d790015
SHA1: 5f2025a3ee6094848246c9e065d39956b1c64015 SHA256: b4a546d64c6bed54682da7aa20aab0a22dbd914362cb2577ae67d35bfe857d0f SSDeep: 96:EYXJ/eO2HZMNWj/m6p7KAwITxBwhhEVqqIHmasAAfQq:NZ/eOAZMNWThp7KHITxBwhyVqqqsA2Qq |
|
|
| C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx | 68.00 KB |
MD5:
42b55597eac505245ced5fa516acbc3b
SHA1: 091407fc4b96e91c31eb798e408b98088c61141d SHA256: f8645f854d579a644cfb88fc46c9a37db9d098b43017cff9a9512c2ca2809f24 SSDeep: 192:P/uOAZMNWThp7KHITxBtrZ5uxIzpxkwqqtt6OrQI6rMlMr7:O+qpuEbIAiA0Ku |
|
|
| C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx | 68.00 KB |
MD5:
8eb3705c0b4e0f3ee88868f956531c02
SHA1: 0492b48249465d3a999697c15e39f92793d2bd67 SHA256: a1d83d51496175eeb1c59c6dacf98682121179c94c568e856a7977d885e3119b SSDeep: 384:oAgRLqpujVgpJP35E9T9pY+HYu7R0Q2h0o1Yh:oPR+pQpR9 |
|
|
| C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx | 68.00 KB |
MD5:
026cb26f46b4b91643df621f7624d8ae
SHA1: 2d32f0a82faf86db7ce6265498e4a6b25f5149a9 SHA256: db356933539c371f55d68969ffa0cbec98698122c96eafae4f99882abecfc1f6 SSDeep: 384:rgp8LqpuOqx/28I1/LYQ9Rmlr69J1ubZWQe:My+pf0aKJEKYQe |
|
|
| C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx | 68.00 KB |
MD5:
ce35bf1954c57c933923e3af1983258d
SHA1: 5a91199c9bfd04b3a06661a10261d88feffe320f SHA256: ea606cda1ccf294980b6edc14f80c9b36c20d42fc2f5cc434c57cf92f51ee42d SSDeep: 96:ng3/moswdHZ9NWj/m6p7KAwITZNqIxhjn5Tq3q25m17Y:ng3/9Z9NWThp7KHITZwIdG3q+q7Y |
|
|
| C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx | 1.00 MB |
MD5:
8b1210925d0de4889b9e7b9461606e07
SHA1: b1c5fef07855cbd8aa93db9a53c2d3a6f7dc7be6 SHA256: 619b0cf553e170841464cf04a47575ad745090e1c1fd6d702ea22876bb91d807 SSDeep: 3072:jz6U2UkU5UrUwctJukNj+bdU1UuU7UD6:juj1g6+fsbdE3y8 |
|
|
| C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx | 1.00 MB |
MD5:
d23ab7f72d5e56db3493df2351a589c3
SHA1: 8b827e2a48d0a71a1ec31e854213f7f2ccd75a64 SHA256: e555a395bda8ea5107d58a4447aa286b83ac2a5e9884ba0d94b1fc4e9e35be4d SSDeep: 24576:s1lNh4gVYClhuAykFVvjw1PMiz0Hn3I+7Kky89CJrP:WlNh4gVYClhuAykFVvjw1PMiz0Hn3I+e |
|
|
| C:\Logs\Security.evtx | 1.07 MB |
MD5:
7d11ce738a4b7729f02f8a615b02ca9d
SHA1: 98c3abdf3d5ca4bf1543977649650b3aa1e8909c SHA256: 96da247d42caa4b3ae135dfb3d8e2c382224afa90ad41658f80df2b261775f14 SSDeep: 3072:MnL85RrTvDUySEI8pLQokMvj+fAnsxfZ1mpc3Q5:Mn0j08pLJ |
|
|
| C:\Logs\Setup.evtx | 68.00 KB |
MD5:
77136245f2f578d8b6414831e08c41a2
SHA1: 47148896425f3e61d087c9e9cc74870e4bc1a37a SHA256: cda7cdd419e7f49ab77189de9f33b7f2cd0894c6676ff752c0b8890c5322dbf5 SSDeep: 192:WIgHnJZ9NWThp7KHITsKaBua2Jt+a1PaxIeE:WIgHJLqpuaaIasPag |
|
|
| C:\Logs\System.evtx | 1.07 MB |
MD5:
3ea6616bcbb89d07cb8b430942f6e9d2
SHA1: 502370d7f003efdab12ff0291ac1b62164167454 SHA256: 97e995d327efa095b1ea8092b0fbd83807f2721ef3f230fbf5682bb587dbde2d SSDeep: 1536:DQ98qfjEKzNayye2XauJMixdmQWWKQvbecjyzXbd89taEzGTuuLYw9Cu4RDX/vYX:klzJzcjyzB89tzGTuu9EYTycjyzB89 |
|
|
| C:\Logs\HardwareEvents.evtx | 68.00 KB |
MD5:
b86b83e6a45cc46d4568fb86f0360b33
SHA1: 4059316266818e6c1d0df13cfcc8d8546b59fb82 SHA256: adb9e471c6246fcbd1d8a56f13587f350bd8f06b10c4f437100e9b1bf20c5f4d SSDeep: 24:3MisssYrposssssssssssssssssssssssssssssssssssssssssssssssssssssq:5rnY |
|
|
| C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | 15.61 KB |
MD5:
2ae1b932715c6ef4661f76e4767aa9c5
SHA1: 5555a2e002ab3da211d0434b3264f364996b5fd5 SHA256: d22f974c25f3aa4c8d6e48be7af5d071090efb31c3801c32469a7553f1ec7201 SSDeep: 384:6mfbc5BBcdQbRwIHXxIvV10xb/YxwJ+DuneF:LiBBcabuohmkb/GwJveF |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml | 4.04 KB |
MD5:
f24e996d0b176f75cdd31409a66cf15c
SHA1: ba5e8c5152e0dcf4c79313ceaf894d0062dea3f8 SHA256: 31ae4a96a5b7277f14fc9a4f4c9bfe510df034ea4f2edf84651b03232c84caeb SSDeep: 96:FgHI3b+vsmVQ/HbUAbqGk893z+iGGi3+/gP4ODRQymD4nh0:zqvsgQ/oAbqzGzMGZowoE42 |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash | 102 bytes |
MD5:
33f2bae58d2a1b0e05116ef8246bce31
SHA1: 08387c3930b8703e20f43425b13a4da6316a258f SHA256: dea8d41d84645a3af564f32d93bfc9b7b9225e47f0df8bbf5e1e975dd867471b SSDeep: 3:M2xRQ8scz8yTM6Q8KZye0UB+c12olvl:Wq8qpQ1lIol9 |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash | 102 bytes |
MD5:
7d2d9a590f63b61c17c1ed64fa9994ad
SHA1: 66077ed3324279f253353d97351585216369673c SHA256: 05abd98a5ef3cedc83f9fbb5cf100742917e5799d1aee90798825c0fc68637c6 SSDeep: 3:GGgmZA0sTReDs9P6vCoJHv2u12olvl:jr3YeDs9yv5JPzIol9 |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml | 4.67 KB |
MD5:
f8032745b800b24978fe1dfe64ee0221
SHA1: f693bda69686ba75f76076f8e8589b8e83ef1324 SHA256: 3d71abf171652e1ed9993e502abcf501b25c476c91efc27f106eb7b43400f6b5 SSDeep: 96:Fy3VNydddxmVX6l3NttUjuonLnID8UPmKrcukyPlszGg+:UadtgKl7tUpzIYUuKguky9szGg+ |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml | 4.35 KB |
MD5:
83461603f102b2bb8512cc24688126e7
SHA1: 8e0c5bb62f0ddf5d300952b06a72b1759205aedf SHA256: 004c64ffbe86ddfd4b05c8ba3ae950af3acfc27dc171621a6ab818af013a22e9 SSDeep: 96:7aS3KPAsI8mVpcx1nAyaAtV7jCfuE8INCgiTG8jejf9layaGwC6aE7M0ahuT:7aSaPI8g8HF20gUQb76JbaC |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.24 KB |
MD5:
98a7519a55e5361c2714f75d85c6575e
SHA1: 7a56e88aa1cae621790c93fb55f19cb8a13a2660 SHA256: 8e7257b28a9d3d61f855539ab9ee7f4ae3d4a7ecc2f4f7f55bb101d1902446ce SSDeep: 96:GcsRoEFbeSfUrpVgilOHoulLNDRcmhaNY:vs2EFb5crLgPHjNRcmiY |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.44 KB |
MD5:
80c5f69e62e0b56ac881b2c2b8adc726
SHA1: e6f108058fab62a1eb0be09d2aaa2b7d2e618c36 SHA256: 65af95e5931a39ece6217e3e46b7d0347538a3aabd74a0ba5f78ff176ba5650c SSDeep: 768:Eaa4oJytFUMYhgCxxoBkC5xXe2vbeqvWrPckN+tE7msBzSc/WdgjXjx9JInD6bXG:Ez4NML2bYoSO0XeI45ru3pN0NMwq5CES |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 894 bytes |
MD5:
dfb735e481a2cf000b40ba3ff49f8ad9
SHA1: 4eae3c791407961b542331239c596a29807df9b2 SHA256: 995e96f57437724936b0568ee36d1cf12e87cc24652814bd2d52851b60ba255f SSDeep: 24:JMssssCKinsMB2LI0szvJMlAM7ss9IHZdAWs6f4QfM:JbKO3irWfPfM |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.67 KB |
MD5:
988b652ec72342e62b74be86b8c81d78
SHA1: 1e197885b22a1129fa197cbffdaf4eaeaf4478f5 SHA256: ee00c4cc44e7b15f3d6772dbe809135aa8abb75071e1ee6b893c5bb9b30b2b63 SSDeep: 1536:Ia0KsXZy939HBro1AVSwFikT7zPy2j0R0LdCiHTrnjsuvChcuQwJCiHbe7siHKen:GZYhHlThKxeUhsPbBcJW7Y4TaZIl |
|
|
| C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | 68.00 KB |
MD5:
c15756b8b84340db80365436f537054f
SHA1: 962168ab142c644780f481802666d951d2a7f150 SHA256: f90fa12893f71c5f63eeb24ee8bc4121eee3572c9665b3d166c95b0cf70ab049 SSDeep: 768:tbw+pXTntlNBbn6uz5H6zZDS9e/xlYargUraMgtyD1xcGoiCvFBnZPYYf:tbwmrHDl8lZZ7g+HoHLiy |
|
|
| C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | 68.00 KB |
MD5:
ab7cef79ab9a67eeb334d04be698532a
SHA1: ddcf4f06ff59d726b8bb8f213ab9f6336cfc6f42 SHA256: 9f88e459da3c75d7ebbf1cc0a31505340f0addfda4a83f4858e19c785a8d1784 SSDeep: 192:Acg3/0Z9NWThp7KHITC+zTb48ExeNoxei/pLNCT3akjVA:AcgMLqpumzfM |
|
|
| C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | 68.00 KB |
MD5:
932602e10b597fb1cffe4014bbdf0f70
SHA1: d3f0f6295780e37c6bb66a071d9724fa83499561 SHA256: b42b1cec20e775a02e5027f3d4b823e9ea317ab12305998725087ca9baf6b243 SSDeep: 96:Esg3/+dHZ9NWj/m6p7KAwIThgIRZr8G3gSM+kgHGMK4T:Dg3/IZ9NWThp7KHIThgIJgSigmZE |
|
|
| C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx | 68.00 KB |
MD5:
9e99ca928cc1db9dc44a37ff976e2700
SHA1: 98cf2116edb1ae2af4759a8f4513623017bcfd01 SHA256: db79da555b960ad39dfdf3f4c1e30339c435bb92a4c4be71f1958087eea78098 SSDeep: 96:EvhF/Cu0sO2HZMNWj/m6p7KAwITxBYFC3CNPJC0rL9ul:EF/jOAZMNWThp7KHITxBYFFC0r8l |
|
|
Host Behavior
File (5421)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\ProgramData\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\ProgramData\key.9A8I36E.JSWRM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | A:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | B:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\Logs\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\preoobe.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | D:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | E:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | F:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | G:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | H:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | I:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | J:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | K:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | L:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | M:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | N:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | O:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | P:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | Q:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | R:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | S:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | T:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | U:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | V:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | W:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | X:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | Y:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | Z:\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$GetCurrent\SafeOS\SetupComplete.cmd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\$WINRE_BACKUP_PARTITION.MARKER | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1025\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1025\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1025\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1029\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1029\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1029\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1035\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1035\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1035\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1040\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1040\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1040\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1041\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1041\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1041\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1042\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1042\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1042\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1044\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1044\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1044\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1045\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1045\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1045\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3076\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3076\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3076\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3082\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3082\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\3082\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\DHtmlHeader.html | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\DisplayIcon.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Extended\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Extended\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Extended\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Print.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate1.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate2.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate3.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate4.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate5.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate6.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate7.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate8.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Save.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Setup.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\stop.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\SysReqMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\warn.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\header.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Core.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Core_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Core_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Extended.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Extended_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\netfx_Extended_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\ParameterInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RGB9RAST_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\RGB9Rast_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\SetupUi.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\SplashScreen.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Strings.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\watermark.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\bg-BG\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\bg-BG\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\cs-CZ\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\cs-CZ\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\da-DK\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\da-DK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\de-DE\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\de-DE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\el-GR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\el-GR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-GB\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-GB\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-ES\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-ES\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-MX\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-MX\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\et-EE\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\et-EE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fi-FI\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fi-FI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fi-FI\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\malgunn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\malgun_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\meiryon_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\meiryo_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msjhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msjh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msyhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\msyh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\segmono_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\segoen_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\segoe_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-CA\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-CA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-FR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-FR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hr-HR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hr-HR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hu-HU\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hu-HU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\it-IT\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\it-IT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ja-JP\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ja-JP\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ko-KR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ko-KR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\lt-LT\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\lt-LT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\lv-LV\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\lv-LV\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nb-NO\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nb-NO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nb-NO\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nl-NL\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nl-NL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nl-NL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pl-PL\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pl-PL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pl-PL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-BR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-BR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-BR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-PT\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-PT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-PT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\qps-ploc\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\qps-ploc\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\qps-ploc\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Resources\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Resources\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Resources\en-US\bootres.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ro-RO\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ro-RO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ru-RU\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ru-RU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ru-RU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sk-SK\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sk-SK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sl-SI\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sl-SI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sr-Latn-CS\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sr-Latn-CS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sr-Latn-CS\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sr-Latn-RS\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sr-Latn-RS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sv-SE\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sv-SE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sv-SE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\tr-TR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\tr-TR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\tr-TR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\uk-UA\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\uk-UA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\updaterevokesipolicy.p7b | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-CN\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-CN\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-CN\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-HK\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-HK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-HK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-TW\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-TW\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-TW\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTNXT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\ESD\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\hiberfil.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Application.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\HardwareEvents.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Internet Explorer.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Key Management Service.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-International%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Known Folders API Service.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-MUI%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-MUI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Store%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Setup.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\System.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Logs\Windows PowerShell.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\pagefile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\DESIGNER\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ClickToRun\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ar-SA\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\bg-BG\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\Content.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\da-DK\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\de-DE\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\el-GR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-GB\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\FlickLearningWizard.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\es-ES\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\es-MX\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\et-EE\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fi-FI\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fr-CA\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fr-FR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\he-IL\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\hr-HR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\hu-HU\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\it-IT\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ko-KR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\lt-LT\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\lv-LV\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\nb-NO\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\nl-NL\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\pl-PL\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\pt-BR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\pt-PT\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ro-RO\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ru-RU\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\sk-SK\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\sl-SI\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\sv-SE\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\th-TH\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\tr-TR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\uk-UA\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\zh-CN\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\zh-TW\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\MSInfo\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\OFFICE16\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Source Engine\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\TextConv\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\TextConv\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Triedit\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\Triedit\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\VC\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\VGX\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\VSTO\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Services\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\Services\verisign.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\adojavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\adovbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado20.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado21.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado25.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado26.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado27.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msado60.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msadomd28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msador28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\msadox28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\en-US\wab32res.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcjavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcvbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\sqloledb.rll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Internet Explorer\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Internet Explorer\en-US\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Internet Explorer\images\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Internet Explorer\images\bing.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Internet Explorer\SIGNUP\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Internet Explorer\SIGNUP\install.ins | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\plugin2\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\server\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\server\classes.jsa | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\COPYRIGHT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\amd64\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\amd64\jvm.cfg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\applet\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\classlist | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\CIEXYZ.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\GRAY.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\LINEAR_RGB.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\PYCC.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\currency.data | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_de.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_es.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_fr.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_it.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ja.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ko.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_sv.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_CN.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_HK.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_TW.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\cldrdata.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\dnsns.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\jaccess.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\jfxrt.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\localedata.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\meta-index | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\nashorn.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunec.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunjce_provider.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunmscapi.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunpkcs11.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\zipfs.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\flavormap.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.bfc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.properties.src | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiBold.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiItalic.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightItalic.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightRegular.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansDemiBold.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansRegular.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterBold.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterRegular.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\hijrah-config-umalqura.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\cursors.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\javafx.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\javaws.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jce.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfr\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfr\default.jfc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfr\profile.jfc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfr.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfxswt.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jsse.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\logging.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.access | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.password.template | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\management.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\snmp.acl.template | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management-agent.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\meta-index | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\net.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\plugin.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\psfont.properties.ja | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\psfontj2d.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\resources.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\rt.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\blacklist | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\blacklisted.certs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\java.policy | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\java.security | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\javaws.policy | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\local_policy.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\trusted.libraries | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\US_export_policy.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\sound.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\tzmappings | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\LICENSE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\README.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\release | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\Welcome.html | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\AppXManifest.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\FileSystemMetadata.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\Office16\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\Office16\OSPP.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\Office16\SLERROR.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\client\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\JSWRM-DECRYPT.hta | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00914_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00932_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00965_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01039_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01044_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01060_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01084_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01216_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01218_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01251_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01545_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02122_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02559_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02724_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN03500_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04108_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04117_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04134_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04191_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04195_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04196_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04206_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04225_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04235_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04267_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04269_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04323_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04326_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04332_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04355_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04369_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04384_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04385_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BABY_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00116_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00141_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00146_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00155_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00160_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD05119_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06102_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06200_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07761_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07804_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07831_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08758_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08773_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08808_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08868_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09031_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09194_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09662_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09664_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10890_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10972_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19563_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19582_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19695_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19827_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19828_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19986_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19988_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD20013_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00008_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00012_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00045_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00098_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00105_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00122_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00130_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00148_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00152_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00194_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00195_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00234_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00242_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00247_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00248_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00252_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00254_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00261_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00262_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00265_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00267_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00269_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00270_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00273_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00274_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00296_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00390_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00392_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00524_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00525_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00526_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00648_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00921_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00923_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00932_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00985_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOAT.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOATINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00076_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00078_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00092_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00100_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00135_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00136_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00145_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00186_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00200_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00224_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00438_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Move | C:\588bce7c90097ed212\1053\eula.rtf.[ID-9A8I36E][symmetries@tutamail.com].JSWRM | source_filename = C:\588bce7c90097ed212\1053\eula.rtf |
|
1 | |
| Read | C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini | size = 640, size_out = 640 |
|
1 | |
| Read | C:\Program Files\desktop.ini | size = 160, size_out = 160 |
|
1 | |
| Write | C:\588bce7c90097ed212\1053\eula.rtf | size = 3856 |
|
1 | |
| Write | C:\Program Files\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\DESIGNER\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | size = 15984 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ClickToRun\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml | size = 4128 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash | size = 96 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash | size = 96 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml | size = 4768 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml | size = 4448 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\ar-SA\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\bg-BG\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\da-DK\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\de-DE\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\el-GR\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\en-GB\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\en-US\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\es-ES\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\es-MX\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\et-EE\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fi-FI\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fr-CA\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fr-FR\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\he-IL\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\hr-HR\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\hu-HU\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\it-IT\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\ko-KR\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\lt-LT\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\lv-LV\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\nb-NO\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\nl-NL\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\pl-PL\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\pt-BR\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\pt-PT\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\ro-RO\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\ru-RU\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\sk-SK\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\sl-SI\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\sv-SE\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\th-TH\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\tr-TR\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\uk-UA\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\zh-CN\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\ink\zh-TW\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\MSInfo\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\OFFICE16\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms | size = 160000 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\Source Engine\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\Stationery\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini | size = 640 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\TextConv\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\TextConv\en-US\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\Triedit\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\Triedit\en-US\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\VC\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\VGX\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\VSTO\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb | size = 17040 |
|
1 | |
| Write | C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb | size = 22672 |
|
1 | |
| Write | C:\Program Files\Common Files\Services\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\System\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\System\ado\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\System\ado\en-US\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\System\en-US\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\System\msadc\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\System\msadc\en-US\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\System\Ole DB\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Common Files\System\Ole DB\en-US\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Program Files\Internet Explorer\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Internet Explorer\en-US\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Internet Explorer\images\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Internet Explorer\SIGNUP\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Internet Explorer\SIGNUP\install.ins | size = 448 |
|
1 | |
| Write | C:\Program Files\Java\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\bin\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\bin\plugin2\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\bin\server\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt | size = 1408 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\COPYRIGHT | size = 3232 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties | size = 144 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\amd64\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\amd64\jvm.cfg | size = 624 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\applet\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties | size = 1376 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\classlist | size = 84352 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\cmm\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\cmm\CIEXYZ.pf | size = 51232 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\cmm\GRAY.pf | size = 624 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\cmm\LINEAR_RGB.pf | size = 1040 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\cmm\PYCC.pf | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf | size = 3136 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties | size = 5536 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\currency.data | size = 4112 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip | size = 14144 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages.properties | size = 2848 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_de.properties | size = 3296 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_es.properties | size = 3600 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_fr.properties | size = 3408 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_it.properties | size = 3216 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ja.properties | size = 6336 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ko.properties | size = 5712 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties | size = 3280 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_sv.properties | size = 3408 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_CN.properties | size = 4064 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_HK.properties | size = 3744 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_TW.properties | size = 3744 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif | size = 8576 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif | size = 15264 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif | size = 7792 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif | size = 12240 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\cldrdata.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\dnsns.jar | size = 8272 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\jaccess.jar | size = 44512 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\jfxrt.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\localedata.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\meta-index | size = 1456 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\nashorn.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunec.jar | size = 42176 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunjce_provider.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunmscapi.jar | size = 32688 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunpkcs11.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\ext\zipfs.jar | size = 68912 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\flavormap.properties | size = 3920 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.bfc | size = 3760 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.properties.src | size = 10560 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fonts\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiBold.ttf | size = 75136 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiItalic.ttf | size = 75120 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightItalic.ttf | size = 80848 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightRegular.ttf | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansDemiBold.ttf | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansRegular.ttf | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterBold.ttf | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterRegular.ttf | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\hijrah-config-umalqura.properties | size = 13952 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\cursors.properties | size = 1280 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif | size = 144 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif | size = 160 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif | size = 144 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif | size = 160 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif | size = 144 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif | size = 144 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif | size = 144 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\javafx.properties | size = 48 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\javaws.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\jce.jar | size = 116432 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\jfr\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\jfr\default.jfc | size = 20096 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\jfr\profile.jfc | size = 20064 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\jfr.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\jfxswt.jar | size = 33920 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\jsse.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt | size = 4224 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\logging.properties | size = 2448 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\management\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.access | size = 3984 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.password.template | size = 2848 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\management\management.properties | size = 14624 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\management\snmp.acl.template | size = 3376 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\management-agent.jar | size = 368 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\meta-index | size = 2112 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\net.properties | size = 4464 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\plugin.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\psfont.properties.ja | size = 2784 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\psfontj2d.properties | size = 10384 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\resources.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\rt.jar | size = 160000 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\blacklist | size = 4048 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\blacklisted.certs | size = 1248 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts | size = 114912 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\java.policy | size = 2464 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\java.security | size = 36512 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\javaws.policy | size = 96 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\local_policy.jar | size = 3520 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\trusted.libraries | size = 0 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\security\US_export_policy.jar | size = 3024 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\sound.properties | size = 1200 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat | size = 105488 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\lib\tzmappings | size = 8400 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\LICENSE | size = 32 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\README.txt | size = 32 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\release | size = 528 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt | size = 63920 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt | size = 145168 |
|
1 | |
| Write | C:\Program Files\Java\jre1.8.0_144\Welcome.html | size = 944 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\AppXManifest.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\FileSystemMetadata.xml | size = 272 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\Office16\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\Office16\OSPP.HTM | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | size = 94464 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\Office16\SLERROR.XML | size = 36336 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml | size = 1520 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml | size = 19440 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml | size = 2144 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml | size = 2144 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml | size = 14912 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml | size = 64992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml | size = 9216 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml | size = 1440 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml | size = 3744 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml | size = 3360 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml | size = 160000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml | size = 9824 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml | size = 368 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\client\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\JSWRM-DECRYPT.hta | size = 8972 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF | size = 9024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF | size = 7216 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF | size = 14864 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF | size = 6672 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF | size = 3248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF | size = 8096 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF | size = 7680 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF | size = 11888 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF | size = 512 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF | size = 496 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF | size = 12688 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF | size = 3472 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF | size = 3136 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF | size = 12480 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF | size = 5248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF | size = 2592 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF | size = 10592 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF | size = 15296 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF | size = 5312 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF | size = 4944 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF | size = 5024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF | size = 1136 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF | size = 7568 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF | size = 6976 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF | size = 13248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF | size = 8576 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF | size = 4880 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF | size = 5360 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF | size = 9248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF | size = 5008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF | size = 4384 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF | size = 3952 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF | size = 3376 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF | size = 3120 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF | size = 3024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF | size = 4720 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF | size = 5680 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF | size = 20576 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00914_.WMF | size = 10832 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00932_.WMF | size = 14416 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00965_.WMF | size = 7072 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01039_.WMF | size = 3344 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01044_.WMF | size = 1584 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01060_.WMF | size = 7968 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01084_.WMF | size = 1824 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01173_.WMF | size = 26320 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01174_.WMF | size = 27856 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01184_.WMF | size = 3744 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01216_.WMF | size = 5824 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01218_.WMF | size = 3008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01251_.WMF | size = 2752 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01545_.WMF | size = 7360 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02122_.WMF | size = 7536 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02559_.WMF | size = 6624 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02724_.WMF | size = 2096 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN03500_.WMF | size = 9232 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04108_.WMF | size = 2336 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04117_.WMF | size = 6048 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04134_.WMF | size = 3408 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04174_.WMF | size = 2624 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04191_.WMF | size = 6624 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04195_.WMF | size = 4608 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04196_.WMF | size = 3136 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04206_.WMF | size = 7664 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04225_.WMF | size = 8480 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04235_.WMF | size = 7792 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04267_.WMF | size = 7792 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04269_.WMF | size = 2016 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04323_.WMF | size = 2480 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04326_.WMF | size = 3344 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04332_.WMF | size = 4288 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04355_.WMF | size = 3216 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04369_.WMF | size = 4800 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04384_.WMF | size = 4992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04385_.WMF | size = 4992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BABY_01.MID | size = 7376 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00116_.WMF | size = 4864 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00141_.WMF | size = 26880 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00146_.WMF | size = 28944 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00155_.WMF | size = 11632 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00160_.WMF | size = 22512 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00173_.WMF | size = 16176 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD05119_.WMF | size = 17232 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06102_.WMF | size = 16112 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06200_.WMF | size = 16672 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07761_.WMF | size = 26736 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07804_.WMF | size = 4912 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07831_.WMF | size = 4064 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08758_.WMF | size = 24320 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08773_.WMF | size = 24768 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08808_.WMF | size = 47984 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08868_.WMF | size = 40192 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09031_.WMF | size = 47776 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09194_.WMF | size = 14528 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09662_.WMF | size = 20544 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09664_.WMF | size = 7952 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10890_.GIF | size = 13504 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10972_.GIF | size = 20176 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19563_.GIF | size = 20448 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19582_.GIF | size = 15728 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19695_.WMF | size = 12976 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19827_.WMF | size = 9696 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19828_.WMF | size = 8768 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19986_.WMF | size = 14480 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19988_.WMF | size = 18304 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD20013_.WMF | size = 11056 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00008_.WMF | size = 12512 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00012_.WMF | size = 9808 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00045_.WMF | size = 7856 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00098_.WMF | size = 1008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00105_.WMF | size = 880 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00122_.WMF | size = 10144 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00130_.WMF | size = 1456 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00148_.WMF | size = 1696 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00152_.WMF | size = 1504 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00194_.WMF | size = 3984 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00195_.WMF | size = 8064 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00234_.WMF | size = 9296 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00242_.WMF | size = 4016 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00247_.WMF | size = 14432 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00248_.WMF | size = 1536 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00252_.WMF | size = 4704 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00254_.WMF | size = 1728 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00261_.WMF | size = 12480 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00262_.WMF | size = 2544 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00265_.WMF | size = 5744 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00267_.WMF | size = 2640 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00269_.WMF | size = 5264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00270_.WMF | size = 3008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00273_.WMF | size = 3776 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00274_.WMF | size = 4160 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00296_.WMF | size = 800 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00390_.WMF | size = 13088 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00392_.WMF | size = 27040 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00524_.WMF | size = 6992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00525_.WMF | size = 9584 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00526_.WMF | size = 27552 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00648_.WMF | size = 11488 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00921_.WMF | size = 4400 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00923_.WMF | size = 6256 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00932_.WMF | size = 19472 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00985_.WMF | size = 3760 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOAT.WMF | size = 3344 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOATINST.WMF | size = 28992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00076_.WMF | size = 1328 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00078_.WMF | size = 1440 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00092_.WMF | size = 7968 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00100_.WMF | size = 2368 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00135_.WMF | size = 1040 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00136_.WMF | size = 2160 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00145_.WMF | size = 1712 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00174_.WMF | size = 8352 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00184_.WMF | size = 4976 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00186_.WMF | size = 12784 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00200_.WMF | size = 3104 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00224_.WMF | size = 1584 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00438_.WMF | size = 1200 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00439_.WMF | size = 2048 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00440_.WMF | size = 5568 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00441_.WMF | size = 3520 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00442_.WMF | size = 2480 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00443_.WMF | size = 1664 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00444_.WMF | size = 3888 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00445_.WMF | size = 3792 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00453_.WMF | size = 2432 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01080_.WMF | size = 2720 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01603_.WMF | size = 7168 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01634_.WMF | size = 3488 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01635_.WMF | size = 14992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01636_.WMF | size = 1872 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF | size = 3936 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01638_.WMF | size = 10528 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01639_.WMF | size = 4224 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CARBN_01.MID | size = 9312 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CG1606.WMF | size = 3552 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC1.WMF | size = 2416 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC2.WMF | size = 2256 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLIP.WMF | size = 2256 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CMNTY_01.MID | size = 6960 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANE.WMF | size = 5264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANINST.WMF | size = 49536 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUP.WMF | size = 2960 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUPINST.WMF | size = 10320 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00117_.WMF | size = 31120 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00121_.WMF | size = 8256 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00234_.WMF | size = 29616 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00255_.WMF | size = 2688 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00256_.WMF | size = 2832 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00261_.WMF | size = 37968 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00297_.WMF | size = 40016 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00372_.WMF | size = 784 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00405_.WMF | size = 17584 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00407_.WMF | size = 7824 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00413_.WMF | size = 42992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00414_.WMF | size = 42896 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00419_.WMF | size = 704 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00437_.WMF | size = 1920 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00448_.WMF | size = 2944 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00449_.WMF | size = 9984 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00687_.WMF | size = 20784 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00705_.WMF | size = 24576 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01015_.WMF | size = 2224 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01039_.WMF | size = 14816 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01138_.WMF | size = 3680 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01139_.WMF | size = 3632 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01140_.WMF | size = 3616 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01143_.WMF | size = 2128 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01145_.WMF | size = 2768 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01146_.WMF | size = 2784 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01151_.WMF | size = 2960 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01152_.WMF | size = 2960 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01157_.WMF | size = 3584 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01160_.WMF | size = 2224 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01162_.WMF | size = 2288 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01163_.WMF | size = 2288 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01166_.WMF | size = 2080 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01167_.WMF | size = 2080 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01168_.WMF | size = 2000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01169_.WMF | size = 2016 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01170_.WMF | size = 2400 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01171_.WMF | size = 2048 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01172_.WMF | size = 2224 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01173_.WMF | size = 1792 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01176_.WMF | size = 1888 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01178_.WMF | size = 3792 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01179_.WMF | size = 2016 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01180_.WMF | size = 2080 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01181_.WMF | size = 1440 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01182_.WMF | size = 2992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01183_.WMF | size = 2288 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01186_.WMF | size = 8560 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01366_.WMF | size = 1760 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01434_.WMF | size = 896 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01585_.WMF | size = 2512 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01586_.WMF | size = 2320 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01628_.WMF | size = 19056 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01629_.WMF | size = 576 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01630_.WMF | size = 288 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01631_.WMF | size = 544 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01761_.WMF | size = 4144 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01772_.WMF | size = 2288 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01793_.WMF | size = 3248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EAST_01.MID | size = 6160 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00010_.WMF | size = 1376 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00019_.WMF | size = 13040 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00172_.WMF | size = 2688 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00184_.WMF | size = 6944 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00006_.WMF | size = 13936 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00202_.WMF | size = 6928 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00222_.WMF | size = 12352 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00242_.WMF | size = 6768 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00319_.WMF | size = 2272 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00320_.WMF | size = 736 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00397_.WMF | size = 17296 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00902_.WMF | size = 7936 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EXPLR_01.MID | size = 10560 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FALL_01.MID | size = 4832 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00074_.WMF | size = 17840 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00076_.WMF | size = 11984 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00077_.WMF | size = 30240 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00086_.WMF | size = 29200 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00090_.WMF | size = 14192 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00096_.WMF | size = 37376 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00296_.WMF | size = 15856 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00297_.WMF | size = 18192 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00306_.WMF | size = 46800 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00336_.WMF | size = 6064 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00361_.WMF | size = 4064 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00369_.WMF | size = 8544 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00382_.WMF | size = 8416 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00397_.WMF | size = 10816 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00403_.WMF | size = 7872 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00414_.WMF | size = 10992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00419_.WMF | size = 16384 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00428_.WMF | size = 4784 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00435_.WMF | size = 2096 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00438_.WMF | size = 5088 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00455_.WMF | size = 8912 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00459_.WMF | size = 17392 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00543_.WMF | size = 1472 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00544_.WMF | size = 5248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00564_.WMF | size = 896 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00586_.WMF | size = 752 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00775_.WMF | size = 11152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00779_.WMF | size = 9008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00799_.WMF | size = 13968 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00814_.WMF | size = 42704 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00965_.WMF | size = 15152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01074_.WMF | size = 4624 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01084_.WMF | size = 2400 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01176_.WMF | size = 4976 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01191_.WMF | size = 3952 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01193_.WMF | size = 1152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01196_.WMF | size = 2320 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01548_.WMF | size = 10304 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01657_.WMF | size = 30400 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01658_.WMF | size = 17920 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01659_.WMF | size = 31168 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01660_.WMF | size = 12944 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02068_.WMF | size = 2480 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02071_.WMF | size = 2176 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02075_.WMF | size = 4384 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02088_.WMF | size = 3696 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02097_.WMF | size = 1552 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02115_.WMF | size = 4656 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02116_.WMF | size = 3984 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02141_.WMF | size = 2624 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02153_.WMF | size = 5392 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02158_.WMF | size = 1648 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02161_.WMF | size = 3120 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FINCL_01.MID | size = 12976 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FINCL_02.MID | size = 9312 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FLAP.WMF | size = 2064 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\GRDEN_01.MID | size = 7552 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\GRID_01.MID | size = 6320 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00057_.WMF | size = 3760 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00084_.WMF | size = 2464 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00231_.WMF | size = 2224 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00235_.WMF | size = 1024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00236_.WMF | size = 3280 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00241_.WMF | size = 1952 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00260_.WMF | size = 3648 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00276_.WMF | size = 3008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00334_.WMF | size = 1520 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00443_.WMF | size = 3296 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00513_.WMF | size = 816 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00524_.WMF | size = 14688 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00526_.WMF | size = 13536 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00527_.WMF | size = 5792 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00546_.WMF | size = 3712 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00601_.WMF | size = 1456 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00602_.WMF | size = 1392 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00612_.WMF | size = 12624 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00623_.WMF | size = 10640 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00625_.WMF | size = 2112 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00636_.WMF | size = 1568 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00669_.WMF | size = 11488 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00681_.WMF | size = 9296 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00685_.WMF | size = 4032 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00687_.WMF | size = 4336 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00688_.WMF | size = 7072 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00693_.WMF | size = 7088 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01013_.WMF | size = 2848 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01015_.WMF | size = 1136 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01058_.WMF | size = 2752 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01065_.WMF | size = 1264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01080_.WMF | size = 4992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01242_.WMF | size = 7328 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01291_.WMF | size = 15792 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01329_.WMF | size = 6016 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01461_.WMF | size = 5952 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01618_.WMF | size = 7296 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01759_.WMF | size = 5408 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01875_.WMF | size = 2608 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01923_.WMF | size = 26704 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02155_.WMF | size = 2704 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02166_.WMF | size = 1312 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02282_.WMF | size = 7920 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02298_.WMF | size = 5552 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02312_.WMF | size = 4960 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02313_.WMF | size = 3072 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00005_.WMF | size = 23296 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00114_.WMF | size = 22112 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00116_.WMF | size = 15840 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00172_.WMF | size = 2832 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00426_.WMF | size = 68768 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HTECH_01.MID | size = 7168 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00046_.WMF | size = 1152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00118_.WMF | size = 784 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00177_.WMF | size = 1072 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00204_.WMF | size = 1840 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00233_.WMF | size = 11184 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00343_.WMF | size = 1888 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00346_.WMF | size = 688 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00351_.WMF | size = 1920 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00557_.WMF | size = 9168 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00915_.WMF | size = 12736 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00919_.WMF | size = 6912 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00956_.WMF | size = 1248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00957_.WMF | size = 2944 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\INDST_01.MID | size = 8560 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0075478.GIF | size = 1216 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086384.WMF | size = 9728 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086420.WMF | size = 9584 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086424.WMF | size = 17008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086426.WMF | size = 21776 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086428.WMF | size = 35344 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086432.WMF | size = 33424 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086478.WMF | size = 14160 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0089945.WMF | size = 19888 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0089992.WMF | size = 15680 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090027.WMF | size = 21264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090087.WMF | size = 46928 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090089.WMF | size = 15760 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090149.WMF | size = 28208 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090390.WMF | size = 17632 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090777.WMF | size = 3328 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090779.WMF | size = 1456 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090781.WMF | size = 5312 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090783.WMF | size = 6928 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0093905.WMF | size = 42048 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0098497.WMF | size = 4960 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099145.JPG | size = 24752 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099146.WMF | size = 16592 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099147.JPG | size = 24368 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099148.JPG | size = 18256 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099149.WMF | size = 73200 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099150.JPG | size = 21904 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099151.WMF | size = 26080 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099152.JPG | size = 11680 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099153.WMF | size = 13872 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099154.JPG | size = 6928 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099155.JPG | size = 8816 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099156.JPG | size = 13952 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099157.JPG | size = 9664 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099158.WMF | size = 26160 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099159.WMF | size = 27536 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099160.JPG | size = 15136 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099161.JPG | size = 7152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099162.JPG | size = 19648 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099163.WMF | size = 22352 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099164.WMF | size = 21936 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099165.JPG | size = 50480 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099166.JPG | size = 64752 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099167.JPG | size = 43936 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099168.JPG | size = 20176 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099169.WMF | size = 10192 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099170.WMF | size = 24288 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099171.WMF | size = 8752 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099172.WMF | size = 58256 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099173.WMF | size = 37136 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099174.WMF | size = 6208 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099175.WMF | size = 9744 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099176.WMF | size = 2480 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099177.WMF | size = 5376 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099178.WMF | size = 3600 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099179.WMF | size = 9152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099180.WMF | size = 3392 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099181.WMF | size = 1184 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099182.WMF | size = 3840 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099183.WMF | size = 4944 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099184.WMF | size = 4112 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099185.JPG | size = 3280 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099186.JPG | size = 16736 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099187.JPG | size = 24528 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099188.JPG | size = 9072 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099189.JPG | size = 8064 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099190.JPG | size = 43888 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099191.JPG | size = 62352 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099192.GIF | size = 17952 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099193.GIF | size = 35536 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099194.GIF | size = 25264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099195.GIF | size = 19920 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099196.GIF | size = 14336 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099197.GIF | size = 10896 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099198.GIF | size = 5248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099199.GIF | size = 33968 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099200.GIF | size = 16528 |
|
1 | |
|
For performance reasons, the remaining 4003 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (6)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe | show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe | show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe | show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe | show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe | show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe | show_window = SW_HIDE |
|
1 |
Module (87)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x74ea0000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x74ea0000 |
|
2 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x74ea0000 |
|
1 | |
| Load | kernel32 | base_address = 0x75e90000 |
|
1 | |
| Load | api-ms-win-core-sysinfo-l1-2-1 | base_address = 0x74ea0000 |
|
1 | |
| Load | api-ms-win-appmodel-runtime-l1-1-2 | base_address = 0x75ba0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\jsworm.exe | base_address = 0x1320000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\jsworm.exe, file_name_orig = C:\Users\FD1HVy\Desktop\jsworm.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = InitializeCriticalSectionEx, address_out = 0x74f97060 |
|
2 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = FlsAlloc, address_out = 0x74f9bea0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = FlsSetValue, address_out = 0x74f92550 |
|
2 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = FlsGetValue, address_out = 0x74f870c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = LCMapStringEx, address_out = 0x74f7ed00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = AreFileApisANSI, address_out = 0x75ea4280 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x75ea4ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x75ea4b00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x75ea4b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x75ea4b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x75efebc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitOnceExecuteOnce, address_out = 0x74f95550 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventExW, address_out = 0x75efeb20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreW, address_out = 0x75efeb90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x75efeb80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x75ea6d30 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x77bfd7c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x77bfb840 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x77bfb740 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x75ea6d70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolWait, address_out = 0x77bfc0b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x77bfbe10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77c22b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x77c18e50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x77c152f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x75ea4510 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentPackageId, address_out = 0x74f9e260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount64, address_out = 0x75ea0db0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileInformationByHandleEx, address_out = 0x75ea43d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileInformationByHandle, address_out = 0x75eff110 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTimePreciseAsFileTime, address_out = 0x75eff1e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeConditionVariable, address_out = 0x77c13a00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WakeConditionVariable, address_out = 0x77c88c50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WakeAllConditionVariable, address_out = 0x77c18a90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SleepConditionVariableCS, address_out = 0x7500fca0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeSRWLock, address_out = 0x77c13a00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = AcquireSRWLockExclusive, address_out = 0x77bf58e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TryAcquireSRWLockExclusive, address_out = 0x77c72ce0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseSRWLockExclusive, address_out = 0x77bf83a0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SleepConditionVariableSRW, address_out = 0x7500fcf0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWork, address_out = 0x75ea6db0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SubmitThreadpoolWork, address_out = 0x77bfeb00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWork, address_out = 0x77bfed50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringEx, address_out = 0x75ea7050 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x75ea7190 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringEx, address_out = 0x75ea7480 |
|
1 | |
| Get Address | c:\windows\syswow64\kernelbase.dll | function = GetSystemTimePreciseAsFileTime, address_out = 0x74f6b830 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel.appcore.dll | function = AppPolicyGetThreadInitializationType, address_out = 0x75ba3210 |
|
1 |
System (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Get Time | type = System Time |
|
3 |
Mutex (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = kto_prochtet_tot_sdohnet =) |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #3: cmd.exe
63
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "zapiska" /d "C:\ProgramData\JSWRM-DECRYPT.txt" -y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:47, Reason: Child Process |
| Unmonitor | End Time: 00:00:52, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3fc |
| Parent PID | 0xb08 (c:\users\fd1hvy\desktop\jsworm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
490
0x
CFC
|
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\reg.exe | os_pid = 0xd60, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xdf0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #5: cmd.exe
63
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "zapiska" /d "C:\ProgramData\JSWRM-DECRYPT.txt" -y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:49, Reason: Child Process |
| Unmonitor | End Time: 00:00:54, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd04 |
| Parent PID | 0xb08 (c:\users\fd1hvy\desktop\jsworm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CE8
0x
2AC
|
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 248, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\reg.exe | os_pid = 0xeec, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xdf0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #7: reg.exe
34
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "zapiska" /d "C:\ProgramData\JSWRM-DECRYPT.txt" -y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:50, Reason: Child Process |
| Unmonitor | End Time: 00:00:51, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd60 |
| Parent PID | 0x3fc (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D10
0x
B84
|
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Registry (1)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0xa40000 |
|
1 |
Process #8: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c taskkill.exe taskkill /f /im store.exe |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:50, Reason: Child Process |
| Unmonitor | End Time: 00:01:03, Reason: Self Terminated |
| Monitor Duration | 00:00:13 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9b0 |
| Parent PID | 0xb08 (c:\users\fd1hvy\desktop\jsworm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
344
0x
AF0
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 197, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0x42c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xdf0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #10: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c taskkill.exe taskkill /f /im sqlserver.exe |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:52, Reason: Child Process |
| Unmonitor | End Time: 00:01:03, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4b0 |
| Parent PID | 0xb08 (c:\users\fd1hvy\desktop\jsworm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FA4
0x
F9C
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 160, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0x540, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xdf0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #11: reg.exe
34
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "zapiska" /d "C:\ProgramData\JSWRM-DECRYPT.txt" -y |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:52, Reason: Child Process |
| Unmonitor | End Time: 00:00:53, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xeec |
| Parent PID | 0xd04 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F78
0x
784
|
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Registry (1)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0xa40000 |
|
1 |
Process #13: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe taskkill /f /im store.exe |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:01, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x42c |
| Parent PID | 0x9b0 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F64
0x
8E8
0x
200
|
Process #14: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c taskkill.exe taskkill /f /im dns.exe |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:04, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcb8 |
| Parent PID | 0xb08 (c:\users\fd1hvy\desktop\jsworm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E64
0x
504
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 197, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0x770, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xdf0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #16: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe taskkill /f /im sqlserver.exe |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:54, Reason: Child Process |
| Unmonitor | End Time: 00:01:02, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x540 |
| Parent PID | 0x4b0 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DC4
0x
2D0
|
Process #17: cmd.exe
64
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c taskkill.exe taskkill /f /im sqlwriter.exe |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:07, Reason: Self Terminated |
| Monitor Duration | 00:00:12 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb84 |
| Parent PID | 0xb08 (c:\users\fd1hvy\desktop\jsworm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D60
0x
EC4
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | taskkill.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 56, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\taskkill.exe | os_pid = 0xf58, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0xdf0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #19: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe taskkill /f /im dns.exe |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:03, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x770 |
| Parent PID | 0xcb8 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3FC
0x
CE0
|
Process #20: taskkill.exe
0
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\syswow64\taskkill.exe |
| Command Line | taskkill.exe taskkill /f /im sqlwriter.exe |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:01:06, Reason: Self Terminated |
| Monitor Duration | 00:00:09 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf58 |
| Parent PID | 0xb84 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E38
0x
FC4
|
