zzzavxu.exe
Windows Exe (x86-64)
Created at 2019-04-24T06:38:00
Remarks (2/3)
(0x200000e): The overall sleep time of all monitored processes was truncated from "29 minutes, 35 seconds" to "6 minutes, 10 seconds" to reveal dormant functionality.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: zzzavxu.exe
43214
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zzzavxu.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:38, Reason: Analysis Target |
| Unmonitor | End Time: 00:03:10, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa34 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A38
0x
A4C
0x
A50
0x
A54
0x
A5C
0x
A60
0x
A78
0x
B48
0x
B88
0x
B8C
0x
B90
0x
B94
0x
B98
0x
B9C
0x
BA0
0x
BBC
0x
BC0
0x
BC4
0x
BC8
0x
BCC
0x
BDC
0x
BE0
0x
BE4
0x
BE8
0x
BEC
0x
BF0
0x
BF4
0x
BF8
0x
BFC
0x
56C
0x
570
0x
804
0x
808
0x
244
0x
80C
0x
814
0x
114
0x
3A0
0x
4F0
0x
6A8
0x
2C8
0x
128
0x
6B4
0x
81C
0x
694
0x
888
0x
64
0x
880
0x
858
0x
580
0x
110
0x
8BC
0x
89C
0x
898
0x
894
0x
890
0x
8DC
0x
8E4
0x
8E8
0x
8E0
0x
8D8
0x
8D4
0x
8D0
0x
8CC
0x
8C8
0x
8C4
0x
8C0
0x
8EC
0x
8F8
0x
664
0x
3D0
0x
790
0x
714
0x
7C0
0x
2A8
0x
738
0x
360
0x
8B8
0x
900
0x
8B4
0x
904
0x
6BC
0x
5F0
0x
59C
0x
6E4
0x
440
0x
660
0x
32C
0x
184
0x
240
0x
11C
0x
494
0x
178
0x
348
0x
590
0x
53C
0x
7A8
0x
734
0x
7B8
0x
5B8
0x
69C
0x
7B0
0x
288
0x
6EC
0x
C0
0x
7D8
0x
604
0x
88C
0x
7B4
0x
798
0x
7A0
0x
8A8
0x
8AC
0x
8B0
0x
8A4
0x
7D4
0x
7A4
0x
7C8
0x
8A0
0x
87C
0x
878
0x
874
0x
870
0x
86C
0x
868
0x
864
0x
860
0x
85C
0x
854
0x
850
0x
84C
0x
848
0x
844
0x
840
0x
83C
0x
838
0x
834
0x
830
0x
82C
0x
828
0x
824
0x
820
0x
910
0x
330
0x
33C
0x
B0
0x
9CC
0x
9D4
0x
9E8
0x
9E4
0x
9D8
0x
9C8
0x
9EC
0x
9BC
0x
A0C
0x
9B0
0x
9A0
0x
A10
0x
8FC
0x
908
0x
A3C
0x
A40
0x
914
0x
5CC
0x
A08
0x
A44
0x
A04
0x
9F8
0x
9FC
0x
A00
0x
9F4
0x
9F0
0x
A2C
0x
A48
0x
A28
0x
A1C
0x
A20
0x
A24
0x
A18
0x
A14
0x
A54
0x
A74
0x
A78
0x
A8C
0x
AA4
0x
A9C
0x
A84
0x
A94
0x
AA0
0x
A80
0x
A88
0x
3A4
0x
AB4
0x
984
0x
3C4
0x
3B8
0x
4A0
0x
9DC
0x
63C
0x
3A8
0x
ABC
0x
AC0
0x
AD4
0x
AE8
0x
AAC
0x
AEC
0x
AE4
0x
994
0x
458
0x
464
0x
44C
0x
5E8
0x
B40
0x
AE0
0x
B4C
0x
B54
0x
B74
0x
B80
0x
B7C
0x
B70
0x
B78
0x
B84
0x
79C
0x
980
0x
4B0
0x
4C4
0x
4E0
0x
500
0x
4FC
0x
524
0x
770
0x
778
0x
784
0x
77C
0x
7F4
0x
B6C
0x
BA0
0x
BB0
0x
BD8
0x
BD0
0x
BA8
0x
BB4
0x
9C4
0x
B08
0x
B18
0x
AFC
0x
B04
0x
B14
0x
9B4
0x
B10
0x
B0C
0x
B00
0x
3A8
0x
AB0
0x
3AC
0x
A68
0x
A7C
0x
730
0x
750
0x
B60
0x
B64
0x
B50
0x
380
0x
B44
0x
BD4
0x
BA4
0x
BAC
0x
B5C
0x
37C
0x
AA8
0x
3B4
0x
A30
0x
C04
0x
C08
0x
C0C
0x
C10
0x
C14
0x
C18
0x
C1C
0x
C20
0x
C24
0x
C28
0x
C2C
0x
C30
0x
C34
0x
C38
0x
C3C
0x
C40
0x
C44
0x
C48
0x
C4C
0x
C50
0x
C54
0x
C58
0x
C5C
0x
C60
0x
C64
0x
C68
0x
C6C
0x
C70
0x
C74
0x
C78
0x
C7C
0x
C80
0x
C84
0x
C88
0x
C8C
0x
C90
0x
C94
0x
C98
0x
C9C
0x
CA0
0x
CA4
0x
CA8
0x
CAC
0x
CB0
0x
CB4
0x
CB8
0x
CBC
0x
CC0
0x
CC4
0x
CC8
0x
CCC
0x
CD0
0x
CD4
0x
CD8
0x
CDC
0x
CE0
0x
CE4
0x
CE8
0x
CEC
0x
CF0
0x
CF4
0x
CF8
0x
CFC
0x
D00
0x
D04
0x
D08
0x
D0C
0x
D10
0x
D14
0x
D18
0x
D1C
0x
D20
0x
D24
0x
D28
0x
D2C
0x
D30
0x
D34
0x
D38
0x
D3C
0x
D40
0x
D44
0x
D48
0x
D4C
0x
D50
0x
D54
0x
D58
0x
D5C
0x
D60
0x
D64
0x
D68
0x
D6C
0x
D70
0x
D74
0x
D78
0x
D7C
0x
D80
0x
D84
0x
D88
0x
D8C
0x
D90
0x
D94
0x
D98
0x
D9C
0x
DA0
0x
DA4
0x
DA8
0x
DAC
0x
DB0
0x
DB4
0x
DB8
0x
DBC
0x
DC0
0x
DC4
0x
DC8
0x
DCC
0x
DD0
0x
DD4
0x
DD8
0x
DDC
0x
DE0
0x
DE4
0x
DE8
0x
DEC
0x
DF0
0x
DF4
0x
DF8
0x
DFC
0x
E00
0x
E04
0x
E08
0x
E0C
0x
E10
0x
E14
0x
E18
0x
E1C
0x
E20
0x
E24
0x
E28
0x
E2C
0x
E30
0x
E34
0x
E38
0x
E3C
0x
E40
0x
E44
0x
E48
0x
E4C
0x
E50
0x
E54
0x
E58
0x
E5C
0x
E60
0x
E64
0x
E68
0x
E6C
0x
E70
0x
E74
0x
E78
0x
E7C
0x
E80
0x
E84
0x
E88
0x
E8C
0x
E90
0x
E94
0x
E98
0x
E9C
0x
EA0
0x
EA4
0x
EA8
0x
EAC
0x
EB0
0x
EB4
0x
EB8
0x
EBC
0x
EC0
0x
EC4
0x
EC8
0x
ECC
0x
ED0
0x
ED4
0x
ED8
0x
EDC
0x
EE0
0x
EE4
0x
EE8
0x
EEC
0x
EF0
0x
EF4
0x
EF8
0x
EFC
0x
F00
0x
1170
0x
1174
0x
1178
0x
117C
0x
1180
0x
1184
0x
1188
0x
118C
0x
1190
0x
1194
0x
1198
0x
119C
0x
11A0
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11B8
0x
11D0
0x
1284
0x
1438
0x
143C
0x
1440
0x
1444
0x
1448
0x
144C
0x
1450
0x
1454
0x
1458
0x
145C
0x
1460
0x
1464
0x
1468
0x
146C
0x
1470
0x
1474
0x
1478
0x
147C
0x
1480
0x
1484
0x
1488
0x
148C
0x
1490
0x
1494
0x
1498
0x
149C
0x
14A0
0x
14A4
0x
14A8
0x
14E8
0x
14EC
0x
14F0
0x
14F4
0x
14F8
0x
14FC
0x
1500
0x
1504
0x
1508
0x
150C
0x
1510
0x
1514
0x
1518
0x
151C
0x
1520
0x
1524
0x
1528
0x
152C
0x
1530
0x
1534
0x
1538
0x
153C
0x
1540
0x
1544
0x
1548
0x
154C
0x
1550
0x
1554
0x
1558
0x
155C
0x
1560
0x
1564
0x
1568
0x
156C
0x
15A8
0x
15AC
0x
15B0
0x
15B4
0x
15B8
0x
15BC
0x
15C0
0x
15C4
0x
15C8
0x
15CC
0x
15D0
0x
15D4
0x
15D8
0x
15DC
0x
15E0
0x
15E4
0x
15E8
0x
15EC
0x
15F0
0x
15F4
0x
15F8
0x
15FC
0x
1600
0x
1604
0x
1608
0x
160C
0x
1610
0x
1614
0x
1618
0x
161C
0x
1620
0x
1624
0x
1628
0x
162C
0x
1678
0x
167C
0x
1680
0x
1684
0x
1688
0x
168C
0x
1690
0x
1888
0x
1A20
0x
1A24
0x
1A28
0x
1A2C
0x
1A30
0x
1A34
0x
1A38
0x
1A3C
0x
1A40
0x
1A44
0x
1A48
0x
1A4C
0x
1A50
0x
1A54
0x
1A58
0x
1A5C
0x
1A60
0x
1A64
0x
1A68
0x
1A6C
0x
1A70
0x
1A74
0x
1A78
0x
1A7C
0x
1A80
0x
1A84
0x
1A88
0x
1A8C
0x
1A90
0x
1A94
0x
1B40
0x
1B44
0x
1B48
0x
1B4C
0x
1B50
0x
1B54
0x
1B58
0x
1B5C
0x
1B60
0x
1B64
0x
1B68
0x
1B6C
0x
1B70
0x
1B74
0x
1B78
0x
1B7C
0x
1B80
0x
1B84
0x
1B88
0x
1B8C
0x
1B90
0x
1B94
0x
1B98
0x
1B9C
0x
1BA0
0x
1BA4
0x
1BA8
0x
1148
0x
1670
0x
1294
0x
12D4
0x
1920
0x
188C
0x
1894
0x
1C04
0x
1C08
0x
1C0C
0x
1C10
0x
1C14
0x
1C18
0x
1C1C
0x
1C20
0x
1C24
0x
1C28
0x
1C2C
0x
1C30
0x
1C34
0x
1C38
0x
1C3C
0x
1C40
0x
1C44
0x
1C48
0x
1C4C
0x
1C50
0x
1C54
0x
1C58
0x
1C5C
0x
1C60
0x
1C64
0x
1C68
0x
1C6C
0x
1CD8
0x
1CDC
0x
1CE0
0x
1D34
0x
1D38
0x
1D3C
0x
1D40
0x
1D44
0x
1D48
0x
1D4C
0x
1D50
0x
1D54
0x
1D58
0x
1D5C
0x
1D7C
0x
1D98
0x
1D9C
0x
1DA0
0x
1DA4
0x
1DA8
0x
1DAC
0x
1DB0
0x
1DB4
0x
1DB8
0x
1DBC
0x
1DC0
0x
1DC4
0x
1DC8
0x
1DCC
0x
1DD0
0x
1DD4
0x
1DD8
0x
1DDC
0x
1DE0
0x
1DE4
0x
1DE8
0x
1DEC
0x
1DF0
0x
1DF4
0x
1DF8
0x
1DFC
0x
1E00
0x
1E04
0x
1E74
0x
1E78
0x
1E7C
0x
1E80
0x
1E84
0x
1E88
0x
1E8C
0x
1E90
0x
1E94
0x
1E98
0x
1E9C
0x
1EA0
0x
1EA4
0x
1EA8
0x
1EAC
0x
1EB0
0x
1EB4
0x
1EB8
0x
1EBC
0x
1EC0
0x
1EC4
0x
1EC8
0x
1ECC
0x
1ED0
0x
1ED4
0x
1ED8
0x
1EDC
0x
1EE0
0x
1EE4
0x
1EE8
0x
1EEC
0x
1EF0
0x
1EF4
0x
1EF8
0x
1FE8
0x
1FEC
0x
1FF0
0x
1FF4
0x
1FF8
0x
1FFC
0x
B68
0x
308
0x
418
0x
260
0x
1D78
0x
6C8
0x
2004
0x
2008
0x
200C
0x
2010
0x
2014
0x
2018
0x
201C
0x
2020
0x
2024
0x
2028
0x
202C
0x
2030
0x
2034
0x
2038
0x
203C
0x
2040
0x
2044
0x
20A4
0x
20A8
0x
20AC
0x
20B0
0x
20B4
0x
20B8
0x
20BC
0x
20C0
0x
20C4
0x
20C8
0x
20CC
0x
20D0
0x
20D4
0x
20D8
0x
20DC
0x
20E0
0x
20E4
0x
20E8
0x
20EC
0x
20F0
0x
20F4
0x
20F8
0x
20FC
0x
2100
0x
2104
0x
2108
0x
210C
0x
2180
0x
2184
0x
2188
0x
218C
0x
2190
0x
2194
0x
2198
0x
219C
0x
21A0
0x
21A4
0x
21A8
0x
21AC
0x
21B0
0x
21B4
0x
21B8
0x
21BC
0x
21C0
0x
21C4
0x
21C8
0x
21CC
0x
21D0
0x
21D4
0x
21D8
0x
21DC
0x
21E0
0x
21E4
0x
2250
0x
2254
0x
2258
0x
225C
0x
2260
0x
2264
0x
2268
0x
226C
0x
2270
0x
2274
0x
2278
0x
227C
0x
2280
0x
2284
0x
2288
0x
228C
0x
2290
0x
2294
0x
2298
0x
229C
0x
22A0
0x
22A4
0x
22A8
0x
22AC
0x
2328
0x
232C
0x
2330
0x
2334
0x
2338
0x
233C
0x
2340
0x
2344
0x
2348
0x
234C
0x
2350
0x
2354
0x
2358
0x
235C
0x
2360
0x
2364
0x
2368
0x
236C
0x
2370
0x
2374
0x
2378
0x
237C
0x
2380
0x
2384
0x
2388
0x
238C
0x
23E4
0x
23E8
0x
23EC
0x
23F0
0x
23F4
0x
23F8
0x
23FC
0x
488
0x
324
0x
410
0x
508
0x
31C
0x
130
0x
48C
0x
2404
0x
2408
0x
240C
0x
2410
0x
2414
0x
2418
0x
2430
0x
2434
0x
2438
0x
243C
0x
2440
0x
2444
0x
2448
0x
244C
0x
2450
0x
2454
0x
2458
0x
248C
0x
2490
0x
2494
0x
2498
0x
249C
0x
24A0
0x
24A4
0x
24A8
0x
24AC
0x
24B0
0x
24B4
0x
24B8
0x
24BC
0x
24F8
0x
24FC
0x
2500
0x
2504
0x
2508
0x
250C
0x
2510
0x
2514
0x
2518
0x
251C
0x
2520
0x
2524
0x
2528
0x
2564
0x
2568
0x
256C
0x
2570
0x
2574
0x
2578
0x
257C
0x
2580
0x
2584
0x
2588
0x
258C
0x
2590
0x
2594
0x
2598
0x
259C
0x
25A0
0x
25A4
0x
25A8
0x
25AC
0x
25B0
0x
25B4
0x
25B8
0x
2614
0x
2618
0x
261C
0x
2620
0x
2624
0x
2628
0x
262C
0x
2630
0x
2634
0x
2638
0x
263C
0x
2640
0x
2644
0x
2648
0x
264C
0x
2650
0x
2678
0x
26D8
0x
26DC
0x
26E0
0x
26E4
0x
26E8
0x
26EC
0x
26F0
0x
26F4
0x
26F8
0x
26FC
0x
2700
0x
2704
0x
2708
0x
270C
0x
2710
0x
2714
0x
2718
0x
271C
0x
2720
0x
2724
0x
277C
0x
2780
0x
2784
0x
2788
0x
278C
0x
2790
0x
2794
0x
2798
0x
279C
0x
27A0
0x
27A4
0x
27A8
0x
27AC
0x
27B0
0x
27B4
0x
27B8
0x
27BC
0x
27C0
0x
27C4
0x
27C8
0x
27CC
0x
27D0
0x
27D4
0x
27D8
0x
27DC
0x
2828
0x
282C
0x
2830
0x
2834
0x
2838
0x
283C
0x
2840
0x
2844
0x
2848
0x
284C
0x
2850
0x
2854
0x
2858
0x
285C
0x
2860
0x
2864
0x
2868
0x
286C
0x
2870
0x
2874
0x
28A0
0x
28A4
0x
28A8
0x
28AC
0x
28B0
0x
28B4
0x
28B8
0x
28BC
0x
28C0
0x
28C4
0x
28C8
0x
28CC
0x
28D0
0x
28D4
0x
28D8
0x
2908
0x
290C
0x
2910
0x
2914
0x
2918
0x
291C
0x
2920
0x
2924
0x
2928
0x
292C
0x
2930
0x
2934
0x
2938
0x
293C
0x
2940
0x
2944
0x
29C0
0x
29C4
0x
29C8
0x
29CC
0x
29D0
0x
29D4
0x
29D8
0x
29DC
0x
29E0
0x
29E4
0x
29E8
0x
29EC
0x
29F0
0x
29F4
0x
29F8
0x
29FC
0x
2A00
0x
2A04
0x
2A08
0x
2A0C
0x
2A10
0x
2A14
0x
2A18
0x
2A1C
0x
2A20
0x
2A24
0x
2A28
0x
2A84
0x
2A88
0x
2A8C
0x
2A90
0x
2A94
0x
2A98
0x
2A9C
0x
2AA0
0x
2AA4
0x
2AA8
0x
2AAC
0x
2AB0
0x
2AB4
0x
2AB8
0x
2ABC
0x
2AC0
0x
2AC4
0x
2AC8
0x
2ACC
0x
2AD0
0x
2AD4
0x
2AD8
0x
2ADC
0x
2AE0
0x
2B44
0x
2B48
0x
2B4C
0x
2B50
0x
2B54
0x
2B58
0x
2B5C
0x
2B60
0x
2B64
0x
2B68
0x
2B6C
0x
2B70
0x
2B74
0x
2B78
0x
2B7C
0x
2B80
0x
2B84
0x
2B88
0x
2B8C
0x
2B90
0x
2B94
0x
2B98
0x
2B9C
0x
2BA0
0x
2BA4
0x
2BA8
0x
2BE8
0x
2BEC
0x
2BF0
0x
2BF4
0x
2BFC
0x
2C08
0x
2C10
0x
2C18
0x
2C20
0x
2C28
0x
2C30
0x
2C38
0x
2C3C
0x
2C44
0x
2C4C
0x
2CA0
0x
2CA4
0x
2CA8
0x
2CAC
0x
2CB0
0x
2CB4
0x
2CB8
0x
2CBC
0x
2CC0
0x
2CC4
0x
2CC8
0x
2CCC
0x
2CD0
0x
2CD4
0x
2CD8
0x
2CDC
0x
2CE0
0x
2CE4
0x
2CE8
0x
2CEC
0x
2D20
0x
2D24
0x
2D28
0x
2D2C
0x
2D30
0x
2D34
0x
2D38
0x
2D3C
0x
2D40
0x
2D44
0x
2D48
0x
2D4C
0x
2D50
0x
2D54
0x
2D58
0x
2D5C
0x
2D60
0x
2D64
0x
2D68
0x
2DAC
0x
2DB0
0x
2DB4
0x
2DB8
0x
2DBC
0x
2DC0
0x
2DC4
0x
2DC8
0x
2DCC
0x
2DD0
0x
2DD4
0x
2DD8
0x
2DDC
0x
2DE0
0x
2DE4
0x
2DE8
0x
2DEC
0x
2E30
0x
2E34
0x
2E38
0x
2E3C
0x
2E40
0x
2E44
0x
2E48
0x
2E4C
0x
2E50
0x
2E54
0x
2E58
0x
2E5C
0x
2E60
0x
2E64
0x
2E68
0x
2E6C
0x
2E70
0x
2EB0
0x
2EB4
0x
2EB8
0x
2EBC
0x
2EC0
0x
2EC4
0x
2EC8
0x
2ECC
0x
2ED0
0x
2ED4
0x
2ED8
0x
2EDC
0x
2EE0
0x
2EE4
0x
2EE8
0x
2EEC
0x
2EF0
0x
2EF4
0x
2F3C
0x
2F40
0x
2F44
0x
2F74
0x
2F78
0x
2F7C
0x
2F80
0x
2F84
0x
2F88
0x
2F8C
0x
2F90
0x
2F94
0x
2F98
0x
2F9C
0x
2FA8
0x
2FAC
0x
2FB0
0x
2FB4
0x
2FB8
0x
2FBC
0x
2FC0
0x
2FC4
0x
2FD4
0x
2FD8
0x
2FDC
0x
2FE0
0x
2FE4
0x
2FE8
0x
2FEC
0x
2FF0
0x
2FF4
0x
2FF8
0x
2FFC
0x
648
0x
4EC
0x
2FA0
0x
5C4
0x
3004
0x
3008
0x
300C
0x
3018
0x
301C
0x
3020
0x
3024
0x
3028
0x
3030
0x
3034
0x
3038
0x
303C
0x
3040
0x
3044
0x
3048
0x
304C
0x
3050
0x
3054
0x
3058
0x
305C
0x
3060
0x
3064
0x
3068
0x
306C
0x
3070
0x
3074
0x
3078
0x
307C
0x
3080
0x
3090
0x
3094
0x
3098
0x
309C
0x
30A0
0x
30A4
0x
30A8
0x
30AC
0x
30B0
0x
30B4
0x
30B8
0x
30BC
0x
30CC
0x
30D0
0x
30D4
0x
30D8
0x
30DC
0x
30E0
0x
30E4
0x
30E8
0x
30EC
0x
30F0
0x
30F4
0x
30F8
0x
30FC
0x
3100
0x
3104
0x
3108
0x
310C
0x
3110
0x
3114
0x
3118
0x
311C
0x
3120
0x
3124
0x
3128
0x
312C
0x
3130
0x
3134
0x
3138
0x
313C
0x
3140
0x
3144
0x
3148
0x
314C
0x
3150
0x
3154
0x
3158
0x
315C
0x
31A0
0x
31A4
0x
31A8
0x
31AC
0x
31B0
0x
31B4
0x
31B8
0x
3290
0x
31C0
0x
68C
0x
348C
0x
3490
0x
3494
0x
3498
0x
349C
0x
34A0
0x
34A4
0x
34A8
0x
34AC
0x
34B0
0x
34B4
0x
34B8
0x
34BC
0x
34C0
0x
34C4
0x
34C8
0x
34CC
0x
34D0
0x
34D4
0x
34D8
0x
34DC
0x
34E0
0x
34E4
0x
34E8
0x
34EC
0x
34F0
0x
34F4
0x
34F8
0x
34FC
0x
3500
0x
3504
0x
3508
0x
350C
0x
3510
0x
3514
0x
3518
0x
351C
0x
3520
0x
3524
0x
3528
0x
352C
0x
3530
0x
3534
0x
3538
0x
353C
0x
3540
0x
3544
0x
3548
0x
354C
0x
3550
0x
3554
0x
3558
0x
355C
0x
3560
0x
3564
0x
3568
0x
356C
0x
3570
0x
3574
0x
3578
0x
357C
0x
3580
0x
3584
0x
3588
0x
358C
0x
3590
0x
3594
0x
3598
0x
359C
0x
35A0
0x
35A4
0x
35A8
0x
35AC
0x
35B0
0x
35B4
0x
35B8
0x
35BC
0x
35C0
0x
35C4
0x
35C8
0x
35CC
0x
35D0
0x
35D4
0x
35D8
0x
35DC
0x
35E0
0x
35E4
0x
35E8
0x
35EC
0x
35F0
0x
35F4
0x
35F8
0x
35FC
0x
3600
0x
3604
0x
3608
0x
360C
0x
3610
0x
3614
0x
3618
0x
361C
0x
3620
0x
3624
0x
3628
0x
362C
0x
3630
0x
3674
0x
3678
0x
367C
0x
3680
0x
3684
0x
36B8
0x
36BC
0x
36C0
0x
36C4
0x
36C8
0x
36CC
0x
36D0
0x
36D4
0x
36D8
0x
36DC
0x
36E0
0x
36E4
0x
3720
0x
3724
0x
3728
0x
372C
0x
3730
0x
3734
0x
3738
0x
373C
0x
3740
0x
3744
0x
3748
0x
374C
0x
3750
0x
3754
0x
3798
0x
379C
0x
37A0
0x
37A4
0x
37A8
0x
37AC
0x
37B0
0x
37B4
0x
37B8
0x
37BC
0x
37D4
0x
37D8
0x
37DC
0x
37E0
0x
37E4
0x
37F8
0x
37FC
0x
760
0x
8F0
0x
90C
0x
8F4
0x
1EC
0x
2EC
0x
548
0x
744
0x
9C0
0x
C8
0x
36A0
0x
764
0x
375C
0x
3804
0x
3808
0x
380C
0x
3810
0x
3814
0x
3818
0x
381C
0x
3820
0x
3824
0x
3828
0x
382C
0x
3830
0x
3834
0x
3838
0x
383C
0x
3840
0x
3844
0x
3848
0x
384C
0x
3854
0x
3858
0x
385C
0x
3860
0x
3864
0x
3868
0x
386C
0x
3870
0x
3874
0x
3878
0x
387C
0x
3880
0x
3884
0x
3888
0x
388C
0x
3890
0x
3894
0x
3898
0x
389C
0x
38A0
0x
38A4
0x
38A8
0x
38AC
0x
38B0
0x
38B4
0x
38B8
0x
38BC
0x
38C8
0x
38CC
0x
38D0
0x
38D4
0x
38D8
0x
38DC
0x
38E0
0x
38E4
0x
38E8
0x
3950
0x
3954
0x
3958
0x
395C
0x
3960
0x
3964
0x
3968
0x
396C
0x
3970
0x
3974
0x
3978
0x
397C
0x
3980
0x
3984
0x
3988
0x
398C
0x
3990
0x
3994
0x
3998
0x
399C
0x
39A0
0x
39A4
0x
39A8
0x
39AC
0x
39B0
0x
39B4
0x
39B8
0x
39BC
0x
39C0
0x
39C4
0x
39C8
0x
39CC
0x
39D0
0x
39D4
0x
39D8
0x
3A08
0x
3A0C
0x
3A10
0x
3A14
0x
3A18
0x
3A1C
0x
3A20
0x
3A24
0x
3A28
0x
3A2C
0x
3A30
0x
3A34
0x
3A38
0x
3AAC
0x
3AB0
0x
3AB4
0x
3AB8
0x
3ABC
0x
3AC0
0x
3AC4
0x
3AC8
0x
3ACC
0x
3AD0
0x
3AD4
0x
3AD8
0x
3ADC
0x
3AE0
0x
3AE4
0x
3AE8
0x
3AEC
0x
3AF0
0x
3AF4
0x
3AF8
0x
3AFC
0x
3B00
0x
3B04
0x
3B5C
0x
3B60
0x
3B64
0x
3B68
0x
3B6C
0x
3B70
0x
3B74
0x
3B78
0x
3B7C
0x
3B80
0x
3B84
0x
3B88
0x
3B8C
0x
3B90
0x
3B94
0x
3B98
0x
3B9C
0x
3BA0
0x
3BA4
0x
3BA8
0x
3BAC
0x
3BB0
0x
3BB4
0x
3BB8
0x
3BBC
0x
3BC0
0x
3BC4
0x
3BC8
0x
3BCC
0x
3BD0
0x
3BD4
0x
3BD8
0x
3BDC
0x
3BE0
0x
3BE4
0x
3BE8
0x
3C14
0x
3C18
0x
3C1C
0x
3C20
0x
3C24
0x
3C28
0x
3C2C
0x
3C30
0x
3C34
0x
3C38
0x
3C3C
0x
3C40
0x
3C44
0x
3C48
0x
3C4C
0x
3C50
0x
3C54
0x
3C58
0x
3C5C
0x
3C60
0x
3C64
0x
3C68
0x
3C6C
0x
3C70
0x
3C74
0x
3C78
0x
3C7C
0x
3D0C
0x
3D10
0x
3D14
0x
3D18
0x
3D1C
0x
3D20
0x
3D24
0x
3D28
0x
3D2C
0x
3D30
0x
3D34
0x
3D38
0x
3D3C
0x
3D40
0x
3D44
0x
3D48
0x
3D4C
0x
3D50
0x
3D54
0x
3D58
0x
3D5C
0x
3D60
0x
3D64
0x
3DD4
0x
3DD8
0x
3DDC
0x
3DE0
0x
3DE4
0x
3DE8
0x
3DEC
0x
3DF0
0x
3DF4
0x
3DF8
0x
3DFC
0x
3E00
0x
3E04
0x
3E08
0x
3E0C
0x
3E10
0x
3E14
0x
3E18
0x
3E1C
0x
3E20
0x
3E24
0x
3E28
0x
3E2C
0x
3E30
0x
3E48
0x
3E4C
0x
3E50
0x
3E54
0x
3E58
0x
3E5C
0x
3E60
0x
3E64
0x
3E68
0x
3E6C
0x
3E70
0x
3E74
0x
3E7C
0x
3E84
0x
3E8C
0x
3E94
0x
3E9C
0x
3EA4
0x
3EAC
0x
3EB4
0x
3EBC
0x
3EC4
0x
3ECC
0x
3ED4
0x
3EDC
0x
3F00
0x
3F04
0x
3F08
0x
3F0C
0x
3F10
0x
3F14
0x
3F18
0x
3F1C
0x
3F20
0x
3F24
0x
3F28
0x
3F2C
0x
3F30
0x
3F34
0x
3F38
0x
3F3C
0x
3F40
0x
3F44
0x
3F48
0x
3F4C
0x
3F50
0x
3F54
0x
3F58
0x
3F5C
0x
3F60
0x
3FD0
0x
3FD4
0x
3FD8
0x
3FDC
0x
3FE0
0x
3FE4
0x
3FE8
0x
3FEC
0x
3FF0
0x
3FF4
0x
3FF8
0x
3FFC
0x
3AA8
0x
3AA4
0x
3A04
0x
38C4
0x
38C0
0x
394C
0x
38EC
0x
3E30
0x
4004
0x
4008
0x
400C
0x
4010
0x
4014
0x
4018
0x
408C
0x
4090
0x
4094
0x
4098
0x
409C
0x
40A0
0x
40A4
0x
40A8
0x
40AC
0x
40B0
0x
40B4
0x
40B8
0x
40BC
0x
40C0
0x
40C4
0x
40C8
0x
40CC
0x
40D0
0x
40D4
0x
40D8
0x
40DC
0x
40E0
0x
40E4
0x
40E8
0x
40EC
0x
40F0
0x
40F4
0x
40F8
0x
416C
0x
4170
0x
4174
0x
4178
0x
417C
0x
4180
0x
4184
0x
4188
0x
418C
0x
4190
0x
4194
0x
4198
0x
419C
0x
41A0
0x
41A4
0x
41A8
0x
41AC
0x
41B0
0x
41B4
0x
41B8
0x
41BC
0x
41C0
0x
41C4
0x
41C8
0x
41CC
0x
41D0
0x
41D4
0x
41D8
0x
41DC
0x
41E0
0x
41E4
0x
41E8
0x
41EC
0x
4270
0x
4274
0x
4278
0x
427C
0x
4280
0x
4284
0x
4288
0x
428C
0x
4290
0x
4294
0x
4298
0x
429C
0x
42A0
0x
42A4
0x
42A8
0x
42AC
0x
42B0
0x
42B4
0x
42B8
0x
42BC
0x
42C0
0x
42C4
0x
42C8
0x
42CC
0x
42D0
0x
42D4
0x
42D8
0x
42DC
0x
42E0
0x
4348
0x
434C
0x
4350
0x
4354
0x
4358
0x
435C
0x
4360
0x
4364
0x
4368
0x
436C
0x
4370
0x
4374
0x
4378
0x
437C
0x
4380
0x
4384
0x
4388
0x
438C
0x
4390
0x
4394
0x
4398
0x
439C
0x
43A0
0x
43A4
0x
43A8
0x
43AC
0x
43B0
0x
4424
0x
4428
0x
442C
0x
4430
0x
4434
0x
4438
0x
443C
0x
4440
0x
4444
0x
4448
0x
444C
0x
4450
0x
4454
0x
4458
0x
445C
0x
4460
0x
4464
0x
4468
0x
446C
0x
4470
0x
4474
0x
4478
0x
447C
0x
4480
0x
4484
0x
4488
0x
44F8
0x
44FC
0x
4500
0x
4504
0x
4508
0x
450C
0x
4510
0x
4514
0x
4518
0x
451C
0x
4520
0x
4524
0x
4528
0x
452C
0x
4530
0x
4534
0x
4538
0x
453C
0x
4540
0x
4544
0x
4548
0x
454C
0x
4550
0x
4554
0x
4558
0x
455C
0x
4560
0x
4574
0x
4578
0x
457C
0x
4580
0x
4584
0x
4588
0x
458C
0x
4590
0x
4594
0x
4598
0x
459C
0x
45A0
0x
45A4
0x
45A8
0x
45AC
0x
45B0
0x
45B4
0x
45B8
0x
45BC
0x
45C0
0x
45C4
0x
45C8
0x
45CC
0x
45D0
0x
45D4
0x
45D8
0x
45DC
0x
45E0
0x
45E4
0x
45E8
0x
4658
0x
465C
0x
4660
0x
4664
0x
4668
0x
466C
0x
4670
0x
4674
0x
4678
0x
467C
0x
4680
0x
4684
0x
4688
0x
468C
0x
4690
0x
46E8
0x
46EC
0x
4758
0x
475C
0x
4760
0x
4764
0x
4768
0x
476C
0x
4770
0x
4774
0x
4778
0x
477C
0x
47EC
0x
47F0
0x
47F4
0x
47F8
0x
47FC
0x
6B0
0x
44F4
0x
6B8
0x
44F0
0x
441C
0x
3EFC
0x
3EF8
0x
4268
0x
5D0
0x
4868
0x
486C
0x
4870
0x
4874
0x
4878
0x
487C
0x
4880
0x
4884
0x
4888
0x
488C
0x
4890
0x
4894
0x
4898
0x
4900
0x
4904
0x
4908
0x
490C
0x
4910
0x
4914
0x
4918
0x
491C
0x
4920
0x
4924
0x
4928
0x
492C
0x
4930
0x
4934
0x
4938
0x
493C
0x
4940
0x
4944
0x
4948
0x
4958
0x
495C
0x
4960
0x
4964
0x
4968
0x
496C
0x
4970
0x
4974
0x
4978
0x
497C
0x
4980
0x
4984
0x
4988
0x
498C
0x
4990
0x
4994
0x
49CC
0x
49D0
0x
49D4
0x
49D8
0x
49DC
0x
49E0
0x
4A90
0x
4A94
0x
4A98
0x
4A9C
0x
4AA0
0x
4AA4
0x
4AA8
0x
4AAC
0x
4AB0
0x
4AB4
0x
4AB8
0x
4ABC
0x
4AC0
0x
4B04
0x
4B08
0x
4B0C
0x
4B10
0x
4B14
0x
4B18
0x
4B1C
0x
4B20
0x
4B24
0x
4B28
0x
4B2C
0x
4B30
0x
4B34
0x
4B38
0x
4B3C
0x
4B40
0x
4B44
0x
4B48
0x
4B4C
0x
4B50
0x
4B54
0x
4B58
0x
4B5C
0x
4B60
0x
4B64
0x
4B80
0x
4B84
0x
4B88
0x
4B8C
0x
4B90
0x
4B94
0x
4B98
0x
4B9C
0x
4BA0
0x
4BA4
0x
4BA8
0x
4BAC
0x
4BB0
0x
4BB4
0x
4BB8
0x
4BBC
0x
4BC0
0x
4BC4
0x
4BC8
0x
4BCC
0x
4BD0
0x
4BD4
0x
4BD8
0x
4BDC
0x
4BE0
0x
4BE4
0x
4BE8
0x
4BEC
0x
4BF0
0x
4BF4
0x
4BF8
0x
4BFC
0x
38C
0x
4C04
0x
4C08
0x
4C0C
0x
4C10
0x
4C14
0x
4C18
0x
4C1C
0x
4C24
0x
4C28
0x
4C2C
0x
4C30
0x
4C34
0x
4C38
0x
4C3C
0x
4C40
0x
4C44
0x
4C48
0x
4C4C
0x
4C50
0x
4C54
0x
4C58
0x
4C5C
0x
4C60
0x
4C64
0x
4CCC
0x
4CD0
0x
4CD4
0x
4CD8
0x
4CDC
0x
4CE0
0x
4CE4
0x
4CE8
0x
4CEC
0x
4CF0
0x
4CF4
0x
4CF8
0x
4CFC
0x
4D00
0x
4D04
0x
4D08
0x
4D0C
0x
4D10
0x
4D14
0x
4D18
0x
4D1C
0x
4D20
0x
4D24
0x
4D28
0x
4D2C
0x
4D30
0x
4D34
0x
4D38
0x
4D3C
0x
4D84
0x
4D88
0x
4D8C
0x
4D90
0x
4D94
0x
4D98
0x
4D9C
0x
4DA0
0x
4DA4
0x
4DA8
0x
4DAC
0x
4DB0
0x
4DB4
0x
4DB8
0x
4DBC
0x
4DC0
0x
4DC4
0x
4DC8
0x
4DCC
0x
4DD0
0x
4DD4
0x
4DD8
0x
4DDC
0x
4DE0
0x
4DE4
0x
4DE8
0x
4DEC
0x
4DF0
0x
4E4C
0x
4E50
0x
4E54
0x
4E58
0x
4E5C
0x
4E60
0x
4E64
0x
4E68
0x
4E6C
0x
4E70
0x
4E74
0x
4E78
0x
4E7C
0x
4E80
0x
4E84
0x
4E88
0x
4E8C
0x
4E90
0x
4E94
0x
4E98
0x
4E9C
0x
4EA0
0x
4EA4
0x
4EA8
0x
4EAC
0x
4EB0
0x
4EB4
0x
4EB8
0x
4EBC
0x
4EC0
0x
4EC4
0x
4EC8
0x
4F14
0x
4F18
0x
4F1C
0x
4F20
0x
4F94
0x
4F98
0x
4F9C
0x
4FA0
0x
4FA4
0x
4FA8
0x
4FAC
0x
4FB0
0x
4FB4
0x
4FB8
0x
4FBC
0x
4FC0
0x
4FC4
0x
4FC8
0x
4FCC
0x
4FD0
0x
4FD4
0x
4FD8
0x
4FDC
0x
4FE0
0x
4FE4
0x
4FE8
0x
4FEC
0x
4FF0
0x
4FF4
0x
4FF8
0x
4FFC
0x
5070
0x
5074
0x
5078
0x
507C
0x
5080
0x
5084
0x
5088
0x
508C
0x
5090
0x
5094
0x
5098
0x
509C
0x
50A0
0x
50A4
0x
50A8
0x
50AC
0x
50B0
0x
50B4
0x
50B8
0x
50BC
0x
50C0
0x
50C4
0x
50C8
0x
50CC
0x
50D0
0x
50D4
0x
50D8
0x
50DC
0x
50E0
0x
50E4
0x
5158
0x
515C
0x
5160
0x
5164
0x
5168
0x
516C
0x
5170
0x
5174
0x
5178
0x
517C
0x
5180
0x
5184
0x
5188
0x
518C
0x
5190
0x
5194
0x
5198
0x
519C
0x
51A0
0x
51A4
0x
51A8
0x
51AC
0x
51B0
0x
51B4
0x
51B8
0x
51BC
0x
51C0
0x
51C4
0x
522C
0x
5230
0x
5234
0x
5238
0x
523C
0x
5240
0x
5244
0x
5248
0x
524C
0x
5250
0x
5254
0x
5258
0x
525C
0x
5260
0x
5264
0x
5268
0x
526C
0x
5270
0x
5274
0x
5278
0x
527C
0x
5280
0x
5284
0x
5288
0x
528C
0x
5290
0x
5294
0x
5304
0x
5308
0x
530C
0x
5310
0x
5314
0x
5318
0x
531C
0x
5320
0x
5324
0x
5328
0x
532C
0x
5330
0x
5334
0x
5338
0x
533C
0x
5340
0x
5344
0x
5348
0x
534C
0x
5350
0x
5354
0x
5358
0x
535C
0x
5360
0x
5364
0x
5368
0x
536C
0x
5370
0x
5374
0x
53E0
0x
53E4
0x
53E8
0x
53EC
0x
53F0
0x
53F4
0x
53F8
0x
53FC
0x
5404
0x
5408
0x
540C
0x
5410
0x
5414
0x
5418
0x
541C
0x
5420
0x
5424
0x
5428
0x
542C
0x
5430
0x
5434
0x
5438
0x
543C
0x
5440
0x
5444
0x
5448
0x
544C
0x
5450
0x
5454
0x
54C0
0x
54C4
0x
54C8
0x
54CC
0x
54D0
0x
54D4
0x
54D8
0x
54DC
0x
54E0
0x
54E4
0x
54E8
0x
54EC
0x
54F0
0x
54F4
0x
54F8
0x
54FC
0x
5500
0x
5504
0x
5508
0x
550C
0x
5510
0x
5514
0x
5518
0x
551C
0x
5520
0x
5524
0x
5528
0x
5590
0x
5594
0x
5598
0x
559C
0x
55A0
0x
55A4
0x
55A8
0x
55AC
0x
55B0
0x
55B4
0x
55B8
0x
55BC
0x
55C0
0x
55C4
0x
55C8
0x
55CC
0x
55D0
0x
55D4
0x
55D8
0x
55DC
0x
55E0
0x
55E4
0x
55E8
0x
55EC
0x
55F0
0x
55F4
0x
565C
0x
5660
0x
5664
0x
5668
0x
566C
0x
5670
0x
5674
0x
5678
0x
567C
0x
5680
0x
5684
0x
5688
0x
568C
0x
5690
0x
5694
0x
5698
0x
569C
0x
56A0
0x
576C
0x
5770
0x
5774
0x
5778
0x
577C
0x
5780
0x
5784
0x
5788
0x
578C
0x
5790
0x
5794
0x
5798
0x
579C
0x
57A0
0x
57A4
0x
57A8
0x
57AC
0x
57B0
0x
57B4
0x
57B8
0x
57BC
0x
57C0
0x
57C4
0x
57C8
0x
57CC
0x
57D0
0x
5858
0x
585C
0x
5860
0x
5864
0x
5868
0x
586C
0x
5870
0x
5874
0x
5878
0x
587C
0x
5880
0x
5884
0x
5888
0x
588C
0x
5890
0x
5894
0x
5898
0x
589C
0x
58A0
0x
58A4
0x
58A8
0x
58AC
0x
58B0
0x
58B4
0x
58B8
0x
58BC
0x
5948
0x
594C
0x
5950
0x
5954
0x
5958
0x
595C
0x
5960
0x
5964
0x
5968
0x
596C
0x
5970
0x
5974
0x
5978
0x
597C
0x
5980
0x
5984
0x
5988
0x
598C
0x
5990
0x
5994
0x
5998
0x
599C
0x
59A0
0x
59A4
0x
59A8
0x
59AC
0x
59B0
0x
5A34
0x
5A38
0x
5A3C
0x
5A40
0x
5AB4
0x
5AB8
0x
5ABC
0x
5AC0
0x
5AC4
0x
5AC8
0x
5ACC
0x
5AD0
0x
5AD4
0x
5AD8
0x
5ADC
0x
5AE0
0x
5B44
0x
5B48
0x
5B4C
0x
5B50
0x
5B54
0x
5B58
0x
5B5C
0x
5B60
0x
5B64
0x
5B68
0x
5B6C
0x
5B70
0x
5B74
0x
5B78
0x
5B7C
0x
5B80
0x
5BA0
0x
5BA4
0x
5BA8
0x
5BAC
0x
5BB0
0x
5BB4
0x
5BB8
0x
5BBC
0x
5BC0
0x
5BC4
0x
5BC8
0x
5BCC
0x
5C0C
0x
5C10
0x
5C14
0x
5C18
0x
5C1C
0x
5C20
0x
5C24
0x
5C28
0x
5C2C
0x
5C30
0x
5C34
0x
5C38
0x
5C3C
0x
5C40
0x
5C44
0x
5C48
0x
5C4C
0x
5C50
0x
5C54
0x
5C58
0x
5C5C
0x
5C60
0x
5C64
0x
5C68
0x
5C6C
0x
5CC8
0x
5CCC
0x
5CD0
0x
5CD4
0x
5CD8
0x
5CDC
0x
5CE0
0x
5CE4
0x
5CE8
0x
5CEC
0x
5DB4
0x
5DB8
0x
5DBC
0x
5DC0
0x
5DC4
0x
5DC8
0x
5DCC
0x
5DD0
0x
5DD4
0x
5DD8
0x
5DDC
0x
5DE0
0x
5DE4
0x
5DE8
0x
5DEC
0x
5DF0
0x
5DF4
0x
5DF8
0x
5DFC
0x
5E00
0x
5E04
0x
5E08
0x
5E0C
0x
5E10
0x
5E14
0x
5E18
0x
5E1C
0x
5E20
0x
5E24
0x
5E28
0x
5E2C
0x
5E30
0x
5E34
0x
5E38
0x
5E3C
0x
5E40
0x
5E44
0x
5E4C
0x
5E50
0x
5E54
0x
5E58
0x
5E5C
0x
5E60
0x
5E64
0x
5E68
0x
5E6C
0x
5E70
0x
5E74
0x
5E78
0x
5E7C
0x
5E80
0x
5E84
0x
5E88
0x
5E8C
0x
5E90
0x
5E94
0x
5E98
0x
5EE8
0x
5EEC
0x
5EF0
0x
5EF4
0x
5EF8
0x
5EFC
0x
5F00
0x
5F04
0x
5F08
0x
5F0C
0x
5F10
0x
5F14
0x
5F18
0x
5F1C
0x
5F20
0x
5F24
0x
5F28
0x
5F2C
0x
5F30
0x
5F88
0x
5F8C
0x
5F90
0x
5F94
0x
5F98
0x
5F9C
0x
5FA0
0x
5FA4
0x
5FA8
0x
5FAC
0x
5FB0
0x
57D4
0x
5B9C
0x
58C0
0x
6004
0x
6008
0x
600C
0x
6010
0x
6014
0x
6018
0x
601C
0x
6020
0x
6024
0x
6028
0x
602C
0x
6030
0x
6034
0x
6038
0x
603C
0x
6040
0x
6044
0x
6048
0x
604C
0x
6050
0x
6054
0x
6058
0x
605C
0x
6060
0x
6064
0x
6068
0x
60AC
0x
60B0
0x
60B4
0x
60B8
0x
60BC
0x
60C0
0x
60C4
0x
60C8
0x
60CC
0x
60D0
0x
60D4
0x
60D8
0x
60DC
0x
60E0
0x
60E4
0x
60E8
0x
60EC
0x
60F0
0x
60F4
0x
60F8
0x
60FC
0x
6100
0x
6104
0x
6108
0x
6148
0x
614C
0x
6150
0x
6154
0x
6158
0x
615C
0x
6160
0x
6164
0x
6168
0x
616C
0x
6170
0x
6174
0x
6178
0x
617C
0x
6180
0x
6184
0x
6188
0x
618C
0x
6190
0x
6194
0x
6198
0x
619C
0x
61A0
0x
61A4
0x
61A8
0x
61AC
0x
61B0
0x
61B4
0x
622C
0x
6230
0x
6234
0x
6238
0x
623C
0x
6240
0x
6244
0x
6248
0x
624C
0x
6250
0x
6254
0x
6258
0x
625C
0x
6260
0x
6264
0x
6268
0x
626C
0x
6270
0x
6274
0x
6278
0x
627C
0x
6280
0x
6284
0x
6288
0x
628C
0x
6290
0x
6294
0x
630C
0x
6310
0x
6314
0x
6318
0x
631C
0x
6320
0x
6324
0x
6328
0x
632C
0x
6330
0x
6334
0x
6338
0x
633C
0x
6340
0x
6344
0x
6348
0x
634C
0x
6350
0x
6354
0x
6358
0x
635C
0x
6360
0x
6364
0x
6368
0x
636C
0x
6370
0x
6374
0x
6378
0x
637C
0x
63F4
0x
63F8
0x
63FC
0x
5FB8
0x
5FB4
0x
5F34
0x
5B88
0x
5B84
0x
5D20
0x
5BD0
0x
61B4
0x
6404
0x
6408
0x
640C
0x
6410
0x
6414
0x
6418
0x
641C
0x
6420
0x
6424
0x
6428
0x
642C
0x
6430
0x
6434
0x
6438
0x
643C
0x
6440
0x
6444
0x
6448
0x
644C
0x
64B0
0x
64B4
0x
64B8
0x
64BC
0x
64C0
0x
64C4
0x
64C8
0x
64CC
0x
64D0
0x
64D4
0x
64D8
0x
64DC
0x
64E0
0x
64E4
0x
64E8
0x
64EC
0x
64F0
0x
64F4
0x
64F8
0x
64FC
0x
6500
0x
6504
0x
6508
0x
650C
0x
6510
0x
6514
0x
6518
0x
651C
0x
6520
0x
6524
0x
6594
0x
6598
0x
659C
0x
65A0
0x
65A4
0x
65A8
0x
65AC
0x
65B0
0x
65B4
0x
65B8
0x
65BC
0x
65C0
0x
65C4
0x
65C8
0x
65CC
0x
65D0
0x
65D4
0x
65D8
0x
65DC
0x
65E0
0x
65E4
0x
65E8
0x
65EC
0x
665C
0x
6660
0x
6664
0x
6668
0x
666C
0x
6670
0x
6674
0x
6678
0x
667C
0x
6680
0x
6684
0x
6688
0x
668C
0x
6690
0x
6694
0x
6698
0x
669C
0x
66A0
0x
66A4
0x
66A8
0x
66AC
0x
66B0
0x
66B4
0x
66B8
0x
66BC
0x
66C0
0x
66C4
0x
66C8
0x
6734
0x
6738
0x
673C
0x
6740
0x
6744
0x
6748
0x
674C
0x
6750
0x
6754
0x
6758
0x
675C
0x
6760
0x
6764
0x
6768
0x
676C
0x
6770
0x
6774
0x
6778
0x
677C
0x
6780
0x
6784
0x
6788
0x
678C
0x
6790
0x
6794
0x
6798
0x
679C
0x
67A0
0x
680C
0x
6810
0x
6814
0x
6818
0x
681C
0x
6820
0x
6824
0x
6828
0x
682C
0x
6830
0x
6834
0x
6838
0x
683C
0x
6840
0x
6844
0x
6848
0x
684C
0x
6850
0x
6854
0x
6858
0x
685C
0x
6860
0x
6864
0x
6868
0x
686C
0x
6870
0x
6874
0x
68E4
0x
68E8
0x
68EC
0x
68F0
0x
68F4
0x
68F8
0x
68FC
0x
6900
0x
6904
0x
6908
0x
690C
0x
6910
0x
6914
0x
6918
0x
691C
0x
6920
0x
6924
0x
6928
0x
692C
0x
6930
0x
6934
0x
6938
0x
693C
0x
6940
0x
6944
0x
69A4
0x
69A8
0x
69AC
0x
69B0
0x
69B4
0x
69B8
0x
69BC
0x
69C0
0x
69C4
0x
69C8
0x
69CC
0x
69D0
0x
69D4
0x
69D8
0x
69DC
0x
69E0
0x
69E4
0x
69E8
0x
69EC
0x
69F0
0x
69F4
0x
69F8
0x
69FC
0x
6A00
0x
6A04
0x
6A08
0x
6A0C
0x
6A10
0x
6A14
0x
6A9C
0x
6AA0
0x
6AA4
0x
6AA8
0x
6AAC
0x
6AB0
0x
6AB4
0x
6AB8
0x
6ABC
0x
6AC0
0x
6AC4
0x
6AC8
0x
6ACC
0x
6AD0
0x
6AD4
0x
6AD8
0x
6B28
0x
6B2C
0x
6B30
0x
6B34
0x
6B38
0x
6B3C
0x
6B40
0x
6B44
0x
6B48
0x
6B4C
0x
6B50
0x
6B54
0x
6B58
0x
6B5C
0x
6B60
0x
6B64
0x
6B68
0x
6B6C
0x
6B70
0x
6B74
0x
6B78
0x
6B7C
0x
6B80
0x
6B84
0x
6B88
0x
6B8C
0x
6B98
0x
6B9C
0x
6BA0
0x
6BA4
0x
4420
0x
65F0
0x
6C04
0x
6C08
0x
6C0C
0x
6C10
0x
6C14
0x
6C18
0x
6C1C
0x
6C20
0x
6C24
0x
6C28
0x
6C2C
0x
6C30
0x
6C34
0x
6C38
0x
6C3C
0x
6C40
0x
6C44
0x
6CB8
0x
6CBC
0x
6CC0
0x
6CC4
0x
6CC8
0x
6CCC
0x
6CD0
0x
6CD4
0x
6CD8
0x
6CDC
0x
6CE0
0x
6CE4
0x
6D58
0x
6D5C
0x
6D60
0x
6D64
0x
6D68
0x
6D6C
0x
6D70
0x
6D74
0x
6D78
0x
6D7C
0x
6D80
0x
6D84
0x
6D88
0x
6D8C
0x
6DF4
0x
6DF8
0x
6DFC
0x
6E00
0x
6E04
0x
6E08
0x
6E0C
0x
6E10
0x
6E14
0x
6E18
0x
6E1C
0x
6E20
0x
6E24
0x
6E44
0x
6E48
0x
6E4C
0x
6E50
0x
6E54
0x
6E58
0x
6E5C
0x
6E60
0x
6E64
0x
6E68
0x
6E6C
0x
6E70
0x
6E74
0x
6E78
0x
6E7C
0x
6E80
0x
6E84
0x
6E88
0x
6E8C
0x
6E90
0x
6ECC
0x
6ED0
0x
6ED4
0x
6ED8
0x
6EDC
0x
6EE0
0x
6EE4
0x
6EE8
0x
6EEC
0x
6EF0
0x
6EF4
0x
6EF8
0x
6EFC
0x
6F00
0x
6F04
0x
6F08
0x
6F44
0x
6F48
0x
6F4C
0x
6FFC
0x
7004
0x
7008
0x
700C
0x
7010
0x
7014
0x
7018
0x
701C
0x
7020
0x
7024
0x
7028
0x
702C
0x
7030
0x
7034
0x
7038
0x
703C
0x
7040
0x
7044
0x
7048
0x
704C
0x
7050
0x
7054
0x
7058
0x
705C
0x
7060
0x
7064
0x
7068
0x
706C
0x
7070
0x
7074
0x
7078
0x
707C
0x
7080
0x
7084
0x
7088
0x
708C
0x
7090
0x
7094
0x
7098
0x
709C
0x
70A0
0x
70A4
0x
70A8
0x
70AC
0x
70B0
0x
70B4
0x
70B8
0x
70BC
0x
70C0
0x
70C4
0x
70C8
0x
70CC
0x
70D0
0x
70D4
0x
70D8
0x
70DC
0x
70E0
0x
70E4
0x
70E8
0x
70EC
0x
70F0
0x
70F4
0x
70F8
0x
70FC
0x
7100
0x
7104
0x
7108
0x
710C
0x
7110
0x
7114
0x
7154
0x
7158
0x
715C
0x
7160
0x
7164
0x
7168
0x
716C
0x
7170
0x
7174
0x
7178
0x
717C
0x
7180
0x
7184
0x
7188
0x
718C
0x
71EC
0x
71F0
0x
71F4
0x
71F8
0x
71FC
0x
7200
0x
7204
0x
7208
0x
720C
0x
7210
0x
7214
0x
7218
0x
721C
0x
7220
0x
7224
0x
7228
0x
722C
0x
7230
0x
7234
0x
7238
0x
723C
0x
7240
0x
7244
0x
7248
0x
724C
0x
7250
0x
7254
0x
7258
0x
725C
0x
7260
0x
7264
0x
7268
0x
726C
0x
7270
0x
7274
0x
7278
0x
72E4
0x
72E8
0x
72EC
0x
72F0
0x
72F4
0x
72F8
0x
72FC
0x
7300
0x
7304
0x
7308
0x
730C
0x
7310
0x
7314
0x
7318
0x
731C
0x
7320
0x
7324
0x
7328
0x
732C
0x
7330
0x
7334
0x
7338
0x
733C
0x
7340
0x
7344
0x
7348
0x
734C
0x
7350
0x
7354
0x
7358
0x
735C
0x
7360
0x
7364
0x
7368
0x
736C
0x
7370
0x
73BC
0x
73C0
0x
73C4
0x
73C8
0x
73CC
0x
73D0
0x
73D4
0x
73D8
0x
73DC
0x
73E0
0x
73E4
0x
73E8
0x
73EC
0x
73F0
0x
73F4
0x
73F8
0x
73FC
0x
7404
0x
7408
0x
740C
0x
7410
0x
7414
0x
7418
0x
741C
0x
7420
0x
7424
0x
7428
0x
742C
0x
7430
0x
7434
0x
7488
0x
748C
0x
7490
0x
7494
0x
7498
0x
749C
0x
74A0
0x
74A4
0x
74A8
0x
74AC
0x
74B0
0x
74B4
0x
74B8
0x
74BC
0x
74C0
0x
74C4
0x
74C8
0x
74CC
0x
74D0
0x
74D4
0x
74D8
0x
74DC
0x
74E0
0x
74E4
0x
74E8
0x
74EC
0x
74F0
0x
74F4
0x
7564
0x
7568
0x
756C
0x
7570
0x
7574
0x
7578
0x
757C
0x
7580
0x
7584
0x
7588
0x
758C
0x
7590
0x
7594
0x
7598
0x
759C
0x
75A0
0x
75A4
0x
75A8
0x
75AC
0x
75B0
0x
75B4
0x
75B8
0x
75BC
0x
75C0
0x
75C4
0x
75C8
0x
75CC
0x
75D0
0x
75D4
0x
75D8
0x
75DC
0x
75E0
0x
75E4
0x
7650
0x
7654
0x
7658
0x
765C
0x
7660
0x
7664
0x
7668
0x
766C
0x
7670
0x
7674
0x
7678
0x
767C
0x
7680
0x
7684
0x
7688
0x
768C
0x
7690
0x
7694
0x
7698
0x
769C
0x
76A0
0x
76A4
0x
76A8
0x
76AC
0x
76B0
0x
76B4
0x
76B8
0x
76BC
0x
76C0
0x
76C4
0x
7734
0x
7738
0x
773C
0x
7740
0x
7744
0x
7748
0x
774C
0x
7750
0x
7754
0x
7758
0x
775C
0x
7760
0x
7764
0x
7768
0x
776C
0x
7770
0x
7774
0x
7778
0x
777C
0x
7780
0x
7784
0x
7788
0x
778C
0x
7790
0x
7794
0x
7798
0x
779C
0x
77A0
0x
7810
0x
7814
0x
7818
0x
781C
0x
7820
0x
7824
0x
7828
0x
782C
0x
7830
0x
7834
0x
7838
0x
783C
0x
7840
0x
7844
0x
7848
0x
784C
0x
7850
0x
7854
0x
7858
0x
785C
0x
7860
0x
7864
0x
7868
0x
786C
0x
7870
0x
7874
0x
7878
0x
78EC
0x
78F0
0x
78F4
0x
78F8
0x
78FC
0x
7900
0x
7904
0x
7908
0x
790C
0x
7910
0x
7914
0x
7918
0x
791C
0x
7920
0x
7924
0x
7928
0x
792C
0x
7930
0x
7934
0x
79F8
0x
79FC
0x
7A00
0x
7A04
0x
7A08
0x
7A0C
0x
7A10
0x
7A14
0x
7A18
0x
7A1C
0x
7A20
0x
7A24
0x
7A28
0x
7A2C
0x
7A30
0x
7A34
0x
7A38
0x
7A3C
0x
7A40
0x
7A44
0x
7A48
0x
7A4C
0x
7A50
0x
7A54
0x
7A58
0x
7A5C
0x
7A60
0x
7A8C
0x
7A90
0x
7A94
0x
7A98
0x
7A9C
0x
7AA0
0x
7AA4
0x
7AA8
0x
7AAC
0x
7AB0
0x
7AB4
0x
7AB8
0x
7ABC
0x
7AC0
0x
7AC4
0x
7AC8
0x
7ACC
0x
7AD0
0x
7AD4
0x
7AD8
0x
7ADC
0x
7B4C
0x
7B50
0x
7B54
0x
7B58
0x
7B5C
0x
7B60
0x
7B64
0x
7B68
0x
7B6C
0x
7B70
0x
7B74
0x
7B78
0x
7B7C
0x
7B80
0x
7B84
0x
7B88
0x
7B8C
0x
7B90
0x
7B94
0x
7B98
0x
7B9C
0x
7BA0
0x
7BA4
0x
7BA8
0x
7BAC
0x
7BB0
0x
7BB4
0x
7C28
0x
7C2C
0x
7C30
0x
7C34
0x
7C38
0x
7C3C
0x
7C40
0x
7C44
0x
7C48
0x
7C4C
0x
7C50
0x
7C54
0x
7C58
0x
7C5C
0x
7C60
0x
7C64
0x
7C68
0x
7C6C
0x
7C70
0x
7C74
0x
7C78
0x
7C7C
0x
7C80
0x
7C84
0x
7C88
0x
7C8C
0x
7C90
0x
7C94
0x
7C98
0x
7C9C
0x
7CA0
0x
7CA4
0x
7CA8
0x
7D0C
0x
7D10
0x
7D14
0x
7D18
0x
7D1C
0x
7D20
0x
7D24
0x
7D28
0x
7D2C
0x
7D30
0x
7D34
0x
7D38
0x
7D3C
0x
7D40
0x
7D44
0x
7D48
0x
7D4C
0x
7D50
0x
7D54
0x
7D58
0x
7D5C
0x
7D60
0x
7D64
0x
7D68
0x
7D6C
0x
7D70
0x
7D74
0x
7D78
0x
7D7C
0x
7D80
0x
7D84
0x
7D88
0x
7D8C
0x
7D90
0x
7E64
0x
7E68
0x
7E6C
0x
7E70
0x
7E74
0x
7E78
0x
7E7C
0x
7E80
0x
7E84
0x
7E88
0x
7E8C
0x
7E90
0x
7E94
0x
7E98
0x
7F10
0x
7F14
0x
7F18
0x
7F1C
0x
7F20
0x
7F24
0x
7F28
0x
7F2C
0x
7F30
0x
7F34
0x
7F38
0x
7F3C
0x
7F40
0x
7F44
0x
7F48
0x
7FBC
0x
7FC0
0x
7FC4
0x
7FC8
0x
7FCC
0x
7FD0
0x
7FD4
0x
7FD8
0x
7FDC
0x
7FE0
0x
7FE4
0x
7FE8
0x
7FEC
0x
7FF0
0x
7FF4
0x
7FF8
0x
7FFC
0x
7B48
0x
6878
0x
8060
0x
8064
0x
8068
0x
806C
0x
8070
0x
8074
0x
8078
0x
807C
0x
8080
0x
8084
0x
8088
0x
808C
0x
8090
0x
80D4
0x
80D8
0x
80DC
0x
80E0
0x
80E4
0x
80E8
0x
80EC
0x
80F0
0x
80F4
0x
80F8
0x
80FC
0x
8100
0x
8104
0x
8108
0x
810C
0x
8110
0x
8114
0x
8118
0x
8138
0x
813C
0x
8140
0x
8144
0x
8148
0x
814C
0x
8150
0x
8154
0x
8158
0x
815C
0x
8160
0x
8164
0x
8168
0x
819C
0x
8220
0x
8224
0x
8228
0x
822C
0x
8230
0x
8234
0x
8238
0x
828C
0x
8290
0x
8294
0x
8298
0x
829C
0x
82A0
0x
82A4
0x
82A8
0x
82AC
0x
82B0
0x
82B4
0x
82B8
0x
82BC
0x
82C0
0x
82C4
0x
82C8
0x
82CC
0x
82D0
0x
82D4
0x
82D8
0x
82DC
0x
82E0
0x
82E4
0x
82E8
0x
82EC
0x
82F0
0x
82F4
0x
8318
0x
831C
0x
8320
0x
8324
0x
8328
0x
832C
0x
8330
0x
8334
0x
8338
0x
833C
0x
8340
0x
8344
0x
8348
0x
834C
0x
8350
0x
8354
0x
8358
0x
835C
0x
8360
0x
8364
0x
8368
0x
836C
0x
8370
0x
8374
0x
8378
0x
837C
0x
8380
0x
8384
0x
8388
0x
838C
0x
8390
0x
8394
0x
8398
0x
839C
0x
83A0
0x
83A4
0x
83A8
0x
83AC
0x
83B0
0x
83B4
0x
83B8
0x
83BC
0x
83CC
0x
83D0
0x
83D4
0x
83D8
0x
83DC
0x
83E0
0x
83E4
0x
83E8
0x
83EC
0x
83F0
0x
83F4
0x
83F8
0x
83FC
0x
8438
0x
843C
0x
8440
0x
8444
0x
8448
0x
844C
0x
8450
0x
8454
0x
8458
0x
845C
0x
8460
0x
8464
0x
8468
0x
846C
0x
8470
0x
8474
0x
8478
0x
847C
0x
8480
0x
8484
0x
8488
0x
848C
0x
8490
0x
8494
0x
8498
0x
849C
0x
84A0
0x
84A4
0x
84A8
0x
84AC
0x
84B0
0x
84FC
0x
8500
0x
8504
0x
8508
0x
850C
0x
8510
0x
8514
0x
8518
0x
851C
0x
8520
0x
8524
0x
8528
0x
852C
0x
8530
0x
8534
0x
8538
0x
853C
0x
8540
0x
8544
0x
8548
0x
854C
0x
8550
0x
8554
0x
8558
0x
855C
0x
85B0
0x
85B4
0x
85B8
0x
85BC
0x
85C0
0x
85C4
0x
85C8
0x
85CC
0x
85D0
0x
85D4
0x
85D8
0x
85DC
0x
85E0
0x
85E4
0x
85E8
0x
85EC
0x
85F0
0x
85F4
0x
85F8
0x
85FC
0x
8600
0x
8604
0x
8608
0x
860C
0x
8610
0x
8614
0x
8618
0x
861C
0x
8658
0x
865C
0x
8660
0x
8664
0x
8668
0x
866C
0x
8670
0x
8674
0x
8678
0x
867C
0x
8680
0x
8684
0x
8688
0x
868C
0x
8690
0x
8694
0x
8698
0x
869C
0x
86A0
0x
86A4
0x
86A8
0x
86AC
0x
86B0
0x
86B4
0x
86B8
0x
86BC
0x
86C0
0x
86C4
0x
86C8
0x
872C
0x
8730
0x
8734
0x
8738
0x
873C
0x
8740
0x
8744
0x
8748
0x
874C
0x
8750
0x
8754
0x
8758
0x
875C
0x
8760
0x
8764
0x
8768
0x
876C
0x
8770
0x
8774
0x
8778
0x
877C
0x
8780
0x
8784
0x
8788
0x
878C
0x
8790
0x
8794
0x
8798
0x
879C
0x
87A0
0x
8804
0x
8808
0x
880C
0x
8810
0x
8814
0x
8818
0x
881C
0x
8820
0x
8824
0x
8828
0x
882C
0x
8830
0x
8834
0x
8838
0x
883C
0x
8840
0x
8844
0x
8848
0x
884C
0x
8850
0x
8854
0x
8858
0x
885C
0x
8860
0x
8864
0x
8868
0x
886C
0x
8870
0x
8874
0x
8878
0x
88F4
0x
88F8
0x
88FC
0x
8900
0x
8904
0x
8908
0x
890C
0x
8910
0x
8914
0x
8918
0x
891C
0x
8920
0x
8924
0x
8928
0x
892C
0x
8930
0x
8934
0x
8938
0x
893C
0x
8940
0x
8944
0x
8948
0x
894C
0x
8950
0x
8954
0x
8958
0x
895C
0x
8960
0x
8964
0x
8968
0x
896C
0x
8970
0x
8974
0x
8978
0x
89E8
0x
89EC
0x
89F0
0x
89F4
0x
89F8
0x
89FC
0x
8A00
0x
8A04
0x
8A08
0x
8A0C
0x
8A10
0x
8A14
0x
8A18
0x
8A1C
0x
8A20
0x
8A24
0x
8A28
0x
8A2C
0x
8A30
0x
8A34
0x
8A38
0x
8A3C
0x
8A40
0x
8A44
0x
8A48
0x
8A4C
0x
8A50
0x
8A54
0x
8A58
0x
8AD0
0x
8AD4
0x
8AD8
0x
8ADC
0x
8AE0
0x
8AE4
0x
8AE8
0x
8AEC
0x
8AF0
0x
8AF4
0x
8AF8
0x
8AFC
0x
8B00
0x
8B04
0x
8B08
0x
8B0C
0x
8B10
0x
8B14
0x
8B18
0x
8B1C
0x
8B20
0x
8B24
0x
8B28
0x
8B2C
0x
8B30
0x
8B34
0x
8B94
0x
8B98
0x
8B9C
0x
8BA0
0x
8BA4
0x
8BA8
0x
8BAC
0x
8BB0
0x
8BB4
0x
8BB8
0x
8BBC
0x
8BC0
0x
8BC4
0x
8BC8
0x
8BCC
0x
8BD0
0x
8BD4
0x
8BD8
0x
8BDC
0x
8BE0
0x
8BE4
0x
8BE8
0x
8BEC
0x
8BF0
0x
8C40
0x
8C44
0x
8C48
0x
8C4C
0x
8C50
0x
8C54
0x
8C58
0x
8C5C
0x
8C60
0x
8C64
0x
8C68
0x
8C6C
0x
8C70
0x
8C74
0x
8C78
0x
8C7C
0x
8C80
0x
8C84
0x
8C88
0x
8C8C
0x
8C90
0x
8C94
0x
8CEC
0x
8CF0
0x
8CF4
0x
8CF8
0x
8CFC
0x
8D00
0x
8D04
0x
8D08
0x
8D0C
0x
8D10
0x
8D14
0x
8D18
0x
8D1C
0x
8D20
0x
8D24
0x
8D28
0x
8D2C
0x
8D68
0x
8D6C
0x
8D70
0x
8D74
0x
8D78
0x
8D7C
0x
8D80
0x
8D84
0x
8D88
0x
8D8C
0x
8D90
0x
8D94
0x
8D98
0x
8D9C
0x
8DA0
0x
8DA4
0x
8DA8
0x
8DAC
0x
8DB0
0x
8DB4
0x
8DB8
0x
8DBC
0x
8DC0
0x
8DC4
0x
8DC8
0x
8DCC
0x
8DD0
0x
8DD4
0x
8DD8
0x
8DDC
0x
8DE0
0x
8DE4
0x
8DE8
0x
8DEC
0x
8DF0
0x
8DF4
0x
8DF8
0x
8DFC
0x
8E00
0x
8E04
0x
8E08
0x
8E0C
0x
8E10
0x
8E14
0x
8E18
0x
8E1C
0x
8E20
0x
8E24
0x
8E28
0x
8E2C
0x
8E30
0x
8E34
0x
8E38
0x
8E3C
0x
8E40
0x
8E44
0x
8E48
0x
8E4C
0x
8E50
0x
8E54
0x
8E58
0x
8E5C
0x
8E60
0x
8E64
0x
8E68
0x
8E6C
0x
8E70
0x
8E74
0x
8E78
0x
8E7C
0x
8E80
0x
8E84
0x
8E88
0x
8E8C
0x
8E90
0x
8E94
0x
8E98
0x
8E9C
0x
8EA0
0x
8EA4
0x
8EA8
0x
8EAC
0x
8EB0
0x
8EB4
0x
8EB8
0x
8EBC
0x
8EC0
0x
8EC4
0x
8EC8
0x
8ECC
0x
8ED0
0x
8ED4
0x
8ED8
0x
8EDC
0x
8EE0
0x
8EE4
0x
8EE8
0x
8EEC
0x
8EF0
0x
8EF4
0x
8EF8
0x
8EFC
0x
8F00
0x
8F04
0x
8F08
0x
8F0C
0x
8F10
0x
8F14
0x
8F18
0x
8F1C
0x
8F20
0x
8F24
0x
8F28
0x
8F2C
0x
8F30
0x
8F34
0x
8F38
0x
8F3C
0x
8F40
0x
8F44
0x
8F48
0x
8F4C
0x
8F50
0x
8F54
0x
8F58
0x
8F5C
0x
8F60
0x
8F64
0x
8F68
0x
8F6C
0x
8F70
0x
8F74
0x
8F78
0x
8F7C
0x
8F80
0x
8F84
0x
8F88
0x
8F8C
0x
8F90
0x
8F94
0x
8F98
0x
8F9C
0x
8FA0
0x
8FA4
0x
8FA8
0x
8FAC
0x
8FB0
0x
8FB4
0x
8FB8
0x
8FBC
0x
8FC0
0x
8FC4
0x
8FC8
0x
8FCC
0x
8FD0
0x
8FD4
0x
8FD8
0x
8FDC
0x
8FE0
0x
8FE4
0x
8FE8
0x
8FEC
0x
8FF0
0x
8FF4
0x
8FF8
0x
8FFC
0x
328
0x
4B4
0x
7F4C
0x
6B94
0x
80C0
0x
7EB8
0x
6B90
0x
8C9C
0x
90C0
0x
9144
0x
9148
0x
914C
0x
9150
0x
9154
0x
9158
0x
915C
0x
9160
0x
9164
0x
9168
0x
916C
0x
9170
0x
9174
0x
9178
0x
917C
0x
9180
0x
9184
0x
9188
0x
918C
0x
9190
0x
9194
0x
9198
0x
919C
0x
91A0
0x
91A4
0x
91A8
0x
91AC
0x
91B0
0x
91B4
0x
91B8
0x
91BC
0x
91C0
0x
91C4
0x
9244
0x
9248
0x
924C
0x
9250
0x
9254
0x
9258
0x
925C
0x
9260
0x
9264
0x
9268
0x
926C
0x
9270
0x
9274
0x
9278
0x
927C
0x
9280
0x
9284
0x
9288
0x
928C
0x
9290
0x
9294
0x
9298
0x
929C
0x
92A0
0x
92A4
0x
9330
0x
9334
0x
9338
0x
933C
0x
9340
0x
9344
0x
9348
0x
934C
0x
9350
0x
9354
0x
9358
0x
935C
0x
9360
0x
9364
0x
9368
0x
936C
0x
9370
0x
9374
0x
9378
0x
937C
0x
9380
0x
93F8
0x
93FC
0x
9404
0x
9408
0x
940C
0x
9410
0x
9414
0x
9418
0x
941C
0x
9420
0x
9424
0x
9428
0x
942C
0x
9430
0x
9434
0x
9438
0x
943C
0x
9440
0x
9444
0x
9448
0x
944C
0x
9450
0x
9454
0x
9458
0x
945C
0x
94B8
0x
94BC
0x
94C0
0x
94C4
0x
94C8
0x
94CC
0x
94D0
0x
94D4
0x
94D8
0x
94DC
0x
94E0
0x
94E4
0x
94E8
0x
94EC
0x
94F0
0x
94F4
0x
94F8
0x
94FC
0x
9500
0x
9504
0x
9508
0x
950C
0x
9510
0x
9514
0x
9518
0x
951C
0x
9520
0x
9524
0x
9528
0x
952C
0x
9530
0x
9534
0x
9538
0x
953C
0x
9540
0x
9580
0x
9584
0x
9588
0x
958C
0x
9590
0x
9594
0x
9598
0x
959C
0x
95A0
0x
95A4
0x
95A8
0x
95AC
0x
95B0
0x
95B4
0x
95B8
0x
95BC
0x
95C0
0x
95C4
0x
95C8
0x
95CC
0x
95D0
0x
95D4
0x
95D8
0x
95DC
0x
95E0
0x
95E4
0x
95E8
0x
95EC
0x
9624
0x
9628
0x
962C
0x
9630
0x
9634
0x
9638
0x
963C
0x
9640
0x
9644
0x
9648
0x
964C
0x
9650
0x
9654
0x
9658
0x
965C
0x
9660
0x
9664
0x
9668
0x
966C
0x
9670
0x
9674
0x
9678
0x
967C
0x
9680
0x
9684
0x
9688
0x
96CC
0x
96D0
0x
96D4
0x
96D8
0x
96DC
0x
96E0
0x
96E4
0x
96E8
0x
96EC
0x
96F0
0x
96F4
0x
96F8
0x
96FC
0x
9700
0x
9704
0x
9708
0x
970C
0x
9710
0x
9714
0x
9718
0x
971C
0x
9720
0x
9724
0x
9728
0x
972C
0x
9730
0x
9734
0x
9738
0x
9770
0x
9774
0x
9778
0x
977C
0x
9780
0x
9784
0x
9788
0x
978C
0x
9790
0x
9794
0x
9798
0x
979C
0x
97A0
0x
97A4
0x
97A8
0x
97AC
0x
97B0
0x
97B4
0x
97B8
0x
97BC
0x
97C0
0x
97C4
0x
97C8
0x
97CC
0x
97D0
0x
97D4
0x
97D8
0x
97DC
0x
9838
0x
983C
0x
9840
0x
9844
0x
9848
0x
984C
0x
9850
0x
9854
0x
9858
0x
985C
0x
9860
0x
9864
0x
9868
0x
986C
0x
9870
0x
9874
0x
9878
0x
987C
0x
9880
0x
9884
0x
9888
0x
988C
0x
9890
0x
98C8
0x
98CC
0x
98D0
0x
98D4
0x
98D8
0x
98DC
0x
98E0
0x
98E4
0x
98E8
0x
98EC
0x
98F0
0x
98F4
0x
98F8
0x
98FC
0x
9900
0x
9904
0x
9908
0x
990C
0x
9910
0x
9914
0x
9918
0x
991C
0x
9920
0x
9924
0x
992C
0x
9930
0x
9934
0x
9938
0x
993C
0x
9940
0x
9944
0x
9948
0x
994C
0x
9950
0x
9954
0x
9958
0x
995C
0x
9960
0x
9964
0x
9968
0x
996C
0x
9970
0x
9974
0x
9978
0x
997C
0x
9980
0x
9984
0x
9988
0x
998C
0x
9990
0x
9994
0x
9998
0x
999C
0x
99A0
0x
99A4
0x
99A8
0x
99AC
0x
99B0
0x
99B4
0x
99B8
0x
99BC
0x
99C0
0x
99C4
0x
99C8
0x
99CC
0x
99D0
0x
99D4
0x
99D8
0x
99DC
0x
99E0
0x
99E4
0x
99E8
0x
99EC
0x
99F0
0x
99F4
0x
99F8
0x
99FC
0x
9A00
0x
9A04
0x
9A54
0x
9A58
0x
9A5C
0x
9A60
0x
9A64
0x
9A68
0x
9A6C
0x
9A70
0x
9A74
0x
9A78
0x
9A7C
0x
9A80
0x
9A84
0x
9A88
0x
9A8C
0x
9A90
0x
9A94
0x
9A98
0x
9A9C
0x
9AA0
0x
9AA4
0x
9AA8
0x
9AAC
0x
9AB0
0x
9AB4
0x
9AB8
0x
9ABC
0x
9AC0
0x
9B0C
0x
9B10
0x
9B14
0x
9B18
0x
9B1C
0x
9B20
0x
9B24
0x
9B28
0x
9B2C
0x
9B30
0x
9B34
0x
9B38
0x
9B3C
0x
9B40
0x
9B44
0x
9B48
0x
9B4C
0x
9B50
0x
9B54
0x
9B58
0x
9B5C
0x
9B60
0x
9B64
0x
9B68
0x
9B6C
0x
9B70
0x
9B74
0x
9BC8
0x
9BCC
0x
9BD0
0x
9BD4
0x
9BD8
0x
9BDC
0x
9BE0
0x
9BE4
0x
9BE8
0x
9BEC
0x
9BF0
0x
9BF4
0x
9BF8
0x
9BFC
0x
9C04
0x
9C08
0x
9C0C
0x
9C10
0x
9C14
0x
9C18
0x
9C1C
0x
9C20
0x
9C24
0x
9C28
0x
9C2C
0x
9C30
0x
9C34
0x
9C38
0x
9C84
0x
9C88
0x
9C8C
0x
9C90
0x
9C94
0x
9C98
0x
9C9C
0x
9CA0
0x
9CA4
0x
9CA8
0x
9CAC
0x
9CB0
0x
9CB4
0x
9CB8
0x
9CBC
0x
9CC0
0x
9CC4
0x
9CC8
0x
9CCC
0x
9CD0
0x
9CD4
0x
9CD8
0x
9CDC
0x
9CE0
0x
9CE4
0x
9CE8
0x
9CEC
0x
9CF0
0x
9CF4
0x
9D30
0x
9D34
0x
9D38
0x
9D3C
0x
9D40
0x
9D44
0x
9D48
0x
9D4C
0x
9D50
0x
9D54
0x
9D58
0x
9D5C
0x
9D60
0x
9D64
0x
9D68
0x
9D6C
0x
9D70
0x
9D74
0x
9D78
0x
9D7C
0x
9D80
0x
9D84
0x
9D88
0x
9D8C
0x
9D90
0x
9D94
0x
9D98
0x
9D9C
0x
9DA0
0x
9DA4
0x
9DA8
0x
9DAC
0x
9DB0
0x
9DB4
0x
9DB8
0x
9DBC
0x
9DC0
0x
9DC4
0x
9DC8
0x
9DCC
0x
9DD0
0x
9DD4
0x
9DD8
0x
9DDC
0x
9DE0
0x
9E58
0x
9E5C
0x
9E60
0x
9E64
0x
9E68
0x
9E6C
0x
9E70
0x
9E74
0x
9E78
0x
9E7C
0x
9E80
0x
9E84
0x
9E88
0x
9EF4
0x
9EF8
0x
9EFC
0x
9F00
0x
9F04
0x
9F08
0x
9F0C
0x
9F10
0x
9F14
0x
9F18
0x
9F1C
0x
9F20
0x
9F24
0x
9F28
0x
9F2C
0x
9F30
0x
9F34
0x
9F38
0x
9FB0
0x
9FB4
0x
9FB8
0x
9FBC
0x
9FC0
0x
9FC4
0x
9FC8
0x
9FCC
0x
9FD0
0x
9FD4
0x
9FD8
0x
9FDC
0x
9FE0
0x
9FE4
0x
9FE8
0x
9FEC
0x
9FF0
0x
A080
0x
A084
0x
A088
0x
A08C
0x
A090
0x
A094
0x
A098
0x
A09C
0x
A0A0
0x
A0A4
0x
A0A8
0x
A0AC
0x
A0B0
0x
A0B4
0x
A0B8
0x
A0BC
0x
A0C0
0x
A0C4
0x
A0C8
0x
A0CC
0x
A0D0
0x
A0D4
0x
A0D8
0x
A168
0x
A16C
0x
A170
0x
A174
0x
A178
0x
A17C
0x
A268
0x
A26C
0x
A270
0x
A274
0x
A278
0x
A27C
0x
A280
0x
A284
0x
A288
0x
A28C
0x
A290
0x
A294
0x
A298
0x
A29C
0x
A2A0
0x
A2A4
0x
A2A8
0x
A2B0
0x
A32C
0x
A330
0x
A334
0x
A338
0x
A33C
0x
A340
0x
A344
0x
A348
0x
A34C
0x
A350
0x
A354
0x
A358
0x
A35C
0x
A360
0x
A364
0x
A368
0x
A36C
0x
A370
0x
A374
0x
A378
0x
A37C
0x
A380
0x
A384
0x
A388
0x
A38C
0x
A390
0x
A394
0x
A398
0x
A418
0x
A41C
0x
A420
0x
A424
0x
A428
0x
A42C
0x
A430
0x
A434
0x
A438
0x
A43C
0x
A440
0x
A444
0x
A448
0x
A44C
0x
A450
0x
A454
0x
A458
0x
A45C
0x
A460
0x
A464
0x
A468
0x
A46C
0x
A470
0x
A474
0x
A478
0x
A47C
0x
A480
0x
A514
0x
A518
0x
A51C
0x
A520
0x
A524
0x
A528
0x
A52C
0x
A530
0x
A534
0x
A538
0x
A53C
0x
A540
0x
A544
0x
A548
0x
A54C
0x
A550
0x
A554
0x
A558
0x
A55C
0x
A560
0x
A564
0x
A568
0x
A600
0x
A604
0x
A608
0x
A60C
0x
A610
0x
A614
0x
A618
0x
A61C
0x
A620
0x
A624
0x
A628
0x
A62C
0x
A630
0x
A634
0x
A638
0x
A63C
0x
A640
0x
A644
0x
A648
0x
A64C
0x
A650
0x
A654
0x
A658
0x
A65C
0x
A660
0x
A664
0x
A668
0x
A66C
0x
A670
0x
A674
0x
A678
0x
A67C
0x
A680
0x
A684
0x
A688
0x
A68C
0x
A720
0x
A724
0x
A728
0x
A72C
0x
A730
0x
A734
0x
A738
0x
A73C
0x
A740
0x
A744
0x
A748
0x
A74C
0x
A750
0x
A754
0x
A758
0x
A75C
0x
A760
0x
A764
0x
A768
0x
A76C
0x
A770
0x
A774
0x
A778
0x
A77C
0x
A780
0x
A784
0x
A788
0x
A78C
0x
A790
0x
A794
0x
A798
0x
A79C
0x
A7A0
0x
A7A4
0x
A7A8
0x
A7AC
0x
A7B0
0x
A838
0x
A83C
0x
A840
0x
A844
0x
A848
0x
A84C
0x
A850
0x
A854
0x
A858
0x
A85C
0x
A860
0x
A864
0x
A868
0x
A86C
0x
A870
0x
A874
0x
A878
0x
A87C
0x
A880
0x
A884
0x
A888
0x
A88C
0x
A890
0x
A894
0x
A898
0x
A89C
0x
A8A0
0x
A8A4
0x
A8A8
0x
A8AC
0x
A8B0
0x
A8B4
0x
A8F8
0x
A8FC
0x
A900
0x
A904
0x
A908
0x
A90C
0x
A910
0x
A914
0x
A918
0x
A91C
0x
A920
0x
A924
0x
A928
0x
A92C
0x
A930
0x
A934
0x
A938
0x
A93C
0x
A940
0x
A944
0x
A948
0x
A94C
0x
A950
0x
A954
0x
A958
0x
A95C
0x
A960
0x
A964
0x
A968
0x
A96C
0x
A970
0x
A974
0x
A978
0x
A97C
0x
A980
0x
A984
0x
A988
0x
A9D4
0x
A9D8
0x
A9DC
0x
A9E0
0x
A9E4
0x
A9E8
0x
A9EC
0x
A9F0
0x
A9F4
0x
A9F8
0x
A9FC
0x
AA00
0x
AA04
0x
AA08
0x
AA0C
0x
AA10
0x
AA14
0x
AA18
0x
AA1C
0x
AA20
0x
AA24
0x
AA28
0x
AA2C
0x
AA30
0x
AA34
0x
AA38
0x
AA3C
0x
AA40
0x
AA44
0x
AA48
0x
AA4C
0x
AA50
0x
AA54
0x
AA58
0x
AA5C
0x
AA60
0x
AA64
0x
AAA8
0x
AAAC
0x
AAB0
0x
AAB4
0x
AAB8
0x
AABC
0x
AAC0
0x
AAC4
0x
AAC8
0x
AACC
0x
AAD0
0x
AAD4
0x
AAD8
0x
AADC
0x
AAE0
0x
AAE4
0x
AAE8
0x
AAEC
0x
AAF0
0x
AAF4
0x
AAF8
0x
AAFC
0x
AB00
0x
AB04
0x
AB08
0x
AB0C
0x
AB10
0x
AB14
0x
AB18
0x
AB1C
0x
AB20
0x
AB24
0x
AB80
0x
AB84
0x
AB88
0x
AB8C
0x
AB90
0x
AB94
0x
AB98
0x
AB9C
0x
ABA0
0x
ABA4
0x
ABA8
0x
ABAC
0x
ABB0
0x
ABB4
0x
ABB8
0x
ABBC
0x
ABC0
0x
ABC4
0x
ABC8
0x
ABCC
0x
ABD0
0x
ABD4
0x
ABD8
0x
ABDC
0x
ABE0
0x
ABE4
0x
ABE8
0x
ABEC
0x
ABF0
0x
AC30
0x
AC34
0x
AC38
0x
AC3C
0x
AC40
0x
AC44
0x
AC48
0x
AC4C
0x
AC50
0x
AC54
0x
AC58
0x
AC5C
0x
AC60
0x
AC64
0x
AC68
0x
AC6C
0x
AC70
0x
AC74
0x
AC78
0x
AC7C
0x
AC80
0x
AC84
0x
AC88
0x
AC8C
0x
AC90
0x
AC94
0x
AC98
0x
AC9C
0x
ACA0
0x
ACA4
0x
ACB4
0x
ACB8
0x
ACBC
0x
ACC0
0x
ACC4
0x
ACC8
0x
ACCC
0x
ACD0
0x
ACD4
0x
ACD8
0x
ACDC
0x
ACE0
0x
ACE4
0x
ACE8
0x
ACEC
0x
ACF0
0x
ACF4
0x
ACF8
0x
ACFC
0x
AD00
0x
AD04
0x
AD08
0x
AD0C
0x
AD10
0x
AD14
0x
AD18
0x
AD1C
0x
AD20
0x
AD24
0x
AD30
0x
AD34
0x
AD38
0x
AD3C
0x
AD40
0x
AD44
0x
AD48
0x
AD4C
0x
AD50
0x
AD54
0x
AD58
0x
AD5C
0x
AD60
0x
AD64
0x
AD68
0x
AD6C
0x
AD70
0x
AD74
0x
AD78
0x
AD7C
0x
AD80
0x
AD84
0x
AD88
0x
AD8C
0x
AD90
0x
AD94
0x
AD98
0x
AD9C
0x
ADE4
0x
ADE8
0x
ADEC
0x
ADF0
0x
ADF4
0x
ADF8
0x
ADFC
0x
AE00
0x
AE04
0x
AE08
0x
AE0C
0x
AE10
0x
AE14
0x
AE18
0x
AE1C
0x
AE20
0x
AE24
0x
AE28
0x
AE2C
0x
AE30
0x
AE34
0x
AE38
0x
AE3C
0x
AE40
0x
AE44
0x
AE48
0x
AE4C
0x
AEB0
0x
AEB4
0x
AEB8
0x
AEBC
0x
AEC0
0x
AEC4
0x
AEC8
0x
AECC
0x
AED0
0x
AED4
0x
AED8
0x
AEDC
0x
AEE0
0x
AEE4
0x
AEE8
0x
AEEC
0x
AEF0
0x
AEF4
0x
AEF8
0x
AEFC
0x
AF00
0x
AF04
0x
AF08
0x
AF0C
0x
AF10
0x
AF14
0x
AF18
0x
AF1C
0x
AF68
0x
AF6C
0x
AF70
0x
AF74
0x
AF78
0x
AF7C
0x
AF80
0x
AF84
0x
AF88
0x
AF8C
0x
AF90
0x
AF94
0x
AF98
0x
AF9C
0x
AFA0
0x
AFA4
0x
AFA8
0x
AFAC
0x
AFB0
0x
AFB4
0x
AFB8
0x
AFBC
0x
AFC0
0x
AFC4
0x
AFC8
0x
B024
0x
B028
0x
B02C
0x
B030
0x
B034
0x
B038
0x
B03C
0x
B040
0x
B0B0
0x
B0B4
0x
B12C
0x
B130
0x
B134
0x
B138
0x
B13C
0x
B140
0x
B144
0x
B148
0x
B14C
0x
B150
0x
B154
0x
B158
0x
B15C
0x
B160
0x
B164
0x
B168
0x
B16C
0x
B170
0x
B174
0x
B33C
0x
B340
0x
B344
0x
B348
0x
B34C
0x
B350
0x
B354
0x
B358
0x
B35C
0x
B360
0x
B364
0x
B368
0x
B36C
0x
B370
0x
B374
0x
B378
0x
B37C
0x
B380
0x
B4A0
0x
B4A4
0x
B4A8
0x
B4AC
0x
B4B0
0x
B4B4
0x
B4B8
0x
B4BC
0x
B4C0
0x
B4C4
0x
B4C8
0x
B4CC
0x
B4D0
0x
B4D4
0x
B4D8
0x
B4DC
0x
B4E0
0x
B4E4
0x
B890
0x
B894
0x
B898
0x
B89C
0x
B8A0
0x
B8A4
0x
B8A8
0x
B8AC
0x
B8B0
0x
B8B4
0x
B8B8
0x
B8BC
0x
B8C0
0x
B8C4
0x
B8C8
0x
B8CC
0x
B8D0
0x
B8D4
0x
B8D8
0x
B8DC
0x
B8E0
0x
B8E4
0x
B8E8
0x
B8EC
0x
B8F0
0x
B8F4
0x
B8F8
0x
B8FC
0x
B900
0x
B904
0x
B908
0x
B90C
0x
B910
0x
B914
0x
B918
0x
B91C
0x
B920
0x
B924
0x
B928
0x
B92C
0x
B930
0x
B934
0x
B938
0x
B93C
0x
B940
0x
B944
0x
B948
0x
B94C
0x
B950
0x
B954
0x
B958
0x
B95C
0x
B960
0x
B964
0x
B968
0x
BA60
0x
BAD8
0x
BADC
0x
BAE0
0x
BAE4
0x
BAE8
0x
BAEC
0x
BAF0
0x
BAF4
0x
BAF8
0x
BAFC
0x
BB00
0x
BB04
0x
BB08
0x
BB0C
0x
BB10
0x
BB14
0x
BB18
0x
BB1C
0x
BB20
0x
BB24
0x
BB28
0x
BB2C
0x
BB30
0x
BB34
0x
BB38
0x
BB7C
0x
BB80
0x
BB84
0x
BB88
0x
BB8C
0x
BB90
0x
BB94
0x
BB98
0x
BB9C
0x
BBA0
0x
BBA4
0x
BBAC
0x
BBB0
0x
BBB4
0x
BBB8
0x
BBBC
0x
BBC0
0x
BBC4
0x
BBC8
0x
BBCC
0x
BBD0
0x
BBD4
0x
BBF8
0x
BA80
0x
BA90
0x
BA6C
0x
BA68
0x
544
0x
BBFC
0x
BA58
0x
550
0x
BA48
0x
BC04
0x
BC08
0x
BC10
0x
BC18
0x
BC20
0x
BC28
0x
BC30
0x
BC38
0x
BC40
0x
BC48
0x
BC50
0x
BC58
0x
BC5C
0x
BC68
0x
BC6C
0x
BCD8
0x
BCDC
0x
BCE0
0x
BCE4
0x
BCEC
0x
BCF0
0x
BCF4
0x
BCF8
0x
BD50
0x
BD54
0x
BD58
0x
BD5C
0x
BD60
0x
BD64
0x
BD68
0x
BD6C
0x
BD70
0x
BD74
0x
BD78
0x
BE74
0x
BE78
0x
BE7C
0x
BE80
0x
BE84
0x
BE88
0x
BE8C
0x
BE90
0x
BE94
0x
BE98
0x
BE9C
0x
BEA0
0x
BEA4
0x
BEA8
0x
BEAC
0x
BEB0
0x
BEB4
0x
BEB8
0x
BEBC
0x
BEC0
0x
BEC4
0x
BEC8
0x
BECC
0x
BED0
0x
BED4
0x
BED8
0x
BEDC
0x
BEE0
0x
BEE4
0x
BEE8
0x
BEEC
0x
BEF0
0x
BEF4
0x
BEF8
0x
BEFC
0x
BF00
0x
BF04
0x
BF08
0x
BF0C
0x
BF10
0x
BF14
0x
BF18
0x
BF1C
0x
BF20
0x
BF24
0x
BF28
0x
BF2C
0x
BF30
0x
BF34
0x
BF38
0x
BF3C
0x
BF40
0x
BF44
0x
BF48
0x
BF4C
0x
BF50
0x
BF54
0x
BF58
0x
BF5C
0x
BF60
0x
BF64
0x
BFCC
0x
BFEC
0x
BFF0
0x
BFF4
0x
BFF8
0x
BFFC
0x
46C
0x
3B0
0x
39C
0x
3C0
0x
C004
0x
C008
0x
C00C
0x
C010
0x
C014
0x
C018
0x
C01C
0x
C020
0x
C024
0x
C028
0x
C090
0x
C094
0x
C098
0x
C09C
0x
C0A0
0x
C0A4
0x
C0A8
0x
C0AC
0x
C0B0
0x
C0B4
0x
C0B8
0x
C0BC
0x
C0C0
0x
C0C4
0x
C0C8
0x
C0CC
0x
C0D4
0x
C0D8
0x
C0DC
0x
C0E0
0x
C0E4
0x
C0E8
0x
C0EC
0x
C0F0
0x
C0F4
0x
C0F8
0x
C0FC
0x
C100
0x
C104
0x
C108
0x
C10C
0x
C110
0x
C114
0x
C118
0x
C11C
0x
C120
0x
C124
0x
C128
0x
C12C
0x
C130
0x
C134
0x
C138
0x
C13C
0x
C140
0x
C200
0x
C204
0x
C208
0x
C20C
0x
C210
0x
C214
0x
C218
0x
C21C
0x
C220
0x
C224
0x
C228
0x
C22C
0x
C230
0x
C234
0x
C238
0x
C23C
0x
C240
0x
C244
0x
C248
0x
C24C
0x
C250
0x
C254
0x
C258
0x
C25C
0x
C260
0x
C264
0x
C268
0x
C26C
0x
C270
0x
C274
0x
C278
0x
C27C
0x
C280
0x
C284
0x
C288
0x
C294
0x
C298
0x
C29C
0x
C2A0
0x
C2A4
0x
C2A8
0x
C2AC
0x
C3FC
0x
AF0
0x
74C
0x
C1FC
0x
C2B4
0x
B48
0x
644
0x
C0D0
0x
C310
0x
C30C
0x
C2CC
0x
C290
0x
C404
0x
C408
0x
C40C
0x
C410
0x
C414
0x
C418
0x
C41C
0x
C430
0x
C434
0x
C438
0x
C43C
0x
C440
0x
C444
0x
C448
0x
C44C
0x
C450
0x
C454
0x
C458
0x
C45C
0x
C460
0x
C464
0x
C468
0x
C46C
0x
C470
0x
C474
0x
C478
0x
C47C
0x
C484
0x
C488
0x
C48C
0x
C490
0x
C494
0x
C498
0x
C49C
0x
C4A0
0x
C4A4
0x
C4A8
0x
C4AC
0x
C4B0
0x
C4B4
0x
C4B8
0x
C4BC
0x
C4C0
0x
C4C4
0x
C4C8
0x
C4CC
0x
C4D0
0x
C4D4
0x
C4D8
0x
C4DC
0x
C4E0
0x
C4E4
0x
C4E8
0x
C4EC
0x
C4F0
0x
C4F4
0x
C4F8
0x
C4FC
0x
C500
0x
C504
0x
C508
0x
C50C
0x
C510
0x
C514
0x
C518
0x
C51C
0x
C520
0x
C524
0x
C538
0x
C53C
0x
C540
0x
C544
0x
C548
0x
C54C
0x
C550
0x
C554
0x
C5F8
0x
C5FC
0x
C600
0x
C604
0x
C608
0x
C60C
0x
C610
0x
C614
0x
C618
0x
C61C
0x
C620
0x
C624
0x
C628
0x
C62C
0x
C630
0x
C634
0x
C638
0x
C63C
0x
C640
0x
C644
0x
C648
0x
C65C
0x
C660
0x
C664
0x
C668
0x
C66C
0x
C670
0x
C67C
0x
C680
0x
C684
0x
C688
0x
C68C
0x
C690
0x
C694
0x
C698
0x
C69C
0x
C6A0
0x
C6A4
0x
C6A8
0x
C6AC
0x
C6B0
0x
C6B4
0x
C6B8
0x
C6BC
0x
C6C0
0x
C6C4
0x
C6CC
0x
C6D0
0x
C6D4
0x
C6D8
0x
C6DC
0x
C6E0
0x
C6E4
0x
C6E8
0x
C6EC
0x
C6F0
0x
C6F4
0x
C6F8
0x
C6FC
0x
C700
0x
C704
0x
C7A0
0x
C7A4
0x
C7A8
0x
C7AC
0x
C7B0
0x
C7B4
0x
C7B8
0x
C7BC
0x
C7C0
0x
C7C4
0x
C7C8
0x
C7EC
0x
C7F0
0x
C7F4
0x
C7F8
0x
C7FC
0x
C28C
0x
C2B8
0x
C2B0
0x
C524
0x
C51C
0x
794
0x
C5AC
0x
C720
0x
C7D8
0x
C7D0
0x
C71C
0x
C534
0x
C52C
0x
C718
0x
C708
0x
C678
0x
C804
0x
C808
0x
C80C
0x
C810
0x
C814
0x
C818
0x
C81C
0x
C820
0x
C824
0x
C828
0x
C82C
0x
C830
0x
C834
0x
C838
0x
C83C
0x
C840
0x
C854
0x
C858
0x
C85C
0x
C860
0x
C864
0x
C868
0x
C86C
0x
C870
0x
C874
0x
C878
0x
C87C
0x
C880
0x
C884
0x
C888
0x
C88C
0x
C890
0x
C894
0x
C898
0x
C89C
0x
C8A0
0x
C8A4
0x
C8A8
0x
C8AC
0x
C8B0
0x
C8B4
0x
C8B8
0x
C8BC
0x
C8C0
0x
C8C4
0x
C8C8
0x
C8CC
0x
C8D0
0x
C8D4
0x
C8D8
0x
C8DC
0x
C8E0
0x
C8E4
0x
C8E8
0x
C8EC
0x
C8F0
0x
C8F4
0x
C8F8
0x
C8FC
0x
C900
0x
C904
0x
C908
0x
C90C
0x
C910
0x
C914
0x
C918
0x
C91C
0x
C920
0x
C924
0x
C928
0x
C92C
0x
C930
0x
C934
0x
C938
0x
C93C
0x
C940
0x
C944
0x
C9A4
0x
C9A8
0x
C9AC
0x
C9B0
0x
C9B4
0x
C9B8
0x
C9BC
0x
C9C0
0x
C9C4
0x
C9C8
0x
C9CC
0x
CA08
0x
CA0C
0x
CA10
0x
CA14
0x
CA18
0x
CA1C
0x
CA20
0x
CA24
0x
CA28
0x
CA2C
0x
CA30
0x
CA34
0x
CA38
0x
CA64
0x
CA68
0x
CA6C
0x
CA70
0x
CA74
0x
CA78
0x
CA7C
0x
CA80
0x
CA84
0x
CA88
0x
CA8C
0x
CA90
0x
CA94
0x
CAD4
0x
CAD8
0x
CADC
0x
CAE0
0x
CAE4
0x
CAE8
0x
CAEC
0x
CAF0
0x
CAF4
0x
CAF8
0x
CAFC
0x
CB00
0x
CB04
0x
CB08
0x
CB0C
0x
CB10
0x
CB14
0x
CB18
0x
CB1C
0x
CB4C
0x
CB50
0x
CB54
0x
CB58
0x
CB5C
0x
CB60
0x
CB64
0x
CB68
0x
CB88
0x
CB8C
0x
CB90
0x
CB94
0x
CB98
0x
CBD8
0x
CBDC
0x
CBE0
0x
CBE4
0x
CBE8
0x
CBEC
0x
CC14
0x
CC18
0x
CC1C
0x
CC20
0x
CC24
0x
CC28
0x
CC2C
0x
CC30
0x
CC34
0x
CC38
0x
CC3C
0x
CC40
0x
CC44
0x
CC48
0x
CC4C
0x
CC50
0x
CC54
0x
CC58
0x
CC5C
0x
CC8C
0x
CC90
0x
CC94
0x
CC98
0x
CC9C
0x
CCA0
0x
CCA4
0x
CCA8
0x
CCAC
0x
CCB0
0x
CCB4
0x
CCB8
0x
CCBC
0x
CCC0
0x
CCC4
0x
CCC8
0x
CCCC
0x
CCD0
0x
CCD4
0x
CCD8
0x
CCDC
0x
CD48
0x
CD4C
0x
CD50
0x
CD54
0x
CD58
0x
CD80
0x
CD84
0x
CD88
0x
CD8C
0x
CD90
0x
CD94
0x
CD98
0x
CD9C
0x
CDA0
0x
CDA4
0x
CDC4
0x
CDC8
0x
CDCC
0x
CDD0
0x
CDD4
0x
CDD8
0x
CDDC
0x
CDE0
0x
CDE4
0x
CDE8
0x
CDEC
0x
CDF0
0x
CE10
0x
CE14
0x
CE18
0x
CE1C
0x
CE20
0x
CE24
0x
CE28
0x
CE2C
0x
CE78
0x
CE7C
0x
CE80
0x
CE84
0x
CE88
0x
CE8C
0x
CEE4
0x
CEE8
0x
CEEC
0x
CEF0
0x
CEF4
0x
CF08
0x
CF0C
0x
CF10
0x
CF14
0x
CF18
0x
CF1C
0x
CF20
0x
CF24
0x
CF28
0x
CF2C
0x
CF30
0x
CF34
0x
CF38
0x
CF3C
0x
CF40
0x
CF44
0x
CF48
0x
CF4C
0x
CF50
0x
CF54
0x
CF58
0x
CF5C
0x
CF60
0x
CF64
0x
CF68
0x
CF6C
0x
CF70
0x
CFCC
0x
CFD0
0x
CFD4
0x
CFD8
0x
CFDC
0x
CFE0
0x
CFE4
0x
CFE8
0x
CFEC
0x
CFF0
0x
CFF4
0x
CFF8
0x
CFFC
0x
5B4
0x
354
0x
D018
0x
D01C
0x
D020
0x
D024
0x
D028
0x
D02C
0x
D030
0x
D034
0x
D038
0x
D03C
0x
D040
0x
D044
0x
D048
0x
D04C
0x
D050
0x
D054
0x
D058
0x
D05C
0x
D060
0x
D064
0x
D084
0x
D088
0x
D08C
0x
D090
0x
D094
0x
D098
0x
D09C
0x
D0A0
0x
D0A4
0x
D0A8
0x
D0C4
0x
D0C8
0x
D0CC
0x
D0D0
0x
D0D4
0x
D0D8
0x
D0DC
0x
D144
0x
D148
0x
D14C
0x
D150
0x
D154
0x
D158
0x
D15C
0x
D160
0x
D164
0x
D168
0x
D16C
0x
D1B0
0x
D1B4
0x
D1B8
0x
D1BC
0x
D1C0
0x
D1C4
0x
D1C8
0x
D1CC
0x
D1D0
0x
D1D4
0x
D1D8
0x
D224
0x
D228
0x
D22C
0x
D230
0x
D234
0x
D238
0x
D23C
0x
D240
0x
D244
0x
D248
0x
D274
0x
D278
0x
D27C
0x
D280
0x
D284
0x
D288
0x
D28C
0x
D290
0x
D294
0x
D298
0x
D29C
0x
D2A0
0x
D2A4
0x
D2A8
0x
D2AC
0x
D2B0
0x
D2B4
0x
D2B8
0x
D2BC
0x
D2C0
0x
D2C4
0x
D2DC
0x
D2E0
0x
D2E4
0x
D2E8
0x
D2EC
0x
D2F0
0x
D2F4
0x
D2F8
0x
D2FC
0x
D300
0x
D32C
0x
D330
0x
D334
0x
D338
0x
D374
0x
D378
0x
D39C
0x
D3A0
0x
D3A4
0x
D3A8
0x
D3AC
0x
D3B0
0x
D3B4
0x
D3B8
0x
D3BC
0x
D3C0
0x
D3C4
0x
D3C8
0x
D3CC
0x
D3D0
0x
D3D4
0x
D3D8
0x
D3DC
0x
D3E0
0x
D3E4
0x
D3E8
0x
D3EC
0x
D3F0
0x
D3F4
0x
D434
0x
D438
0x
D43C
0x
D440
0x
D444
0x
D448
0x
D44C
0x
D450
0x
D454
0x
D458
0x
D45C
0x
D460
0x
D464
0x
D468
0x
D46C
0x
D4A8
0x
D4AC
0x
D4B0
0x
D4B4
0x
D4B8
0x
D4BC
0x
D4C0
0x
D4C4
0x
D4C8
0x
D4CC
0x
D4D0
0x
D4D4
0x
D4D8
0x
D4DC
0x
D4E0
0x
D4E4
0x
D4E8
0x
D4EC
0x
D4F0
0x
D4F4
0x
D4F8
0x
D4FC
0x
D500
0x
D504
0x
D508
0x
D50C
0x
D510
0x
D514
0x
D518
0x
D51C
0x
D520
0x
D53C
0x
D540
0x
D544
0x
D548
0x
D54C
0x
D550
0x
D554
0x
D558
0x
D55C
0x
D560
0x
D564
0x
D568
0x
D56C
0x
D5AC
0x
D5B0
0x
D5B4
0x
D5B8
0x
D5BC
0x
D5C0
0x
D5C4
0x
D5C8
0x
D5CC
0x
D5D0
0x
D5D4
0x
D5D8
0x
D5DC
0x
D5E0
0x
D5E4
0x
D5E8
0x
D5EC
0x
D5F0
0x
D5F4
0x
D5F8
0x
D660
0x
D664
0x
D668
0x
D66C
0x
D670
0x
D674
0x
D678
0x
D67C
0x
D680
0x
D684
0x
D688
0x
D68C
0x
D690
0x
D694
0x
D698
0x
D69C
0x
D6A0
0x
D6A4
0x
D6A8
0x
D6AC
0x
D6B0
0x
D6B4
0x
D6B8
0x
D6F4
0x
D6F8
0x
D6FC
0x
D700
0x
D704
0x
D708
0x
D70C
0x
D710
0x
D714
0x
D718
0x
D71C
0x
D720
0x
D724
0x
D728
0x
D72C
0x
D730
0x
D734
0x
D738
0x
D73C
0x
D740
0x
D744
0x
D748
0x
D74C
0x
D750
0x
D754
0x
D758
0x
D75C
0x
D7B8
0x
D7BC
0x
D7C0
0x
D7C4
0x
D7C8
0x
D7CC
0x
D7D0
0x
D7D4
0x
D7D8
0x
D7DC
0x
D7E0
0x
D7E4
0x
D7E8
0x
D7EC
0x
D7F0
0x
D7F4
0x
D7F8
0x
D7FC
0x
D378
0x
D430
0x
D6B8
0x
D804
0x
D808
0x
D80C
0x
D848
0x
D84C
0x
D850
0x
D854
0x
D858
0x
D85C
0x
D860
0x
D864
0x
D868
0x
D86C
0x
D870
0x
D874
0x
D878
0x
D87C
0x
D880
0x
D884
0x
D888
0x
D88C
0x
D890
0x
D894
0x
D898
0x
D89C
0x
D8A0
0x
D8A4
0x
D8A8
0x
D8AC
0x
D8F8
0x
D8FC
0x
D900
0x
D904
0x
D908
0x
D90C
0x
D910
0x
D914
0x
D918
0x
D91C
0x
D920
0x
D924
0x
D928
0x
D92C
0x
D930
0x
D934
0x
D938
0x
D93C
0x
D940
0x
D944
0x
D948
0x
D94C
0x
D950
0x
D954
0x
D958
0x
D9BC
0x
D9C0
0x
D9C4
0x
D9C8
0x
D9CC
0x
D9D0
0x
D9D4
0x
D9D8
0x
D9DC
0x
D9E0
0x
D9E4
0x
D9E8
0x
D9EC
0x
D9F0
0x
D9F4
0x
D9F8
0x
D9FC
0x
DA00
0x
DA04
0x
DA08
0x
DA0C
0x
DA10
0x
DA14
0x
DA18
0x
DA1C
0x
DA20
0x
DA24
0x
DA90
0x
DA94
0x
DA98
0x
DA9C
0x
DAA0
0x
DAA4
0x
DAA8
0x
DAAC
0x
DAB0
0x
DAB4
0x
DAB8
0x
DABC
0x
DAC0
0x
DAC4
0x
DAC8
0x
DACC
0x
DAD0
0x
DAD4
0x
DAD8
0x
DADC
0x
DAE0
0x
DAE4
0x
DAE8
0x
DAEC
0x
DAF0
0x
DAF4
0x
DAF8
0x
DAFC
0x
DB00
0x
DB64
0x
DB68
0x
DB6C
0x
DB70
0x
DB74
0x
DB78
0x
DB7C
0x
DB80
0x
DB84
0x
DB88
0x
DB8C
0x
DB90
0x
DB94
0x
DB98
0x
DB9C
0x
DBA0
0x
DBA4
0x
DBA8
0x
DBAC
0x
DBB0
0x
DBB4
0x
DBB8
0x
DBBC
0x
DBC0
0x
DBC4
0x
DBC8
0x
DC0C
0x
DC10
0x
DC14
0x
DC18
0x
DC1C
0x
DC20
0x
DC24
0x
DC28
0x
DC2C
0x
DC30
0x
DC34
0x
DC38
0x
DC3C
0x
DC40
0x
DC44
0x
DC48
0x
DC4C
0x
DC50
0x
DC54
0x
DC58
0x
DC5C
0x
DC60
0x
DC64
0x
DC68
0x
DC6C
0x
DC70
0x
DC74
0x
DC78
0x
DCE4
0x
DCE8
0x
DCEC
0x
DCF0
0x
DCF4
0x
DCF8
0x
DCFC
0x
DD00
0x
DD04
0x
DD08
0x
DD0C
0x
DD10
0x
DD14
0x
DD18
0x
DD1C
0x
DD20
0x
DD24
0x
DD28
0x
DD2C
0x
DD30
0x
DD34
0x
DD38
0x
DD3C
0x
DD40
0x
DD44
0x
DD48
0x
DD4C
0x
DDBC
0x
DDC0
0x
DDC4
0x
DDC8
0x
DDCC
0x
DDD0
0x
DDD4
0x
DDD8
0x
DDDC
0x
DDE0
0x
DDE4
0x
DDE8
0x
DDEC
0x
DDF0
0x
DDF4
0x
DDF8
0x
DDFC
0x
DE00
0x
DE04
0x
DE08
0x
DE0C
0x
DE10
0x
DE14
0x
DE18
0x
DE1C
0x
DE20
0x
DE90
0x
DE94
0x
DE98
0x
DE9C
0x
DEA0
0x
DEA4
0x
DEA8
0x
DEAC
0x
DEB0
0x
DEB4
0x
DEB8
0x
DEBC
0x
DEC0
0x
DEC4
0x
DEC8
0x
DECC
0x
DED0
0x
DED4
0x
DED8
0x
DEDC
0x
DEE0
0x
DEE4
0x
DEE8
0x
DEEC
0x
DF50
0x
DF54
0x
DF58
0x
DF5C
0x
DF60
0x
DF64
0x
DF68
0x
DF6C
0x
DF70
0x
DF74
0x
DF78
0x
DF7C
0x
DF80
0x
DF84
0x
DF88
0x
DF8C
0x
DF90
0x
DF94
0x
DF98
0x
DF9C
0x
DFA0
0x
DFA4
0x
DFA8
0x
DFAC
0x
DFB0
0x
DFB4
0x
DFB8
0x
E004
0x
E008
0x
E00C
0x
E010
0x
E014
0x
E018
0x
E01C
0x
E020
0x
E024
0x
E028
0x
E02C
0x
E030
0x
E034
0x
E038
0x
E03C
0x
E040
0x
E044
0x
E048
0x
E04C
0x
E050
0x
E0B8
0x
E0BC
0x
E0C0
0x
E0C4
0x
E0C8
0x
E0CC
0x
E0D0
0x
E0D4
0x
E0D8
0x
E0DC
0x
E0E0
0x
E0E4
0x
E0E8
0x
E0EC
0x
E0F0
0x
E0F4
0x
E0F8
0x
E0FC
0x
E100
0x
E104
0x
E108
0x
E10C
0x
E110
0x
E114
0x
E118
0x
E11C
0x
E188
0x
E18C
0x
E190
0x
E194
0x
E198
0x
E19C
0x
E1A0
0x
E1A4
0x
E1A8
0x
E1AC
0x
E1B0
0x
E1B4
0x
E1B8
0x
E1BC
0x
E1C0
0x
E1C4
0x
E1C8
0x
E1CC
0x
E1D0
0x
E1D4
0x
E1D8
0x
E240
0x
E244
0x
E248
0x
E2B0
0x
E2B4
0x
E2B8
0x
E2BC
0x
E2C0
0x
E2C4
0x
E2C8
0x
E2CC
0x
E2D0
0x
E2D4
0x
E2D8
0x
E2DC
0x
E344
0x
E348
0x
E34C
0x
E350
0x
E354
0x
E358
0x
E35C
0x
E360
0x
E364
0x
E368
0x
E36C
0x
E370
0x
E374
0x
E3D8
0x
E3DC
0x
E3E0
0x
E3E4
0x
E3E8
0x
E3EC
0x
E3F0
0x
E3F4
0x
E3F8
0x
E44C
0x
E450
0x
E454
0x
E458
0x
E45C
0x
E460
0x
E464
0x
E468
0x
E46C
0x
E470
0x
E474
0x
E478
0x
E47C
0x
E480
0x
E484
0x
E488
0x
E48C
0x
E490
0x
E4CC
0x
E4D0
0x
E4D4
0x
E4D8
0x
E4DC
0x
E4E0
0x
E4E4
0x
E4E8
0x
E4EC
0x
E4F0
0x
E4F4
0x
E4F8
0x
E4FC
0x
E500
0x
E504
0x
E530
0x
E534
0x
E538
0x
E53C
0x
E540
0x
E544
0x
E628
0x
E62C
0x
E630
0x
E634
0x
E638
0x
E63C
0x
E640
0x
E644
0x
E648
0x
E64C
0x
E650
0x
E654
0x
E658
0x
E65C
0x
E660
0x
E664
0x
E668
0x
E66C
0x
E670
0x
E674
0x
E678
0x
E67C
0x
E680
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| zzzavxu.exe | 0x13F610000 | 0x13F9A6FFF | Relevant Image | - | 64-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DOFJFpLhODvfDEn.pdf.RYK | 90.96 KB |
MD5:
eafba9d9d5ec52a289c0fca68140c7c6
SHA1: e26b69fb8cc87fac08f95b8033eaaf21127defc1 SHA256: 08d1075ec67f2970f8fe65efea36706aa84459fdfc71e464b735e9cd362be276 SSDeep: 1536:WykQYoLoP2k2RagRa0gn/2Venr2xnLnaMwNPhlREecBY2iE53B:WzQYo6LgdgnOmMnLaMCDREFlL53B |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm.RYK | 0.52 KB |
MD5:
18cbf8ebf8eb5fa92dda6fc787d8f388
SHA1: 7f7b22bc5821f33601d472c7c5481c95a4f376bc SHA256: 2dae6fbd52a38bffe43704b7cb995917959c883e61d23e15d247f3a7f0eb23c8 SSDeep: 12:e2tfMvdxk5A8L8Io7DJ0NGRlptPGMDInWdPrfqj2Qmfxvilx6Oq5hYTg:RtE8seNKlptPGOCYPrfq5mUD8qg |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htm.RYK | 0.50 KB |
MD5:
794bb2bbe9b3271ae03a8f283b1feee6
SHA1: cf9dbf714c44c410a03a5be3de0180a25753b219 SHA256: e9c8cdbd385fdedf4af574ac18598080f83ccc730a1d2d7e9a7ce24c8f23ab4b SSDeep: 12:x11Wg9w2kUs0+Zg2PbZFzUcyGA7Hm1B+sn:31WgmLgieHsn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg.RYK | 2.16 KB |
MD5:
406f1265e40088bd530bc39ac59952ad
SHA1: 7d6a45983d91d08682e33bc5ae4fb62c3153e000 SHA256: c1ed84459f107bc872e89006cd76950a9e9fd8264c64eba13e200e3f04dd2d19 SSDeep: 48:VT3KTFkSWFVG1MSoMP2prSrGuvkB3kzNsV4M/p5M0y6kn:V7KaSkG+jpGGBkzmP/p5hjk |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.RYK | 0.50 KB |
MD5:
91a0bba2845dfff31549c84602579200
SHA1: 68e0a132e632612a718dce7e740af57dcf8dce2c SHA256: 1ccd8b8125edb11685441ce6f36403b470387914e33e29226e4aeaa72ab6e2ec SSDeep: 12:/nYOEl9xrWtMlRRe+yZDkmOLE34YTZV7Fnx5dJ+3VgBLyWJNDg55IULH:/ZEl9xqtMbRe+2OLE3/ZXnx5zaeBLyS+ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Orange Circles.htm.RYK | 0.50 KB |
MD5:
706962a2747d21c050ecd12365b6282b
SHA1: f1d397012861e89ed0c79aceaf5eddff72860688 SHA256: 1bef9a94686ae5fbacb291e1e17111d7fa7284df6561805ed419be8cee279c55 SSDeep: 12:T6WNHMGr15Xf2rEg3Av7yDHf46/vVS8YrhjDk6YviNBTiOr3s6n:TDhB1p/gY4nlSVrKpviNBTNr3P |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htm.RYK | 0.50 KB |
MD5:
868522879feda625bc923ebde717ce89
SHA1: edb1d8393efdc6df61850c4db292cb8ff0cc8598 SHA256: ee5f6163db577b906b404b1fb51a842541d5c76333fb6e7ce872b0b3b0da9c58 SSDeep: 12:i14dWs65nMKMl9bSd07ZRhi+nXjXChcjQBFvtBGtuc1kPbWJcx:oxs66fl9+07hjnTSh8QBFvKucK5x |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.htm.RYK | 0.50 KB |
MD5:
ff04ba87f4dc3558b939e8b180264299
SHA1: b12d6e89ab71e09e8236c83b15e53c3c8942c1c9 SHA256: e53f5944e8b843a2bc187caa897cea83dfa4f82089a3891546a394137cf34e10 SSDeep: 12:s7JD70FpZ/mE/GjE9AQbwJZJt+79dv87MnMPwvGXMWPPHvF+LkJi9J9P:s7AmE/b9AQbun+/k7yY9XMWPXckJi9JN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Hand Prints.htm.RYK | 0.50 KB |
MD5:
5c8b4d9f64598ce392f64f99985fc225
SHA1: 984a5b0d064ba0226c3bbdb57c2d029663a6c4f5 SHA256: ef5649ddcd44ff286d7f879220eb6587ca28a7d6b37b9c358b6cbce84ec85313 SSDeep: 12:IXu5bXq4WvJJcnTgynRe6KqLGz/mWEiapoEUzjP:IXuFq1cnTjx4mD1pHUzjP |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.RYK | 0.50 KB |
MD5:
5921ede629f1f438a9226cb20a290d11
SHA1: 28a6e3493de95192b829d250992ac9b3601241ae SHA256: 68ac3655405a8c1c275fcacdf6ba38e8ed4f4165df5592b5447fe0ca8413a0e5 SSDeep: 12:BGtzPqbV6tvjW8i8oSPTxFCi2vK6Q02EfGU3cxZwO5B:BazPqbVY7ri8pb3QLQ024sxpB |
|
|
| C:\RyukReadMe.html | 0.61 KB |
MD5:
c9454ce5d55e3af854f51e1f84866d24
SHA1: cddf6063c72a73f84f0cc6734f2464b5cb983a8f SHA256: 17f05a63f4d1f913974e115b740260533bcda57096f72b2a10cde0578903b39a SSDeep: 12:kJlzqUMyTv2/3av2/6bHeIH/GJHbr+OsKXUM:kJlXVTvmKvmwHzbM |
|
|
| c:\programdata\microsoft\crypto\rsa\machinekeys\08e575673cce10c72090304839888e02_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 0.05 KB |
MD5:
93a5aadeec082ffc1bca5aa27af70f52
SHA1: 47a92aee3ea4d1c1954ed4da9f86dd79d9277d31 SHA256: a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294 SSDeep: 3:/lE7L6N:+L6N |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
87ff10e02c10f5ed0293812a5bff7352
SHA1: 0429ff557749b3f2a02f086e718d6d8e4168d1e0 SHA256: d0328b0e83326d51545389e806c2cb1df91ea72ea36fd7d8c13171671d84cca9 SSDeep: 1536:zrNXD5H9wwlBJ+IBT0m7Ooki8AzqM73fy9mf6sm3xHCuBlyRWa0kk5yg:Fz5H9wwlBJ+y0m7O3i8AzqEKqm3Zo7sN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.RYK | 75.94 KB |
MD5:
819056c1e6f50425146bf19b216b789c
SHA1: 76e8a139299031949adf4a4315202f6a2a569746 SHA256: 81e0666a6fc06e749927f69051e1b3eb43b2316abb0aee932b98e1fb99e85ee7 SSDeep: 1536:5ESCK7nEqW+gsHub9t6X2ZQbQdxxaoOWLoA1OG1mMqCybvBqigdw7VSJ00CYgzit:5yK7nW+8/6EQbQ3xajWLoAgQmMqCsvBq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK | 2.89 KB |
MD5:
aaec7fbda1dd4f92625ab8fdddf114dc
SHA1: 868799615bd421ed208393fce771fe4ae3cee7b6 SHA256: 8e6837552aac831304c030133ac6462f60977faa8c35874513ad27890ff5ef24 SSDeep: 48:Xbbhtsx872wvU3j5HeGZ9tCS9mQ/hAUEvetcqKUhf+fONOyDZ+G+l9XD9EitOMJQ:XpKd1Z9tud4CButQnl9XD9EiARV |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.RYK | 1.42 KB |
MD5:
f185471ed7f88a56ac98e5209c9500b5
SHA1: 68bbbe582f082e96cb587f6c3efb7ef20c01bf14 SHA256: 922108151097afdaee394f03692951c88c04fa732c7b5b2ca4fa5f8bd7108288 SSDeep: 24:j1xOp2ZSpx5nskJaeyHOdBiOxVLpWdGOk2PtDPQ+B6HkiLEQJKsgh2FW48L5n:nQnh7COdYO7pmZ51Piktsan489 |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
86d13653a1c8b8c25675eb21713f6037
SHA1: 1552e68f8681ad685e5edeb3ea744a863db40b19 SHA256: f7d7967ea22dfc27e583a32cb50cca0cdcbfc09932c8d3b974e136635e6e5a80 SSDeep: 192:HIhQReqWSO+uqojQw8eDuBsenA6XsCn8YT5c8CPEfC8p1y:H5kqW9joeaBsenA6XbLT5OGCY1y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | 0.42 KB |
MD5:
b3d3422c0c0834a3af0f9cceca527674
SHA1: e028ad138bfd4d27167b6d5cf37d2a526cfadd06 SHA256: bb18abe304a9ceda002201e6db949cae753aafbefcab72954bd501a0e9ba0775 SSDeep: 6:Xr+itwqoNH8yeJxjzINQ4s7Dlb25n2z+IJq2ce5UvizsV3aK6pM9OfIN7tsWCS:CCoH8HjcNQNN6T824pAOQdOHS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | 0.42 KB |
MD5:
1ae1c46db60c9f332ffe1d5df4089be6
SHA1: 8cd4734a48e49ebe8db692e0721a9e0ee96bf17e SHA256: 894307cc29a74f9b440d40576616ec9385364d2799aec797cdb4d06770dc4563 SSDeep: 6:jwsbIkExa7Aj73M89KuVi2/Se8I+XxIN6Q3/iEn6K7I58vKNJgpGPfr0EgzDex37:jnZE++PIasINX3Zro2JQf7sGAv3+M5G |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK | 1.15 MB |
MD5:
9d1485bd8e3f274662b64faba24cc2a3
SHA1: 0948032a0820cae850add4cb770f998585d1b8ec SHA256: 89d4153e19621c4807f5ff790c75a1b0ae68a85aefb6744e5fff45cc477d9e77 SSDeep: 24576:Ag4psKjbJUt1jSkqZMuprUOQNeo9YnOKtq3X5NlhmAFJ3Tc1u46+Kd/eZ3MC:Ag4psebJ2wkWdphQw0MANlMR1pw/eN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT.RYK | 106.55 KB |
MD5:
60c700e2700d7e16619072844296ec8f
SHA1: 6de20cfdadd4b7a2d7311689fe2c98719ff8347b SHA256: a5001b473908521e5fc78e283f58f51487afd1607c11ac06136996e393d64f0c SSDeep: 3072:OfFxwpgN8BF1sVxzOIwiiFU1Gse6xSn63t1By:eznNiFRi5Gse6xw6TBy |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-1jPtqir3151Mm1.avi.RYK | 28.66 KB |
MD5:
212945b92712ee471cb000e891127771
SHA1: 05ca5b006ae85dd0320398a2d8c9698880b59098 SHA256: 506681454d85280185868895c590e23c294a2a540813fc60208e50d2dd0374dc SSDeep: 768:bGgtiQ4TtbI0kDNN9uQ2SS4C8I4CfrktsEADZStRdqaTwvSo9:bGgtb4hbIjNNXS44Lz/E60JqaTQ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-wD1CtzoKAaqRQ.avi.RYK | 76.11 KB |
MD5:
0f17fc6a8398331e425f9df61e60536c
SHA1: a4578e36b70b774812a3ccef81e86806565b35f6 SHA256: 979b6a4515326dba50f3968a243cf12caf131e2fbb318ede2bcbce70ddad48f1 SSDeep: 1536:bQAKFNvOs5/BWSJzCX1xvfo66RGRJbiySPZPxKxnCi21VoOfK9KcuK:rsXWS9CXPfojIOPCa1V9K9MK |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2N8XoM8KdtEKR3l.m4a.RYK | 35.74 KB |
MD5:
1f64aaaa75a7d3c14ed35f286d558282
SHA1: abd40e581ef337650bbc179b6ff88dd974d81f35 SHA256: 37b13e1e0b3cc4e8686a95712b67adcfd7ee0b85aebf544849f827019f625c81 SSDeep: 768:ewkUrnzT+tl+FB/l+2ZejKTn8QG4wBQqrXjJAqWKsqi6GoOLtZLK:ewk4nzEU/9PK4TwFrXF4aK9K |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6Xzko9PES.bmp.RYK | 74.77 KB |
MD5:
24b75a44d55238e239a722e6754003ad
SHA1: 2baa563cb52122d956ce3161b2e7a11dad8edc3f SHA256: 239245f85b71bb20474bad05833d908fa5a2e6ff64787d0aec71c6d5618d53a7 SSDeep: 1536:991EoC1mXo7klwr9E8sBMAZg72oS7DB3Z2bRXsXg1pURGYTQm5ob:991EjElBHZpfx38bRXp1c752 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aD6vbI_L fbZ9ov.mp3.RYK | 45.60 KB |
MD5:
115988205e5e0d2fa03198c0a7007e09
SHA1: fb6a2256fce6871d126d9d846346bbc37bfb50fb SHA256: 0fc87f4a42e5640c5d53126e48d0634381274c7785c4377d21c4bedc1957cb4a SSDeep: 768:N8CTYA/aLGXR+8J4Ub+lKuUmTejlXR9gUDbEnAiNytyDgo5iImKgqvhjQ+jRHm6P:agDQkRVq+mkh9bDQoyDgydRl1JYK9x |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.RYK | 1.02 KB |
MD5:
2d70940b6e85f4904e38952be9a7ee4e
SHA1: f87133ed8814219a4d39a6791693fc29d7f62223 SHA256: 110e227c77feffaae83894beb11f5c54c0f4a01a376757bbae5d947e180d2305 SSDeep: 24:tkLZJxaiM0ldgSnAO/+71Ton7dkK21FQo0jFrmdsI/PPxnE2:tsZJPM0HgSnLe1TwShTQ/FrQPVE2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DAWmK.mp3.RYK | 32.21 KB |
MD5:
4d6ad69fe46f63b18711eb2c6bcaa6c0
SHA1: 9ac53670b44b94e4eb2a777650d7a34f678a7aeb SHA256: 205721bb3f7f033c17cc67ff2752cfb29c5dc2df3635fb1dcb96ac9cf765d292 SSDeep: 768:ENGiKRp7ddYcvnfQtCSP5QGzR/xlVkawfuvrR6VZWSEydb8S2Tkkg:cGiKddzfLcR/D2jArcVZYm8S2xg |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ekU6o.bmp.RYK | 76.33 KB |
MD5:
b9a3aefe8b8c645f63f186665ea96ac3
SHA1: e52ba9a261ea921042805523c53b4c841ecd0bc5 SHA256: 528eba7e2f765936718896328f5f3c9ed17548d95ee98b76cc3244baa0e67085 SSDeep: 1536:Rb1C9iQX0k+UbJzU0XYxY2hY15G9YTmiMlYvbZobsCLmPn01Go45Z3:R5C9ioZJg0XYq2GLmiKmWsCCv0JY |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\e_emDq.m4a.RYK | 66.31 KB |
MD5:
645e0f41a41e6eb43829b60edcb71954
SHA1: b6ff0988316465f4a06f9763bdadaa0a49d877e8 SHA256: 77e808b13ff2a05c9e1126587aface19b20732172c864084b4a26c1f9b276b0c SSDeep: 1536:nNjY9GqvFqp4Lu8FQ8XYaM+TFGxX+u2WhF9R0TqF/A:NY0xyFQ0d/Md+AmmFI |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\fsVeUQ3vvXBdb.jpg.RYK | 35.28 KB |
MD5:
d2dfb269135762b2772f4b20c21c02b6
SHA1: 902ca102f9c57c71c16af98724ae5068bef415fa SHA256: 1637d1b5e4698f290c788b1d6c29d293bfcc426e1a9f05e19c9a092f8a285845 SSDeep: 768:xfi8CjWvu7bU5RCBqdRnW1/9UR+5w5aOCGOxtlTfnY22wNc+:xWjW0bUDCqnK/w+saOYfZ2wNc+ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\i7hPXw2ABInk5.odp.RYK | 65.35 KB |
MD5:
247e84a3b9558f3668e4ffa9540a6236
SHA1: 8a3ece1d7e20ae443aa6cfb6ccea0e5266074da3 SHA256: d5d2fa23073d877abf173f8699d53636e8b5530115b4172aa8b3308795d79050 SSDeep: 1536:845EzZMppam1Z+AbQCN9I2v9p75WCL7jsEM3NE:1yqppa4R9Xv9p4CfLCa |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat.RYK | 16.28 KB |
MD5:
84620d8f03fae9861c6c2fab0f85a893
SHA1: dd0f033fae4af6986a1093d1ed5f86b65d5f521e SHA256: 24c8b182192d41a605f36991801f541cdadac4fb65090e54577726deed5fa34f SSDeep: 384:0+96JKFTFyvUki1WqWBypiIeUz2jJs+SN1BsjERp+4bGAx:59scXgqWuiE0MzRRp/x |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mELW3sX.flv.RYK | 86.19 KB |
MD5:
41847c0d5c432d1bb62f88f04cc4472e
SHA1: 66445bbd586f3415534506450ca8d2ea765017e4 SHA256: 132c5b842ae38e32d2d35fd98875e747b92e495c0e6983b28054f8f45e35c121 SSDeep: 1536:byimWC4f2MUJ+xrxqXVKg2x+5PnlOyG/nCiTNTRjzwwtdz7Jic1QX9/bPxn:uKC4NUJ+VxqlIi/lOyG/rxxzwwtdzlnO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\s9CZ4O ljxCp.m4a.RYK | 54.31 KB |
MD5:
444577ef6e78c2b6027ed9d785308fc4
SHA1: c737541b1af546e4d4ecb5dcebd439bd4f7c0c19 SHA256: ea7eb9f5b31968ab6afdd2f91fb5ca5a5873b400c2c1fb79900a869f7d063055 SSDeep: 1536:QY8fpC7PmNO28Wml5deZDwLvDzJjShP5SYCaUxq:QY8xC7mt8Z5dM87+RRCaUxq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sZHi jusNhd6.mp3.RYK | 89.17 KB |
MD5:
6fd601893f20c987e921f52713525cd3
SHA1: 87e5f77a8d7c72b9a78b1076282dbd691ee2966d SHA256: b7ef988113fbb7a184af474f17138d08f97a9b4e827bdcb4f929b5b23bc902cb SSDeep: 1536:hHQ+M5GtW577RS7w7gag7j7YuqJa6qbyipfwOHQTssSKKtExrqRwg2Yz:hw+C1tCPuuqCbyipfwOHvYrK2Yz |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UgVxY.jpg.RYK | 93.49 KB |
MD5:
88923156959dde935060f4c2098b2a1e
SHA1: 7a221185bcebfc0d2e5f24fc085c62766b7fe5d5 SHA256: b2f67376fb369dcd7710bea55f5a16132d54e561dc07bb3c89162aca36efb374 SSDeep: 1536:UaUVkWFI6dOecxRaIzBdqOUauIvKqfkRw3UGGXWEd1EvFLKRtenWWnmm+XZKH4xm:UammAOegaIDqOVIqfkRw33GXddeFKnWH |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\oFV7p3fp.odt.RYK | 92.13 KB |
MD5:
d5dea2315edd223c706f8d169221d45a
SHA1: 2e1da346b04979ba2e9c798478bc2b7d28122dfa SHA256: 9be98eef6e74f4212b23e64a2d0e736b325a8521392b37922cfe49520e66cda5 SSDeep: 1536:xbEyIMA6BHADQKQ2o0WbiYcbtiMpk6mSUZZHaAhDPijwrJNWxzTcUUPzTAlo:GuWQhfcBFpk6mSUZpTDKjRxzgUAzTAlo |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\X4M1Ejkgszn5vH.m4a.RYK | 4.27 KB |
MD5:
d6201c473be853bdf2bc8e132e94e392
SHA1: b718f0ec478b0a624424e38a93bfbb1c08c563b5 SHA256: be4eab434e4705b8b1d75581297614f0e558b3b17f392d481f3557f31acd6e83 SSDeep: 96:EBPuO5HctBX5CnJ1ER9tC7rSYg5uwrZG+SQidb3A:ENuO5uCnzA94kumGVQiFw |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | 0.42 KB |
MD5:
ff7d2cceeb60f1ac0f3456f7eb2760e8
SHA1: c0a886e37a13c4cd7c8074d19b4c40f2ba41cb94 SHA256: d8f564ffc605ef51c04cbf5ddb31f0bd1d63fee1b1ec82289fa49925f4c39b3c SSDeep: 12:OQsXZi3eCqSuT/5oAZlyLpQsTMUndiaB/Av8v:hsXAuKe5oALy60noyv |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | 0.42 KB |
MD5:
5fcbd236bd9cb6e98d493800f2bd9211
SHA1: 20288e03058caed00c62f111951882cf73a9d651 SHA256: 33fde227e16863e4d1719c9f10115ee3de0695ff9857eb6b5c6a5532cc64189d SSDeep: 12:+9YqsIqsLacKZaIAIItbuLm+Rf7K4NE42Fs/QV:+psd109Ikb7+RfW4GRK/A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | 64.94 KB |
MD5:
92dc1ea44901feae9e6f4a4efc8fcae5
SHA1: 4dde0af1f0912200b4e27ef0fc5f608a60603912 SHA256: 2702f3399ff64ed2ebad64e7346487133dae1c51a9ddb780eafc9094bfea7e6c SSDeep: 1536:PIusNsGvzf/c7jJmmINOEOdAAuef0WF0ObtY97o:PItdvb/c7jJ6xOdAorF0om9o |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | 52.22 KB |
MD5:
656ecd9bb94bdff753eaf9986d8eefb4
SHA1: 49bb24c2feba991ff798cd41b5902364f9b705ab SHA256: c78a42c5cb97c8a3dc712303ae255487ac5a51a9e5b23532b85d8f0ca194a100 SSDeep: 1536:Rnr5S5TcYxkyeTTFRKZsCP1bxJBCRW+yBEI4Njllz2:R9mtSTjMsCXJMA+yBj4lu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | 135.49 KB |
MD5:
5504049b51a0cfb647fd32fbe6b90820
SHA1: c53a6a8677d742c96732882838a67962fa89302a SHA256: 73381289fd6f1292cf3136266d992a461321693fed64b6cb2599f4364c3cdec8 SSDeep: 3072:J2UdQdgS7VTtvG79AGDl9Kp9e0fz/pwPuvvc2TCrGqpZMdHsgJdXxxDl2:J2Udo3VlEw9eK7ir/MdMgJdg |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK | 6.78 KB |
MD5:
b98576fd14d0296216d8aec522ef2d43
SHA1: 4f70d42089fd527f38a8adc17205b777301a5997 SHA256: 6f4219a41170e25e4557703daf6f6e2837218c8c050daf053405bb5091cad12e SSDeep: 192:iWkV5KU/Zmju2hoLgGd4pyo18V2I+qOaTh0:ioUkjNh4v4ooCVafu0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | 5.28 KB |
MD5:
0e34fe9f3a818ea88b1de5f894c8a278
SHA1: f186e019b7207d05111ba255ef9e2a26908c0632 SHA256: bf836881f041489f5e09f743456049e781ac3f27d4e888548903c70d8de94a95 SSDeep: 96:fj9ypYekzAZqCHbwo/maSuieZZ4yTrfJr/CU1fwdcMNy39z9:fj9yyekzA5HbwozSvsTrJ/C1dBA395 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | 34.56 KB |
MD5:
05ccdcdf2397ce3953c50ca5170bd708
SHA1: e9d992a5aa4da5087a1073d5a46c2386a0d35995 SHA256: 852703ede2118ba4f97e06929d976c94a1e55b1577a29f1835f11a993e02d644 SSDeep: 768:c3G5mVCL5Ltna76ccNHkcPxcc/cNsPlf5ljAKlg:BdYbatxlkK6 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT.RYK | 240.49 KB |
MD5:
f068a4bdaf478ff75fc3406f784357a0
SHA1: 2dcdf11e13c9b2698b00782e8fcc415b2ba9eb9c SHA256: e7f6514b0f14a4697205345f743f1ee8dc77a9800853ff4e3794fc042a2038a0 SSDeep: 6144:Dyee1zjgqxpfF/+XpqzBiEDY9LOgauD4eKDyJgawdeHHOK:WzsKpEsBDYJOgauD4e8PBenn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | 0.35 KB |
MD5:
68d0cba7cc9831eee8b870a81748ecfd
SHA1: f277f8d8834e55b8e43e3cc458c022872642d4fa SHA256: 26c1c0bc37683785241aa8016577fa48667c3241d1e26a95a056dfabfd8e0441 SSDeep: 6:4AeZLMIN/auwwgDJodvlB1+ZZJTLp5dMTVXdWJHozUMdz+pNVMB:4zVMI6ZDS8VDMxXdMurws |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat.RYK | 32.28 KB |
MD5:
6120998353e960236e59345bd9b9cde0
SHA1: 337ed1bc78505f1f50b6199ef4ce68c7610d48bb SHA256: 8debe79420a62fa662211ba1780f4f3e4262ca7912aab5d0aa9a4873b662d078 SSDeep: 768:7mRK7vcj7vYfgyadOdlI39CrvJlr9rKikTZq:i+vcjnyad6lI396vJlJKpTs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK | 16.28 KB |
MD5:
cced4bf81933727fb51ea0ec3773ea0d
SHA1: 7f17a9b42df199374cb0f292b315b80cbea9a258 SHA256: fbf684abf7bcc7737dc4aa027754f65088469eb700b3d9dd69a1d9d805cfd9d1 SSDeep: 384:itzHeB288Gf9Z6UEEAUKlD0lBbOAgAcxkcXSqBUa1t5mKdEW8qh:4HeBIGf9wUEEAkiAgRxkcXCpWL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf.RYK | 1.38 KB |
MD5:
e77e62ae453e9db4a776aa22ffc3057e
SHA1: 3d1e01645ad99bcce57809b49d90b794a16a6a54 SHA256: 9aed0e2ef9b44a4b1195fa77af642c4b21715a5ff9bbbb5685f87060d35e7232 SSDeep: 24:xb6pbtMXL0He5ll36eIZPJELxt4crfV/u+Dkl98z+6oK6JEoUL9a/eE/vv8m+NTf:l6pb6Xme5lIeIoLf4crfxm98wK6JHULN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi.RYK | 0.46 KB |
MD5:
0d9fd74de9434971e439602f9c64bb61
SHA1: bd96d7473b7df90cd1ce9a1adb3669f989129d75 SHA256: e32c90e6a35541d8b7aaa95133b663d53a10c6fd36a01b472b85128ad61257ae SSDeep: 12:vvU5MTfslyNXtNOmL30aTg7t+gQ26MgHp8yM:vvU5Ifsqtcas7Eq6jJG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat.RYK | 125.28 KB |
MD5:
92bc125eee3c224cea6f468c6e1012b6
SHA1: 021f54aa3db5a36f04046f78c69e1374eadea85a SHA256: 201f325c45d810e2f2de4cf6edb63641249161bb050c12f397ef0b896bc90b9c SSDeep: 3072:8fijI8+lBe9rDi/Hih49X2lgg88utcYYitng9h0TJq:8KpDrDUHhX2ig8jcYYyg9h0s |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK | 12.19 KB |
MD5:
73346687bfdf0c5ec89fb4391033ca7a
SHA1: 7864518a496f82db0d6fc56a611f4e5439254ddb SHA256: 1e669c1f169b5772e33a08eb00a4baf81a2982c431dda5385fe639d27f73c3a1 SSDeep: 192:OuyeE3AIglA7/h8UcJVLiFd3NMZjUtHah3JxpbRDQNQbHMMjot2+fH2u:OuVGAmZ8LLCNMSty3XMKAEpiWu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat.RYK | 99.50 KB |
MD5:
43ada43e2c7fbb30283fe30a01c6dd42
SHA1: 31305a29c8474883685f6075db921c7df82c36e7 SHA256: 0187f789d60eb10ad408216492fffed8a924c714f49efa4bc2744a2f142823dc SSDeep: 1536:HbnaQatAdFFbQ8qMgdktVT6RFvwKmUsi180wVeT7YcdDOxGda9YT1Su6yQYEf:RFS7M8ktVeRFYdUsABYQDxdEOWbYEf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK | 12.21 KB |
MD5:
4659e9e4eb296902f1c04f9c6de054bc
SHA1: 034188fab528547dc5ed15dfa5d1d4c8e0e1af69 SHA256: 195f440828b7a378087db805e0efd5c9820792397073f2ba2d9bbfdfbbf4efa8 SSDeep: 384:UC8VknCk7Whk0x3yw6taZYf8lVAXJWfjKtiTZCE:UVUXWhBx3yXtaZLlKXJWWoCE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK | 68.38 KB |
MD5:
b8fb3f0f519edead2a3c21c04fa25ccd
SHA1: 1c0c4c1dca0193bf66c353457295482b37895916 SHA256: 352a5f1af15044c29e56d0e52abed8fa2f723fd25a20e4eace447bc84fa50cb5 SSDeep: 1536:TR7bxlBGI5fZYbT7l3qrdLEXmfUkmg2tp3kX5JEzg:TdxK8ZYbTxa1SMDYkJJug |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK | 0.53 KB |
MD5:
85cc842e0bdbeb1266d27cef9e75759c
SHA1: 46beb189038530aaab094e2b3aa783066d5fd6e2 SHA256: c0780b28c9a41b96d6b4559f5b8c5bdee653989c963e9e0bcdefb13d5e40c5db SSDeep: 12:HxkpVdmS1UGmosms1bb0c7wxo1J00+nYEY:HxkpmrGq9xb0c7k0+YEY |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.DTD.RYK | 0.77 KB |
MD5:
b2aeef1be14811e091e265d930a07147
SHA1: e31f107d97100537e33698885ea238f19bf2cc44 SHA256: e62d36c1d2bc730bb55f0cd341c8b67daa4c815cc7f83d0c893d7e6ec3230c14 SSDeep: 12:ynF5cBeDUO4jfsnRmgYW6mQ6WvxaUFPfRM4oRESzw+Zx/BnINDf:WFCkDU3VYQ1vxaUKJXh+f |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9WqOaVZQQXr80Vx9E.png.RYK | 8.91 KB |
MD5:
7e741912b1593853d5c043ed17e59cf9
SHA1: 1f5fe79e2f0a6ad983f0ea165becc304d289476c SHA256: 83b293cbb51cd9961a5df979ad58d3e6dfb3f9145431ab58291f6d8115903ba5 SSDeep: 192:RIJToNLDwGjVIi1xNmkfyN0JEy4u2GVTjJjK:RIJTILDJVl1HmkfyBy6GVTtK |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Settings.ini.RYK | 0.36 KB |
MD5:
3f904ee8f6e5924a78f8c945c133eb1d
SHA1: 06293736b3eb4b5c00ebca3a3be42b697cc376af SHA256: eac4dab91d4a3bf597be73d41043604e7b3a47bb6841adc1a2810ea77f72d4d3 SSDeep: 6:PYkiE1Ei9nyWEx5qrX1sDMKQNJ8d2I7y++Y7yWxqy+ymYk9I7JBENCz:AkiE+iAHx5GIQNyd2I7y+WWAXyL7JmNw |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat.RYK | 16.28 KB |
MD5:
3b2977acb4b77538cd04901294f6217f
SHA1: 732235a6ddbbac55bfd5175b608ccf252426bee0 SHA256: 9c685d9ccf4d0629e459fc2dae2b0dbaa4e41d38d7ec57ede5adedce49e89b2b SSDeep: 384:pDzT9XNm+tr0HbsG+/dSONaWXCB704sUWn+cWeVH2:pr9XNm+tMsG+/dSOkCkhe+9eVH2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JwUco-T9UIE0RtuaL_E1.gif.RYK | 40.89 KB |
MD5:
05a273d1b01e2e710b9b61927e693a7c
SHA1: 72a97931a06fdb9e05d30c70270fc66c2c9cbf08 SHA256: 2005f1cc54cd6cafcc31788d1e5d4100ec6334fc376a8cb3fdfca458e4db51fd SSDeep: 768:w2cb1+83KrQJg/wVwtyQjs2/p4aeJHonBuIxD7v2CSrsxJvFx/RmzsVfLOc:3a3sQy/nIe/p4VuBuuDDjSQxJvTsyOc |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK | 2.00 MB |
MD5:
1daa265dc2c05ed2fd558a98874fa945
SHA1: 050f75003e7244340b1200418e1f2a4fc8ec4b50 SHA256: 33ea6fffe35a5e254caa3349ed8fbd49f761cde8d561f3c150ec6031ba53ab05 SSDeep: 49152:H+m56SoAkg7KwY3aeKM30lmMMEb3nVDLwmH6fvbzEeRPpijgguk8:H+MNnL7re730lbMEb3VD8ma3bXi8guL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log.RYK | 2.00 MB |
MD5:
64538ea24b2f11b8c912d66d02c5d130
SHA1: 7fc3fb0ff23227ec24a162b3b7cd09d04a175796 SHA256: a59d32268ad20a7dcda98856255d67ffd734d33a3d7d2ee46f53c168379b551d SSDeep: 49152:Nyk3MYd66QTQ0cpzNyACNLmibzNQ8tFdVwYXBSITSk5b5SQ:8A6NcpzrQlRQ8SYYkX5Z |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK | 2.00 MB |
MD5:
913782534090f97b5e0fe99bdb62d673
SHA1: fa59ec294c304a785125038c91b950edd7f6a8bd SHA256: 4485235135616f4673a2bcfb3f10a99395e54d7bbdbfacc64ff147b2b5cbb966 SSDeep: 49152:IdcSIodci7EnS0zoU0xbF+178FxJ+0nAxcxogNT/DyRElZsLH:FlodJEnPoXbF+6FH+AAx3gNT/GRElEH |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.XML.RYK | 10.22 KB |
MD5:
6479d05e98fd302bffbd26e0ffbbf493
SHA1: 848455d4689b25ac9248638e9c53ce3e8c6f3b4e SHA256: 6e1c4375439c3710d1d5eb28bafe6b3efae8adbb1e7e76c38a3493b04c572ee8 SSDeep: 192:+qoyQ/OvOXjnPD+MS5U5Tfp+qm8BAlB3wcCvXNewFxdGnfnt/U:fQWvOXj7+ATfMqNClB3G9ewFunft/U |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log.RYK | 2.00 MB |
MD5:
f5cfabe5e476dfb690aa2ccf7154b455
SHA1: 06e20cf5162f8cb8017388729d881cb59c9bac5c SHA256: 713f9f2561d6303e035e42aa3de436425dd4be0a8f52f5bba5289c4fb15a462f SSDeep: 49152:Q7+PTTzkM9HyBSScFYGM8nRbVbK54ac+NFR:DgvGBK5U+NFR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wTpNmmdXLi4UIyadv.avi.RYK | 97.02 KB |
MD5:
0daf1246b8198e286594af970b3c1c98
SHA1: 7281f447e28e9dd672776259e18ff3c073f7e475 SHA256: 9b12a368f35226758d1142fcc1afdff76ee2ddfac5b83a614b6c01bcc0214839 SSDeep: 1536:8fJ7X8+bqMnoFnhafeCljqZ42urMNbYp1NG/BYJEH0RQoZbQ/vJKbUNliGUq:U7dRfeClm1urMNbYp1k/BMbZMA/bq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\XNlF1fAZqiwMihZ5.m4a.RYK | 41.55 KB |
MD5:
bbdc5ad93e06fb87681d7ff21267fccc
SHA1: 9adf6fd5c1e53c652b6415ebc3a20848e7e0b1eb SHA256: 6f69de7a6377932f23222389938be5916f12476f96b8de06a40912b62057875f SSDeep: 768:O50HTh/UKItqj1A0Mc9B7vzYuGG/inLnFZvzsc/1o+/jymW:zhtItqj1V37zVGGinrzzLryT |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | 0.35 KB |
MD5:
826fbfa1b3612e4b42b079714c7b63d4
SHA1: aa4d6baae50d7ffe65eef72ae25fb8debbe95f75 SHA256: 3a73393045aa7c009a1f82bcf31268dc9273faf2d4d76fcba7eb0661ff09b496 SSDeep: 6:ENh3wIFY2k9BX1TJekBvNgeC8tDidK3EfDwGZQUeBVyVLYwUw7K:E8Ia2MX1TBOJ81H36pQUeB05YwO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | 0.35 KB |
MD5:
f7ba0259218d857a60a5ffb2ddcbc299
SHA1: c71b79d9d73219783f7118cd8372462539def245 SHA256: 05304536c5185c0ef733d31a253ec118876a61cac5ffed9f30b0e8fa6464f490 SSDeep: 6:IzFZ7qM6gbwJt96whmeKVaa6eH996PMrKmJsAT16t2tHilPZRf:YZqMetIwhmHVaTq99aMJWAB229ilPZRf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK | 16.28 KB |
MD5:
466279fa3717d78c70c7bbee4358327d
SHA1: a5d56765ed211f5ad05bc77933214bf0d8492d55 SHA256: ceacb4ea0ef6c83bdfd573c22f5a76e2555a2f4d3f6acab6857639de63639a1a SSDeep: 384:+fmi/7yLFwaVDLBY29Sp8UKaEc4kxiOoBIcvv6WC:+fmi/Oq2Nz9mzuiqISSd |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.RYK | 0.35 KB |
MD5:
a7d8b2c2e493a7338f761120d617b98b
SHA1: 476d9787c741af45efafd148db60d4d886225ea2 SHA256: 26b58ed166f52c6ad3a09199af9c363829f55a5c7521a273aa2223f62a8b1f94 SSDeep: 6:cn4tdil/RmnOQojux4wosrqZYUDWdM9dpd79gZkWJ74lddsn:y4CLSO9juxnosrqZYUB97dZe8jdsn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | 0.35 KB |
MD5:
f39af575be7766867298a564cb704544
SHA1: 8a84f03178b52e0d856e4fee9902f108cffb6b27 SHA256: 02a01ed635ed2b662df67ccee4db451074673d50a6a6129eeb0cac60532d6f46 SSDeep: 6:eveiTYJEbvdfSHzEhnlokSmQFwX/Dp09kOLYl9AmrdFiAZ4jjqZXwqM1eWFMn:eveOYqvdYEhnTSjFea+VhrzNC2Zg30W2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | 0.35 KB |
MD5:
05390bc9729146b06a87b26a69328673
SHA1: b1384a18b26d1188f32bd7d0e03d3220cee210b9 SHA256: facf3b5a5480c97c98c2813eea2b958c1b7f173b4d09480b8c9cc8f5d233ccc4 SSDeep: 6:1o9f0qqXDANnx6ozcfYrvLIQoHExBd/ONDmCRKhrPeoFA9jGEFakVALo:UfoDA1IodGICRKRFatBALo |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\index.dat.RYK | 32.28 KB |
MD5:
321ab9dd775ae534c845944cc8203095
SHA1: 0b977b9a7810d7186205ed25a49928e0e9d45a80 SHA256: 92b1a21c4db85e60be5539041e35814260f1542f9ab19c7f235e62b7fd82583f SSDeep: 768:QKbVD3b/bPx54N1R39RQIHw/aFrbmEvEltNiQA+:QWbJsR39ySwYbD8l9X |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | 0.35 KB |
MD5:
7c6689e763c0d77b713413c277583f65
SHA1: b686b30adf6b503ba165019caaf83c206ca2170d SHA256: f78f43acb48f853128dd9f5a38d399636413c23703450de8f1debd481b05e3b8 SSDeep: 6:uwzRzfHTgMopvhy+CyD/g1dQC8AcVsVY2PIQm9UM9QZpVRvhLeD00paR:uwNfHTsv3Cy0Y/32mUMqZpJLBR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat.RYK | 32.28 KB |
MD5:
c58e2113d93b03ce8d60c45d2c30b692
SHA1: 6fecc699e231fe1a57e8f97194fb0610a5db846c SHA256: afb7945bc4196aac9dbcdffed3bfbe1a3d0a9d36ac4bd86f07d6b8e5004361db SSDeep: 768:qwfBfTkZYutGOTnJ+qUt4t1pDPMW+qc2CeKuRwA8UsM0b:qwfBf+YqnTnJI4t1NBv7wA8UsM0b |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb.RYK | 1.02 MB |
MD5:
258d8da6f27dd668e17513a834ffb9e2
SHA1: 5c91813f71de4dc83667b101308411d43de3c3df SHA256: db86e58f97962f2a092ac8ba7a788866c3bfa18d911d4bd0b5c331ba6ee105a1 SSDeep: 24576:xxhv7iWnoyaXAxhXAejHpNEfAcvYjwq2e+esvRinp+Els2u7:xxRGTAxqejDWdMsJin0asd7 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat.RYK | 9.27 KB |
MD5:
ff86e1199811d0266aaa42324a556869
SHA1: aa81fc0dd795846af47adf52877c22f97d879834 SHA256: f3989115b5164ce3ebfbec49aa006a61f8ff441a1c1801df193a3b1edd50c4ee SSDeep: 192:5t2LRqrIRx22ohDxDgre3d6c7KRe4VvtL6Vz2xNE:+24x2P18roa1vteV6a |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.RYK | 28.28 KB |
MD5:
57957096843dad29691be25fcb09e442
SHA1: 0f20d21c44977e9dc46f9dfcdfae2361e06fe053 SHA256: bf80e179c00e15bbe092c971cd369a8a057e92a5162550ad5c13ae2d5aedc1d4 SSDeep: 768:Ve3QZo2LNCKFJDqfRvZ+aC2h65RHTRFA6CN078bx0:vjLNCKFpORvjw7tZ4by |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF.RYK | 0.39 KB |
MD5:
626b750c8e2f943ada5765c64b92c6da
SHA1: 4408714b18d014e5b1198321213ebdc62bf51380 SHA256: fcc1b097b85ebf1c06be2c41ded418b45eb516b5fc058f3f8456e7d4cff24d3e SSDeep: 12:sQ0lwckVXPYPlvm6oLiB6ftFpfZIWGLcy+R5OtC:8lUVXPYPQZffzrCMqk |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.pat.RYK | 16.28 KB |
MD5:
23410cef43ff7c3f859a65b8b84f5cba
SHA1: eeaea07e23b08ed8506943925adca6684b7e6078 SHA256: 34e0482f4030ff167b3e678322994733e243c95fe4ad6c4b337e8a52a966a170 SSDeep: 384:Rtyv+Y5Hv2myOYwPasKKRGAQmBPSUNRD//zWpa5PXVxa9v56y:RuzyOYwPasKKALcvNRLzPxVxa9v56y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.jpg.RYK | 7.61 KB |
MD5:
d8ba291391eb4128f2e5394addc6ef5d
SHA1: e00a532edd73f2f48f5b016be663f1b942245fce SHA256: 65c7d90ec296af2978b21c0965b6fe1b2530545f7a3efad1195b00a4060b8f23 SSDeep: 192:xphrhOsRMnVJrXUZqSL0kFBnrv1/tcODa:zhbSDUAk3np/tcz |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore.RYK | 2.02 MB |
MD5:
ee23d6eaecdfc696047b04aa8d58d00c
SHA1: 45d4899ccd3a3c05932ca2967c92a98fcc8d0dc1 SHA256: 9464375eee5161f738038b543c31e53b033dcd6b75e05d5e4f95f046f35c24c3 SSDeep: 49152:8+frGQ0MB7OjnrkkjhWVzuiTh+a2Oc+/GOS7tYLIhu:EnE7+rkk0zzTh+sc+ghOIM |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.jpg.RYK | 5.27 KB |
MD5:
a234f583204107062f80fc6e47f1d7fc
SHA1: 6dc99809cebaca0e43e8315b6f2b28ea28b3e891 SHA256: 5ff12ff82a0ec1d2a4bc818860694b9af941c971743f591b2180533d0bef83dd SSDeep: 96:kZZud+xByD/NzBTWwvajwlcd/a1Os5wK92AdrPUGyjMZQOSr1ve/e3:YDBy5zQnjwlq65wufrPUMZqr8W3 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | 0.35 KB |
MD5:
27f0b2da55ef27b91635b3263b99bc19
SHA1: 49ce0fb50e676384ecd9a93817b5137a9c4673d2 SHA256: 3ae9cc7165a848ccf8e003f358dd73afd7eba1645625b8ed81f16620b8e03c33 SSDeep: 6:GGCNSeh9drPdO0jlu2Lao8dTUTLBzWeKQwkZLODTiMWja4VpBsymXuCVBT+B3UzZ:G+ibcAao7LpoQ7ynvZ4Rsym+Q+3UZf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\index.dat.RYK | 32.28 KB |
MD5:
76e1a42cb31ed70756f5c288a8c74891
SHA1: 5c4d91d3c028bcb15a224cc350844487aa4fdf44 SHA256: 221dbd89d296da1fb9e95503f928248de7201eb082810136604a0c9558e98f16 SSDeep: 768:5lHNExTpy6HdPDw1McZI9QFC6eAYHaVn8BoWtfWW/RCGuH5p4:THmZpy6Fwqca9QG9K8B/llw4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | 0.35 KB |
MD5:
f94239bb8999498d9714b71984b502c9
SHA1: 0a8ac4272a57148d389df9891100a6313c395668 SHA256: 72827592e8b69d303ab67ab3778eda704fe43271961e60636bf260ded97f282f SSDeep: 6:QgBtEM9sCyv1DqTRmKX7yZjhRKdKKVsm0Ot1utjAthks2PvMnfOWGa:QQtES5yv54RmKX7KjhZbD2eIheaOWGa |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini.RYK | 0.35 KB |
MD5:
15117bbe2a2e15fa3fc0229cac6f2d91
SHA1: 35a3bce887fb051b61c9607e9f4e21962920305e SHA256: 6e7c53d8e7ac377924e054ddeb34962a38cefe647fb46d27bbe0a17c6aaa7cb8 SSDeep: 6:7+9GDlFuipXgIIfhn7uv155j1I0OBqb2XGeP9/IaNmyTZRzAiapWGwMJdW3:y9g7pwIIn7uv1fj3DaP9/ImTZRstpWVh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini.RYK | 0.35 KB |
MD5:
1a263ef516fd3814f6170f89ec8066df
SHA1: 53c9a6b746efd10a4deb92fbf2f4bbb86f788ee6 SHA256: 702847a99d2bae5de73aa6251a9e96cbf66c43640ff492d87cb9482f0dd07492 SSDeep: 6:fz3MyhZ2MW9lgDcZ5tkQSD7KWcRrYA0FjdTRJgPcoW3gx+hs1XLFrW3:fz3MyhUM06GYQSD+JT0FjzJgL+hs1Q |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini.RYK | 0.35 KB |
MD5:
76b714c3b60ac646ffce5fcf76b80955
SHA1: 0698000ed7054f5d85ebc87d2b34fb7a64387ec7 SHA256: 5e828fb14b9852f28a24772d45622c04a4afd3f105502b15e12a312eb69ef82c SSDeep: 6:Eh7DZzwS0earGIsBSORsIhDLjhM19cM8XVLW50EViavHgGQ96vbR50kZU:EhHZD0epBjKIhDLu19cLWiEfjo6vb70n |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini.RYK | 0.35 KB |
MD5:
fb138dfca1d81c6364405f91b252fe1e
SHA1: 592866a85e4189f550c05e9d32abc1da3eb77086 SHA256: e28174ddc12d5574f65f27bf7bab68a8beec352e487b90bf594cdf8bae00085e SSDeep: 6:hnY0G1ZpAI2RVWfFaBKoITelBoq3dCFbCNWji3pt18361BplpHZmqEi:hnFcpAICYsaenrCFni3R5jlp5mRi |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | 0.91 KB |
MD5:
eb19c44ad8d9aae4626dac892481ec62
SHA1: f7e9633f0e311d87d1b662ba9b641b4a60a9421e SHA256: df7ffdd8e508bd1dd1c25032634c16f87b9be5477964e4c759eaab62c7e97d29 SSDeep: 24:M3YzrHikBfR1pyDO1FLzC+8hZrs/WRvAIYDTZgyVDy:M3YzrHnya11z4h9M+zYDT+yVy |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.RYK | 10.60 KB |
MD5:
1f0ba91b62a553887dce8bc1e197c013
SHA1: 871e88d341f6054a48cdc4af59046e7b5154ca25 SHA256: d61db2f21e6e5d03f44c3aafe4d45280eb8ea88347b19a928e7527f05ad56992 SSDeep: 192:2pyKKVwcJorXkazVlTm+YJW4XCSjAcGfDlyfu9rdsfpkTq+lXoCbZaRA:rorJzrTmtJ9XCSjlYAA2RFyoC0A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg.RYK | 1.33 KB |
MD5:
8c635b480eb1d83fd7b6eae754e710bf
SHA1: ba01302d969e9dcae215f59212b21c94d017d195 SHA256: 3ae91f76704fa10e4abd6ac0d2a081b1a7feac32a22e830130392e8a3b497610 SSDeep: 24:cpwqqxvPsm8TXjF8aWd1P35Z2fG+9D7l0GQnPRRJAUk9cVjp2Fs4nyZebLZS:covP8XJWT35Z2fz9D7l0rnNAOVj4Fs4u |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.RYK | 6.53 KB |
MD5:
a1468f007f788b1e5b1d03b9a2b43a9e
SHA1: 18cdaadfa59af01575689ec7240a258492282b9d SHA256: 1c9d56dd61e3b2449ed1fbe3c8d1509294fd578449ca9a347fe33c8523582707 SSDeep: 96:iqpJEuyo78sEB3/fBAU4zZYrX6zK/sX0m+LcwWW7neG1UBWi7+HATbKws:iwn4BiNYraX0NW+nwG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\HandPrints.jpg.RYK | 4.39 KB |
MD5:
cd83a4f550fe2ea7313a23682e357187
SHA1: b5a08daef6b8616564ba953313762fc31b79f45d SHA256: 251690f4a67c63f964c91e366d629ddc2d9e0397082fdce782406dd0dc685bbe SSDeep: 96:KOlKKcg/MwVPG7xG/lU9BEyarTeMSKV4wx8glT+rphtADHHIvNbaM:KSncIh2xG/+E/X2O5pSrph6DnIFeM |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.RYK | 6.50 KB |
MD5:
a47055873d6509f5879261d88fbac254
SHA1: ec586e2e5d3b0b434f8ec74e267637dcfa6eeb50 SHA256: ab29f3b0275704c8d3a2e42709586f7c8fb39ec54a596fdc22bc7f0cdc6c86ab SSDeep: 192:3cAoEvk54SC3Gumqfff6p6PR05Qkj8X4XbsVTIe:3cAzvkjC3GumEfft218XRVke |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.jpg.RYK | 23.58 KB |
MD5:
b45adec838377862f586ac28623a2497
SHA1: 2aa1e752fb84924efdd266a28fdf5ab5cc76baa1 SHA256: ae39c6c39c0a352f543935f208ee0089b4e8ef06a09a87a920ace922e6aa27bd SSDeep: 384:1fRvDKTGQ0oIlvmOtTb1ToRetgSepwlziAy7mE+CRK5Cofx8LYXQwhTwmCMPA4v1:1fE1JItpGfSYIXplfxMy+MPPvI7Fm |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\js[1].RYK | 1.22 KB |
MD5:
19d6f2d2f532a90fff27ec7573ef0b9e
SHA1: 9f3e2cafb1bcb82e1fda4846e9fef1ee82ad75c2 SHA256: b134cf775c80f40f794c254f7206479403e5adb3ce7460310935cb45205525b6 SSDeep: 24:cAO7QkgIyODyqNx7ZLRgFkPNb1lTGGD5pPNsfkqsB/cQvilarJVgDTRnMeZ0:XO7uOOqNx7B+Fk1bHGwRsfuQuUnRXZ0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[3].RYK | 12.19 KB |
MD5:
a725c56431975b924d8d358c955122f3
SHA1: 6e449e975e936421c3ff01881a5a9d8b82fa7a14 SHA256: ddf5f0b231ace291b2bdfac2aabc7bb9bce599e820618fff9bdf8ef5b5c32954 SSDeep: 192:SJuLgDQBY7edRPwNU2lPvbz1oQpt6BgmWXF70uvIoDIGgxdZimnF5:SJucDyY7e/ktPvdFanSQuQosxJf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[4].RYK | 11.69 KB |
MD5:
fdc46545d3b5e23f354322380a0b53af
SHA1: 8c91482a73b3d22d48ebbf052442ca0cb736ee30 SHA256: 0ac5413e6086111bd8e71a6b0ee0b8b6d069be14836da870a457d48dde9bf279 SSDeep: 192:n6RPesuzhx0+Bi8aHsRiTcdjJLfzCwiAn3JQeHntgVWzTA+gLLB2jje3of4:n6R2su9x0+0tQmPA3Jn8g6GiYf4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[2].RYK | 11.56 KB |
MD5:
bd9cef28d708f8862a5a715872132c31
SHA1: 1ae2a34e4e30b2847866357507df6dc8800a419a SHA256: 307c6555f64e83b2b1dde0f49b58a3fdacea2ea6ebca44d73c3c0a5762d77f1d SSDeep: 192:UfbFFJjlDnFn/THQGflEvJ3Tpx6v5ZdFcGDziFgyLUgWqzQH42Y7D3f9G1:4bFF5D7HjtEvJ3TpxDe4guytHo3fy |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\f[1].txt.RYK | 13.47 KB |
MD5:
4fc615d7fbc5f1b7c9deb3572d1ac1ca
SHA1: 95c61a7f4f90ca8e953d627b7f57734e90fb85cc SHA256: 8d67d62fcd8b4082d97eb74ed4557e1f3ef516f12cf79777ef24d78dfa08f92f SSDeep: 384:Av0NhF1Q9JsrAqolc1fbFZRL9ipZa0iK8vfLt:Av0Nr1QPs15TniptWjt |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.RYK | 28.28 KB |
MD5:
86d067ad62f750d36aa9291532e92af3
SHA1: e9a49f28cfcc9216a82431793bc1cb254ff38415 SHA256: b69b5efbc253f7f089241b68088a3e96232747be8a42660003f384a0a3b54038 SSDeep: 768:Pb5iPPjeNH0L/1IROyNnGpP3IphBYL5vY+n/6UE87Za:Pb5iUULtEe/coLJJndB0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.RYK | 28.28 KB |
MD5:
2e664bf2dac750f39285ea8a2bbfb332
SHA1: 96eeda87b8a5359a7679954eed084d68daba3261 SHA256: 055b5ef0a21626009da4b4dfe66b2d55412aeb26eaa902145b61bb5eae29faa8 SSDeep: 768:rJjClNg1r93Bm4EiesDA24djsSsgiywMVV9npJs+W+N:rJjxDakYxsSdLJBpJM+N |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl.RYK | 0.85 KB |
MD5:
44c9a9e0ab40a74fa8a42e3cce7745b4
SHA1: 59a2b6a7b47f58064274dce22a104ae14f9bd67b SHA256: e86d3e9b9c592c5ce19f80af8d977845626229bdf4f0a6a2cf233d44fb4b867b SSDeep: 24:YuuN9JB8hkfrkF7g2XH3wapbAusMr+HAEA:YxN9shWYHHpbAurr4A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml.RYK | 2.25 KB |
MD5:
46ce23679c1f51e24fd2644d97042110
SHA1: c752e9739c9a1f8f037355f0d16e3a6cc2f3aa3a SHA256: a5ca0e879cb63c9a96b926006c3cc2482652cb3638941c7429678947c29eb1d7 SSDeep: 48:JfIxKtlNiegW/ARUbhSHdQnxPDnTNIJ6fmi6MT6j:J7gQARJ9QnhxIpbKC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStore.RYK | 2.02 MB |
MD5:
230ff90a137580d2a0d510ed297526e9
SHA1: 108faaf9f83d3add3b86f7a478cff8def1dd3b99 SHA256: e999e396380618178e7f56803dd223e4b564e15328bb0b85e38d24e25d3f8efc SSDeep: 49152:b5BYkXKb9JgoEyN4Vm03Wq3ZE/JMcKX8/CN7gTQNAyAYzVEG:b5BYk6bLN4VDWiC/y4CxAQNZEG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\12_All_Video.wpl.RYK | 1.33 KB |
MD5:
12c170f392b16d62be9f1c32c70f80bd
SHA1: 84eba6636143beace6854f8192d6be6a193dbf03 SHA256: 1fcb063c4d30756f14fcb3540423f4ba0e433e204b7d2115cbe008aad1a696e4 SSDeep: 24:OY5CgHoMxb3PF1ESTN8qvQkMmXlLbjJ5cnDxyXKtMkSce2/PmBEVifF:OY5VIgj3nZDE2LbjJkdyXKKTce2/PmBl |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl.RYK | 1.33 KB |
MD5:
d68733343e68317a1ef55c22ccf219f8
SHA1: afedff4e58b5a83161d2faca56fa11019347459c SHA256: ce726e7f08585ed2fb4fd78de3904a3cb426f7fde17ad269ca24aa8aca260ddd SSDeep: 24:zqTPUHVMP3aoOFrYh+gMshquqZH8njo6tZaCauOZQdm+J5GrFc0K:zqThaoGrmc5N8nj9ZaCf2Qdm+JSFcn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl.RYK | 1.31 KB |
MD5:
f26e5336fd71e0c3f676a28fb2b7d78b
SHA1: 97af2a215e0dc01e9dc3ed54ba8d52d287e11aa2 SHA256: d38f61870a7e93d0e88096fff9ac186058dc0ba9dcf06ad5248c6c641bb354cf SSDeep: 24:ONkWKID3Mkqe4lHWYRd04GzFFaQ3+1rY3lKMt2/2EJPqFN4uiIt/Tn4qJzy3k0VW:ONkAckF4l2YRm4qFYDY3lvt2OT4uigDt |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini.RYK | 0.35 KB |
MD5:
88a11cd7acfff99e5b57d7339f76c152
SHA1: cbc7f8a2e7ea9b547c75756059e428cc741ac04f SHA256: 402e670cc13b75742e7f751d8ae7296d4d33a9ed0728346581a8a3b97eb1a1b5 SSDeep: 6:MAsG7NIQcc3ElkrvWtKiWWPhnTxAjiQjGz3m4z1mGNGcXii7RM/KBuyrNDEd8oB:MAv7NIQcc33i4wxxO1uzjQQiieRyhjoB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini.RYK | 0.35 KB |
MD5:
619a72be13d8cadac6802e28efa3bca6
SHA1: 4ccecf8d3e1ea56e1d2d72d8390e51e4c4eddba0 SHA256: c0fb55a05191bc4c1624bced801aed1f4d9e329446d5c6e0754f7fe3c2b28232 SSDeep: 6:kzihVlig0Eg3hoyeRH766AhKIZU5Pt2T7oJnbEhL6eRlU9wSoDtRl:kehVHg3hoyOHsEISF2X6gheeT5SoZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini.RYK | 0.35 KB |
MD5:
64ff4e3c64dce3f857aa833e98af0b0e
SHA1: ae30f7f820d71b0ea0d84020bf73af8c1adb2c55 SHA256: e3a16e41bd9efc5a954262baab0df0e4e5d722f7bc8a9ac1ab1a05d8b6ae979a SSDeep: 6:6tmpBuAK8EXT2QSmYJAQ1WCwgQ814hqASt649N79aSbQUcYJnHFIKk5S:bvG2QZ0AT4f1s5StzvQUcYJnHFIE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini.RYK | 0.35 KB |
MD5:
ca7e7fc8eaeea249568df1c6f985b3a3
SHA1: 135769aa4783fde91b43420f5344729c5818a4bb SHA256: 3f62b68aa69a369278a039387fb41a72a594c0c226d7d5d82665ec15363e008a SSDeep: 6:VRYT6AgUemZg07HIlQSNFkzF9iPeWdQpUhq9vyzuAqBFpSFm2gDNzG2zdkcGFbbR:LYNLrbPSNiAQporzuAqBeNgpzGwmVbbR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBE97O8[1].jpg.RYK | 2.49 KB |
MD5:
c060f286bb2b1425510010d1ddcc2ac7
SHA1: 1b003a993610b73b6fee615bb0ed3c01798015b0 SHA256: 5eb88f99da90cc64977af69d28077b62d62c4e2535c0d53988834cca5b610da8 SSDeep: 48:MyZ8sSQDOoqLF85hndlFelBOigD+UTeKabQlvKT26I8xcPq0z5j06StEhS74ZD:MDslDKFuhdzEKD+hWQ26I8A5j0Ghy4p |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\528d82a2[1].js.RYK | 11.97 KB |
MD5:
a89523331ee9aab8ba53bd174e99bbb4
SHA1: c286e65e3d156b6885d58a7179b985df9de2649e SHA256: 768900ede810ac4e16d44e99663f042f3068170b7a8d41664e2d604e51c38b03 SSDeep: 192:Fatup/l9cqe6V9RMaNB4XmqO5f+a6gPKuSFS0b2twGytfM53:FaA99Ze0saNBw2NDnPBmYCEh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEgJfz[1].jpg.RYK | 6.86 KB |
MD5:
186d3729cfaf694a3afd542d7acbd78b
SHA1: 5eb690612cfea25bcf7d15eee4534f7cd2832a43 SHA256: df54857bc957921ee366160bf518cefd9fe8d1967c3530a6ab7e129febe8dd28 SSDeep: 192:SBaeqHVj3Ry/Q0uUKS6HydwcNdDlFJrjs8FYC624:SSjgJcHg7ZFWor4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ast[2].js.RYK | 70.33 KB |
MD5:
4a36df063f98134c174afabeb62c9911
SHA1: 90156b09cb99b93b7945c2031021aaa99034fb80 SHA256: 4240f3c07015d3fa0a6adfb67c9a9c6296496c5278c6d35b75cd3effeefd6f42 SSDeep: 1536:2+ZBviBaOcqmP3JvIGgmN53ak2G4JtrgGHv3Bi41i1Ct8MCiZ:BBKcjP3br56G4zrgGPN1MmjZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\print[1].txt.RYK | 0.44 KB |
MD5:
809598165b1572edbb2215a4d02c8bd0
SHA1: ed36952e23d5e9be6c4f9d8e58f600b53b0b9011 SHA256: 8f49f607f9be884142f00a92fab756e5d3ac4c302ac64bb803fbeba9ba9cf494 SSDeep: 6:85Of30bVHudpv+5CyJFQLwf9zkVRkMWKrqDffDcp/9ZaTfEYKa9SKqhxw8FgC0Bk:Tf8804G9zGRk/Wof7cpVI4Y7SxvV1t |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\ie8[1].txt.RYK | 0.38 KB |
MD5:
8c1494e92e299df5594538c6b41c3895
SHA1: 7d5d63e8a209e53357b3774bcc65090a20f33e71 SHA256: 535693ff85de8c3630e6cde952c6874c7b9f1f0ec712a75fd327e79df866a8c7 SSDeep: 6:4uIjBKBawZHJ2tkjdADWMjq+G/FkNo2qo74pVgI6Ob+Kg1fY2W74hwd3y3CcHDd:4HjB1+J2wCnao7kqIK1fY2WFoZDd |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdXJj[1].jpg.RYK | 1.91 KB |
MD5:
4ec3f33b0d983ce29277c4b0aafd184a
SHA1: eae573f761d3f3e59b3d9b6e360fbfda32d03986 SHA256: dcaf33fb4577a2d97a4e8fa2c8777e68cfc377508b8629f0e30d7223020f279c SSDeep: 48:sXQssPnf2SyHB733UVd7GIr/8T/OGJRSuM0b3G:cQsenf27rW7GIr/8vRHc |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEcHle[1].jpg.RYK | 2.46 KB |
MD5:
329cb900214732e98ce1761926746d93
SHA1: f022203b009af2b1de9fb8f017514c6070eda222 SHA256: 86ca9a67f6392957037007e56ef304742667fad439b487d4bd05827d7a9450be SSDeep: 48:KPObPkh3R613fhMVwfPluX/O3mD/vb/g4R+A0G6f2z8EZ7J4Zz3Hq:iSOQ13TP0D/bdRzdfZ7JuXq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEgiYw[1].jpg.RYK | 9.27 KB |
MD5:
d9d13f031212dc3426cb0c9e36b8ad64
SHA1: bcd2c8afeef14beeb1f0b94ca38de1f331626059 SHA256: bfedf46275c606d2956a4ffc7c427918776082bd9c9be8572d31ced73196d1aa SSDeep: 192:Ww5MM7hkCCbTcgNjtbq95Y2qa9WmdHlxUHgtK/ImebHNe1G0KZRMWd4I:uM+CC3cgDufhzbtKQmeLNqHKZSWd5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\Standard[1].RYK | 85.31 KB |
MD5:
f7109293dacd0f5385d9e64322819736
SHA1: 5fcb102b285a847c24f98d439f20e2fcaff9f8f5 SHA256: 28e559d3fae83d1e06331469795c06b067b3675eaecc53978654d58c8e2f10d3 SSDeep: 1536:mBGY3iovqCtqOqWNo1a8bpgoF+CYjDHeK5owBt1jl0VJ3QKGE2aYHX1q/5os:m53JqOXy15NkCkDH9Bt1j0JzMaY31qWs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini.RYK | 0.35 KB |
MD5:
2909dab32d1e64912b01baffba9cc4a9
SHA1: f5850e9daba3253b495efb573e68122fd49c6549 SHA256: 4c8d27e46be5a7cc62617ccf319c72ce90e683f73ecb21860f7cdb4218eae4d6 SSDeep: 6:EYQXDCCpp/a9sobEwCbqiqgZjYIwbZu3xInnUSuKp9u48JgRgo6h:mXhASGUbev1bZISnUSuG93pRgr |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdqEy[1].jpg.RYK | 1.92 KB |
MD5:
57c59d72f1971dcc18703663cd57ac3f
SHA1: 29dc76624db4d28886727f70df23d039bb7cf8ad SHA256: 831e95631515b3fcfb2fe2a2e4c7e944256b0b3cdb11c064b10ce80f7dec1684 SSDeep: 48:qXZeWCatm+D28eN6occXYyIz0EBWt6AAo8vI79:4XA82noSorzPQt96gJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA429NP[1].png.RYK | 0.88 KB |
MD5:
1ff4c25dae2642fc0720fd61cae36521
SHA1: 2dff6350d7a902ad3bcfe4c73e55054426e7cb79 SHA256: ee1890ce7ca4e438b75b1632d521893be6de78ceaa2f897df86dedc1ac2aa7b5 SSDeep: 24:h/2PR2Ucsbxy7UAWU6uWtHPwBgkPXSJsIC:hsbcixIutv92SJLC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adfscript[1].RYK | 10.39 KB |
MD5:
9938f3976f57441f01314f84feec203e
SHA1: 6a8ab316c260caa5873e860d63582f5d021cd6be SHA256: c9984ca386f71b092aebea19f3ed2b70566fadbb33a75ebdc9690c2c3b397cf6 SSDeep: 192:YB9gjuK9BTNKRK/QAlZrZnDjq8B4M2x3yCK8n95HBap97cmiDh/lyZ/:11hNZnDGnoCK8ntapa9g |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA42pjY[1].png.RYK | 0.86 KB |
MD5:
db27a22470fd3aebee79a555e495720f
SHA1: 496af368a7dadc749d410b9acfd459c8ccd8629c SHA256: d429d55c8a3814b7593764298a5b335897396463d821bb6f19b658a8a61123f1 SSDeep: 24:mzg5Pv2SimJT4J8Bcpnf7oZF+PAf4wKwfyoNOp:mzgtv5jJUJgcpnTonbpVfyKOp |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA3e1oO[1].png.RYK | 0.92 KB |
MD5:
5c1fbcd3b7495a3f427759e5fdbc513f
SHA1: 76ef7499a1be65aa64302a296e323187200980ff SHA256: 799cbaf1ef016c93e5c8aca89a8a2814d0e262ecfb874436f0e6c868d469efa9 SSDeep: 24:wAQnJkIJAn1MsOzObRzIOCZH+RmC1RvTmTu0P5:2Jk+An1MsOzObRzIvR+lRvTmTB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\css[1].txt.RYK | 154.71 KB |
MD5:
3c43a845ec2fcd2b688d1e11457ecd17
SHA1: 7946719c11882f2ef925661a43ea096ca2eadcb5 SHA256: 6526e4f5a5359c975da3c31d93efe9a5a3d9a29248a621a620edcea25add5615 SSDeep: 3072:7xDMEXs6Fqf/p5i3xVKYX7IQ5GE0Qz0mic3D3lutl2beUbkFUjL+khqOdfhzdji0:7CEX1AAxIUD5z/T3lujaePKjLbhP3xjJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini.RYK | 0.35 KB |
MD5:
52ceef242b70192798f64833f6a2bfa9
SHA1: eba67dae5d44a0f3f6c5bbc8dd5f54c4a1042ed0 SHA256: 794085ed2df530cd001d80dfc20c1931f13e17939535d7d214f47840d66090c6 SSDeep: 6:U5hO6tpK82+b9quz5GtTiXCS3m2gE13tfch61ngrTsj2cm16ekxM5qe:U/PtpKKxVcTGCS3mC1Khg2TGA7kTe |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[2].js.RYK | 24.10 KB |
MD5:
ec512ae1fbd3ff9a80adbd2215261ea4
SHA1: 128abfde797eb1975b93393afc5079d94282b988 SHA256: 25ab9f4a8947239292d5b5131492a2fdafb1f414c9ba83183dcab19594a43779 SSDeep: 384:ZrdzVl3tx2JIE+071LFsIJJCUNjC5votz7xe6gXI0TV0zddQJjIKidVpS:P7cIE+M15sIJgUNjCRUzgFXjVadlKis |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini.RYK | 0.35 KB |
MD5:
25785bcbe739a6e9c54f62b9077f38ae
SHA1: aa876596e94a6e59321f3d3bfeb39262c0dac778 SHA256: 6057b5dba962e01755165df768e228eed456f884dbeb89aa78ac05d58ce8add6 SSDeep: 6:e1aCwJDq0rMLbtVP8qF4XmoEnMpf6TZvRz6ggRgPrO9XmGIoe:iv2MLbtSqF42xYCdRzfgRgqcGfe |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\core[1].css.RYK | 165.10 KB |
MD5:
11ba7955a5bfd5ff8e662ed4f4cea3b2
SHA1: d1df3bfcee915d629806396ee0d9583c277abff6 SHA256: 87ed9c37dcb3ff48a44a9ead76597491e558539e5fb73e79fbc6ee2836879326 SSDeep: 3072:8488wLqXK9Z3buY/ZxDjxEzNTcuRYi7956aH+8fek6PJLHSkUdgPM2g23B8G8rTA:8488w5Z/Z1tEzCu/7956Wfe35ZPPR8z4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[1].js.RYK | 27.13 KB |
MD5:
4506a5d330af3ed8190371eb981cf720
SHA1: 2d5812c11cbb369bb4f0df640d751eec75c7a6c8 SHA256: d8234b15186eac0cad343638e6fca809fc1bb818930a7052bb037f1d222e03f3 SSDeep: 768:AvrXIB2wEkXAuFi6IpfD93gPEn4V1zj6Map0TR:yzIU8G68D9FnuPBN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\meversion[1].RYK | 4.66 KB |
MD5:
b9cd78feb018e580480ea686d1ead955
SHA1: 4f36b2134cdab7699e4eaae2eaf907c816a897fe SHA256: 3db1eae2df8388dfb92fac081851f69448ed2a7cbabbca7aef529b9eb4ba0d01 SSDeep: 96:ntzBcYEGfVX/Tx2DesZLL+aFkAsYGj0e3541kExT1wGE:ntzZE4VvT4DrZPvFUPSUx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBQxzx[1].jpg.RYK | 2.56 KB |
MD5:
e9592888b6257ac401bbb5e346cf0539
SHA1: 2fcee70c812e3deb3ac7ae915a0d9a7680b9d0d5 SHA256: e4f17aef69a7915053bb0dae7b61d994226b1946000c764cb00282441b078feb SSDeep: 48:WwOPKc2TDVbtlgmMmehrSns0G+BJR8hPLzF1/EVy0sOEDbvITjXBK6VFY+u:WwgK/7yme42o6/cc01CqxJ6+u |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\css[2].txt.RYK | 0.46 KB |
MD5:
0f48789d869e7102666630521857ae75
SHA1: 0865c8e4217fb275e4d773c3b21e8095a2c3dedf SHA256: f634f82d1b40285bb67684dac629cde9dab4d28e8fcd22a7c9469b9761fc65b6 SSDeep: 12:bWKds/9qupjrdAybla4yNEO8Mj9/OydBd5m:aKd6vc4yNBqZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\th[1].jpg.RYK | 2.55 KB |
MD5:
3822e63bf4a7db6bd008ef450f91a44c
SHA1: 68289bee98ee699c469c31ca0e446e8c125f41fe SHA256: 142c072b246fcf98bce7d85f2e9a337ce303eb432b0d814e26a1879617987164 SSDeep: 48:PM0VfQMOj15jZJ7C5++EIkYYM3JxNDUtANg+FRZGDch8wInA:PM8mzjjn3IkW37NXNJRZ7h8A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBPUFJ[1].jpg.RYK | 8.00 KB |
MD5:
90d17620fd95ee95a6f5376495d1c495
SHA1: a4ff0b3babbee5810f3071bac74c810a2878bdc0 SHA256: 6c7ddaac18ac9af776546f50f6c67cb74241e5d7864c5ef3b69feaaae3981ea3 SSDeep: 192:wCnUoZzGsz47Z9+mWrA9xdOlCmOCE85sHgdP6ypj7y:wCUo8v+mWoxdO0mHFsH26yp7y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.RYK | 1.97 KB |
MD5:
ee7028da33082058abe1d6d6b84e192e
SHA1: a47441bc8a2b8b75b153a47af272bb31699e97ed SHA256: 07bfc7b20662e27620eea206990cc06b3d5dbce4fd9ffff5ed76335f858988f9 SSDeep: 48:Rya3TrE2oKksDUX6gDqxvjZIEL2J7VWtNTiDvjwK39L:R13To2NksYqVjUoze4y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.RYK | 1.75 KB |
MD5:
871eae09f0173a3cf375cfc98584130e
SHA1: e83702818a6b7eaf539233829cb88b4ae3f7aae8 SHA256: 1343cee6db51e1e9d083de268e4476b7c155ea32aae7a264b708f4a12a6b5ef1 SSDeep: 24:DSB0PmKqWoyDg1081xVHFbRyn/vVgKhpleOlbGiAAOjpoamcpsxuubPNI0eGCAn:2kZvXDgy8Xbcn/ve9cSFAt5xu0DCAn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.RYK | 0.94 KB |
MD5:
03f788b413e3c17914952453df1af5cb
SHA1: f13476d149b88636aedcfe0e200a49f81adedad0 SHA256: 9b9725b5991025b6e29ccf0261230389ee1c3d5b4c16417efac82c98483dcc9a SSDeep: 24:9skhuG9YZ7hXnR490uvf6vU3a04ln4tCiY16bSqRUX8x39GH3:9skE7pnCfV5tCiYGysl0H3 |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DOFJFpLhODvfDEn.pdf.RYK | 90.96 KB |
MD5:
eafba9d9d5ec52a289c0fca68140c7c6
SHA1: e26b69fb8cc87fac08f95b8033eaaf21127defc1 SHA256: 08d1075ec67f2970f8fe65efea36706aa84459fdfc71e464b735e9cd362be276 SSDeep: 1536:WykQYoLoP2k2RagRa0gn/2Venr2xnLnaMwNPhlREecBY2iE53B:WzQYo6LgdgnOmMnLaMCDREFlL53B |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\stationery\peacock.htm | 0.50 KB |
MD5:
b8ea95c3a54afe790a1a31605b403d23
SHA1: 0a39696d25641298fa7899df31d7350f36345243 SHA256: 79fcb73685641ac42ef443dc6e5e1f57730f28600a8b33f71f7be85dba18c82f SSDeep: 12:Ua+KNjZBMoFnzi+aFJVL658bIDSVSBVoJJ:UavjZBMoFzi+v8KaH |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm.RYK | 0.52 KB |
MD5:
18cbf8ebf8eb5fa92dda6fc787d8f388
SHA1: 7f7b22bc5821f33601d472c7c5481c95a4f376bc SHA256: 2dae6fbd52a38bffe43704b7cb995917959c883e61d23e15d247f3a7f0eb23c8 SSDeep: 12:e2tfMvdxk5A8L8Io7DJ0NGRlptPGMDInWdPrfqj2Qmfxvilx6Oq5hYTg:RtE8seNKlptPGOCYPrfq5mUD8qg |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htm.RYK | 0.50 KB |
MD5:
794bb2bbe9b3271ae03a8f283b1feee6
SHA1: cf9dbf714c44c410a03a5be3de0180a25753b219 SHA256: e9c8cdbd385fdedf4af574ac18598080f83ccc730a1d2d7e9a7ce24c8f23ab4b SSDeep: 12:x11Wg9w2kUs0+Zg2PbZFzUcyGA7Hm1B+sn:31WgmLgieHsn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg.RYK | 2.16 KB |
MD5:
406f1265e40088bd530bc39ac59952ad
SHA1: 7d6a45983d91d08682e33bc5ae4fb62c3153e000 SHA256: c1ed84459f107bc872e89006cd76950a9e9fd8264c64eba13e200e3f04dd2d19 SSDeep: 48:VT3KTFkSWFVG1MSoMP2prSrGuvkB3kzNsV4M/p5M0y6kn:V7KaSkG+jpGGBkzmP/p5hjk |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\stationery\soft blue.htm | 0.50 KB |
MD5:
b2d61bd2574bcf9c672a0a5d55131ea9
SHA1: 90fae7c974101ad87a63648a85c67c7fa31aa1a0 SHA256: 9845d640c2cb88875d9aa77b5c8665d033dc413bb1531c5a3a242c5be085bd57 SSDeep: 12:4ZqzjXuvoa1bbpyOJJ3tov9itCixEzySx2Ikn:4ZqXQoa1bbpyottwyypkn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.RYK | 0.50 KB |
MD5:
91a0bba2845dfff31549c84602579200
SHA1: 68e0a132e632612a718dce7e740af57dcf8dce2c SHA256: 1ccd8b8125edb11685441ce6f36403b470387914e33e29226e4aeaa72ab6e2ec SSDeep: 12:/nYOEl9xrWtMlRRe+yZDkmOLE34YTZV7Fnx5dJ+3VgBLyWJNDg55IULH:/ZEl9xqtMbRe+2OLE3/ZXnx5zaeBLyS+ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Orange Circles.htm.RYK | 0.50 KB |
MD5:
706962a2747d21c050ecd12365b6282b
SHA1: f1d397012861e89ed0c79aceaf5eddff72860688 SHA256: 1bef9a94686ae5fbacb291e1e17111d7fa7284df6561805ed419be8cee279c55 SSDeep: 12:T6WNHMGr15Xf2rEg3Av7yDHf46/vVS8YrhjDk6YviNBTiOr3s6n:TDhB1p/gY4nlSVrKpviNBTNr3P |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htm.RYK | 0.50 KB |
MD5:
868522879feda625bc923ebde717ce89
SHA1: edb1d8393efdc6df61850c4db292cb8ff0cc8598 SHA256: ee5f6163db577b906b404b1fb51a842541d5c76333fb6e7ce872b0b3b0da9c58 SSDeep: 12:i14dWs65nMKMl9bSd07ZRhi+nXjXChcjQBFvtBGtuc1kPbWJcx:oxs66fl9+07hjnTSh8QBFvKucK5x |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.htm.RYK | 0.50 KB |
MD5:
ff04ba87f4dc3558b939e8b180264299
SHA1: b12d6e89ab71e09e8236c83b15e53c3c8942c1c9 SHA256: e53f5944e8b843a2bc187caa897cea83dfa4f82089a3891546a394137cf34e10 SSDeep: 12:s7JD70FpZ/mE/GjE9AQbwJZJt+79dv87MnMPwvGXMWPPHvF+LkJi9J9P:s7AmE/b9AQbun+/k7yY9XMWPXckJi9JN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Hand Prints.htm.RYK | 0.50 KB |
MD5:
5c8b4d9f64598ce392f64f99985fc225
SHA1: 984a5b0d064ba0226c3bbdb57c2d029663a6c4f5 SHA256: ef5649ddcd44ff286d7f879220eb6587ca28a7d6b37b9c358b6cbce84ec85313 SSDeep: 12:IXu5bXq4WvJJcnTgynRe6KqLGz/mWEiapoEUzjP:IXuFq1cnTjx4mD1pHUzjP |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.RYK | 0.50 KB |
MD5:
5921ede629f1f438a9226cb20a290d11
SHA1: 28a6e3493de95192b829d250992ac9b3601241ae SHA256: 68ac3655405a8c1c275fcacdf6ba38e8ed4f4165df5592b5447fe0ca8413a0e5 SSDeep: 12:BGtzPqbV6tvjW8i8oSPTxFCi2vK6Q02EfGU3cxZwO5B:BazPqbVY7ri8pb3QLQ024sxpB |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\abv8l7my\index[1].htm | 45.97 KB |
MD5:
b4ee4b66a5cd58eec3852377bac1bbd8
SHA1: 41eaa08ef3caff98ccf650cb47215869b3943689 SHA256: 7176d32a6f584a55be70b72a4273e6e2fb873777a3a4c5064f82bf71d1066f98 SSDeep: 768:tbs/PlQBksUn0Zmb665owSsclhcZqTNC0vcGR0uWWA8P6JnNp6mGdbywxZYv:iPKSsI0ZOh5oFsclmZgNCZGRNe2qRwxo |
|
|
| C:\Boot\BOOTSTAT.DAT | 64.28 KB |
MD5:
87ff10e02c10f5ed0293812a5bff7352
SHA1: 0429ff557749b3f2a02f086e718d6d8e4168d1e0 SHA256: d0328b0e83326d51545389e806c2cb1df91ea72ea36fd7d8c13171671d84cca9 SSDeep: 1536:zrNXD5H9wwlBJ+IBT0m7Ooki8AzqM73fy9mf6sm3xHCuBlyRWa0kk5yg:Fz5H9wwlBJ+y0m7O3i8AzqEKqm3Zo7sN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.RYK | 75.94 KB |
MD5:
819056c1e6f50425146bf19b216b789c
SHA1: 76e8a139299031949adf4a4315202f6a2a569746 SHA256: 81e0666a6fc06e749927f69051e1b3eb43b2316abb0aee932b98e1fb99e85ee7 SSDeep: 1536:5ESCK7nEqW+gsHub9t6X2ZQbQdxxaoOWLoA1OG1mMqCybvBqigdw7VSJ00CYgzit:5yK7nW+8/6EQbQ3xajWLoAgQmMqCsvBq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK | 2.89 KB |
MD5:
aaec7fbda1dd4f92625ab8fdddf114dc
SHA1: 868799615bd421ed208393fce771fe4ae3cee7b6 SHA256: 8e6837552aac831304c030133ac6462f60977faa8c35874513ad27890ff5ef24 SSDeep: 48:Xbbhtsx872wvU3j5HeGZ9tCS9mQ/hAUEvetcqKUhf+fONOyDZ+G+l9XD9EitOMJQ:XpKd1Z9tud4CButQnl9XD9EiARV |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.RYK | 1.42 KB |
MD5:
f185471ed7f88a56ac98e5209c9500b5
SHA1: 68bbbe582f082e96cb587f6c3efb7ef20c01bf14 SHA256: 922108151097afdaee394f03692951c88c04fa732c7b5b2ca4fa5f8bd7108288 SSDeep: 24:j1xOp2ZSpx5nskJaeyHOdBiOxVLpWdGOk2PtDPQ+B6HkiLEQJKsgh2FW48L5n:nQnh7COdYO7pmZ51Piktsan489 |
|
|
| C:\BOOTSECT.BAK | 8.28 KB |
MD5:
86d13653a1c8b8c25675eb21713f6037
SHA1: 1552e68f8681ad685e5edeb3ea744a863db40b19 SHA256: f7d7967ea22dfc27e583a32cb50cca0cdcbfc09932c8d3b974e136635e6e5a80 SSDeep: 192:HIhQReqWSO+uqojQw8eDuBsenA6XsCn8YT5c8CPEfC8p1y:H5kqW9joeaBsenA6XbLT5OGCY1y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | 0.42 KB |
MD5:
b3d3422c0c0834a3af0f9cceca527674
SHA1: e028ad138bfd4d27167b6d5cf37d2a526cfadd06 SHA256: bb18abe304a9ceda002201e6db949cae753aafbefcab72954bd501a0e9ba0775 SSDeep: 6:Xr+itwqoNH8yeJxjzINQ4s7Dlb25n2z+IJq2ce5UvizsV3aK6pM9OfIN7tsWCS:CCoH8HjcNQNN6T824pAOQdOHS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | 0.42 KB |
MD5:
1ae1c46db60c9f332ffe1d5df4089be6
SHA1: 8cd4734a48e49ebe8db692e0721a9e0ee96bf17e SHA256: 894307cc29a74f9b440d40576616ec9385364d2799aec797cdb4d06770dc4563 SSDeep: 6:jwsbIkExa7Aj73M89KuVi2/Se8I+XxIN6Q3/iEn6K7I58vKNJgpGPfr0EgzDex37:jnZE++PIasINX3Zro2JQf7sGAv3+M5G |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK | 1.15 MB |
MD5:
9d1485bd8e3f274662b64faba24cc2a3
SHA1: 0948032a0820cae850add4cb770f998585d1b8ec SHA256: 89d4153e19621c4807f5ff790c75a1b0ae68a85aefb6744e5fff45cc477d9e77 SSDeep: 24576:Ag4psKjbJUt1jSkqZMuprUOQNeo9YnOKtq3X5NlhmAFJ3Tc1u46+Kd/eZ3MC:Ag4psebJ2wkWdphQw0MANlMR1pw/eN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT.RYK | 106.55 KB |
MD5:
60c700e2700d7e16619072844296ec8f
SHA1: 6de20cfdadd4b7a2d7311689fe2c98719ff8347b SHA256: a5001b473908521e5fc78e283f58f51487afd1607c11ac06136996e393d64f0c SSDeep: 3072:OfFxwpgN8BF1sVxzOIwiiFU1Gse6xSn63t1By:eznNiFRi5Gse6xw6TBy |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-1jPtqir3151Mm1.avi.RYK | 28.66 KB |
MD5:
212945b92712ee471cb000e891127771
SHA1: 05ca5b006ae85dd0320398a2d8c9698880b59098 SHA256: 506681454d85280185868895c590e23c294a2a540813fc60208e50d2dd0374dc SSDeep: 768:bGgtiQ4TtbI0kDNN9uQ2SS4C8I4CfrktsEADZStRdqaTwvSo9:bGgtb4hbIjNNXS44Lz/E60JqaTQ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-wD1CtzoKAaqRQ.avi.RYK | 76.11 KB |
MD5:
0f17fc6a8398331e425f9df61e60536c
SHA1: a4578e36b70b774812a3ccef81e86806565b35f6 SHA256: 979b6a4515326dba50f3968a243cf12caf131e2fbb318ede2bcbce70ddad48f1 SSDeep: 1536:bQAKFNvOs5/BWSJzCX1xvfo66RGRJbiySPZPxKxnCi21VoOfK9KcuK:rsXWS9CXPfojIOPCa1V9K9MK |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2N8XoM8KdtEKR3l.m4a.RYK | 35.74 KB |
MD5:
1f64aaaa75a7d3c14ed35f286d558282
SHA1: abd40e581ef337650bbc179b6ff88dd974d81f35 SHA256: 37b13e1e0b3cc4e8686a95712b67adcfd7ee0b85aebf544849f827019f625c81 SSDeep: 768:ewkUrnzT+tl+FB/l+2ZejKTn8QG4wBQqrXjJAqWKsqi6GoOLtZLK:ewk4nzEU/9PK4TwFrXF4aK9K |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6Xzko9PES.bmp.RYK | 74.77 KB |
MD5:
24b75a44d55238e239a722e6754003ad
SHA1: 2baa563cb52122d956ce3161b2e7a11dad8edc3f SHA256: 239245f85b71bb20474bad05833d908fa5a2e6ff64787d0aec71c6d5618d53a7 SSDeep: 1536:991EoC1mXo7klwr9E8sBMAZg72oS7DB3Z2bRXsXg1pURGYTQm5ob:991EjElBHZpfx38bRXp1c752 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aD6vbI_L fbZ9ov.mp3.RYK | 45.60 KB |
MD5:
115988205e5e0d2fa03198c0a7007e09
SHA1: fb6a2256fce6871d126d9d846346bbc37bfb50fb SHA256: 0fc87f4a42e5640c5d53126e48d0634381274c7785c4377d21c4bedc1957cb4a SSDeep: 768:N8CTYA/aLGXR+8J4Ub+lKuUmTejlXR9gUDbEnAiNytyDgo5iImKgqvhjQ+jRHm6P:agDQkRVq+mkh9bDQoyDgydRl1JYK9x |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.RYK | 1.02 KB |
MD5:
2d70940b6e85f4904e38952be9a7ee4e
SHA1: f87133ed8814219a4d39a6791693fc29d7f62223 SHA256: 110e227c77feffaae83894beb11f5c54c0f4a01a376757bbae5d947e180d2305 SSDeep: 24:tkLZJxaiM0ldgSnAO/+71Ton7dkK21FQo0jFrmdsI/PPxnE2:tsZJPM0HgSnLe1TwShTQ/FrQPVE2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DAWmK.mp3.RYK | 32.21 KB |
MD5:
4d6ad69fe46f63b18711eb2c6bcaa6c0
SHA1: 9ac53670b44b94e4eb2a777650d7a34f678a7aeb SHA256: 205721bb3f7f033c17cc67ff2752cfb29c5dc2df3635fb1dcb96ac9cf765d292 SSDeep: 768:ENGiKRp7ddYcvnfQtCSP5QGzR/xlVkawfuvrR6VZWSEydb8S2Tkkg:cGiKddzfLcR/D2jArcVZYm8S2xg |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ekU6o.bmp.RYK | 76.33 KB |
MD5:
b9a3aefe8b8c645f63f186665ea96ac3
SHA1: e52ba9a261ea921042805523c53b4c841ecd0bc5 SHA256: 528eba7e2f765936718896328f5f3c9ed17548d95ee98b76cc3244baa0e67085 SSDeep: 1536:Rb1C9iQX0k+UbJzU0XYxY2hY15G9YTmiMlYvbZobsCLmPn01Go45Z3:R5C9ioZJg0XYq2GLmiKmWsCCv0JY |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\e_emDq.m4a.RYK | 66.31 KB |
MD5:
645e0f41a41e6eb43829b60edcb71954
SHA1: b6ff0988316465f4a06f9763bdadaa0a49d877e8 SHA256: 77e808b13ff2a05c9e1126587aface19b20732172c864084b4a26c1f9b276b0c SSDeep: 1536:nNjY9GqvFqp4Lu8FQ8XYaM+TFGxX+u2WhF9R0TqF/A:NY0xyFQ0d/Md+AmmFI |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\fsVeUQ3vvXBdb.jpg.RYK | 35.28 KB |
MD5:
d2dfb269135762b2772f4b20c21c02b6
SHA1: 902ca102f9c57c71c16af98724ae5068bef415fa SHA256: 1637d1b5e4698f290c788b1d6c29d293bfcc426e1a9f05e19c9a092f8a285845 SSDeep: 768:xfi8CjWvu7bU5RCBqdRnW1/9UR+5w5aOCGOxtlTfnY22wNc+:xWjW0bUDCqnK/w+saOYfZ2wNc+ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\i7hPXw2ABInk5.odp.RYK | 65.35 KB |
MD5:
247e84a3b9558f3668e4ffa9540a6236
SHA1: 8a3ece1d7e20ae443aa6cfb6ccea0e5266074da3 SHA256: d5d2fa23073d877abf173f8699d53636e8b5530115b4172aa8b3308795d79050 SSDeep: 1536:845EzZMppam1Z+AbQCN9I2v9p75WCL7jsEM3NE:1yqppa4R9Xv9p4CfLCa |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\ku4fjybseu_gtlxa4ki.rtf | 30.33 KB |
MD5:
cdb671b6ba9837376dfe150d86925bb8
SHA1: a2950803a4bf5db228ecea2a986d32d03fa34305 SHA256: 4a9ba549d34d0f61ca4ce2ebb0d09812f5e0136954e29a09c65a2183ed352e1d SSDeep: 768:2JXbL7LSW2wAo6vMRNN1lQsCLlEIDxRd5ZXrPo4Usgg:2JXX7LSWfBs4f7zC5EIDxnXr0sT |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\lumqnjwc-x1pvyre1bl.mp3 | 65.89 KB |
MD5:
5b9a04794ae99428359de35ea17bc5a5
SHA1: 964ef274653af20dc488e12fb13d746f58ca8a3d SHA256: dec927ebe98b6f1309a4bc159018618bfdb366a18586bcfe66c456113a42eace SSDeep: 1536:R8KRLpzQNjvB4QOZzgogqMP1tcMutH+/YhPV:G2LpzQNj/yzg9jcNdV |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat.RYK | 16.28 KB |
MD5:
84620d8f03fae9861c6c2fab0f85a893
SHA1: dd0f033fae4af6986a1093d1ed5f86b65d5f521e SHA256: 24c8b182192d41a605f36991801f541cdadac4fb65090e54577726deed5fa34f SSDeep: 384:0+96JKFTFyvUki1WqWBypiIeUz2jJs+SN1BsjERp+4bGAx:59scXgqWuiE0MzRRp/x |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mELW3sX.flv.RYK | 86.19 KB |
MD5:
41847c0d5c432d1bb62f88f04cc4472e
SHA1: 66445bbd586f3415534506450ca8d2ea765017e4 SHA256: 132c5b842ae38e32d2d35fd98875e747b92e495c0e6983b28054f8f45e35c121 SSDeep: 1536:byimWC4f2MUJ+xrxqXVKg2x+5PnlOyG/nCiTNTRjzwwtdz7Jic1QX9/bPxn:uKC4NUJ+VxqlIi/lOyG/rxxzwwtdzlnO |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\ruuqyhr7-6im-bj.docx | 10.06 KB |
MD5:
fbba8c0ddb58a29893dcfc535f81ad3b
SHA1: 2f2ebd52fff9f13fb4b33307780cee3cbb360f54 SHA256: 3835add6421f31bcbabaa8b94f24a04ae057789fbfae38c36e3557e2e4e18f21 SSDeep: 192:1+WAWOd9pTlIH4oeFb53MfR5LKO6Y6CFDzeBNzEF/0pmyMlM7:1eEeFbqJ5OhCFIYF/Idp7 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\wdoxangwfjgc.bmp | 19.71 KB |
MD5:
b1755bb7ac36fefc8fb442f30a207d0a
SHA1: 75a6a0d64b9ce24f3598db32b94426b523db4194 SHA256: 1971f804f9f7a4e464207ffa84423f462619ad5ae11e89e45648ae987d9b1922 SSDeep: 384:1iQzOwBxw5QPp98mklZA74iZXfluKnEh04RgqmFp27qnI0oMAVL+neld:Hzvj5CG46vkKnARgqmFc4uVL+eld |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\p3rbis7tpgypc eu54.wav | 50.06 KB |
MD5:
ed3f25f9e4abf039d233de770f609a1e
SHA1: 28adc394c0c5df312e1c81677f11c089eb9d43f8 SHA256: 4ef01dd2a199aa2e391cc3a6b2214f0394c71e833e2bb5ca9d623c81e47890c2 SSDeep: 1536:SEyuadwXMnymc4FknYg0dnn+IVQX2lOdHKW1T:SEVT46YZdn1C20dHKWh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\s9CZ4O ljxCp.m4a.RYK | 54.31 KB |
MD5:
444577ef6e78c2b6027ed9d785308fc4
SHA1: c737541b1af546e4d4ecb5dcebd439bd4f7c0c19 SHA256: ea7eb9f5b31968ab6afdd2f91fb5ca5a5873b400c2c1fb79900a869f7d063055 SSDeep: 1536:QY8fpC7PmNO28Wml5deZDwLvDzJjShP5SYCaUxq:QY8xC7mt8Z5dM87+RRCaUxq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sZHi jusNhd6.mp3.RYK | 89.17 KB |
MD5:
6fd601893f20c987e921f52713525cd3
SHA1: 87e5f77a8d7c72b9a78b1076282dbd691ee2966d SHA256: b7ef988113fbb7a184af474f17138d08f97a9b4e827bdcb4f929b5b23bc902cb SSDeep: 1536:hHQ+M5GtW577RS7w7gag7j7YuqJa6qbyipfwOHQTssSKKtExrqRwg2Yz:hw+C1tCPuuqCbyipfwOHvYrK2Yz |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UgVxY.jpg.RYK | 93.49 KB |
MD5:
88923156959dde935060f4c2098b2a1e
SHA1: 7a221185bcebfc0d2e5f24fc085c62766b7fe5d5 SHA256: b2f67376fb369dcd7710bea55f5a16132d54e561dc07bb3c89162aca36efb374 SSDeep: 1536:UaUVkWFI6dOecxRaIzBdqOUauIvKqfkRw3UGGXWEd1EvFLKRtenWWnmm+XZKH4xm:UammAOegaIDqOVIqfkRw33GXddeFKnWH |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\oFV7p3fp.odt.RYK | 92.13 KB |
MD5:
d5dea2315edd223c706f8d169221d45a
SHA1: 2e1da346b04979ba2e9c798478bc2b7d28122dfa SHA256: 9be98eef6e74f4212b23e64a2d0e736b325a8521392b37922cfe49520e66cda5 SSDeep: 1536:xbEyIMA6BHADQKQ2o0WbiYcbtiMpk6mSUZZHaAhDPijwrJNWxzTcUUPzTAlo:GuWQhfcBFpk6mSUZpTDKjRxzgUAzTAlo |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\X4M1Ejkgszn5vH.m4a.RYK | 4.27 KB |
MD5:
d6201c473be853bdf2bc8e132e94e392
SHA1: b718f0ec478b0a624424e38a93bfbb1c08c563b5 SHA256: be4eab434e4705b8b1d75581297614f0e558b3b17f392d481f3557f31acd6e83 SSDeep: 96:EBPuO5HctBX5CnJ1ER9tC7rSYg5uwrZG+SQidb3A:ENuO5uCnzA94kumGVQiFw |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\xohqs4vrty1de wn.pps | 55.80 KB |
MD5:
890d125f2d94eedbf924eb58a9fbc4eb
SHA1: dda3aad04a93ae29ce2f783ca99caa9b7553c5a8 SHA256: 8d912e6e54c225a3fbbc67bbcfa740b5568709ec50088c4a05558349f6073234 SSDeep: 1536:NFpgLiKr7SVNl7ZJY10wdkiOIVdL6S06rvRQK1Y:3iLP0l7Zq0wd8IVu2Ja |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | 0.42 KB |
MD5:
ff7d2cceeb60f1ac0f3456f7eb2760e8
SHA1: c0a886e37a13c4cd7c8074d19b4c40f2ba41cb94 SHA256: d8f564ffc605ef51c04cbf5ddb31f0bd1d63fee1b1ec82289fa49925f4c39b3c SSDeep: 12:OQsXZi3eCqSuT/5oAZlyLpQsTMUndiaB/Av8v:hsXAuKe5oALy60noyv |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | 0.42 KB |
MD5:
5fcbd236bd9cb6e98d493800f2bd9211
SHA1: 20288e03058caed00c62f111951882cf73a9d651 SHA256: 33fde227e16863e4d1719c9f10115ee3de0695ff9857eb6b5c6a5532cc64189d SSDeep: 12:+9YqsIqsLacKZaIAIItbuLm+Rf7K4NE42Fs/QV:+psd109Ikb7+RfW4GRK/A |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\history\low\history.ie5\index.dat | 32.28 KB |
MD5:
ffde406489e7b0920d7ebbc83b9a1014
SHA1: c33ca96ff7ef2ab3d8237e67a9533196077c1026 SHA256: 44cd62126d240c5cf3e5693445cd5cd00b1841ae75a5584a847971b24af4d208 SSDeep: 768:2oGJfVX7AS7E6R9GStPLsdcGJYmmmTxRLIC:GES7nztPqTxv |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | 64.94 KB |
MD5:
92dc1ea44901feae9e6f4a4efc8fcae5
SHA1: 4dde0af1f0912200b4e27ef0fc5f608a60603912 SHA256: 2702f3399ff64ed2ebad64e7346487133dae1c51a9ddb780eafc9094bfea7e6c SSDeep: 1536:PIusNsGvzf/c7jJmmINOEOdAAuef0WF0ObtY97o:PItdvb/c7jJ6xOdAorF0om9o |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | 52.22 KB |
MD5:
656ecd9bb94bdff753eaf9986d8eefb4
SHA1: 49bb24c2feba991ff798cd41b5902364f9b705ab SHA256: c78a42c5cb97c8a3dc712303ae255487ac5a51a9e5b23532b85d8f0ca194a100 SSDeep: 1536:Rnr5S5TcYxkyeTTFRKZsCP1bxJBCRW+yBEI4Njllz2:R9mtSTjMsCXJMA+yBj4lu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | 135.49 KB |
MD5:
5504049b51a0cfb647fd32fbe6b90820
SHA1: c53a6a8677d742c96732882838a67962fa89302a SHA256: 73381289fd6f1292cf3136266d992a461321693fed64b6cb2599f4364c3cdec8 SSDeep: 3072:J2UdQdgS7VTtvG79AGDl9Kp9e0fz/pwPuvvc2TCrGqpZMdHsgJdXxxDl2:J2Udo3VlEw9eK7ir/MdMgJdg |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK | 6.78 KB |
MD5:
b98576fd14d0296216d8aec522ef2d43
SHA1: 4f70d42089fd527f38a8adc17205b777301a5997 SHA256: 6f4219a41170e25e4557703daf6f6e2837218c8c050daf053405bb5091cad12e SSDeep: 192:iWkV5KU/Zmju2hoLgGd4pyo18V2I+qOaTh0:ioUkjNh4v4ooCVafu0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | 5.28 KB |
MD5:
0e34fe9f3a818ea88b1de5f894c8a278
SHA1: f186e019b7207d05111ba255ef9e2a26908c0632 SHA256: bf836881f041489f5e09f743456049e781ac3f27d4e888548903c70d8de94a95 SSDeep: 96:fj9ypYekzAZqCHbwo/maSuieZZ4yTrfJr/CU1fwdcMNy39z9:fj9yyekzA5HbwozSvsTrJ/C1dBA395 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | 34.56 KB |
MD5:
05ccdcdf2397ce3953c50ca5170bd708
SHA1: e9d992a5aa4da5087a1073d5a46c2386a0d35995 SHA256: 852703ede2118ba4f97e06929d976c94a1e55b1577a29f1835f11a993e02d644 SSDeep: 768:c3G5mVCL5Ltna76ccNHkcPxcc/cNsPlf5ljAKlg:BdYbatxlkK6 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT.RYK | 240.49 KB |
MD5:
f068a4bdaf478ff75fc3406f784357a0
SHA1: 2dcdf11e13c9b2698b00782e8fcc415b2ba9eb9c SHA256: e7f6514b0f14a4697205345f743f1ee8dc77a9800853ff4e3794fc042a2038a0 SSDeep: 6144:Dyee1zjgqxpfF/+XpqzBiEDY9LOgauD4eKDyJgawdeHHOK:WzsKpEsBDYJOgauD4e8PBenn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | 0.35 KB |
MD5:
68d0cba7cc9831eee8b870a81748ecfd
SHA1: f277f8d8834e55b8e43e3cc458c022872642d4fa SHA256: 26c1c0bc37683785241aa8016577fa48667c3241d1e26a95a056dfabfd8e0441 SSDeep: 6:4AeZLMIN/auwwgDJodvlB1+ZZJTLp5dMTVXdWJHozUMdz+pNVMB:4zVMI6ZDS8VDMxXdMurws |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat.RYK | 32.28 KB |
MD5:
6120998353e960236e59345bd9b9cde0
SHA1: 337ed1bc78505f1f50b6199ef4ce68c7610d48bb SHA256: 8debe79420a62fa662211ba1780f4f3e4262ca7912aab5d0aa9a4873b662d078 SSDeep: 768:7mRK7vcj7vYfgyadOdlI39CrvJlr9rKikTZq:i+vcjnyad6lI396vJlJKpTs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK | 16.28 KB |
MD5:
cced4bf81933727fb51ea0ec3773ea0d
SHA1: 7f17a9b42df199374cb0f292b315b80cbea9a258 SHA256: fbf684abf7bcc7737dc4aa027754f65088469eb700b3d9dd69a1d9d805cfd9d1 SSDeep: 384:itzHeB288Gf9Z6UEEAUKlD0lBbOAgAcxkcXSqBUa1t5mKdEW8qh:4HeBIGf9wUEEAkiAgRxkcXCpWL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf.RYK | 1.38 KB |
MD5:
e77e62ae453e9db4a776aa22ffc3057e
SHA1: 3d1e01645ad99bcce57809b49d90b794a16a6a54 SHA256: 9aed0e2ef9b44a4b1195fa77af642c4b21715a5ff9bbbb5685f87060d35e7232 SSDeep: 24:xb6pbtMXL0He5ll36eIZPJELxt4crfV/u+Dkl98z+6oK6JEoUL9a/eE/vv8m+NTf:l6pb6Xme5lIeIoLf4crfxm98wK6JHULN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi.RYK | 0.46 KB |
MD5:
0d9fd74de9434971e439602f9c64bb61
SHA1: bd96d7473b7df90cd1ce9a1adb3669f989129d75 SHA256: e32c90e6a35541d8b7aaa95133b663d53a10c6fd36a01b472b85128ad61257ae SSDeep: 12:vvU5MTfslyNXtNOmL30aTg7t+gQ26MgHp8yM:vvU5Ifsqtcas7Eq6jJG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat.RYK | 125.28 KB |
MD5:
92bc125eee3c224cea6f468c6e1012b6
SHA1: 021f54aa3db5a36f04046f78c69e1374eadea85a SHA256: 201f325c45d810e2f2de4cf6edb63641249161bb050c12f397ef0b896bc90b9c SSDeep: 3072:8fijI8+lBe9rDi/Hih49X2lgg88utcYYitng9h0TJq:8KpDrDUHhX2ig8jcYYyg9h0s |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK | 12.19 KB |
MD5:
73346687bfdf0c5ec89fb4391033ca7a
SHA1: 7864518a496f82db0d6fc56a611f4e5439254ddb SHA256: 1e669c1f169b5772e33a08eb00a4baf81a2982c431dda5385fe639d27f73c3a1 SSDeep: 192:OuyeE3AIglA7/h8UcJVLiFd3NMZjUtHah3JxpbRDQNQbHMMjot2+fH2u:OuVGAmZ8LLCNMSty3XMKAEpiWu |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat.RYK | 99.50 KB |
MD5:
43ada43e2c7fbb30283fe30a01c6dd42
SHA1: 31305a29c8474883685f6075db921c7df82c36e7 SHA256: 0187f789d60eb10ad408216492fffed8a924c714f49efa4bc2744a2f142823dc SSDeep: 1536:HbnaQatAdFFbQ8qMgdktVT6RFvwKmUsi180wVeT7YcdDOxGda9YT1Su6yQYEf:RFS7M8ktVeRFYdUsABYQDxdEOWbYEf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK | 12.21 KB |
MD5:
4659e9e4eb296902f1c04f9c6de054bc
SHA1: 034188fab528547dc5ed15dfa5d1d4c8e0e1af69 SHA256: 195f440828b7a378087db805e0efd5c9820792397073f2ba2d9bbfdfbbf4efa8 SSDeep: 384:UC8VknCk7Whk0x3yw6taZYf8lVAXJWfjKtiTZCE:UVUXWhBx3yXtaZLlKXJWWoCE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK | 68.38 KB |
MD5:
b8fb3f0f519edead2a3c21c04fa25ccd
SHA1: 1c0c4c1dca0193bf66c353457295482b37895916 SHA256: 352a5f1af15044c29e56d0e52abed8fa2f723fd25a20e4eace447bc84fa50cb5 SSDeep: 1536:TR7bxlBGI5fZYbT7l3qrdLEXmfUkmg2tp3kX5JEzg:TdxK8ZYbTxa1SMDYkJJug |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK | 0.53 KB |
MD5:
85cc842e0bdbeb1266d27cef9e75759c
SHA1: 46beb189038530aaab094e2b3aa783066d5fd6e2 SHA256: c0780b28c9a41b96d6b4559f5b8c5bdee653989c963e9e0bcdefb13d5e40c5db SSDeep: 12:HxkpVdmS1UGmosms1bb0c7wxo1J00+nYEY:HxkpmrGq9xb0c7k0+YEY |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\edb.chk | 8.28 KB |
MD5:
11ff6158d21b3341caa7a1f5d348f347
SHA1: 89ac8d011b9be56b31b77dbaa04b0dc2330cf34e SHA256: 36bdf55bdf5ee300b249b0871209e7a37b2a88f24e8e833ff2b0f19f1a3dccc2 SSDeep: 192:DuRN6GYhTa0bl2wjTf+FPUAcCI/FDfKWSdP8WW:yDYl520TuMAcC+xy/NW |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.DTD.RYK | 0.77 KB |
MD5:
b2aeef1be14811e091e265d930a07147
SHA1: e31f107d97100537e33698885ea238f19bf2cc44 SHA256: e62d36c1d2bc730bb55f0cd341c8b67daa4c815cc7f83d0c893d7e6ec3230c14 SSDeep: 12:ynF5cBeDUO4jfsnRmgYW6mQ6WvxaUFPfRM4oRESzw+Zx/BnINDf:WFCkDU3VYQ1vxaUKJXh+f |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9WqOaVZQQXr80Vx9E.png.RYK | 8.91 KB |
MD5:
7e741912b1593853d5c043ed17e59cf9
SHA1: 1f5fe79e2f0a6ad983f0ea165becc304d289476c SHA256: 83b293cbb51cd9961a5df979ad58d3e6dfb3f9145431ab58291f6d8115903ba5 SSDeep: 192:RIJToNLDwGjVIi1xNmkfyN0JEy4u2GVTjJjK:RIJTILDJVl1HmkfyBy6GVTtK |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\history\history.ie5\desktop.ini | 0.42 KB |
MD5:
cbad5b82bd36276225b28a7386f04fcb
SHA1: b4f035ad158ab02c3385b8a5f2fc5290033c9af2 SHA256: 1fdc1fd3e8ff9a65059e092bdf5e4047be67683f99ba3613b7b3189b40afaf05 SSDeep: 12:pvF5EKzGzbPWblpiJ/HP8rMrUCMd/DQeU:1FW40TiiJ/HP89seU |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Settings.ini.RYK | 0.36 KB |
MD5:
3f904ee8f6e5924a78f8c945c133eb1d
SHA1: 06293736b3eb4b5c00ebca3a3be42b697cc376af SHA256: eac4dab91d4a3bf597be73d41043604e7b3a47bb6841adc1a2810ea77f72d4d3 SSDeep: 6:PYkiE1Ei9nyWEx5qrX1sDMKQNJ8d2I7y++Y7yWxqy+ymYk9I7JBENCz:AkiE+iAHx5GIQNyd2I7y+WWAXyL7JmNw |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat.RYK | 16.28 KB |
MD5:
3b2977acb4b77538cd04901294f6217f
SHA1: 732235a6ddbbac55bfd5175b608ccf252426bee0 SHA256: 9c685d9ccf4d0629e459fc2dae2b0dbaa4e41d38d7ec57ede5adedce49e89b2b SSDeep: 384:pDzT9XNm+tr0HbsG+/dSONaWXCB704sUWn+cWeVH2:pr9XNm+tMsG+/dSOkCkhe+9eVH2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JwUco-T9UIE0RtuaL_E1.gif.RYK | 40.89 KB |
MD5:
05a273d1b01e2e710b9b61927e693a7c
SHA1: 72a97931a06fdb9e05d30c70270fc66c2c9cbf08 SHA256: 2005f1cc54cd6cafcc31788d1e5d4100ec6334fc376a8cb3fdfca458e4db51fd SSDeep: 768:w2cb1+83KrQJg/wVwtyQjs2/p4aeJHonBuIxD7v2CSrsxJvFx/RmzsVfLOc:3a3sQy/nIe/p4VuBuuDDjSQxJvTsyOc |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK | 2.00 MB |
MD5:
1daa265dc2c05ed2fd558a98874fa945
SHA1: 050f75003e7244340b1200418e1f2a4fc8ec4b50 SHA256: 33ea6fffe35a5e254caa3349ed8fbd49f761cde8d561f3c150ec6031ba53ab05 SSDeep: 49152:H+m56SoAkg7KwY3aeKM30lmMMEb3nVDLwmH6fvbzEeRPpijgguk8:H+MNnL7re730lbMEb3VD8ma3bXi8guL |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log.RYK | 2.00 MB |
MD5:
64538ea24b2f11b8c912d66d02c5d130
SHA1: 7fc3fb0ff23227ec24a162b3b7cd09d04a175796 SHA256: a59d32268ad20a7dcda98856255d67ffd734d33a3d7d2ee46f53c168379b551d SSDeep: 49152:Nyk3MYd66QTQ0cpzNyACNLmibzNQ8tFdVwYXBSITSk5b5SQ:8A6NcpzrQlRQ8SYYkX5Z |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK | 2.00 MB |
MD5:
913782534090f97b5e0fe99bdb62d673
SHA1: fa59ec294c304a785125038c91b950edd7f6a8bd SHA256: 4485235135616f4673a2bcfb3f10a99395e54d7bbdbfacc64ff147b2b5cbb966 SSDeep: 49152:IdcSIodci7EnS0zoU0xbF+178FxJ+0nAxcxogNT/DyRElZsLH:FlodJEnPoXbF+6FH+AAx3gNT/GRElEH |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.XML.RYK | 10.22 KB |
MD5:
6479d05e98fd302bffbd26e0ffbbf493
SHA1: 848455d4689b25ac9248638e9c53ce3e8c6f3b4e SHA256: 6e1c4375439c3710d1d5eb28bafe6b3efae8adbb1e7e76c38a3493b04c572ee8 SSDeep: 192:+qoyQ/OvOXjnPD+MS5U5Tfp+qm8BAlB3wcCvXNewFxdGnfnt/U:fQWvOXj7+ATfMqNClB3G9ewFunft/U |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log.RYK | 2.00 MB |
MD5:
f5cfabe5e476dfb690aa2ccf7154b455
SHA1: 06e20cf5162f8cb8017388729d881cb59c9bac5c SHA256: 713f9f2561d6303e035e42aa3de436425dd4be0a8f52f5bba5289c4fb15a462f SSDeep: 49152:Q7+PTTzkM9HyBSScFYGM8nRbVbK54ac+NFR:DgvGBK5U+NFR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wTpNmmdXLi4UIyadv.avi.RYK | 97.02 KB |
MD5:
0daf1246b8198e286594af970b3c1c98
SHA1: 7281f447e28e9dd672776259e18ff3c073f7e475 SHA256: 9b12a368f35226758d1142fcc1afdff76ee2ddfac5b83a614b6c01bcc0214839 SSDeep: 1536:8fJ7X8+bqMnoFnhafeCljqZ42urMNbYp1NG/BYJEH0RQoZbQ/vJKbUNliGUq:U7dRfeClm1urMNbYp1k/BMbZMA/bq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\XNlF1fAZqiwMihZ5.m4a.RYK | 41.55 KB |
MD5:
bbdc5ad93e06fb87681d7ff21267fccc
SHA1: 9adf6fd5c1e53c652b6415ebc3a20848e7e0b1eb SHA256: 6f69de7a6377932f23222389938be5916f12476f96b8de06a40912b62057875f SSDeep: 768:O50HTh/UKItqj1A0Mc9B7vzYuGG/inLnFZvzsc/1o+/jymW:zhtItqj1V37zVGGinrzzLryT |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | 0.35 KB |
MD5:
826fbfa1b3612e4b42b079714c7b63d4
SHA1: aa4d6baae50d7ffe65eef72ae25fb8debbe95f75 SHA256: 3a73393045aa7c009a1f82bcf31268dc9273faf2d4d76fcba7eb0661ff09b496 SSDeep: 6:ENh3wIFY2k9BX1TJekBvNgeC8tDidK3EfDwGZQUeBVyVLYwUw7K:E8Ia2MX1TBOJ81H36pQUeB05YwO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | 0.35 KB |
MD5:
f7ba0259218d857a60a5ffb2ddcbc299
SHA1: c71b79d9d73219783f7118cd8372462539def245 SHA256: 05304536c5185c0ef733d31a253ec118876a61cac5ffed9f30b0e8fa6464f490 SSDeep: 6:IzFZ7qM6gbwJt96whmeKVaa6eH996PMrKmJsAT16t2tHilPZRf:YZqMetIwhmHVaTq99aMJWAB229ilPZRf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK | 16.28 KB |
MD5:
466279fa3717d78c70c7bbee4358327d
SHA1: a5d56765ed211f5ad05bc77933214bf0d8492d55 SHA256: ceacb4ea0ef6c83bdfd573c22f5a76e2555a2f4d3f6acab6857639de63639a1a SSDeep: 384:+fmi/7yLFwaVDLBY29Sp8UKaEc4kxiOoBIcvv6WC:+fmi/Oq2Nz9mzuiqISSd |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.RYK | 0.35 KB |
MD5:
a7d8b2c2e493a7338f761120d617b98b
SHA1: 476d9787c741af45efafd148db60d4d886225ea2 SHA256: 26b58ed166f52c6ad3a09199af9c363829f55a5c7521a273aa2223f62a8b1f94 SSDeep: 6:cn4tdil/RmnOQojux4wosrqZYUDWdM9dpd79gZkWJ74lddsn:y4CLSO9juxnosrqZYUB97dZe8jdsn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | 0.35 KB |
MD5:
f39af575be7766867298a564cb704544
SHA1: 8a84f03178b52e0d856e4fee9902f108cffb6b27 SHA256: 02a01ed635ed2b662df67ccee4db451074673d50a6a6129eeb0cac60532d6f46 SSDeep: 6:eveiTYJEbvdfSHzEhnlokSmQFwX/Dp09kOLYl9AmrdFiAZ4jjqZXwqM1eWFMn:eveOYqvdYEhnTSjFea+VhrzNC2Zg30W2 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | 0.35 KB |
MD5:
05390bc9729146b06a87b26a69328673
SHA1: b1384a18b26d1188f32bd7d0e03d3220cee210b9 SHA256: facf3b5a5480c97c98c2813eea2b958c1b7f173b4d09480b8c9cc8f5d233ccc4 SSDeep: 6:1o9f0qqXDANnx6ozcfYrvLIQoHExBd/ONDmCRKhrPeoFA9jGEFakVALo:UfoDA1IodGICRKRFatBALo |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\index.dat.RYK | 32.28 KB |
MD5:
321ab9dd775ae534c845944cc8203095
SHA1: 0b977b9a7810d7186205ed25a49928e0e9d45a80 SHA256: 92b1a21c4db85e60be5539041e35814260f1542f9ab19c7f235e62b7fd82583f SSDeep: 768:QKbVD3b/bPx54N1R39RQIHw/aFrbmEvEltNiQA+:QWbJsR39ySwYbD8l9X |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | 0.35 KB |
MD5:
7c6689e763c0d77b713413c277583f65
SHA1: b686b30adf6b503ba165019caaf83c206ca2170d SHA256: f78f43acb48f853128dd9f5a38d399636413c23703450de8f1debd481b05e3b8 SSDeep: 6:uwzRzfHTgMopvhy+CyD/g1dQC8AcVsVY2PIQm9UM9QZpVRvhLeD00paR:uwNfHTsv3Cy0Y/32mUMqZpJLBR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat.RYK | 32.28 KB |
MD5:
c58e2113d93b03ce8d60c45d2c30b692
SHA1: 6fecc699e231fe1a57e8f97194fb0610a5db846c SHA256: afb7945bc4196aac9dbcdffed3bfbe1a3d0a9d36ac4bd86f07d6b8e5004361db SSDeep: 768:qwfBfTkZYutGOTnJ+qUt4t1pDPMW+qc2CeKuRwA8UsM0b:qwfBf+YqnTnJI4t1NBv7wA8UsM0b |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb.RYK | 1.02 MB |
MD5:
258d8da6f27dd668e17513a834ffb9e2
SHA1: 5c91813f71de4dc83667b101308411d43de3c3df SHA256: db86e58f97962f2a092ac8ba7a788866c3bfa18d911d4bd0b5c331ba6ee105a1 SSDeep: 24576:xxhv7iWnoyaXAxhXAejHpNEfAcvYjwq2e+esvRinp+Els2u7:xxRGTAxqejDWdMsJin0asd7 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat.RYK | 9.27 KB |
MD5:
ff86e1199811d0266aaa42324a556869
SHA1: aa81fc0dd795846af47adf52877c22f97d879834 SHA256: f3989115b5164ce3ebfbec49aa006a61f8ff441a1c1801df193a3b1edd50c4ee SSDeep: 192:5t2LRqrIRx22ohDxDgre3d6c7KRe4VvtL6Vz2xNE:+24x2P18roa1vteV6a |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.RYK | 28.28 KB |
MD5:
57957096843dad29691be25fcb09e442
SHA1: 0f20d21c44977e9dc46f9dfcdfae2361e06fe053 SHA256: bf80e179c00e15bbe092c971cd369a8a057e92a5162550ad5c13ae2d5aedc1d4 SSDeep: 768:Ve3QZo2LNCKFJDqfRvZ+aC2h65RHTRFA6CN078bx0:vjLNCKFpORvjw7tZ4by |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF.RYK | 0.39 KB |
MD5:
626b750c8e2f943ada5765c64b92c6da
SHA1: 4408714b18d014e5b1198321213ebdc62bf51380 SHA256: fcc1b097b85ebf1c06be2c41ded418b45eb516b5fc058f3f8456e7d4cff24d3e SSDeep: 12:sQ0lwckVXPYPlvm6oLiB6ftFpfZIWGLcy+R5OtC:8lUVXPYPQZffzrCMqk |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.pat.RYK | 16.28 KB |
MD5:
23410cef43ff7c3f859a65b8b84f5cba
SHA1: eeaea07e23b08ed8506943925adca6684b7e6078 SHA256: 34e0482f4030ff167b3e678322994733e243c95fe4ad6c4b337e8a52a966a170 SSDeep: 384:Rtyv+Y5Hv2myOYwPasKKRGAQmBPSUNRD//zWpa5PXVxa9v56y:RuzyOYwPasKKALcvNRLzPxVxa9v56y |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\backup\old\edb00001.log | 2.00 MB |
MD5:
2bf83f5301bd331393606c8d0ed11609
SHA1: c2f08b64c605b702b53c5ccb23cbe0776acaaeb0 SHA256: dba03822cf54dc8a36e6b5bb75154dfb9ac51c2026d9a4518833eadbeb898365 SSDeep: 49152:495MXM/Vfz11P2IGMu2iK/g8m91GSDUYVIq2V8f9CRSsS:Pct1Zt4WXk1GS4YI814jS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.jpg.RYK | 7.61 KB |
MD5:
d8ba291391eb4128f2e5394addc6ef5d
SHA1: e00a532edd73f2f48f5b016be663f1b942245fce SHA256: 65c7d90ec296af2978b21c0965b6fe1b2530545f7a3efad1195b00a4060b8f23 SSDeep: 192:xphrhOsRMnVJrXUZqSL0kFBnrv1/tcODa:zhbSDUAk3np/tcz |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\office\14.0\officefilecache\fsd-cnry.fsd | 128.28 KB |
MD5:
ef61922e91e919bfd4c9b5d6a5cccec2
SHA1: 94a9e613a5f3e80e0455a4029740026f2731eaf7 SHA256: 64e58be9a3579991b9ff289d6a7ef6bca34e24159aa9b4030a67599169bdc641 SSDeep: 3072:TqYN/kbT1mmh0cfEIL8oBHohc3r/gfg2Ob7DaAFlAIVDKT0L/UTotVOX4XV:WY9aT1wcsIIg7u5WXzFl3V7LsMt0XeV |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore.RYK | 2.02 MB |
MD5:
ee23d6eaecdfc696047b04aa8d58d00c
SHA1: 45d4899ccd3a3c05932ca2967c92a98fcc8d0dc1 SHA256: 9464375eee5161f738038b543c31e53b033dcd6b75e05d5e4f95f046f35c24c3 SSDeep: 49152:8+frGQ0MB7OjnrkkjhWVzuiTh+a2Oc+/GOS7tYLIhu:EnE7+rkk0zzTh+sc+ghOIM |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.jpg.RYK | 5.27 KB |
MD5:
a234f583204107062f80fc6e47f1d7fc
SHA1: 6dc99809cebaca0e43e8315b6f2b28ea28b3e891 SHA256: 5ff12ff82a0ec1d2a4bc818860694b9af941c971743f591b2180533d0bef83dd SSDeep: 96:kZZud+xByD/NzBTWwvajwlcd/a1Os5wK92AdrPUGyjMZQOSr1ve/e3:YDBy5zQnjwlq65wufrPUMZqr8W3 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows mail\stationery\shadesofblue.jpg | 4.89 KB |
MD5:
31829c2583c23149ca0890942418aef3
SHA1: 08d3ff8f6025159ee53dd6201e88b857f3700179 SHA256: b2001c68ac02e5b1c3c665bb6d012f69f9129d1b4c957f43bd3cb31f663a1728 SSDeep: 96:Il5+VRwrfUZmJ+dFmLECP71DUDiUT2SreKvVLkbAvj55zGxoMev6E:O8MUZXORP71IpT2shvlI+fzvIE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | 0.35 KB |
MD5:
27f0b2da55ef27b91635b3263b99bc19
SHA1: 49ce0fb50e676384ecd9a93817b5137a9c4673d2 SHA256: 3ae9cc7165a848ccf8e003f358dd73afd7eba1645625b8ed81f16620b8e03c33 SSDeep: 6:GGCNSeh9drPdO0jlu2Lao8dTUTLBzWeKQwkZLODTiMWja4VpBsymXuCVBT+B3UzZ:G+ibcAao7LpoQ7ynvZ4Rsym+Q+3UZf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\index.dat.RYK | 32.28 KB |
MD5:
76e1a42cb31ed70756f5c288a8c74891
SHA1: 5c4d91d3c028bcb15a224cc350844487aa4fdf44 SHA256: 221dbd89d296da1fb9e95503f928248de7201eb082810136604a0c9558e98f16 SSDeep: 768:5lHNExTpy6HdPDw1McZI9QFC6eAYHaVn8BoWtfWW/RCGuH5p4:THmZpy6Fwqca9QG9K8B/llw4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | 0.35 KB |
MD5:
f94239bb8999498d9714b71984b502c9
SHA1: 0a8ac4272a57148d389df9891100a6313c395668 SHA256: 72827592e8b69d303ab67ab3778eda704fe43271961e60636bf260ded97f282f SSDeep: 6:QgBtEM9sCyv1DqTRmKX7yZjhRKdKKVsm0Ot1utjAthks2PvMnfOWGa:QQtES5yv54RmKX7KjhZbD2eIheaOWGa |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini.RYK | 0.35 KB |
MD5:
15117bbe2a2e15fa3fc0229cac6f2d91
SHA1: 35a3bce887fb051b61c9607e9f4e21962920305e SHA256: 6e7c53d8e7ac377924e054ddeb34962a38cefe647fb46d27bbe0a17c6aaa7cb8 SSDeep: 6:7+9GDlFuipXgIIfhn7uv155j1I0OBqb2XGeP9/IaNmyTZRzAiapWGwMJdW3:y9g7pwIIn7uv1fj3DaP9/ImTZRstpWVh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini.RYK | 0.35 KB |
MD5:
1a263ef516fd3814f6170f89ec8066df
SHA1: 53c9a6b746efd10a4deb92fbf2f4bbb86f788ee6 SHA256: 702847a99d2bae5de73aa6251a9e96cbf66c43640ff492d87cb9482f0dd07492 SSDeep: 6:fz3MyhZ2MW9lgDcZ5tkQSD7KWcRrYA0FjdTRJgPcoW3gx+hs1XLFrW3:fz3MyhUM06GYQSD+JT0FjzJgL+hs1Q |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini.RYK | 0.35 KB |
MD5:
76b714c3b60ac646ffce5fcf76b80955
SHA1: 0698000ed7054f5d85ebc87d2b34fb7a64387ec7 SHA256: 5e828fb14b9852f28a24772d45622c04a4afd3f105502b15e12a312eb69ef82c SSDeep: 6:Eh7DZzwS0earGIsBSORsIhDLjhM19cM8XVLW50EViavHgGQ96vbR50kZU:EhHZD0epBjKIhDLu19cLWiEfjo6vb70n |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini.RYK | 0.35 KB |
MD5:
fb138dfca1d81c6364405f91b252fe1e
SHA1: 592866a85e4189f550c05e9d32abc1da3eb77086 SHA256: e28174ddc12d5574f65f27bf7bab68a8beec352e487b90bf594cdf8bae00085e SSDeep: 6:hnY0G1ZpAI2RVWfFaBKoITelBoq3dCFbCNWji3pt18361BplpHZmqEi:hnFcpAICYsaenrCFni3R5jlp5mRi |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | 0.91 KB |
MD5:
eb19c44ad8d9aae4626dac892481ec62
SHA1: f7e9633f0e311d87d1b662ba9b641b4a60a9421e SHA256: df7ffdd8e508bd1dd1c25032634c16f87b9be5477964e4c759eaab62c7e97d29 SSDeep: 24:M3YzrHikBfR1pyDO1FLzC+8hZrs/WRvAIYDTZgyVDy:M3YzrHnya11z4h9M+zYDT+yVy |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.RYK | 10.60 KB |
MD5:
1f0ba91b62a553887dce8bc1e197c013
SHA1: 871e88d341f6054a48cdc4af59046e7b5154ca25 SHA256: d61db2f21e6e5d03f44c3aafe4d45280eb8ea88347b19a928e7527f05ad56992 SSDeep: 192:2pyKKVwcJorXkazVlTm+YJW4XCSjAcGfDlyfu9rdsfpkTq+lXoCbZaRA:rorJzrTmtJ9XCSjlYAA2RFyoC0A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg.RYK | 1.33 KB |
MD5:
8c635b480eb1d83fd7b6eae754e710bf
SHA1: ba01302d969e9dcae215f59212b21c94d017d195 SHA256: 3ae91f76704fa10e4abd6ac0d2a081b1a7feac32a22e830130392e8a3b497610 SSDeep: 24:cpwqqxvPsm8TXjF8aWd1P35Z2fG+9D7l0GQnPRRJAUk9cVjp2Fs4nyZebLZS:covP8XJWT35Z2fz9D7l0rnNAOVj4Fs4u |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.RYK | 6.53 KB |
MD5:
a1468f007f788b1e5b1d03b9a2b43a9e
SHA1: 18cdaadfa59af01575689ec7240a258492282b9d SHA256: 1c9d56dd61e3b2449ed1fbe3c8d1509294fd578449ca9a347fe33c8523582707 SSDeep: 96:iqpJEuyo78sEB3/fBAU4zZYrX6zK/sX0m+LcwWW7neG1UBWi7+HATbKws:iwn4BiNYraX0NW+nwG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\HandPrints.jpg.RYK | 4.39 KB |
MD5:
cd83a4f550fe2ea7313a23682e357187
SHA1: b5a08daef6b8616564ba953313762fc31b79f45d SHA256: 251690f4a67c63f964c91e366d629ddc2d9e0397082fdce782406dd0dc685bbe SSDeep: 96:KOlKKcg/MwVPG7xG/lU9BEyarTeMSKV4wx8glT+rphtADHHIvNbaM:KSncIh2xG/+E/X2O5pSrph6DnIFeM |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.RYK | 6.50 KB |
MD5:
a47055873d6509f5879261d88fbac254
SHA1: ec586e2e5d3b0b434f8ec74e267637dcfa6eeb50 SHA256: ab29f3b0275704c8d3a2e42709586f7c8fb39ec54a596fdc22bc7f0cdc6c86ab SSDeep: 192:3cAoEvk54SC3Gumqfff6p6PR05Qkj8X4XbsVTIe:3cAzvkjC3GumEfft218XRVke |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.jpg.RYK | 23.58 KB |
MD5:
b45adec838377862f586ac28623a2497
SHA1: 2aa1e752fb84924efdd266a28fdf5ab5cc76baa1 SHA256: ae39c6c39c0a352f543935f208ee0089b4e8ef06a09a87a920ace922e6aa27bd SSDeep: 384:1fRvDKTGQ0oIlvmOtTb1ToRetgSepwlziAy7mE+CRK5Cofx8LYXQwhTwmCMPA4v1:1fE1JItpGfSYIXplfxMy+MPPvI7Fm |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\js[1].RYK | 1.22 KB |
MD5:
19d6f2d2f532a90fff27ec7573ef0b9e
SHA1: 9f3e2cafb1bcb82e1fda4846e9fef1ee82ad75c2 SHA256: b134cf775c80f40f794c254f7206479403e5adb3ce7460310935cb45205525b6 SSDeep: 24:cAO7QkgIyODyqNx7ZLRgFkPNb1lTGGD5pPNsfkqsB/cQvilarJVgDTRnMeZ0:XO7uOOqNx7B+Fk1bHGwRsfuQuUnRXZ0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[3].RYK | 12.19 KB |
MD5:
a725c56431975b924d8d358c955122f3
SHA1: 6e449e975e936421c3ff01881a5a9d8b82fa7a14 SHA256: ddf5f0b231ace291b2bdfac2aabc7bb9bce599e820618fff9bdf8ef5b5c32954 SSDeep: 192:SJuLgDQBY7edRPwNU2lPvbz1oQpt6BgmWXF70uvIoDIGgxdZimnF5:SJucDyY7e/ktPvdFanSQuQosxJf |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[4].RYK | 11.69 KB |
MD5:
fdc46545d3b5e23f354322380a0b53af
SHA1: 8c91482a73b3d22d48ebbf052442ca0cb736ee30 SHA256: 0ac5413e6086111bd8e71a6b0ee0b8b6d069be14836da870a457d48dde9bf279 SSDeep: 192:n6RPesuzhx0+Bi8aHsRiTcdjJLfzCwiAn3JQeHntgVWzTA+gLLB2jje3of4:n6R2su9x0+0tQmPA3Jn8g6GiYf4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[2].RYK | 11.56 KB |
MD5:
bd9cef28d708f8862a5a715872132c31
SHA1: 1ae2a34e4e30b2847866357507df6dc8800a419a SHA256: 307c6555f64e83b2b1dde0f49b58a3fdacea2ea6ebca44d73c3c0a5762d77f1d SSDeep: 192:UfbFFJjlDnFn/THQGflEvJ3Tpx6v5ZdFcGDziFgyLUgWqzQH42Y7D3f9G1:4bFF5D7HjtEvJ3TpxDe4guytHo3fy |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\ikqeepzr\adfserve[1] | 4.05 KB |
MD5:
957502ab1de8544a469a5101618f63da
SHA1: dddc3ac236882be9077a2e6ad3380bd1bd8c8e31 SHA256: 0dce8176febdf40bcce4e92293c25378f38cb9da6b0d71732c51c95b44ed1410 SSDeep: 96:xSxLS1E1ckpym342VzKsSfUVVcvDb90RM91E9P9elJ9J:0s1qckh342pSfUab+RA1cPAlJz |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\ikqeepzr\adfscript[1] | 10.39 KB |
MD5:
c0cc52d5e919ea9b5ce56848442137ea
SHA1: 6d076cc3a0ca4018ce568f1330b2e73e2a5dd05f SHA256: 1c20df6bc5ccc7aa415b5df5f78c176bca8bf84a8f4137dc7d2f5497a954ed39 SSDeep: 192:+yOw5A/3Fnmk5WqSZeFt39EVk0+6H0mDC955kKAOe0Eze+6M4YCsJ8Ke1L:xLydmgAZetEeHo2zCKAD0EzZ6M7pe5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\f[1].txt.RYK | 13.47 KB |
MD5:
4fc615d7fbc5f1b7c9deb3572d1ac1ca
SHA1: 95c61a7f4f90ca8e953d627b7f57734e90fb85cc SHA256: 8d67d62fcd8b4082d97eb74ed4557e1f3ef516f12cf79777ef24d78dfa08f92f SSDeep: 384:Av0NhF1Q9JsrAqolc1fbFZRL9ipZa0iK8vfLt:Av0Nr1QPs15TniptWjt |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.RYK | 28.28 KB |
MD5:
86d067ad62f750d36aa9291532e92af3
SHA1: e9a49f28cfcc9216a82431793bc1cb254ff38415 SHA256: b69b5efbc253f7f089241b68088a3e96232747be8a42660003f384a0a3b54038 SSDeep: 768:Pb5iPPjeNH0L/1IROyNnGpP3IphBYL5vY+n/6UE87Za:Pb5iUULtEe/coLJJndB0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.RYK | 28.28 KB |
MD5:
2e664bf2dac750f39285ea8a2bbfb332
SHA1: 96eeda87b8a5359a7679954eed084d68daba3261 SHA256: 055b5ef0a21626009da4b4dfe66b2d55412aeb26eaa902145b61bb5eae29faa8 SSDeep: 768:rJjClNg1r93Bm4EiesDA24djsSsgiywMVV9npJs+W+N:rJjxDakYxsSdLJBpJM+N |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\yg1r61z8\ast[1].js | 70.33 KB |
MD5:
fe927f30b99f6889bb1a6afde3d09eb2
SHA1: 4cacc8f4c707009953d99bb0db8ea1fcfcf166c1 SHA256: 868afe99e0746e30d8126bfc028165561c9b5d5f0669f7420feae97983cfa823 SSDeep: 1536:0vALsBrA+2JUqz8nacw71z0mmEwkeBkI8tzOZn+v6csOh:+Agutz8nZHvBkld6+SAh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl.RYK | 0.85 KB |
MD5:
44c9a9e0ab40a74fa8a42e3cce7745b4
SHA1: 59a2b6a7b47f58064274dce22a104ae14f9bd67b SHA256: e86d3e9b9c592c5ce19f80af8d977845626229bdf4f0a6a2cf233d44fb4b867b SSDeep: 24:YuuN9JB8hkfrkF7g2XH3wapbAusMr+HAEA:YxN9shWYHHpbAurr4A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml.RYK | 2.25 KB |
MD5:
46ce23679c1f51e24fd2644d97042110
SHA1: c752e9739c9a1f8f037355f0d16e3a6cc2f3aa3a SHA256: a5ca0e879cb63c9a96b926006c3cc2482652cb3638941c7429678947c29eb1d7 SSDeep: 48:JfIxKtlNiegW/ARUbhSHdQnxPDnTNIJ6fmi6MT6j:J7gQARJ9QnhxIpbKC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStore.RYK | 2.02 MB |
MD5:
230ff90a137580d2a0d510ed297526e9
SHA1: 108faaf9f83d3add3b86f7a478cff8def1dd3b99 SHA256: e999e396380618178e7f56803dd223e4b564e15328bb0b85e38d24e25d3f8efc SSDeep: 49152:b5BYkXKb9JgoEyN4Vm03Wq3ZE/JMcKX8/CN7gTQNAyAYzVEG:b5BYk6bLN4VDWiC/y4CxAQNZEG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\12_All_Video.wpl.RYK | 1.33 KB |
MD5:
12c170f392b16d62be9f1c32c70f80bd
SHA1: 84eba6636143beace6854f8192d6be6a193dbf03 SHA256: 1fcb063c4d30756f14fcb3540423f4ba0e433e204b7d2115cbe008aad1a696e4 SSDeep: 24:OY5CgHoMxb3PF1ESTN8qvQkMmXlLbjJ5cnDxyXKtMkSce2/PmBEVifF:OY5VIgj3nZDE2LbjJkdyXKKTce2/PmBl |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl.RYK | 1.33 KB |
MD5:
d68733343e68317a1ef55c22ccf219f8
SHA1: afedff4e58b5a83161d2faca56fa11019347459c SHA256: ce726e7f08585ed2fb4fd78de3904a3cb426f7fde17ad269ca24aa8aca260ddd SSDeep: 24:zqTPUHVMP3aoOFrYh+gMshquqZH8njo6tZaCauOZQdm+J5GrFc0K:zqThaoGrmc5N8nj9ZaCf2Qdm+JSFcn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl.RYK | 1.31 KB |
MD5:
f26e5336fd71e0c3f676a28fb2b7d78b
SHA1: 97af2a215e0dc01e9dc3ed54ba8d52d287e11aa2 SHA256: d38f61870a7e93d0e88096fff9ac186058dc0ba9dcf06ad5248c6c641bb354cf SSDeep: 24:ONkWKID3Mkqe4lHWYRd04GzFFaQ3+1rY3lKMt2/2EJPqFN4uiIt/Tn4qJzy3k0VW:ONkAckF4l2YRm4qFYDY3lvt2OT4uigDt |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini.RYK | 0.35 KB |
MD5:
88a11cd7acfff99e5b57d7339f76c152
SHA1: cbc7f8a2e7ea9b547c75756059e428cc741ac04f SHA256: 402e670cc13b75742e7f751d8ae7296d4d33a9ed0728346581a8a3b97eb1a1b5 SSDeep: 6:MAsG7NIQcc3ElkrvWtKiWWPhnTxAjiQjGz3m4z1mGNGcXii7RM/KBuyrNDEd8oB:MAv7NIQcc33i4wxxO1uzjQQiieRyhjoB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini.RYK | 0.35 KB |
MD5:
619a72be13d8cadac6802e28efa3bca6
SHA1: 4ccecf8d3e1ea56e1d2d72d8390e51e4c4eddba0 SHA256: c0fb55a05191bc4c1624bced801aed1f4d9e329446d5c6e0754f7fe3c2b28232 SSDeep: 6:kzihVlig0Eg3hoyeRH766AhKIZU5Pt2T7oJnbEhL6eRlU9wSoDtRl:kehVHg3hoyOHsEISF2X6gheeT5SoZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini.RYK | 0.35 KB |
MD5:
64ff4e3c64dce3f857aa833e98af0b0e
SHA1: ae30f7f820d71b0ea0d84020bf73af8c1adb2c55 SHA256: e3a16e41bd9efc5a954262baab0df0e4e5d722f7bc8a9ac1ab1a05d8b6ae979a SSDeep: 6:6tmpBuAK8EXT2QSmYJAQ1WCwgQ814hqASt649N79aSbQUcYJnHFIKk5S:bvG2QZ0AT4f1s5StzvQUcYJnHFIE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini.RYK | 0.35 KB |
MD5:
ca7e7fc8eaeea249568df1c6f985b3a3
SHA1: 135769aa4783fde91b43420f5344729c5818a4bb SHA256: 3f62b68aa69a369278a039387fb41a72a594c0c226d7d5d82665ec15363e008a SSDeep: 6:VRYT6AgUemZg07HIlQSNFkzF9iPeWdQpUhq9vyzuAqBFpSFm2gDNzG2zdkcGFbbR:LYNLrbPSNiAQporzuAqBeNgpzGwmVbbR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBE97O8[1].jpg.RYK | 2.49 KB |
MD5:
c060f286bb2b1425510010d1ddcc2ac7
SHA1: 1b003a993610b73b6fee615bb0ed3c01798015b0 SHA256: 5eb88f99da90cc64977af69d28077b62d62c4e2535c0d53988834cca5b610da8 SSDeep: 48:MyZ8sSQDOoqLF85hndlFelBOigD+UTeKabQlvKT26I8xcPq0z5j06StEhS74ZD:MDslDKFuhdzEKD+hWQ26I8A5j0Ghy4p |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\528d82a2[1].js.RYK | 11.97 KB |
MD5:
a89523331ee9aab8ba53bd174e99bbb4
SHA1: c286e65e3d156b6885d58a7179b985df9de2649e SHA256: 768900ede810ac4e16d44e99663f042f3068170b7a8d41664e2d604e51c38b03 SSDeep: 192:Fatup/l9cqe6V9RMaNB4XmqO5f+a6gPKuSFS0b2twGytfM53:FaA99Ze0saNBw2NDnPBmYCEh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEgJfz[1].jpg.RYK | 6.86 KB |
MD5:
186d3729cfaf694a3afd542d7acbd78b
SHA1: 5eb690612cfea25bcf7d15eee4534f7cd2832a43 SHA256: df54857bc957921ee366160bf518cefd9fe8d1967c3530a6ab7e129febe8dd28 SSDeep: 192:SBaeqHVj3Ry/Q0uUKS6HydwcNdDlFJrjs8FYC624:SSjgJcHg7ZFWor4 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\9qh4s0gz\bbeg9qv[1].jpg | 8.03 KB |
MD5:
6b60d45c25f93a99e065d58267d90cff
SHA1: 7505facaf92d5ff85f40a59a28d7ca8edd19a831 SHA256: 7bfc3e7560f87152da08cf9adb2d3960aeb190ed6bd0bd2d30be9ba934b77ad1 SSDeep: 192:EvmEQC2MMEdllUA1zdw/Tg+/NrqWCl39llxrDG4QCk:EeE8k+hV9gnxr6rCk |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\9qh4s0gz\bbefjut[1].jpg | 15.35 KB |
MD5:
edb119a07d4dd35747de45286eeb3c8f
SHA1: e84a211aa276a3c915b3acae1ebfff970e96a2f3 SHA256: 06b8def2edcd8aebb0be05ae64de96f9cc70ffbf3cdcb0bc3d20d119ada6883d SSDeep: 192:8jBNDfzRFttLVJvhGT+Ef5xPSOkwD1eAw6syhUCZJyAtPOqfG8I/37KLNQ76CjAp:8jrTVJ8FLq3QkJcnvrv+8aiNm2p |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ast[2].js.RYK | 70.33 KB |
MD5:
4a36df063f98134c174afabeb62c9911
SHA1: 90156b09cb99b93b7945c2031021aaa99034fb80 SHA256: 4240f3c07015d3fa0a6adfb67c9a9c6296496c5278c6d35b75cd3effeefd6f42 SSDeep: 1536:2+ZBviBaOcqmP3JvIGgmN53ak2G4JtrgGHv3Bi41i1Ct8MCiZ:BBKcjP3br56G4zrgGPN1MmjZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\print[1].txt.RYK | 0.44 KB |
MD5:
809598165b1572edbb2215a4d02c8bd0
SHA1: ed36952e23d5e9be6c4f9d8e58f600b53b0b9011 SHA256: 8f49f607f9be884142f00a92fab756e5d3ac4c302ac64bb803fbeba9ba9cf494 SSDeep: 6:85Of30bVHudpv+5CyJFQLwf9zkVRkMWKrqDffDcp/9ZaTfEYKa9SKqhxw8FgC0Bk:Tf8804G9zGRk/Wof7cpVI4Y7SxvV1t |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\ie8[1].txt.RYK | 0.38 KB |
MD5:
8c1494e92e299df5594538c6b41c3895
SHA1: 7d5d63e8a209e53357b3774bcc65090a20f33e71 SHA256: 535693ff85de8c3630e6cde952c6874c7b9f1f0ec712a75fd327e79df866a8c7 SSDeep: 6:4uIjBKBawZHJ2tkjdADWMjq+G/FkNo2qo74pVgI6Ob+Kg1fY2W74hwd3y3CcHDd:4HjB1+J2wCnao7kqIK1fY2WFoZDd |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdXJj[1].jpg.RYK | 1.91 KB |
MD5:
4ec3f33b0d983ce29277c4b0aafd184a
SHA1: eae573f761d3f3e59b3d9b6e360fbfda32d03986 SHA256: dcaf33fb4577a2d97a4e8fa2c8777e68cfc377508b8629f0e30d7223020f279c SSDeep: 48:sXQssPnf2SyHB733UVd7GIr/8T/OGJRSuM0b3G:cQsenf27rW7GIr/8vRHc |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEcHle[1].jpg.RYK | 2.46 KB |
MD5:
329cb900214732e98ce1761926746d93
SHA1: f022203b009af2b1de9fb8f017514c6070eda222 SHA256: 86ca9a67f6392957037007e56ef304742667fad439b487d4bd05827d7a9450be SSDeep: 48:KPObPkh3R613fhMVwfPluX/O3mD/vb/g4R+A0G6f2z8EZ7J4Zz3Hq:iSOQ13TP0D/bdRzdfZ7JuXq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEgiYw[1].jpg.RYK | 9.27 KB |
MD5:
d9d13f031212dc3426cb0c9e36b8ad64
SHA1: bcd2c8afeef14beeb1f0b94ca38de1f331626059 SHA256: bfedf46275c606d2956a4ffc7c427918776082bd9c9be8572d31ced73196d1aa SSDeep: 192:Ww5MM7hkCCbTcgNjtbq95Y2qa9WmdHlxUHgtK/ImebHNe1G0KZRMWd4I:uM+CC3cgDufhzbtKQmeLNqHKZSWd5 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\Standard[1].RYK | 85.31 KB |
MD5:
f7109293dacd0f5385d9e64322819736
SHA1: 5fcb102b285a847c24f98d439f20e2fcaff9f8f5 SHA256: 28e559d3fae83d1e06331469795c06b067b3675eaecc53978654d58c8e2f10d3 SSDeep: 1536:mBGY3iovqCtqOqWNo1a8bpgoF+CYjDHeK5owBt1jl0VJ3QKGE2aYHX1q/5os:m53JqOXy15NkCkDH9Bt1j0JzMaY31qWs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini.RYK | 0.35 KB |
MD5:
2909dab32d1e64912b01baffba9cc4a9
SHA1: f5850e9daba3253b495efb573e68122fd49c6549 SHA256: 4c8d27e46be5a7cc62617ccf319c72ce90e683f73ecb21860f7cdb4218eae4d6 SSDeep: 6:EYQXDCCpp/a9sobEwCbqiqgZjYIwbZu3xInnUSuKp9u48JgRgo6h:mXhASGUbev1bZISnUSuG93pRgr |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdqEy[1].jpg.RYK | 1.92 KB |
MD5:
57c59d72f1971dcc18703663cd57ac3f
SHA1: 29dc76624db4d28886727f70df23d039bb7cf8ad SHA256: 831e95631515b3fcfb2fe2a2e4c7e944256b0b3cdb11c064b10ce80f7dec1684 SSDeep: 48:qXZeWCatm+D28eN6occXYyIz0EBWt6AAo8vI79:4XA82noSorzPQt96gJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA429NP[1].png.RYK | 0.88 KB |
MD5:
1ff4c25dae2642fc0720fd61cae36521
SHA1: 2dff6350d7a902ad3bcfe4c73e55054426e7cb79 SHA256: ee1890ce7ca4e438b75b1632d521893be6de78ceaa2f897df86dedc1ac2aa7b5 SSDeep: 24:h/2PR2Ucsbxy7UAWU6uWtHPwBgkPXSJsIC:hsbcixIutv92SJLC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adfscript[1].RYK | 10.39 KB |
MD5:
9938f3976f57441f01314f84feec203e
SHA1: 6a8ab316c260caa5873e860d63582f5d021cd6be SHA256: c9984ca386f71b092aebea19f3ed2b70566fadbb33a75ebdc9690c2c3b397cf6 SSDeep: 192:YB9gjuK9BTNKRK/QAlZrZnDjq8B4M2x3yCK8n95HBap97cmiDh/lyZ/:11hNZnDGnoCK8ntapa9g |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA42pjY[1].png.RYK | 0.86 KB |
MD5:
db27a22470fd3aebee79a555e495720f
SHA1: 496af368a7dadc749d410b9acfd459c8ccd8629c SHA256: d429d55c8a3814b7593764298a5b335897396463d821bb6f19b658a8a61123f1 SSDeep: 24:mzg5Pv2SimJT4J8Bcpnf7oZF+PAf4wKwfyoNOp:mzgtv5jJUJgcpnTonbpVfyKOp |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA3e1oO[1].png.RYK | 0.92 KB |
MD5:
5c1fbcd3b7495a3f427759e5fdbc513f
SHA1: 76ef7499a1be65aa64302a296e323187200980ff SHA256: 799cbaf1ef016c93e5c8aca89a8a2814d0e262ecfb874436f0e6c868d469efa9 SSDeep: 24:wAQnJkIJAn1MsOzObRzIOCZH+RmC1RvTmTu0P5:2Jk+An1MsOzObRzIvR+lRvTmTB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\css[1].txt.RYK | 154.71 KB |
MD5:
3c43a845ec2fcd2b688d1e11457ecd17
SHA1: 7946719c11882f2ef925661a43ea096ca2eadcb5 SHA256: 6526e4f5a5359c975da3c31d93efe9a5a3d9a29248a621a620edcea25add5615 SSDeep: 3072:7xDMEXs6Fqf/p5i3xVKYX7IQ5GE0Qz0mic3D3lutl2beUbkFUjL+khqOdfhzdji0:7CEX1AAxIUD5z/T3lujaePKjLbhP3xjJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini.RYK | 0.35 KB |
MD5:
52ceef242b70192798f64833f6a2bfa9
SHA1: eba67dae5d44a0f3f6c5bbc8dd5f54c4a1042ed0 SHA256: 794085ed2df530cd001d80dfc20c1931f13e17939535d7d214f47840d66090c6 SSDeep: 6:U5hO6tpK82+b9quz5GtTiXCS3m2gE13tfch61ngrTsj2cm16ekxM5qe:U/PtpKKxVcTGCS3mC1Khg2TGA7kTe |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[2].js.RYK | 24.10 KB |
MD5:
ec512ae1fbd3ff9a80adbd2215261ea4
SHA1: 128abfde797eb1975b93393afc5079d94282b988 SHA256: 25ab9f4a8947239292d5b5131492a2fdafb1f414c9ba83183dcab19594a43779 SSDeep: 384:ZrdzVl3tx2JIE+071LFsIJJCUNjC5votz7xe6gXI0TV0zddQJjIKidVpS:P7cIE+M15sIJgUNjCRUzgFXjVadlKis |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini.RYK | 0.35 KB |
MD5:
25785bcbe739a6e9c54f62b9077f38ae
SHA1: aa876596e94a6e59321f3d3bfeb39262c0dac778 SHA256: 6057b5dba962e01755165df768e228eed456f884dbeb89aa78ac05d58ce8add6 SSDeep: 6:e1aCwJDq0rMLbtVP8qF4XmoEnMpf6TZvRz6ggRgPrO9XmGIoe:iv2MLbtSqF42xYCdRzfgRgqcGfe |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\core[1].css.RYK | 165.10 KB |
MD5:
11ba7955a5bfd5ff8e662ed4f4cea3b2
SHA1: d1df3bfcee915d629806396ee0d9583c277abff6 SHA256: 87ed9c37dcb3ff48a44a9ead76597491e558539e5fb73e79fbc6ee2836879326 SSDeep: 3072:8488wLqXK9Z3buY/ZxDjxEzNTcuRYi7956aH+8fek6PJLHSkUdgPM2g23B8G8rTA:8488w5Z/Z1tEzCu/7956Wfe35ZPPR8z4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[1].js.RYK | 27.13 KB |
MD5:
4506a5d330af3ed8190371eb981cf720
SHA1: 2d5812c11cbb369bb4f0df640d751eec75c7a6c8 SHA256: d8234b15186eac0cad343638e6fca809fc1bb818930a7052bb037f1d222e03f3 SSDeep: 768:AvrXIB2wEkXAuFi6IpfD93gPEn4V1zj6Map0TR:yzIU8G68D9FnuPBN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\meversion[1].RYK | 4.66 KB |
MD5:
b9cd78feb018e580480ea686d1ead955
SHA1: 4f36b2134cdab7699e4eaae2eaf907c816a897fe SHA256: 3db1eae2df8388dfb92fac081851f69448ed2a7cbabbca7aef529b9eb4ba0d01 SSDeep: 96:ntzBcYEGfVX/Tx2DesZLL+aFkAsYGj0e3541kExT1wGE:ntzZE4VvT4DrZPvFUPSUx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBQxzx[1].jpg.RYK | 2.56 KB |
MD5:
e9592888b6257ac401bbb5e346cf0539
SHA1: 2fcee70c812e3deb3ac7ae915a0d9a7680b9d0d5 SHA256: e4f17aef69a7915053bb0dae7b61d994226b1946000c764cb00282441b078feb SSDeep: 48:WwOPKc2TDVbtlgmMmehrSns0G+BJR8hPLzF1/EVy0sOEDbvITjXBK6VFY+u:WwgK/7yme42o6/cc01CqxJ6+u |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\css[2].txt.RYK | 0.46 KB |
MD5:
0f48789d869e7102666630521857ae75
SHA1: 0865c8e4217fb275e4d773c3b21e8095a2c3dedf SHA256: f634f82d1b40285bb67684dac629cde9dab4d28e8fcd22a7c9469b9761fc65b6 SSDeep: 12:bWKds/9qupjrdAybla4yNEO8Mj9/OydBd5m:aKd6vc4yNBqZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\th[1].jpg.RYK | 2.55 KB |
MD5:
3822e63bf4a7db6bd008ef450f91a44c
SHA1: 68289bee98ee699c469c31ca0e446e8c125f41fe SHA256: 142c072b246fcf98bce7d85f2e9a337ce303eb432b0d814e26a1879617987164 SSDeep: 48:PM0VfQMOj15jZJ7C5++EIkYYM3JxNDUtANg+FRZGDch8wInA:PM8mzjjn3IkW37NXNJRZ7h8A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBPUFJ[1].jpg.RYK | 8.00 KB |
MD5:
90d17620fd95ee95a6f5376495d1c495
SHA1: a4ff0b3babbee5810f3071bac74c810a2878bdc0 SHA256: 6c7ddaac18ac9af776546f50f6c67cb74241e5d7864c5ef3b69feaaae3981ea3 SSDeep: 192:wCnUoZzGsz47Z9+mWrA9xdOlCmOCE85sHgdP6ypj7y:wCUo8v+mWoxdO0mHFsH26yp7y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.RYK | 1.97 KB |
MD5:
ee7028da33082058abe1d6d6b84e192e
SHA1: a47441bc8a2b8b75b153a47af272bb31699e97ed SHA256: 07bfc7b20662e27620eea206990cc06b3d5dbce4fd9ffff5ed76335f858988f9 SSDeep: 48:Rya3TrE2oKksDUX6gDqxvjZIEL2J7VWtNTiDvjwK39L:R13To2NksYqVjUoze4y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.RYK | 1.75 KB |
MD5:
871eae09f0173a3cf375cfc98584130e
SHA1: e83702818a6b7eaf539233829cb88b4ae3f7aae8 SHA256: 1343cee6db51e1e9d083de268e4476b7c155ea32aae7a264b708f4a12a6b5ef1 SSDeep: 24:DSB0PmKqWoyDg1081xVHFbRyn/vVgKhpleOlbGiAAOjpoamcpsxuubPNI0eGCAn:2kZvXDgy8Xbcn/ve9cSFAt5xu0DCAn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.RYK | 0.94 KB |
MD5:
03f788b413e3c17914952453df1af5cb
SHA1: f13476d149b88636aedcfe0e200a49f81adedad0 SHA256: 9b9725b5991025b6e29ccf0261230389ee1c3d5b4c16417efac82c98483dcc9a SSDeep: 24:9skhuG9YZ7hXnR490uvf6vU3a04ln4tCiY16bSqRUX8x39GH3:9skE7pnCfV5tCiYGysl0H3 |
|
|
Host Behavior
File (6614)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Boot\cs-CZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\da-DK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\de-DE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
21 | |
| Create | C:\Boot\el-GR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-ES\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fi-FI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-FR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hu-HU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\it-IT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ja-JP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ko-KR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nb-NO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nl-NL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pl-PL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-BR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-PT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ru-RU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sv-SE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\tr-TR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-CN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-HK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-TW\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Config.Msi\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
12 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-1jPtqir3151Mm1.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-wD1CtzoKAaqRQ.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2N8XoM8KdtEKR3l.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6Xzko9PES.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9WqOaVZQQXr80Vx9E.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aD6vbI_L fbZ9ov.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DAWmK.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DOFJFpLhODvfDEn.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ekU6o.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\e_emDq.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\fsVeUQ3vvXBdb.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\i7hPXw2ABInk5.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JwUco-T9UIE0RtuaL_E1.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ku4FJybSEU_gTLXa4Ki.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\LUmqNJWc-x1pVYRe1Bl.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mELW3sX.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\oFV7p3fp.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\p3RBIS7TpgYpC eu54.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RUuQyHR7-6IM-BJ.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\s9CZ4O ljxCp.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sZHi jusNhd6.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UgVxY.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WdoxaNgwfJgc.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wTpNmmdXLi4UIyadv.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\X4M1Ejkgszn5vH.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\XNlF1fAZqiwMihZ5.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xohqs4vrtY1de wn.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
14 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IME12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP8_1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP9_0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Publisher\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TaskSchedulerConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
12 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn2\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Themes\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.pat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-1jPtqir3151Mm1.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-wD1CtzoKAaqRQ.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2N8XoM8KdtEKR3l.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6Xzko9PES.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9WqOaVZQQXr80Vx9E.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aD6vbI_L fbZ9ov.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DAWmK.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DOFJFpLhODvfDEn.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ekU6o.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\e_emDq.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\fsVeUQ3vvXBdb.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\i7hPXw2ABInk5.odp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JwUco-T9UIE0RtuaL_E1.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ku4FJybSEU_gTLXa4Ki.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\LUmqNJWc-x1pVYRe1Bl.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mELW3sX.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\oFV7p3fp.odt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RUuQyHR7-6IM-BJ.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\s9CZ4O ljxCp.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sZHi jusNhd6.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UgVxY.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WdoxaNgwfJgc.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\p3RBIS7TpgYpC eu54.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.MSO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.Word\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wTpNmmdXLi4UIyadv.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\X4M1Ejkgszn5vH.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\XNlF1fAZqiwMihZ5.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xohqs4vrtY1de wn.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
11 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IME12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\ieonline.microsoft[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\fwlink[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\fwlink[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\fwlink[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\fwlink[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP8_1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP9_0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\3LKBQZJ3\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\8NES5H33\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\FKLUIDU0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\OWLVMZRC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Publisher\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TaskSchedulerConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
10 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn2\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Themes\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\edb00001.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.pat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Green Bubbles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Hand Prints.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\HandPrints.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Orange Circles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Shades of Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Soft Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\SoftBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Gadgets\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.pat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.DTD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-1jPtqir3151Mm1.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-wD1CtzoKAaqRQ.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2N8XoM8KdtEKR3l.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6Xzko9PES.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9WqOaVZQQXr80Vx9E.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aD6vbI_L fbZ9ov.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DAWmK.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DOFJFpLhODvfDEn.pdf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ekU6o.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\e_emDq.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\fsVeUQ3vvXBdb.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\i7hPXw2ABInk5.odp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JwUco-T9UIE0RtuaL_E1.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ku4FJybSEU_gTLXa4Ki.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Settings.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\LUmqNJWc-x1pVYRe1Bl.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mELW3sX.flv.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\oFV7p3fp.odt.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\p3RBIS7TpgYpC eu54.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RUuQyHR7-6IM-BJ.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\s9CZ4O ljxCp.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sZHi jusNhd6.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xohqs4vrtY1de wn.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.MSO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.Word\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\AntiPhishing\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\Users\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UgVxY.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WdoxaNgwfJgc.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\X4M1Ejkgszn5vH.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wTpNmmdXLi4UIyadv.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\XNlF1fAZqiwMihZ5.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
20 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019042420190425\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IME12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP8_1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP9_0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\3LKBQZJ3\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\8NES5H33\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\FKLUIDU0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\OWLVMZRC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\ieonline.microsoft[1] | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\8NES5H33\get.adobe[1].xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\01_Music_auto_rated_at_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\02_Music_added_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\03_Music_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\04_Music_played_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\05_Pictures_taken_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\06_Pictures_rated_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\07_TV_recorded_in_the_last_week.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\08_Video_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\09_Music_played_the_most.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\10_All_Music.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\11_All_Pictures.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\12_All_Video.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\01_Music_auto_rated_at_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\02_Music_added_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\03_Music_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\04_Music_played_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\05_Pictures_taken_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\06_Pictures_rated_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\07_TV_recorded_in_the_last_week.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\08_Video_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\09_Music_played_the_most.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Publisher\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TaskSchedulerConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
11 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn2\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.MSO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.Word\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Virtualized\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Virtualized\C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Themes\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Gadgets\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.pat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.pat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | size = 145, size_out = 145 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 645, size_out = 645 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 627 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | size = 160 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 656 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.XML | size = 10192 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini | size = 627 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | size = 627 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 268 |
|
1 | |
|
For performance reasons, the remaining 4004 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (1387)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | net | show_window = SW_HIDE |
|
1 | |
| Create | net | show_window = SW_HIDE |
|
24 | |
| Enumerate Processes | - | - |
|
1267 | |
| Enumerate Processes | - | - |
|
25 | |
| Open | System | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\audiodg.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows media player\yoga slot.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft sync framework\charlie wi root.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\reserve_libraries.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\microsoft.net\born.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft synchronization services\sail.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows defender\rewardbikescarol.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\tomato.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\adobe\turningassignmentdealers.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows defender\watson_pam.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft sql server compact edition\violent.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows media player\barsassumes.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\java\ultra offline nov.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\common files\needs.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\uninstall information\chad fresh schedules.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\uninstall information\tree_cc.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\google\fg-ocean.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows nt\xboxsemesterindicator.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\bearslabsmary.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows journal\common_mailing_shared.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft sync framework\finder tables.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows photo viewer\alarmpackardar.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\wbem\wmiprvse.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows media player\yoga slot.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft sync framework\charlie wi root.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\reserve_libraries.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\microsoft.net\born.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft synchronization services\sail.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows defender\rewardbikescarol.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\reference assemblies\tomato.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\adobe\turningassignmentdealers.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows defender\watson_pam.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft sql server compact edition\violent.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows media player\barsassumes.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\java\ultra offline nov.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\common files\needs.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\uninstall information\chad fresh schedules.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\uninstall information\tree_cc.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\google\fg-ocean.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows nt\xboxsemesterindicator.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files (x86)\windows photo viewer\bearslabsmary.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows journal\common_mailing_shared.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\microsoft sync framework\finder tables.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| Open | c:\program files\windows photo viewer\alarmpackardar.exe | desired_access = PROCESS_ALL_ACCESS |
|
1 |
Thread (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | c:\windows\system32\dwm.exe | proc_address = 0x13f612470, proc_parameter = 5358288896, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\taskhost.exe | proc_address = 0x13f612470, proc_parameter = 5358288896, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Create | c:\windows\system32\taskeng.exe | proc_address = 0x13f612470, proc_parameter = 5358288896, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
Memory (27)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | c:\windows\system32\dwm.exe | address = 5358288896, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\system32\taskhost.exe | address = 5358288896, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\windows\system32\taskeng.exe | address = 5358288896, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\windows media player\yoga slot.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\microsoft sync framework\charlie wi root.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\windows photo viewer\reserve_libraries.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\microsoft.net\born.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\microsoft synchronization services\sail.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\windows defender\rewardbikescarol.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\reference assemblies\tomato.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\adobe\turningassignmentdealers.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\windows defender\watson_pam.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\microsoft sql server compact edition\violent.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\windows media player\barsassumes.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\java\ultra offline nov.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\common files\needs.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\uninstall information\chad fresh schedules.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\uninstall information\tree_cc.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\google\fg-ocean.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\windows nt\xboxsemesterindicator.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files (x86)\windows photo viewer\bearslabsmary.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\windows journal\common_mailing_shared.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\microsoft sync framework\finder tables.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Allocate | c:\program files\windows photo viewer\alarmpackardar.exe | address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3764224 |
|
1 | |
| Write | c:\windows\system32\dwm.exe | address = 0x13f610000, size = 3764224 |
|
1 | |
| Write | c:\windows\system32\taskhost.exe | address = 0x13f610000, size = 3764224 |
|
1 | |
| Write | c:\windows\system32\taskeng.exe | address = 0x13f610000, size = 3764224 |
|
1 |
Module (131)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x7fef85e0000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
4 | |
| Load | kernel32 | base_address = 0x0 |
|
2 | |
| Load | kernel32 | base_address = 0x76e30000 |
|
2 | |
| Load | advapi32 | base_address = 0x0 |
|
1 | |
| Load | advapi32 | base_address = 0x7fefdbf0000 |
|
1 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
2 | |
| Load | kernel32.dll | base_address = 0x76e30000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7fefa380000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7fefdbf0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7fefe2b0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7fefe4c0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7fefa840000 |
|
1 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe | base_address = 0x13f610000 |
|
24 | |
| Get Filename | api-ms-win-core-localization-l1-2-1 | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zzzavxu.exe, size = 260 |
|
2 | |
| Get Filename | api-ms-win-core-localization-l1-2-1 | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zzzavxu.exe, size = 100 |
|
1 | |
| Get Address | c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll | function = InitializeCriticalSectionEx, address_out = 0x0 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsAlloc, address_out = 0x76e47190 |
|
2 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsSetValue, address_out = 0x76e4bd90 |
|
2 | |
| Get Address | c:\windows\system32\advapi32.dll | function = EventRegister, address_out = 0x76f8cac0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = EventSetInformation, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FlsGetValue, address_out = 0x76e53520 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LCMapStringEx, address_out = 0x76e7b710 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76e47070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76e52dd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x76e41260 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7fefdbf8140 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x76e3ad90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x76e4bdf0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x76e4c480 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x76e48070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x76e41910 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76e467a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7fefdbfdc20 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x76f740f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76e7bb30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x76ec8840 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7fefa84e558 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x76e3d910 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76e7bb40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76e394e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7fefdc01fd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x76e41500 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefdc0c480 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76e52f80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7fefdc01ed0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefdc10710 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x76ec5620 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x76e437a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x76ec8d80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7fefdc2b6b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7fefdbf19bc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76e52b70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76e45cf0 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7fefe4d983c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x76e3f9d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x76e380c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x76e4bd60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76e41170 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76e464a0 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7fefe71ec80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76e465e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76e47700 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x76e531f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x76e39b30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x76e535a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x76e3b930 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7fefa3841a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7fefdc106f0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7fefa3842dc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76e382b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x76e32d50 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefdc0b5f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x76e41150 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x76e52b00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x76e4bdd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x76e4bd80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7fefdbfd98c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x76e33060 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7fefa383e00 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7fefe2ca51c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7fefdc2b6d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7fefdbfaf6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x76e3af00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x76e392d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x76e46620 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x76e51bb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x76e3ad70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76e46580 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7fefdbfafa0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7fefe2d7490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x76e41870 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x76e413e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7fefdc2b650 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7fefdbfbbb0 |
|
1 |
Service (72)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (84)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
2 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
24 | |
| Sleep | duration = 150 milliseconds (0.150 seconds) |
|
25 | |
| Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
24 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| Get Time | type = System Time, time = 2019-04-24 06:39:11 (UTC) |
|
1 | |
| Get Time | type = Performance Ctr, time = 15455690689 |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
2 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #2: dwm.exe
86
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\dwm.exe |
| Command Line | "C:\Windows\system32\Dwm.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:48, Reason: Injection |
| Unmonitor | End Time: 00:01:00, Reason: Crashed |
| Monitor Duration | 00:00:12 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x448 |
| Parent PID | 0x334 (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
994
0x
5E8
0x
5CC
0x
464
0x
458
0x
44C
0x
A58
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x13F610000 | 0x13F9A6FFF | First Execution | - | 64-bit | 0x13F61CDCC, 0x13F61DD24, ... |
|
|
|
| dwm.exe | 0xFFEF0000 | 0xFFF12FFF | Relevant Image | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe | 0xa38 | address = 0x13f610000, size = 3764224 |
|
1 | |
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe | 0xa38 | address = 0x13f612470 |
|
1 |
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76e30000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7fefa380000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7fefdbf0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7fefe2b0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7fefe4c0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7fefa840000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76e47070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76e52dd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x76e41260 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7fefdbf8140 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x76e3ad90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x76e4bdf0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x76e4c480 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x76e48070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x76e41910 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76e467a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7fefdbfdc20 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x76f740f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76e7bb30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x76ec8840 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7fefa84e558 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x76e3d910 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76e7bb40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76e394e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7fefdc01fd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x76e41500 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefdc0c480 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76e52f80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7fefdc01ed0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefdc10710 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x76ec5620 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x76e437a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x76ec8d80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7fefdc2b6b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7fefdbf19bc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76e52b70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76e45cf0 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7fefe4d983c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x76e3f9d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x76e380c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x76e4bd60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76e41170 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76e464a0 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7fefe71ec80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76e465e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76e47700 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x76e531f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x76e39b30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x76e535a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x76e3b930 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7fefa3841a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7fefdc106f0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7fefa3842dc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76e382b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x76e32d50 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefdc0b5f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x76e41150 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x76e52b00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x76e4bdd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x76e4bd80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7fefdbfd98c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x76e33060 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7fefa383e00 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7fefe2ca51c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7fefdc2b6d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7fefdbfaf6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x76e3af00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x76e392d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x76e46620 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x76e51bb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x76e3ad70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76e46580 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7fefdbfafa0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7fefe2d7490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x76e41870 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x76e413e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7fefdc2b650 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7fefdbfbbb0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 |
Process #3: taskhost.exe
88
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\taskhost.exe |
| Command Line | "taskhost.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:49, Reason: Injection |
| Unmonitor | End Time: 00:01:09, Reason: Crashed |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4ac |
| Parent PID | 0x1cc (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
980
0x
7F4
0x
79C
0x
784
0x
77C
0x
778
0x
770
0x
4FC
0x
4E0
0x
4C4
0x
4B0
0x
A64
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| taskhost.exe | 0xFFBE0000 | 0xFFBF3FFF | Relevant Image | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe | 0xa38 | address = 0x13f612470 |
|
1 |
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76e30000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7fefa380000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7fefdbf0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7fefe2b0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7fefe4c0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7fefa840000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76e47070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76e52dd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x76e41260 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7fefdbf8140 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x76e3ad90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x76e4bdf0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x76e4c480 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x76e48070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x76e41910 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76e467a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7fefdbfdc20 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x76f740f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76e7bb30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x76ec8840 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7fefa84e558 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x76e3d910 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76e7bb40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76e394e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7fefdc01fd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x76e41500 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefdc0c480 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76e52f80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7fefdc01ed0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefdc10710 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x76ec5620 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x76e437a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x76ec8d80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7fefdc2b6b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7fefdbf19bc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76e52b70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76e45cf0 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7fefe4d983c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x76e3f9d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x76e380c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x76e4bd60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76e41170 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76e464a0 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7fefe71ec80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76e465e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76e47700 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x76e531f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x76e39b30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x76e535a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x76e3b930 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7fefa3841a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7fefdc106f0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7fefa3842dc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76e382b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x76e32d50 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefdc0b5f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x76e41150 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x76e52b00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x76e4bdd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x76e4bd80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7fefdbfd98c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x76e33060 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7fefa383e00 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7fefe2ca51c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7fefdc2b6d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7fefdbfaf6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x76e3af00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x76e392d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x76e46620 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x76e51bb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x76e3ad70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76e46580 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7fefdbfafa0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7fefe2d7490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x76e41870 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x76e413e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7fefdc2b650 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7fefdbfbbb0 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
2 |
Process #4: net.exe
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:49, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa68 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A6C
|
Process #5: net.exe
0
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:50, Reason: Child Process |
| Unmonitor | End Time: 00:00:52, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa80 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A84
|
Process #6: taskeng.exe
41453
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\system32\taskeng.exe |
| Command Line | taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1] |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:50, Reason: Injection |
| Unmonitor | End Time: 00:03:10, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x50c |
| Parent PID | 0x36c (c:\windows\system32\svchost.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
990
0x
7EC
0x
578
0x
574
0x
520
0x
514
0x
510
0x
A98
0x
F04
0x
F08
0x
F0C
0x
F10
0x
F14
0x
F18
0x
F1C
0x
F20
0x
F24
0x
F28
0x
F2C
0x
F30
0x
F34
0x
F38
0x
F3C
0x
F40
0x
F44
0x
F48
0x
F4C
0x
F50
0x
F54
0x
F58
0x
F5C
0x
F60
0x
F64
0x
F68
0x
F6C
0x
F70
0x
F74
0x
F78
0x
F7C
0x
F80
0x
F84
0x
F88
0x
F8C
0x
F90
0x
F94
0x
F98
0x
F9C
0x
FA0
0x
FA4
0x
FA8
0x
FAC
0x
FB0
0x
FB4
0x
FB8
0x
FBC
0x
FC0
0x
FC4
0x
FC8
0x
FCC
0x
FD0
0x
FD4
0x
FD8
0x
FDC
0x
FE0
0x
FE4
0x
FE8
0x
FEC
0x
FF0
0x
FF4
0x
FF8
0x
FFC
0x
1004
0x
1008
0x
100C
0x
1010
0x
1014
0x
1018
0x
101C
0x
1020
0x
1024
0x
1028
0x
102C
0x
1030
0x
1034
0x
1038
0x
103C
0x
1040
0x
104C
0x
1050
0x
1054
0x
1058
0x
105C
0x
1060
0x
1064
0x
1068
0x
106C
0x
1070
0x
1074
0x
1078
0x
107C
0x
1080
0x
1084
0x
1088
0x
108C
0x
1090
0x
1094
0x
1098
0x
109C
0x
10A0
0x
10A4
0x
10A8
0x
10AC
0x
10B0
0x
10B4
0x
10B8
0x
10BC
0x
10C0
0x
10C4
0x
10C8
0x
10CC
0x
10D0
0x
10D4
0x
10D8
0x
10DC
0x
10E0
0x
10E4
0x
10E8
0x
10EC
0x
10F0
0x
10F4
0x
10F8
0x
10FC
0x
1100
0x
1104
0x
1108
0x
110C
0x
1110
0x
111C
0x
1120
0x
1124
0x
1128
0x
112C
0x
1130
0x
1134
0x
1138
0x
113C
0x
1140
0x
1144
0x
1150
0x
1154
0x
1158
0x
115C
0x
1160
0x
1164
0x
1168
0x
116C
0x
11BC
0x
11C0
0x
11C4
0x
11C8
0x
11CC
0x
11D4
0x
11D8
0x
11DC
0x
11E0
0x
11E4
0x
11E8
0x
11EC
0x
11F0
0x
11F4
0x
11F8
0x
11FC
0x
1200
0x
1204
0x
1208
0x
120C
0x
1210
0x
1214
0x
1218
0x
1220
0x
1224
0x
1228
0x
122C
0x
1230
0x
1234
0x
1238
0x
123C
0x
1240
0x
1244
0x
1248
0x
124C
0x
1250
0x
1254
0x
1258
0x
125C
0x
1260
0x
1264
0x
1268
0x
126C
0x
1270
0x
1274
0x
1278
0x
127C
0x
1280
0x
1288
0x
128C
0x
1290
0x
12A0
0x
12A4
0x
12A8
0x
12AC
0x
12B0
0x
12B4
0x
12B8
0x
12BC
0x
12C0
0x
12C4
0x
12C8
0x
12CC
0x
12D0
0x
12E4
0x
12E8
0x
12EC
0x
12F0
0x
12F4
0x
12F8
0x
12FC
0x
1300
0x
1304
0x
1308
0x
130C
0x
1310
0x
1314
0x
1318
0x
131C
0x
1320
0x
1324
0x
1328
0x
132C
0x
1330
0x
1334
0x
1338
0x
133C
0x
1340
0x
1344
0x
1348
0x
1350
0x
1354
0x
1358
0x
135C
0x
1360
0x
1364
0x
1368
0x
136C
0x
1370
0x
1374
0x
1378
0x
137C
0x
1380
0x
1384
0x
1388
0x
138C
0x
1390
0x
1394
0x
1398
0x
139C
0x
13A0
0x
13A4
0x
13A8
0x
13AC
0x
13B0
0x
13B4
0x
13B8
0x
13BC
0x
13C0
0x
13C4
0x
13C8
0x
13CC
0x
13D0
0x
13D4
0x
13D8
0x
13DC
0x
13E0
0x
13E4
0x
13E8
0x
13EC
0x
13F0
0x
13F4
0x
13F8
0x
13FC
0x
F7C
0x
114C
0x
1284
0x
6E0
0x
12D8
0x
12E0
0x
121C
0x
1118
0x
1404
0x
1408
0x
140C
0x
1410
0x
1414
0x
1418
0x
141C
0x
1420
0x
1424
0x
1428
0x
142C
0x
1430
0x
1434
0x
14AC
0x
14B0
0x
14B4
0x
14B8
0x
14BC
0x
14C0
0x
14C4
0x
14C8
0x
14CC
0x
14D0
0x
14D4
0x
14D8
0x
14DC
0x
14E0
0x
14E4
0x
1570
0x
1574
0x
1578
0x
157C
0x
1580
0x
1584
0x
1588
0x
158C
0x
1590
0x
1594
0x
1598
0x
159C
0x
15A0
0x
1630
0x
1634
0x
1638
0x
163C
0x
1640
0x
1644
0x
1648
0x
164C
0x
1650
0x
1654
0x
1658
0x
165C
0x
1660
0x
1664
0x
1668
0x
166C
0x
1694
0x
1698
0x
169C
0x
16A0
0x
16A4
0x
16A8
0x
16AC
0x
16B0
0x
16B4
0x
16B8
0x
16BC
0x
16C0
0x
16C4
0x
16C8
0x
16CC
0x
16D0
0x
16D4
0x
16D8
0x
16DC
0x
16E0
0x
16E4
0x
16E8
0x
16EC
0x
16F0
0x
16F4
0x
16F8
0x
16FC
0x
1700
0x
1704
0x
1708
0x
170C
0x
1710
0x
1714
0x
1718
0x
171C
0x
1720
0x
1724
0x
1728
0x
172C
0x
1730
0x
1734
0x
1738
0x
173C
0x
1740
0x
1744
0x
1748
0x
174C
0x
1750
0x
1754
0x
1758
0x
175C
0x
1760
0x
1764
0x
1768
0x
176C
0x
1770
0x
1774
0x
1778
0x
177C
0x
1780
0x
1784
0x
1788
0x
178C
0x
1790
0x
1794
0x
1798
0x
179C
0x
17A0
0x
17A4
0x
17A8
0x
17AC
0x
17B0
0x
17B4
0x
17B8
0x
17BC
0x
17C0
0x
17C4
0x
17C8
0x
17CC
0x
17D0
0x
17D4
0x
17D8
0x
17DC
0x
17E0
0x
17E4
0x
17E8
0x
17EC
0x
17F0
0x
17F4
0x
17F8
0x
17FC
0x
129C
0x
1674
0x
15A4
0x
1298
0x
134C
0x
1804
0x
1808
0x
180C
0x
1810
0x
1814
0x
1818
0x
181C
0x
1820
0x
1824
0x
1828
0x
182C
0x
1830
0x
1834
0x
1838
0x
183C
0x
1840
0x
1844
0x
1848
0x
184C
0x
1850
0x
1854
0x
1858
0x
185C
0x
1860
0x
1864
0x
1868
0x
186C
0x
1870
0x
1874
0x
1878
0x
187C
0x
1880
0x
1884
0x
18A4
0x
18A8
0x
18AC
0x
18B0
0x
18B4
0x
18B8
0x
18BC
0x
18C0
0x
18C4
0x
18C8
0x
18CC
0x
18D0
0x
18D4
0x
18D8
0x
18DC
0x
18E0
0x
18E4
0x
18E8
0x
18EC
0x
18F0
0x
18F4
0x
18F8
0x
18FC
0x
1900
0x
1904
0x
1908
0x
190C
0x
1910
0x
1914
0x
1918
0x
191C
0x
1928
0x
192C
0x
1930
0x
1934
0x
1938
0x
193C
0x
1940
0x
1944
0x
1948
0x
194C
0x
1950
0x
1954
0x
1958
0x
195C
0x
1960
0x
1964
0x
1968
0x
196C
0x
1970
0x
1974
0x
1978
0x
197C
0x
1980
0x
1984
0x
1988
0x
198C
0x
1990
0x
1994
0x
1998
0x
199C
0x
19A0
0x
19A4
0x
19A8
0x
19AC
0x
19B0
0x
19B4
0x
19B8
0x
19BC
0x
19C0
0x
19C4
0x
19C8
0x
19CC
0x
19D0
0x
19D4
0x
19D8
0x
19DC
0x
19E0
0x
19E4
0x
19E8
0x
19EC
0x
19F0
0x
19F4
0x
19F8
0x
19FC
0x
1A00
0x
1A04
0x
1A08
0x
1A0C
0x
1A10
0x
1A14
0x
1A18
0x
1A1C
0x
1A98
0x
1A9C
0x
1AA0
0x
1AA4
0x
1AA8
0x
1AAC
0x
1AB0
0x
1AB4
0x
1AB8
0x
1ABC
0x
1AC0
0x
1AC4
0x
1AC8
0x
1ACC
0x
1AD0
0x
1AD4
0x
1AD8
0x
1ADC
0x
1AE0
0x
1AE4
0x
1AE8
0x
1AEC
0x
1AF0
0x
1AF4
0x
1AF8
0x
1AFC
0x
1B00
0x
1B04
0x
1B08
0x
1B0C
0x
1B10
0x
1B14
0x
1B18
0x
1B1C
0x
1B20
0x
1B24
0x
1B28
0x
1B2C
0x
1B30
0x
1B34
0x
1B38
0x
1B3C
0x
1BAC
0x
1BB0
0x
1BB4
0x
1BB8
0x
1BBC
0x
1BC0
0x
1BC4
0x
1BC8
0x
1BCC
0x
1BD0
0x
1BD4
0x
1BD8
0x
1BDC
0x
1BE0
0x
1BE4
0x
1BEC
0x
1BF0
0x
1BF4
0x
1BF8
0x
1BFC
0x
1888
0x
1898
0x
1924
0x
18A0
0x
1890
0x
189C
0x
12DC
0x
1114
0x
1C70
0x
1C74
0x
1C78
0x
1C7C
0x
1C80
0x
1C84
0x
1C88
0x
1C8C
0x
1C90
0x
1C94
0x
1C98
0x
1C9C
0x
1CA0
0x
1CA4
0x
1CA8
0x
1CAC
0x
1CB0
0x
1CB4
0x
1CB8
0x
1CBC
0x
1CC0
0x
1CC4
0x
1CC8
0x
1CCC
0x
1CD0
0x
1CD4
0x
1CE4
0x
1CE8
0x
1CEC
0x
1CF0
0x
1CF4
0x
1CF8
0x
1CFC
0x
1D00
0x
1D04
0x
1D08
0x
1D0C
0x
1D10
0x
1D14
0x
1D18
0x
1D1C
0x
1D20
0x
1D24
0x
1D28
0x
1D2C
0x
1D30
0x
1D6C
0x
1E08
0x
1E0C
0x
1E10
0x
1E14
0x
1E18
0x
1E1C
0x
1E20
0x
1E24
0x
1E28
0x
1E2C
0x
1E30
0x
1E34
0x
1E38
0x
1E3C
0x
1E40
0x
1E44
0x
1E48
0x
1E4C
0x
1E50
0x
1E54
0x
1E58
0x
1E5C
0x
1E60
0x
1E64
0x
1E68
0x
1E6C
0x
1E70
0x
1EFC
0x
1F00
0x
1F04
0x
1F08
0x
1F0C
0x
1F10
0x
1F14
0x
1F18
0x
1F1C
0x
1F20
0x
1F24
0x
1F28
0x
1F2C
0x
1F30
0x
1F34
0x
1F38
0x
1F3C
0x
1F40
0x
1F44
0x
1F48
0x
1F4C
0x
1F50
0x
1F54
0x
1F58
0x
1F5C
0x
1F60
0x
1F64
0x
1F68
0x
1F6C
0x
1F70
0x
1F74
0x
1F78
0x
1F7C
0x
1F80
0x
1F84
0x
1F88
0x
1F8C
0x
1F90
0x
1F94
0x
1F98
0x
1F9C
0x
1FA0
0x
1FA4
0x
1FA8
0x
1FAC
0x
1FB0
0x
1FB4
0x
1FB8
0x
1FBC
0x
1FC0
0x
1FC4
0x
1FC8
0x
1FCC
0x
1FD0
0x
1FD4
0x
1FD8
0x
1FDC
0x
1FE0
0x
1FE4
0x
2048
0x
204C
0x
2050
0x
2054
0x
2058
0x
205C
0x
2060
0x
2064
0x
2068
0x
206C
0x
2070
0x
2074
0x
2078
0x
207C
0x
2080
0x
2084
0x
2088
0x
208C
0x
2090
0x
2094
0x
2098
0x
209C
0x
20A0
0x
2110
0x
2114
0x
2118
0x
211C
0x
2120
0x
2124
0x
2128
0x
212C
0x
2130
0x
2134
0x
2138
0x
213C
0x
2140
0x
2144
0x
2148
0x
214C
0x
2150
0x
2154
0x
2158
0x
215C
0x
2160
0x
2164
0x
2168
0x
216C
0x
2170
0x
2174
0x
2178
0x
217C
0x
21E8
0x
21EC
0x
21F0
0x
21F4
0x
21F8
0x
21FC
0x
2200
0x
2204
0x
2208
0x
220C
0x
2210
0x
2214
0x
2218
0x
221C
0x
2220
0x
2224
0x
2228
0x
222C
0x
2230
0x
2234
0x
2238
0x
223C
0x
2240
0x
2244
0x
2248
0x
224C
0x
22B0
0x
22B4
0x
22B8
0x
22BC
0x
22C0
0x
22C4
0x
22C8
0x
22CC
0x
22D0
0x
22D4
0x
22D8
0x
22DC
0x
22E0
0x
22E4
0x
22E8
0x
22EC
0x
22F0
0x
22F4
0x
22F8
0x
22FC
0x
2300
0x
2304
0x
2308
0x
230C
0x
2310
0x
2314
0x
2318
0x
231C
0x
2320
0x
2324
0x
2390
0x
2394
0x
2398
0x
239C
0x
23A0
0x
23A4
0x
23A8
0x
23AC
0x
23B0
0x
23B4
0x
23B8
0x
23BC
0x
23C0
0x
23C4
0x
23C8
0x
23CC
0x
23D0
0x
23D4
0x
23D8
0x
23DC
0x
23E0
0x
241C
0x
2420
0x
2424
0x
2428
0x
242C
0x
245C
0x
2460
0x
2464
0x
2468
0x
246C
0x
2470
0x
2474
0x
2478
0x
247C
0x
2480
0x
2484
0x
2488
0x
24C0
0x
24C4
0x
24C8
0x
24CC
0x
24D0
0x
24D4
0x
24D8
0x
24DC
0x
24E0
0x
24E4
0x
24E8
0x
24EC
0x
24F0
0x
24F4
0x
252C
0x
2530
0x
2534
0x
2538
0x
253C
0x
2540
0x
2544
0x
2548
0x
254C
0x
2550
0x
2554
0x
2558
0x
255C
0x
2560
0x
25BC
0x
25C0
0x
25C4
0x
25C8
0x
25CC
0x
25D0
0x
25D4
0x
25D8
0x
25DC
0x
25E0
0x
25E4
0x
25E8
0x
25EC
0x
25F0
0x
25F4
0x
25F8
0x
25FC
0x
2600
0x
2604
0x
2608
0x
260C
0x
2610
0x
2654
0x
2658
0x
265C
0x
2660
0x
2664
0x
2668
0x
266C
0x
2670
0x
2674
0x
267C
0x
2680
0x
2684
0x
2688
0x
268C
0x
2690
0x
2694
0x
2698
0x
269C
0x
26A0
0x
26A4
0x
26A8
0x
26AC
0x
26B0
0x
26B4
0x
26B8
0x
26BC
0x
26C0
0x
26C4
0x
26C8
0x
26CC
0x
26D0
0x
26D4
0x
2728
0x
272C
0x
2730
0x
2734
0x
2738
0x
273C
0x
2740
0x
2744
0x
2748
0x
274C
0x
2750
0x
2754
0x
2758
0x
275C
0x
2760
0x
2764
0x
2768
0x
276C
0x
2770
0x
2774
0x
2778
0x
27E0
0x
27E4
0x
27E8
0x
27EC
0x
27F0
0x
27F4
0x
27F8
0x
27FC
0x
250
0x
414
0x
768
0x
2804
0x
2808
0x
280C
0x
2810
0x
2814
0x
2818
0x
281C
0x
2820
0x
2824
0x
2878
0x
287C
0x
2880
0x
2884
0x
2888
0x
288C
0x
2890
0x
2894
0x
2898
0x
289C
0x
28DC
0x
28E0
0x
28E4
0x
28E8
0x
28EC
0x
28F0
0x
28F4
0x
28F8
0x
28FC
0x
2900
0x
2904
0x
2948
0x
294C
0x
2950
0x
2954
0x
2958
0x
295C
0x
2960
0x
2964
0x
2968
0x
296C
0x
2970
0x
2974
0x
2978
0x
297C
0x
2980
0x
2984
0x
2988
0x
298C
0x
2990
0x
2994
0x
2998
0x
299C
0x
29A0
0x
29A4
0x
29A8
0x
29AC
0x
29B0
0x
29B4
0x
29B8
0x
29BC
0x
2A2C
0x
2A30
0x
2A34
0x
2A38
0x
2A3C
0x
2A40
0x
2A44
0x
2A48
0x
2A4C
0x
2A50
0x
2A54
0x
2A58
0x
2A5C
0x
2A60
0x
2A64
0x
2A68
0x
2A6C
0x
2A70
0x
2A74
0x
2A78
0x
2A7C
0x
2A80
0x
2AE4
0x
2AE8
0x
2AEC
0x
2AF0
0x
2AF4
0x
2AF8
0x
2AFC
0x
2B00
0x
2B04
0x
2B08
0x
2B0C
0x
2B10
0x
2B14
0x
2B18
0x
2B1C
0x
2B20
0x
2B24
0x
2B28
0x
2B2C
0x
2B30
0x
2B34
0x
2B38
0x
2B3C
0x
2B40
0x
2BAC
0x
2BB0
0x
2BB4
0x
2BB8
0x
2BBC
0x
2BC0
0x
2BC4
0x
2BC8
0x
2BCC
0x
2BD0
0x
2BD4
0x
2BD8
0x
2BDC
0x
2BE0
0x
2BE4
0x
2BF8
0x
2C04
0x
2C0C
0x
2C14
0x
2C1C
0x
2C24
0x
2C2C
0x
2C34
0x
2C40
0x
2C48
0x
2C50
0x
2C54
0x
2C58
0x
2C5C
0x
2C60
0x
2C64
0x
2C68
0x
2C6C
0x
2C70
0x
2C74
0x
2C78
0x
2C7C
0x
2C80
0x
2C84
0x
2C88
0x
2C8C
0x
2C90
0x
2C94
0x
2C98
0x
2C9C
0x
2CF0
0x
2CF4
0x
2CF8
0x
2CFC
0x
2D00
0x
2D04
0x
2D08
0x
2D0C
0x
2D10
0x
2D14
0x
2D18
0x
2D1C
0x
2D6C
0x
2D70
0x
2D74
0x
2D78
0x
2D7C
0x
2D80
0x
2D84
0x
2D88
0x
2D8C
0x
2D90
0x
2D94
0x
2D98
0x
2D9C
0x
2DA0
0x
2DA4
0x
2DA8
0x
2DF0
0x
2DF4
0x
2DF8
0x
2DFC
0x
2E00
0x
2E04
0x
2E08
0x
2E0C
0x
2E10
0x
2E14
0x
2E18
0x
2E1C
0x
2E20
0x
2E24
0x
2E28
0x
2E2C
0x
2E74
0x
2E78
0x
2E7C
0x
2E80
0x
2E84
0x
2E88
0x
2E8C
0x
2E90
0x
2E94
0x
2E98
0x
2E9C
0x
2EA0
0x
2EA4
0x
2EA8
0x
2EAC
0x
2EF8
0x
2EFC
0x
2F00
0x
2F04
0x
2F08
0x
2F0C
0x
2F10
0x
2F14
0x
2F18
0x
2F1C
0x
2F20
0x
2F24
0x
2F28
0x
2F2C
0x
2F30
0x
2F34
0x
2F38
0x
2F48
0x
2F4C
0x
2F50
0x
2F54
0x
2F58
0x
2F5C
0x
2F60
0x
2F64
0x
2F68
0x
2F6C
0x
2F70
0x
2FA0
0x
302C
0x
3164
0x
3168
0x
316C
0x
3170
0x
3174
0x
3178
0x
317C
0x
3180
0x
3184
0x
3188
0x
318C
0x
3190
0x
3194
0x
3198
0x
319C
0x
31C4
0x
31C8
0x
31CC
0x
31D0
0x
31D4
0x
31D8
0x
31DC
0x
31E0
0x
31E4
0x
31E8
0x
31EC
0x
31F0
0x
31F4
0x
31F8
0x
31FC
0x
3208
0x
320C
0x
3210
0x
3214
0x
3218
0x
321C
0x
3220
0x
3224
0x
3228
0x
322C
0x
3230
0x
3234
0x
3238
0x
323C
0x
3240
0x
3244
0x
3248
0x
324C
0x
3258
0x
325C
0x
3260
0x
3264
0x
3268
0x
326C
0x
3270
0x
3274
0x
3278
0x
327C
0x
3280
0x
3284
0x
3288
0x
328C
0x
3294
0x
3298
0x
329C
0x
32A0
0x
32A4
0x
32A8
0x
32AC
0x
32B0
0x
32B4
0x
32B8
0x
32BC
0x
32C0
0x
32C4
0x
32C8
0x
32CC
0x
32D0
0x
32D4
0x
32E0
0x
32E4
0x
32E8
0x
32EC
0x
32F0
0x
32F4
0x
32F8
0x
32FC
0x
3300
0x
3304
0x
3308
0x
330C
0x
3310
0x
331C
0x
3320
0x
3324
0x
3328
0x
332C
0x
3330
0x
3334
0x
3338
0x
334C
0x
3350
0x
3354
0x
3358
0x
335C
0x
3360
0x
3370
0x
3374
0x
3378
0x
337C
0x
3380
0x
3384
0x
3388
0x
338C
0x
3390
0x
3394
0x
3398
0x
339C
0x
33A0
0x
33A4
0x
33A8
0x
33AC
0x
33B0
0x
33B4
0x
33B8
0x
33BC
0x
33C0
0x
33C4
0x
33C8
0x
33CC
0x
33D0
0x
33D4
0x
33D8
0x
33DC
0x
33E0
0x
33E4
0x
33EC
0x
3200
0x
308C
0x
3088
0x
3160
0x
3318
0x
58C
0x
30C0
0x
3348
0x
3340
0x
3344
0x
32DC
0x
32D8
0x
333C
0x
3314
0x
740
0x
7F8
0x
598
0x
390
0x
150
0x
578
0x
33EC
0x
33FC
0x
3014
0x
12C
0x
810
0x
33F4
0x
33F0
0x
7E4
0x
630
0x
33F8
0x
31C0
0x
2FC8
0x
3250
0x
68C
0x
30C8
0x
2FCC
0x
31BC
0x
3084
0x
3254
0x
7DC
0x
3290
0x
3010
0x
3404
0x
3408
0x
340C
0x
3410
0x
3414
0x
3418
0x
341C
0x
3420
0x
3424
0x
3428
0x
342C
0x
3430
0x
3434
0x
3438
0x
343C
0x
3440
0x
3444
0x
3448
0x
344C
0x
3450
0x
3454
0x
3458
0x
345C
0x
3460
0x
3464
0x
3468
0x
346C
0x
3470
0x
3474
0x
3478
0x
347C
0x
3480
0x
3484
0x
3488
0x
3634
0x
3638
0x
363C
0x
3640
0x
3644
0x
3648
0x
364C
0x
3650
0x
3654
0x
3658
0x
365C
0x
3660
0x
3664
0x
3668
0x
366C
0x
3670
0x
3688
0x
368C
0x
3690
0x
3694
0x
3698
0x
369C
0x
36A0
0x
36A4
0x
36A8
0x
36AC
0x
36B0
0x
36B4
0x
36F0
0x
36F4
0x
36F8
0x
36FC
0x
3700
0x
3704
0x
3708
0x
370C
0x
3710
0x
3714
0x
3718
0x
371C
0x
3760
0x
3764
0x
3768
0x
376C
0x
3770
0x
3774
0x
3778
0x
377C
0x
3780
0x
3784
0x
3788
0x
378C
0x
3790
0x
3794
0x
37C0
0x
37C4
0x
37C8
0x
37CC
0x
37D0
0x
38F4
0x
38F8
0x
38FC
0x
3900
0x
3904
0x
3908
0x
390C
0x
3910
0x
3914
0x
3918
0x
391C
0x
3920
0x
3924
0x
3928
0x
392C
0x
3930
0x
3934
0x
3938
0x
393C
0x
3940
0x
3944
0x
3948
0x
39DC
0x
39E0
0x
39E4
0x
39E8
0x
39EC
0x
39F0
0x
39F4
0x
39F8
0x
39FC
0x
3A00
0x
3A3C
0x
3A40
0x
3A44
0x
3A48
0x
3A4C
0x
3A50
0x
3A54
0x
3A58
0x
3A5C
0x
3A60
0x
3A64
0x
3A68
0x
3A6C
0x
3A70
0x
3A74
0x
3A78
0x
3A7C
0x
3A80
0x
3A84
0x
3A88
0x
3A8C
0x
3A90
0x
3A94
0x
3A98
0x
3A9C
0x
3AA0
0x
3B08
0x
3B0C
0x
3B10
0x
3B14
0x
3B18
0x
3B1C
0x
3B20
0x
3B24
0x
3B28
0x
3B2C
0x
3B30
0x
3B34
0x
3B38
0x
3B3C
0x
3B40
0x
3B44
0x
3B48
0x
3B4C
0x
3B50
0x
3B54
0x
3B58
0x
3BEC
0x
3BF0
0x
3BF4
0x
3BF8
0x
3BFC
0x
37F4
0x
37F0
0x
37EC
0x
36EC
0x
36E8
0x
37E8
0x
3758
0x
3858
0x
38F0
0x
75C
0x
3C04
0x
3C08
0x
3C0C
0x
3C10
0x
3C80
0x
3C84
0x
3C88
0x
3C8C
0x
3C90
0x
3C94
0x
3C98
0x
3C9C
0x
3CA0
0x
3CA4
0x
3CA8
0x
3CAC
0x
3CB0
0x
3CB4
0x
3CB8
0x
3CBC
0x
3CC0
0x
3CC4
0x
3CC8
0x
3CCC
0x
3CD0
0x
3CD4
0x
3CD8
0x
3CDC
0x
3CE0
0x
3CE4
0x
3CE8
0x
3CEC
0x
3CF0
0x
3CF4
0x
3CF8
0x
3CFC
0x
3D00
0x
3D04
0x
3D08
0x
3D68
0x
3D6C
0x
3D70
0x
3D74
0x
3D78
0x
3D7C
0x
3D80
0x
3D84
0x
3D88
0x
3D8C
0x
3D90
0x
3D94
0x
3D98
0x
3D9C
0x
3DA0
0x
3DA4
0x
3DA8
0x
3DAC
0x
3DB0
0x
3DB4
0x
3DB8
0x
3DBC
0x
3DC0
0x
3DC4
0x
3DC8
0x
3DCC
0x
3DD0
0x
3E34
0x
3E38
0x
3E3C
0x
3E40
0x
3E44
0x
3E78
0x
3E80
0x
3E88
0x
3E90
0x
3E98
0x
3EA0
0x
3EA8
0x
3EB0
0x
3EB8
0x
3EC0
0x
3EC8
0x
3ED0
0x
3ED8
0x
3EE0
0x
3EE4
0x
3EE8
0x
3EEC
0x
3EF0
0x
3EF4
0x
3F64
0x
3F68
0x
3F6C
0x
3F70
0x
3F74
0x
3F78
0x
3F7C
0x
3F80
0x
3F84
0x
3F88
0x
3F8C
0x
3F90
0x
3F94
0x
3F98
0x
3F9C
0x
3FA0
0x
3FA4
0x
3FA8
0x
3FAC
0x
3FB0
0x
3FB4
0x
3FB8
0x
3FBC
0x
3FC0
0x
3FC4
0x
401C
0x
4020
0x
4024
0x
4028
0x
402C
0x
4030
0x
4034
0x
4038
0x
403C
0x
4040
0x
4044
0x
4048
0x
404C
0x
4050
0x
4054
0x
4058
0x
405C
0x
4060
0x
4064
0x
4068
0x
406C
0x
4070
0x
4074
0x
4078
0x
407C
0x
4080
0x
4084
0x
40FC
0x
4100
0x
4104
0x
4108
0x
410C
0x
4110
0x
4114
0x
4118
0x
411C
0x
4120
0x
4124
0x
4128
0x
412C
0x
4130
0x
4134
0x
4138
0x
413C
0x
4140
0x
4144
0x
4148
0x
414C
0x
4150
0x
4154
0x
4158
0x
415C
0x
4160
0x
4164
0x
41F0
0x
41F4
0x
41F8
0x
41FC
0x
4200
0x
4204
0x
4208
0x
420C
0x
4210
0x
4214
0x
4218
0x
421C
0x
4220
0x
4224
0x
4228
0x
422C
0x
4230
0x
4234
0x
4238
0x
423C
0x
4240
0x
4244
0x
4248
0x
424C
0x
4250
0x
4254
0x
4258
0x
425C
0x
4260
0x
4264
0x
42E4
0x
42E8
0x
42EC
0x
42F0
0x
42F4
0x
42F8
0x
42FC
0x
4300
0x
4304
0x
4308
0x
430C
0x
4310
0x
4314
0x
4318
0x
431C
0x
4320
0x
4324
0x
4328
0x
432C
0x
4330
0x
4334
0x
4338
0x
433C
0x
4340
0x
4344
0x
43B4
0x
43B8
0x
43BC
0x
43C0
0x
43C4
0x
43C8
0x
43CC
0x
43D0
0x
43D4
0x
43D8
0x
43DC
0x
43E0
0x
43E4
0x
43E8
0x
43EC
0x
43F0
0x
43F4
0x
43F8
0x
43FC
0x
3FCC
0x
1D94
0x
4404
0x
4408
0x
440C
0x
4410
0x
4414
0x
4418
0x
448C
0x
4490
0x
4494
0x
4498
0x
449C
0x
44A0
0x
44A4
0x
44A8
0x
44AC
0x
44B0
0x
44B4
0x
44B8
0x
44BC
0x
44C0
0x
44C4
0x
44C8
0x
44CC
0x
44D0
0x
44D4
0x
44D8
0x
44DC
0x
44E0
0x
44E4
0x
44E8
0x
44EC
0x
4564
0x
4568
0x
456C
0x
4570
0x
45EC
0x
45F0
0x
45F4
0x
45F8
0x
45FC
0x
4600
0x
4604
0x
4608
0x
460C
0x
4610
0x
4614
0x
4618
0x
461C
0x
4620
0x
4624
0x
4628
0x
462C
0x
4630
0x
4634
0x
4638
0x
463C
0x
4640
0x
4644
0x
4648
0x
464C
0x
4650
0x
4654
0x
4694
0x
4698
0x
469C
0x
46A0
0x
46A4
0x
46A8
0x
46AC
0x
46B0
0x
46B4
0x
46B8
0x
46BC
0x
46C0
0x
46C4
0x
46C8
0x
46CC
0x
46D0
0x
46D4
0x
46D8
0x
46DC
0x
46E0
0x
46E4
0x
46F0
0x
46F4
0x
46F8
0x
46FC
0x
4700
0x
4704
0x
4708
0x
470C
0x
4710
0x
4714
0x
4718
0x
471C
0x
4720
0x
4724
0x
4728
0x
472C
0x
4730
0x
4734
0x
4738
0x
473C
0x
4740
0x
4744
0x
4748
0x
474C
0x
4750
0x
4754
0x
4780
0x
4784
0x
4788
0x
478C
0x
4790
0x
4794
0x
4798
0x
479C
0x
47A0
0x
47A4
0x
47A8
0x
47AC
0x
47B0
0x
47B4
0x
47B8
0x
47BC
0x
47C0
0x
47C4
0x
47C8
0x
47CC
0x
47D0
0x
47D4
0x
47D8
0x
47DC
0x
47E0
0x
47E4
0x
47E8
0x
A5C
0x
3FC8
0x
4804
0x
4808
0x
480C
0x
4810
0x
4814
0x
4818
0x
481C
0x
4820
0x
4824
0x
4828
0x
482C
0x
4830
0x
4834
0x
4838
0x
483C
0x
4840
0x
4844
0x
4848
0x
484C
0x
4850
0x
4854
0x
4858
0x
485C
0x
4860
0x
4864
0x
489C
0x
48A0
0x
48A4
0x
48A8
0x
48AC
0x
48B0
0x
48B4
0x
48B8
0x
48BC
0x
48C0
0x
48C4
0x
48C8
0x
48CC
0x
48D0
0x
48D4
0x
48D8
0x
48DC
0x
48E0
0x
48E4
0x
48E8
0x
48EC
0x
48F0
0x
48F4
0x
48F8
0x
48FC
0x
494C
0x
4950
0x
4954
0x
4998
0x
499C
0x
49A0
0x
49A4
0x
49A8
0x
49AC
0x
49B0
0x
49B4
0x
49B8
0x
49BC
0x
49C0
0x
49C4
0x
49C8
0x
49E4
0x
49E8
0x
49EC
0x
49F0
0x
49F4
0x
49F8
0x
49FC
0x
4A00
0x
4A04
0x
4A08
0x
4A0C
0x
4A10
0x
4A14
0x
4A18
0x
4A1C
0x
4A20
0x
4A24
0x
4A28
0x
4A2C
0x
4A30
0x
4A34
0x
4A38
0x
4A3C
0x
4A40
0x
4A44
0x
4A48
0x
4A4C
0x
4A50
0x
4A54
0x
4A58
0x
4A5C
0x
4A60
0x
4A64
0x
4A68
0x
4A6C
0x
4A70
0x
4A74
0x
4A78
0x
4A7C
0x
4A80
0x
4A84
0x
4A88
0x
4A8C
0x
4AC4
0x
4AC8
0x
4ACC
0x
4AD0
0x
4AD4
0x
4AD8
0x
4ADC
0x
4AE0
0x
4AE4
0x
4AE8
0x
4AEC
0x
4AF0
0x
4AF4
0x
4AF8
0x
4AFC
0x
4B00
0x
4B68
0x
4B6C
0x
4B70
0x
4B74
0x
4B78
0x
4B7C
0x
4C20
0x
4C68
0x
4C6C
0x
4C70
0x
4C74
0x
4C78
0x
4C7C
0x
4C80
0x
4C84
0x
4C88
0x
4C8C
0x
4C90
0x
4C94
0x
4C98
0x
4C9C
0x
4CA0
0x
4CA4
0x
4CA8
0x
4CAC
0x
4CB0
0x
4CB4
0x
4CB8
0x
4CBC
0x
4CC0
0x
4CC4
0x
4CC8
0x
4D40
0x
4D44
0x
4D48
0x
4D4C
0x
4D50
0x
4D54
0x
4D58
0x
4D5C
0x
4D60
0x
4D64
0x
4D68
0x
4D6C
0x
4D70
0x
4D74
0x
4D78
0x
4D7C
0x
4D80
0x
4DF4
0x
4DF8
0x
4DFC
0x
4E00
0x
4E04
0x
4E08
0x
4E0C
0x
4E10
0x
4E14
0x
4E18
0x
4E1C
0x
4E20
0x
4E24
0x
4E28
0x
4E2C
0x
4E30
0x
4E34
0x
4E38
0x
4E3C
0x
4E40
0x
4E44
0x
4E48
0x
4ECC
0x
4ED0
0x
4ED4
0x
4ED8
0x
4EDC
0x
4EE0
0x
4EE4
0x
4EE8
0x
4EEC
0x
4EF0
0x
4EF4
0x
4EF8
0x
4EFC
0x
4F00
0x
4F04
0x
4F08
0x
4F0C
0x
4F10
0x
4F24
0x
4F28
0x
4F2C
0x
4F30
0x
4F34
0x
4F38
0x
4F3C
0x
4F40
0x
4F44
0x
4F48
0x
4F4C
0x
4F50
0x
4F54
0x
4F58
0x
4F5C
0x
4F60
0x
4F64
0x
4F68
0x
4F6C
0x
4F70
0x
4F74
0x
4F78
0x
4F7C
0x
4F80
0x
4F84
0x
4F88
0x
4F8C
0x
4F90
0x
5004
0x
5008
0x
500C
0x
5010
0x
5014
0x
5018
0x
501C
0x
5020
0x
5024
0x
5028
0x
502C
0x
5030
0x
5034
0x
5038
0x
503C
0x
5040
0x
5044
0x
5048
0x
504C
0x
5050
0x
5054
0x
5058
0x
505C
0x
5060
0x
5064
0x
5068
0x
506C
0x
50E8
0x
50EC
0x
50F0
0x
50F4
0x
50F8
0x
50FC
0x
5100
0x
5104
0x
5108
0x
510C
0x
5110
0x
5114
0x
5118
0x
511C
0x
5120
0x
5124
0x
5128
0x
512C
0x
5130
0x
5134
0x
5138
0x
513C
0x
5140
0x
5144
0x
5148
0x
514C
0x
5150
0x
5154
0x
51C8
0x
51CC
0x
51D0
0x
51D4
0x
51D8
0x
51DC
0x
51E0
0x
51E4
0x
51E8
0x
51EC
0x
51F0
0x
51F4
0x
51F8
0x
51FC
0x
5200
0x
5204
0x
5208
0x
520C
0x
5210
0x
5214
0x
5218
0x
521C
0x
5220
0x
5224
0x
5228
0x
5298
0x
529C
0x
52A0
0x
52A4
0x
52A8
0x
52AC
0x
52B0
0x
52B4
0x
52B8
0x
52BC
0x
52C0
0x
52C4
0x
52C8
0x
52CC
0x
52D0
0x
52D4
0x
52D8
0x
52DC
0x
52E0
0x
52E4
0x
52E8
0x
52EC
0x
52F0
0x
52F4
0x
52F8
0x
52FC
0x
5300
0x
5378
0x
537C
0x
5380
0x
5384
0x
5388
0x
538C
0x
5390
0x
5394
0x
5398
0x
539C
0x
53A0
0x
53A4
0x
53A8
0x
53AC
0x
53B0
0x
53B4
0x
53B8
0x
53BC
0x
53C0
0x
53C4
0x
53C8
0x
53CC
0x
53D0
0x
53D4
0x
53D8
0x
53DC
0x
5458
0x
545C
0x
5460
0x
5464
0x
5468
0x
546C
0x
5470
0x
5474
0x
5478
0x
547C
0x
5480
0x
5484
0x
5488
0x
548C
0x
5490
0x
5494
0x
5498
0x
549C
0x
54A0
0x
54A4
0x
54A8
0x
54AC
0x
54B0
0x
54B4
0x
54B8
0x
54BC
0x
552C
0x
5530
0x
5534
0x
5538
0x
553C
0x
5540
0x
5544
0x
5548
0x
554C
0x
5550
0x
5554
0x
5558
0x
555C
0x
5560
0x
5564
0x
5568
0x
556C
0x
5570
0x
5574
0x
5578
0x
557C
0x
5580
0x
5584
0x
5588
0x
558C
0x
55F8
0x
55FC
0x
5600
0x
5604
0x
5608
0x
560C
0x
5610
0x
5614
0x
5618
0x
561C
0x
5620
0x
5624
0x
5628
0x
562C
0x
5630
0x
5634
0x
5638
0x
563C
0x
5640
0x
5644
0x
5648
0x
564C
0x
5650
0x
5654
0x
5658
0x
56A4
0x
56A8
0x
56AC
0x
56B0
0x
56B4
0x
56B8
0x
56BC
0x
56C0
0x
56C4
0x
56C8
0x
56CC
0x
56D0
0x
56D4
0x
56D8
0x
56DC
0x
56E0
0x
56E4
0x
56E8
0x
56EC
0x
56F0
0x
56F4
0x
56F8
0x
56FC
0x
5700
0x
5708
0x
5704
0x
570C
0x
5710
0x
5714
0x
5718
0x
571C
0x
5720
0x
5724
0x
5728
0x
572C
0x
5730
0x
5734
0x
5738
0x
573C
0x
5740
0x
5744
0x
5748
0x
574C
0x
5750
0x
5754
0x
5758
0x
575C
0x
5760
0x
5764
0x
5768
0x
57DC
0x
57E0
0x
57E4
0x
57E8
0x
57EC
0x
57F0
0x
57F4
0x
57F8
0x
57FC
0x
5708
0x
5804
0x
5808
0x
580C
0x
5810
0x
5814
0x
5818
0x
581C
0x
5820
0x
5824
0x
5828
0x
582C
0x
5830
0x
5834
0x
5838
0x
583C
0x
5840
0x
58C8
0x
58CC
0x
58D0
0x
58D4
0x
58D8
0x
58DC
0x
58E0
0x
58E4
0x
58E8
0x
58EC
0x
58F0
0x
58F4
0x
58F8
0x
58FC
0x
5900
0x
5904
0x
5908
0x
590C
0x
5910
0x
5914
0x
5918
0x
591C
0x
5920
0x
5924
0x
5928
0x
592C
0x
5930
0x
5934
0x
5938
0x
593C
0x
5940
0x
5944
0x
59B4
0x
59B8
0x
59BC
0x
59C0
0x
59C4
0x
59C8
0x
59CC
0x
59D0
0x
59D4
0x
59D8
0x
59DC
0x
59E0
0x
59E4
0x
59E8
0x
59EC
0x
59F0
0x
59F4
0x
59F8
0x
59FC
0x
5A00
0x
5A04
0x
5A08
0x
5A0C
0x
5A10
0x
5A14
0x
5A18
0x
5A1C
0x
5A20
0x
5A24
0x
5A28
0x
5A2C
0x
5A44
0x
5A48
0x
5A4C
0x
5A50
0x
5A54
0x
5A58
0x
5A5C
0x
5A60
0x
5A64
0x
5A68
0x
5A6C
0x
5A70
0x
5A74
0x
5A78
0x
5A7C
0x
5A80
0x
5A84
0x
5A88
0x
5A8C
0x
5A90
0x
5A94
0x
5A98
0x
5A9C
0x
5AA0
0x
5AA4
0x
5AA8
0x
5AE4
0x
5AE8
0x
5AEC
0x
5AF0
0x
5AF4
0x
5AF8
0x
5AFC
0x
5B00
0x
5B04
0x
5B08
0x
5B0C
0x
5B10
0x
5B14
0x
5B18
0x
5B1C
0x
5B20
0x
5B24
0x
5B28
0x
5B2C
0x
5B30
0x
5B34
0x
5B38
0x
5B3C
0x
5B8C
0x
5B90
0x
5BD8
0x
5BDC
0x
5BE0
0x
5BE4
0x
5BE8
0x
5BEC
0x
5BF0
0x
5BF4
0x
5BF8
0x
5BFC
0x
9D0
0x
ACC
0x
4F4
0x
58C4
0x
5C70
0x
5C74
0x
5C78
0x
5C7C
0x
5C80
0x
5C84
0x
5C88
0x
5C8C
0x
5C90
0x
5C94
0x
5C98
0x
5C9C
0x
5CA0
0x
5CA4
0x
5CA8
0x
5CAC
0x
5CB0
0x
5CF0
0x
5CF4
0x
5CF8
0x
5CFC
0x
5D00
0x
5D04
0x
5D08
0x
5D0C
0x
5D10
0x
5D14
0x
5D18
0x
5D1C
0x
5D24
0x
5D28
0x
5D2C
0x
5D30
0x
5D34
0x
5D38
0x
5D3C
0x
5D40
0x
5D44
0x
5D48
0x
5D4C
0x
5D50
0x
5D54
0x
5D58
0x
5D5C
0x
5D60
0x
5D64
0x
5D68
0x
5D6C
0x
5D70
0x
5D74
0x
5D78
0x
5D7C
0x
5D80
0x
5D84
0x
5D8C
0x
5D90
0x
5D94
0x
5D98
0x
5D9C
0x
5DA0
0x
5DA4
0x
5DA8
0x
5DAC
0x
5E9C
0x
5EA0
0x
5EA4
0x
5EA8
0x
5EAC
0x
5EB0
0x
5EB4
0x
5EB8
0x
5EBC
0x
5EC0
0x
5EC4
0x
5EC8
0x
5ECC
0x
5ED0
0x
5ED4
0x
5ED8
0x
5EDC
0x
5EE0
0x
5EE4
0x
5F38
0x
5F3C
0x
5F40
0x
5F44
0x
5F48
0x
5F4C
0x
5F50
0x
5F54
0x
5F58
0x
5F5C
0x
5F60
0x
5F64
0x
5F68
0x
5F6C
0x
5F70
0x
5F74
0x
5F78
0x
5F7C
0x
5F80
0x
5F84
0x
5FBC
0x
5FC0
0x
5FC4
0x
5FC8
0x
5FCC
0x
5FD0
0x
5FD4
0x
5FD8
0x
5FDC
0x
5FE0
0x
5FE4
0x
5FE8
0x
5FEC
0x
5FF0
0x
5FF4
0x
5FF8
0x
5FFC
0x
5BD4
0x
5C08
0x
5C04
0x
5AB0
0x
57D8
0x
606C
0x
6070
0x
6074
0x
6078
0x
607C
0x
6080
0x
6084
0x
6088
0x
608C
0x
6090
0x
6094
0x
6098
0x
609C
0x
60A0
0x
60A4
0x
60A8
0x
610C
0x
6110
0x
6114
0x
6118
0x
611C
0x
6120
0x
6124
0x
6128
0x
612C
0x
6130
0x
6134
0x
6138
0x
613C
0x
6140
0x
6144
0x
61B8
0x
61BC
0x
61C0
0x
61C4
0x
61C8
0x
61CC
0x
61D0
0x
61D4
0x
61D8
0x
61DC
0x
61E0
0x
61E4
0x
61E8
0x
61EC
0x
61F0
0x
61F4
0x
61F8
0x
61FC
0x
6200
0x
6204
0x
6208
0x
620C
0x
6210
0x
6214
0x
6218
0x
621C
0x
6220
0x
6224
0x
6228
0x
62A0
0x
62A4
0x
62A8
0x
62AC
0x
62B0
0x
62B4
0x
62B8
0x
62BC
0x
62C0
0x
62C4
0x
62C8
0x
62CC
0x
62D0
0x
62D4
0x
62D8
0x
62DC
0x
62E0
0x
62E4
0x
62E8
0x
62EC
0x
62F0
0x
62F4
0x
62F8
0x
62FC
0x
6300
0x
6304
0x
6308
0x
6388
0x
638C
0x
6390
0x
6394
0x
6398
0x
639C
0x
63A0
0x
63A4
0x
63A8
0x
63AC
0x
63B0
0x
63B4
0x
63B8
0x
63BC
0x
63C0
0x
63C4
0x
63C8
0x
63CC
0x
63D0
0x
63D4
0x
63D8
0x
63DC
0x
63E0
0x
63E4
0x
63E8
0x
63EC
0x
63F0
0x
6450
0x
6454
0x
6458
0x
645C
0x
6460
0x
6464
0x
6468
0x
646C
0x
6470
0x
6474
0x
6478
0x
647C
0x
6480
0x
6484
0x
6488
0x
648C
0x
6490
0x
6494
0x
6498
0x
649C
0x
64A0
0x
64A4
0x
64A8
0x
64AC
0x
6528
0x
652C
0x
6530
0x
6534
0x
6538
0x
653C
0x
6540
0x
6544
0x
6548
0x
654C
0x
6550
0x
6554
0x
6558
0x
655C
0x
6560
0x
6564
0x
6568
0x
656C
0x
6570
0x
6574
0x
6578
0x
657C
0x
6580
0x
6584
0x
6588
0x
658C
0x
6590
0x
65F4
0x
65F8
0x
65FC
0x
6600
0x
6604
0x
6608
0x
660C
0x
6610
0x
6614
0x
6618
0x
661C
0x
6620
0x
6624
0x
6628
0x
662C
0x
6630
0x
6634
0x
6638
0x
663C
0x
6640
0x
6644
0x
6648
0x
664C
0x
6650
0x
6654
0x
6658
0x
66CC
0x
66D0
0x
66D4
0x
66D8
0x
66DC
0x
66E0
0x
66E4
0x
66E8
0x
66EC
0x
66F0
0x
66F4
0x
66F8
0x
66FC
0x
6700
0x
6704
0x
6708
0x
670C
0x
6710
0x
6714
0x
6718
0x
671C
0x
6720
0x
6724
0x
6728
0x
672C
0x
6730
0x
67A8
0x
67AC
0x
67B0
0x
67B4
0x
67B8
0x
67BC
0x
67C0
0x
67C4
0x
67C8
0x
67CC
0x
67D0
0x
67D4
0x
67D8
0x
67DC
0x
67E0
0x
67E4
0x
67E8
0x
67EC
0x
67F0
0x
67F4
0x
67F8
0x
67FC
0x
6384
0x
6804
0x
6808
0x
6880
0x
6884
0x
6888
0x
688C
0x
6890
0x
6894
0x
6898
0x
689C
0x
68A0
0x
68A4
0x
68A8
0x
68AC
0x
68B0
0x
68B4
0x
68B8
0x
68BC
0x
68C0
0x
68C4
0x
68C8
0x
68CC
0x
68D0
0x
68D4
0x
68D8
0x
68DC
0x
68E0
0x
694C
0x
6950
0x
6954
0x
6958
0x
695C
0x
6960
0x
6964
0x
6968
0x
696C
0x
6970
0x
6974
0x
6978
0x
697C
0x
6980
0x
6984
0x
6988
0x
698C
0x
6990
0x
6994
0x
6998
0x
699C
0x
69A0
0x
6A18
0x
6A1C
0x
6A20
0x
6A24
0x
6A28
0x
6A2C
0x
6A30
0x
6A34
0x
6A38
0x
6A3C
0x
6A40
0x
6A44
0x
6A48
0x
6A4C
0x
6A50
0x
6A54
0x
6A58
0x
6A5C
0x
6A60
0x
6A64
0x
6A68
0x
6A6C
0x
6A70
0x
6A74
0x
6A78
0x
6A7C
0x
6A80
0x
6A84
0x
6A88
0x
6A8C
0x
6A90
0x
6A94
0x
6ADC
0x
6AE0
0x
6AE4
0x
6AE8
0x
6AEC
0x
6AF0
0x
6AF4
0x
6AF8
0x
6AFC
0x
6B00
0x
6B04
0x
6B08
0x
6B0C
0x
6B10
0x
6B14
0x
6B18
0x
6B1C
0x
6B20
0x
6B24
0x
6BA8
0x
6BAC
0x
6BB0
0x
6BB4
0x
6BB8
0x
6BBC
0x
6BC0
0x
6BC4
0x
6BC8
0x
6BCC
0x
6BD0
0x
6BD4
0x
6BD8
0x
6BDC
0x
6BE0
0x
6BE4
0x
6BE8
0x
6BEC
0x
6BF0
0x
6BF4
0x
6BF8
0x
6BFC
0x
687C
0x
588
0x
67A4
0x
629C
0x
6C48
0x
6C4C
0x
6C50
0x
6C54
0x
6C58
0x
6C5C
0x
6C60
0x
6C64
0x
6C68
0x
6C6C
0x
6C70
0x
6C74
0x
6C78
0x
6C7C
0x
6C80
0x
6C84
0x
6C88
0x
6C8C
0x
6C90
0x
6C94
0x
6C98
0x
6C9C
0x
6CA0
0x
6CA4
0x
6CA8
0x
6CAC
0x
6CB0
0x
6CB4
0x
6CE8
0x
6CEC
0x
6CF0
0x
6CF4
0x
6CF8
0x
6CFC
0x
6D00
0x
6D04
0x
6D08
0x
6D0C
0x
6D10
0x
6D14
0x
6D18
0x
6D1C
0x
6D20
0x
6D24
0x
6D28
0x
6D2C
0x
6D30
0x
6D34
0x
6D38
0x
6D3C
0x
6D40
0x
6D44
0x
6D48
0x
6D4C
0x
6D50
0x
6D54
0x
6D90
0x
6D94
0x
6D98
0x
6D9C
0x
6DA0
0x
6DA4
0x
6DA8
0x
6DAC
0x
6DB0
0x
6DB4
0x
6DB8
0x
6DBC
0x
6DC0
0x
6DC4
0x
6DC8
0x
6DCC
0x
6DD0
0x
6DD4
0x
6DD8
0x
6DDC
0x
6DE0
0x
6DE4
0x
6DE8
0x
6DEC
0x
6DF0
0x
6E28
0x
6E2C
0x
6E30
0x
6E34
0x
6E38
0x
6E3C
0x
6E40
0x
6E94
0x
6E98
0x
6E9C
0x
6EA0
0x
6EA4
0x
6EA8
0x
6EAC
0x
6EB0
0x
6EB4
0x
6EB8
0x
6EBC
0x
6EC0
0x
6EC4
0x
6EC8
0x
6F0C
0x
6F10
0x
6F14
0x
6F18
0x
6F1C
0x
6F20
0x
6F24
0x
6F28
0x
6F2C
0x
6F30
0x
6F34
0x
6F38
0x
6F3C
0x
6F40
0x
6F50
0x
6F54
0x
6F58
0x
6F5C
0x
6F60
0x
6F64
0x
6F68
0x
6F6C
0x
6F70
0x
6F74
0x
6F78
0x
6F7C
0x
6F80
0x
6F84
0x
6F88
0x
6F8C
0x
6F90
0x
6F94
0x
6F98
0x
6F9C
0x
6FA0
0x
6FA4
0x
6FA8
0x
6FAC
0x
6FB0
0x
6FB4
0x
6FB8
0x
6FBC
0x
6FC0
0x
6FC4
0x
6FC8
0x
6FCC
0x
6FD0
0x
6FD4
0x
6FD8
0x
6FDC
0x
6FE0
0x
6FE4
0x
6FE8
0x
6FEC
0x
6FF0
0x
6FF4
0x
6FF8
0x
7118
0x
711C
0x
7120
0x
7124
0x
7128
0x
712C
0x
7130
0x
7134
0x
7138
0x
713C
0x
7140
0x
7144
0x
7148
0x
714C
0x
7150
0x
7190
0x
7194
0x
7198
0x
719C
0x
71A0
0x
71A4
0x
71A8
0x
71AC
0x
71B0
0x
71B4
0x
71B8
0x
71BC
0x
71C0
0x
71C4
0x
71C8
0x
71CC
0x
71D0
0x
71D4
0x
71D8
0x
71DC
0x
71E0
0x
71E4
0x
71E8
0x
727C
0x
7280
0x
7284
0x
7288
0x
728C
0x
7290
0x
7294
0x
7298
0x
729C
0x
72A0
0x
72A4
0x
72A8
0x
72AC
0x
72B0
0x
72B4
0x
72B8
0x
72BC
0x
72C0
0x
72C4
0x
72C8
0x
72CC
0x
72D0
0x
72D4
0x
72D8
0x
72DC
0x
72E0
0x
7374
0x
7378
0x
737C
0x
7380
0x
7384
0x
7388
0x
738C
0x
7390
0x
7394
0x
7398
0x
739C
0x
73A0
0x
73A4
0x
73A8
0x
73AC
0x
73B0
0x
73B4
0x
73B8
0x
7438
0x
743C
0x
7440
0x
7444
0x
7448
0x
744C
0x
7450
0x
7454
0x
7458
0x
745C
0x
7460
0x
7464
0x
7468
0x
746C
0x
7470
0x
7474
0x
7478
0x
747C
0x
7480
0x
7484
0x
74F8
0x
74FC
0x
7500
0x
7504
0x
7508
0x
750C
0x
7510
0x
7514
0x
7518
0x
751C
0x
7520
0x
7524
0x
7528
0x
752C
0x
7530
0x
7534
0x
7538
0x
753C
0x
7540
0x
7544
0x
7548
0x
754C
0x
7550
0x
7554
0x
7558
0x
755C
0x
7560
0x
75E8
0x
75EC
0x
75F0
0x
75F4
0x
75F8
0x
75FC
0x
7600
0x
7604
0x
7608
0x
760C
0x
7610
0x
7614
0x
7618
0x
761C
0x
7620
0x
7624
0x
7628
0x
762C
0x
7630
0x
7634
0x
7638
0x
763C
0x
7640
0x
7644
0x
7648
0x
764C
0x
76C8
0x
76CC
0x
76D0
0x
76D4
0x
76D8
0x
76DC
0x
76E0
0x
76E4
0x
76E8
0x
76EC
0x
76F0
0x
76F4
0x
76F8
0x
76FC
0x
7700
0x
7704
0x
7708
0x
770C
0x
7710
0x
7714
0x
7718
0x
771C
0x
7720
0x
7724
0x
7728
0x
772C
0x
7730
0x
77A4
0x
77A8
0x
77AC
0x
77B0
0x
77B4
0x
77B8
0x
77BC
0x
77C0
0x
77C4
0x
77C8
0x
77CC
0x
77D0
0x
77D4
0x
77D8
0x
77DC
0x
77E0
0x
77E4
0x
77E8
0x
77EC
0x
77F0
0x
77F4
0x
77F8
0x
77FC
0x
7804
0x
7808
0x
780C
0x
787C
0x
7880
0x
7884
0x
7888
0x
788C
0x
7890
0x
7894
0x
7898
0x
789C
0x
78A0
0x
78A4
0x
78A8
0x
78AC
0x
78B0
0x
78B4
0x
78B8
0x
78BC
0x
78C0
0x
78C4
0x
78C8
0x
78CC
0x
78D0
0x
78D4
0x
78D8
0x
78DC
0x
78E0
0x
78E4
0x
78E8
0x
7938
0x
793C
0x
7940
0x
7944
0x
7948
0x
794C
0x
7950
0x
7954
0x
7958
0x
795C
0x
7960
0x
7964
0x
7968
0x
796C
0x
7970
0x
7974
0x
7978
0x
797C
0x
7980
0x
7984
0x
7988
0x
798C
0x
7990
0x
7994
0x
7998
0x
799C
0x
79A0
0x
79A4
0x
79A8
0x
79AC
0x
79B0
0x
79B4
0x
79B8
0x
79BC
0x
79C0
0x
79C4
0x
79C8
0x
79CC
0x
79D0
0x
79D4
0x
79D8
0x
79DC
0x
79E0
0x
79E4
0x
79E8
0x
79EC
0x
79F0
0x
79F4
0x
7A64
0x
7A68
0x
7A6C
0x
7A70
0x
7A74
0x
7A78
0x
7A7C
0x
7A80
0x
7A84
0x
7A88
0x
7AE0
0x
7AE4
0x
7AE8
0x
7AEC
0x
7AF0
0x
7AF4
0x
7AF8
0x
7AFC
0x
7B00
0x
7B04
0x
7B08
0x
7B0C
0x
7B10
0x
7B14
0x
7B18
0x
7B1C
0x
7B20
0x
7B24
0x
7B28
0x
7B2C
0x
7B30
0x
7B34
0x
7B38
0x
7B3C
0x
7B40
0x
7B44
0x
7B48
0x
7BB8
0x
7BBC
0x
7BC0
0x
7BC4
0x
7BC8
0x
7BCC
0x
7BD0
0x
7BD4
0x
7BD8
0x
7BDC
0x
7BE0
0x
7BE4
0x
7BE8
0x
7BEC
0x
7BF0
0x
7BF4
0x
7BF8
0x
7BFC
0x
7C04
0x
7C08
0x
7C0C
0x
7C10
0x
7C14
0x
7C18
0x
7C1C
0x
7CAC
0x
7CB0
0x
7CB4
0x
7CB8
0x
7CBC
0x
7CC0
0x
7CC4
0x
7CC8
0x
7CCC
0x
7CD0
0x
7CD4
0x
7CD8
0x
7CDC
0x
7CE0
0x
7CE4
0x
7CE8
0x
7CEC
0x
7CF0
0x
7CF4
0x
7CF8
0x
7CFC
0x
7D00
0x
7D94
0x
7D98
0x
7D9C
0x
7DA0
0x
7DA4
0x
7DA8
0x
7DAC
0x
7DB0
0x
7DB4
0x
7DB8
0x
7DBC
0x
7DC0
0x
7DC4
0x
7DC8
0x
7DCC
0x
7DD0
0x
7DD4
0x
7DD8
0x
7DDC
0x
7DE0
0x
7DE4
0x
7DE8
0x
7DEC
0x
7DF0
0x
7DF4
0x
7DF8
0x
7DFC
0x
7E00
0x
7E04
0x
7E08
0x
7E0C
0x
7E10
0x
7E14
0x
7E18
0x
7E1C
0x
7E20
0x
7E24
0x
7E28
0x
7E2C
0x
7E30
0x
7E34
0x
7E38
0x
7E3C
0x
7E40
0x
7E44
0x
7E48
0x
7E4C
0x
7E50
0x
7E54
0x
7E58
0x
7E5C
0x
7E60
0x
7E9C
0x
7EA0
0x
7EA4
0x
7EA8
0x
7EAC
0x
7EB0
0x
7EB4
0x
7EC0
0x
7EC4
0x
7EC8
0x
7ECC
0x
7ED0
0x
7ED4
0x
7ED8
0x
7EDC
0x
7EE0
0x
7EE4
0x
7EE8
0x
7EEC
0x
7EF0
0x
7EF4
0x
7EF8
0x
7EFC
0x
7F00
0x
7F04
0x
7F08
0x
7F50
0x
7F54
0x
7F58
0x
7F5C
0x
7F60
0x
7F64
0x
7F68
0x
7F6C
0x
7F70
0x
7F74
0x
7F78
0x
7F7C
0x
7F80
0x
7F84
0x
7F88
0x
7F8C
0x
7F90
0x
7F94
0x
7F98
0x
7F9C
0x
7FA0
0x
7FA4
0x
7FA8
0x
7FAC
0x
7FB0
0x
7FB4
0x
7FB8
0x
7D08
0x
7EBC
0x
7F48
0x
8004
0x
8008
0x
800C
0x
8010
0x
8014
0x
8018
0x
801C
0x
8020
0x
8024
0x
8028
0x
802C
0x
8030
0x
8034
0x
8038
0x
803C
0x
8040
0x
8044
0x
8048
0x
804C
0x
8050
0x
8054
0x
8058
0x
809C
0x
80A0
0x
80A4
0x
80A8
0x
80AC
0x
80B0
0x
80B4
0x
80B8
0x
80BC
0x
80C4
0x
80C8
0x
811C
0x
8120
0x
8124
0x
8128
0x
812C
0x
8130
0x
8134
0x
816C
0x
8170
0x
8174
0x
8178
0x
817C
0x
8180
0x
8184
0x
8188
0x
818C
0x
8190
0x
8194
0x
8198
0x
81A4
0x
81A8
0x
81AC
0x
81B0
0x
81B4
0x
81B8
0x
81BC
0x
81C0
0x
81C4
0x
81C8
0x
81CC
0x
81D0
0x
81D4
0x
81D8
0x
81DC
0x
81E0
0x
81E4
0x
81E8
0x
81EC
0x
81F0
0x
81F4
0x
81F8
0x
81FC
0x
8200
0x
8204
0x
8208
0x
820C
0x
8210
0x
8214
0x
8218
0x
821C
0x
823C
0x
8240
0x
8244
0x
8248
0x
824C
0x
8250
0x
8254
0x
8258
0x
825C
0x
8260
0x
8264
0x
8268
0x
826C
0x
8270
0x
8274
0x
8278
0x
827C
0x
8280
0x
8284
0x
8288
0x
82F8
0x
82FC
0x
8300
0x
8304
0x
8308
0x
830C
0x
8310
0x
8314
0x
83C4
0x
83C8
0x
80CC
0x
7F0C
0x
7C24
0x
7C20
0x
805C
0x
5B40
0x
5AE0
0x
5B94
0x
5CC0
0x
5CBC
0x
5CB8
0x
5CB4
0x
7D04
0x
8404
0x
8408
0x
840C
0x
8410
0x
8414
0x
8418
0x
841C
0x
8420
0x
8424
0x
8428
0x
842C
0x
8430
0x
8434
0x
84B4
0x
84B8
0x
84BC
0x
84C0
0x
84C4
0x
84C8
0x
84CC
0x
84D0
0x
84D4
0x
84D8
0x
84DC
0x
84E0
0x
84E4
0x
84E8
0x
84EC
0x
84F0
0x
84F4
0x
84F8
0x
8560
0x
8564
0x
8568
0x
856C
0x
8570
0x
8574
0x
8578
0x
857C
0x
8580
0x
8584
0x
8588
0x
858C
0x
8590
0x
8594
0x
8598
0x
859C
0x
85A0
0x
85A4
0x
85A8
0x
85AC
0x
8620
0x
8624
0x
8628
0x
862C
0x
8630
0x
8634
0x
8638
0x
863C
0x
8640
0x
8644
0x
8648
0x
864C
0x
8650
0x
8654
0x
86D4
0x
86D8
0x
86DC
0x
86E0
0x
86E4
0x
86E8
0x
86EC
0x
86F0
0x
86F4
0x
86F8
0x
86FC
0x
8700
0x
8704
0x
8708
0x
870C
0x
8710
0x
8714
0x
8718
0x
871C
0x
8720
0x
8724
0x
8728
0x
87AC
0x
87B0
0x
87B4
0x
87B8
0x
87BC
0x
87C0
0x
87C4
0x
87C8
0x
87CC
0x
87D0
0x
87D4
0x
87D8
0x
87DC
0x
87E0
0x
87E4
0x
87E8
0x
87EC
0x
87F0
0x
87F4
0x
87F8
0x
87FC
0x
80D0
0x
8098
0x
83C0
0x
6380
0x
6298
0x
81A0
0x
8094
0x
861C
0x
887C
0x
8880
0x
8884
0x
8888
0x
888C
0x
8890
0x
8894
0x
8898
0x
889C
0x
88A0
0x
88A4
0x
88A8
0x
88AC
0x
88B0
0x
88B4
0x
88B8
0x
88BC
0x
88C0
0x
88C4
0x
88C8
0x
88CC
0x
88D0
0x
88D4
0x
88D8
0x
88DC
0x
88E0
0x
88E4
0x
88E8
0x
88EC
0x
88F0
0x
897C
0x
8980
0x
8984
0x
8988
0x
898C
0x
8990
0x
8994
0x
8998
0x
899C
0x
89A0
0x
89A4
0x
89A8
0x
89AC
0x
89B0
0x
89B4
0x
89B8
0x
89BC
0x
89C0
0x
89C4
0x
89C8
0x
89CC
0x
89D0
0x
89D4
0x
89D8
0x
89DC
0x
89E0
0x
89E4
0x
8A60
0x
8A64
0x
8A68
0x
8A6C
0x
8A70
0x
8A74
0x
8A78
0x
8A7C
0x
8A80
0x
8A84
0x
8A88
0x
8A8C
0x
8A90
0x
8A94
0x
8A98
0x
8A9C
0x
8AA0
0x
8AA4
0x
8AA8
0x
8AAC
0x
8AB0
0x
8AB4
0x
8AB8
0x
8ABC
0x
8AC0
0x
8AC4
0x
8AC8
0x
8ACC
0x
8B38
0x
8B3C
0x
8B40
0x
8B44
0x
8B48
0x
8B4C
0x
8B50
0x
8B54
0x
8B58
0x
8B5C
0x
8B60
0x
8B64
0x
8B68
0x
8B6C
0x
8B70
0x
8B74
0x
8B78
0x
8B7C
0x
8B80
0x
8B84
0x
8B88
0x
8B8C
0x
8B90
0x
8BF8
0x
8BFC
0x
710
0x
AB8
0x
87A8
0x
498
0x
8C04
0x
8C08
0x
8C0C
0x
8C10
0x
8C14
0x
8C18
0x
8C1C
0x
8C20
0x
8C24
0x
8C28
0x
8C2C
0x
8C30
0x
8C34
0x
8C38
0x
8C3C
0x
8CA0
0x
8CA4
0x
8CA8
0x
8CAC
0x
8CB0
0x
8CB4
0x
8CB8
0x
8CBC
0x
8CC0
0x
8CC4
0x
8CC8
0x
8CCC
0x
8CD0
0x
8CD4
0x
8CD8
0x
8CDC
0x
8CE0
0x
8CE4
0x
8CE8
0x
8D30
0x
8D34
0x
8D38
0x
8D3C
0x
8D40
0x
8D44
0x
8D48
0x
8D4C
0x
8D50
0x
8D54
0x
8D58
0x
8D5C
0x
8D60
0x
8D64
0x
8BF4
0x
8C98
0x
86D0
0x
86CC
0x
8A5C
0x
87A4
0x
9004
0x
9008
0x
900C
0x
9010
0x
9014
0x
9018
0x
901C
0x
9020
0x
9024
0x
9028
0x
902C
0x
9030
0x
9034
0x
9038
0x
903C
0x
9040
0x
9044
0x
9048
0x
904C
0x
9050
0x
9054
0x
9058
0x
905C
0x
9060
0x
9064
0x
9068
0x
906C
0x
9070
0x
9074
0x
9078
0x
907C
0x
9080
0x
9084
0x
9088
0x
908C
0x
9090
0x
9094
0x
9098
0x
909C
0x
90A0
0x
90A4
0x
90A8
0x
90AC
0x
90B0
0x
90B4
0x
90B8
0x
90BC
0x
90C4
0x
90C8
0x
90CC
0x
90D0
0x
90D4
0x
90D8
0x
90DC
0x
90E0
0x
90E4
0x
90E8
0x
90EC
0x
90F0
0x
90F4
0x
90F8
0x
90FC
0x
9100
0x
9104
0x
9108
0x
910C
0x
9110
0x
9114
0x
9118
0x
911C
0x
9120
0x
9124
0x
9128
0x
912C
0x
9130
0x
9134
0x
9138
0x
913C
0x
9140
0x
91C8
0x
91CC
0x
91D0
0x
91D4
0x
91D8
0x
91DC
0x
91E0
0x
91E4
0x
91E8
0x
91EC
0x
91F0
0x
91F4
0x
91F8
0x
91FC
0x
9200
0x
9204
0x
9208
0x
920C
0x
9210
0x
9214
0x
9218
0x
921C
0x
9220
0x
9224
0x
9228
0x
922C
0x
9230
0x
9234
0x
9238
0x
923C
0x
9240
0x
92A8
0x
92AC
0x
92B0
0x
92B4
0x
92B8
0x
92BC
0x
92C0
0x
92C4
0x
92C8
0x
92CC
0x
92D0
0x
92D4
0x
92D8
0x
92DC
0x
92E0
0x
92E4
0x
92E8
0x
92EC
0x
92F0
0x
92F4
0x
92F8
0x
92FC
0x
9300
0x
9304
0x
9308
0x
930C
0x
9310
0x
9314
0x
9318
0x
931C
0x
9320
0x
9324
0x
9328
0x
932C
0x
9384
0x
9388
0x
938C
0x
9390
0x
9394
0x
9398
0x
939C
0x
93A0
0x
93A4
0x
93A8
0x
93AC
0x
93B0
0x
93B4
0x
93B8
0x
93BC
0x
93C0
0x
93C4
0x
93C8
0x
93CC
0x
93D0
0x
93D4
0x
93D8
0x
93DC
0x
93E0
0x
93E4
0x
93E8
0x
93EC
0x
93F0
0x
93F4
0x
9460
0x
9464
0x
9468
0x
946C
0x
9470
0x
9474
0x
9478
0x
947C
0x
9480
0x
9484
0x
9488
0x
948C
0x
9490
0x
9494
0x
9498
0x
949C
0x
94A0
0x
94A4
0x
94A8
0x
94AC
0x
94B0
0x
94B4
0x
9544
0x
9548
0x
954C
0x
9550
0x
9554
0x
9558
0x
955C
0x
9560
0x
9564
0x
9568
0x
956C
0x
9570
0x
9574
0x
9578
0x
957C
0x
95F0
0x
95F4
0x
95F8
0x
95FC
0x
9600
0x
9604
0x
9608
0x
960C
0x
9610
0x
9614
0x
9618
0x
961C
0x
9620
0x
968C
0x
9690
0x
9694
0x
9698
0x
969C
0x
96A0
0x
96A4
0x
96A8
0x
96AC
0x
96B0
0x
96B4
0x
96B8
0x
96BC
0x
96C0
0x
96C4
0x
96C8
0x
973C
0x
9740
0x
9744
0x
9748
0x
974C
0x
9750
0x
9754
0x
9758
0x
975C
0x
9760
0x
9764
0x
9768
0x
976C
0x
97E0
0x
97E4
0x
97E8
0x
97EC
0x
97F0
0x
97F4
0x
97F8
0x
97FC
0x
9804
0x
9808
0x
980C
0x
9810
0x
9814
0x
9818
0x
981C
0x
9820
0x
9824
0x
9828
0x
982C
0x
9830
0x
9834
0x
9894
0x
9898
0x
989C
0x
98A0
0x
98A4
0x
98A8
0x
98AC
0x
98B0
0x
98B4
0x
98B8
0x
98BC
0x
98C0
0x
98C4
0x
9928
0x
9A08
0x
9A0C
0x
9A10
0x
9A14
0x
9A18
0x
9A1C
0x
9A20
0x
9A24
0x
9A28
0x
9A2C
0x
9A30
0x
9A34
0x
9A38
0x
9A3C
0x
9A40
0x
9A44
0x
9A48
0x
9A4C
0x
9A50
0x
9AC4
0x
9AC8
0x
9ACC
0x
9AD0
0x
9AD4
0x
9AD8
0x
9ADC
0x
9AE0
0x
9AE4
0x
9AE8
0x
9AEC
0x
9AF0
0x
9AF4
0x
9AF8
0x
9AFC
0x
9B00
0x
9B04
0x
9B08
0x
9B78
0x
9B7C
0x
9B80
0x
9B84
0x
9B88
0x
9B8C
0x
9B90
0x
9B94
0x
9B98
0x
9B9C
0x
9BA0
0x
9BA4
0x
9BA8
0x
9BAC
0x
9BB0
0x
9BB4
0x
9BB8
0x
9BBC
0x
9BC0
0x
9C3C
0x
9C40
0x
9C44
0x
9C48
0x
9C4C
0x
9C50
0x
9C54
0x
9C58
0x
9C5C
0x
9C60
0x
9C64
0x
9C68
0x
9C6C
0x
9C70
0x
9C74
0x
9C78
0x
9C7C
0x
9C80
0x
9CF8
0x
9CFC
0x
9D00
0x
9D04
0x
9D08
0x
9D0C
0x
9D10
0x
9D14
0x
9D18
0x
9D1C
0x
9D20
0x
9D24
0x
9D28
0x
9D2C
0x
9DE4
0x
9DE8
0x
9DEC
0x
9DF0
0x
9DF4
0x
9DF8
0x
9DFC
0x
9E00
0x
9E04
0x
9E08
0x
9E0C
0x
9E10
0x
9E14
0x
9E18
0x
9E1C
0x
9E20
0x
9E24
0x
9E28
0x
9E2C
0x
9E30
0x
9E34
0x
9E38
0x
9E3C
0x
9E40
0x
9E44
0x
9E48
0x
9E4C
0x
9E50
0x
9E54
0x
9E8C
0x
9E90
0x
9E94
0x
9E98
0x
9E9C
0x
9EA0
0x
9EA4
0x
9EA8
0x
9EAC
0x
9EB0
0x
9EB4
0x
9EB8
0x
9EBC
0x
9EC0
0x
9EC4
0x
9EC8
0x
9ECC
0x
9ED0
0x
9ED4
0x
9ED8
0x
9EDC
0x
9EE0
0x
9EE4
0x
9EE8
0x
9EEC
0x
9EF0
0x
9F40
0x
9F44
0x
9F48
0x
9F4C
0x
9F50
0x
9F54
0x
9F58
0x
9F5C
0x
9F60
0x
9F64
0x
9F68
0x
9F6C
0x
9F70
0x
9F74
0x
9F78
0x
9F7C
0x
9F80
0x
9F84
0x
9F88
0x
9F8C
0x
9F90
0x
9F94
0x
9F98
0x
9F9C
0x
9FA0
0x
9FA4
0x
9FF4
0x
9FF8
0x
9FFC
0x
9EF0
0x
A004
0x
A008
0x
A00C
0x
A010
0x
A014
0x
A018
0x
A01C
0x
A020
0x
A024
0x
A028
0x
A02C
0x
A030
0x
A034
0x
A038
0x
A03C
0x
A040
0x
A044
0x
A048
0x
A04C
0x
A050
0x
A054
0x
A058
0x
A05C
0x
A060
0x
A064
0x
A068
0x
A06C
0x
A070
0x
A0DC
0x
A0E0
0x
A0E4
0x
A0E8
0x
A0EC
0x
A0F0
0x
A0F4
0x
A0F8
0x
A0FC
0x
A100
0x
A104
0x
A108
0x
A10C
0x
A110
0x
A114
0x
A118
0x
A11C
0x
A120
0x
A124
0x
A128
0x
A12C
0x
A130
0x
A134
0x
A138
0x
A13C
0x
A140
0x
A144
0x
A148
0x
A14C
0x
A150
0x
A154
0x
A158
0x
A15C
0x
A160
0x
A164
0x
A180
0x
A184
0x
A188
0x
A18C
0x
A190
0x
A194
0x
A198
0x
A19C
0x
A1A0
0x
A1A4
0x
A1A8
0x
A1AC
0x
A1B0
0x
A1B4
0x
A1B8
0x
A1BC
0x
A1C0
0x
A1C4
0x
A1C8
0x
A1CC
0x
A1D0
0x
A1D4
0x
A1D8
0x
A1DC
0x
A1E0
0x
A1E4
0x
A1E8
0x
A1EC
0x
A1F0
0x
A1F4
0x
A1F8
0x
A1FC
0x
A200
0x
A204
0x
A208
0x
A20C
0x
A210
0x
A214
0x
A218
0x
A21C
0x
A220
0x
A224
0x
A228
0x
A22C
0x
A230
0x
A234
0x
A238
0x
A23C
0x
A240
0x
A244
0x
A248
0x
A24C
0x
A250
0x
A254
0x
A258
0x
A25C
0x
A260
0x
A264
0x
A2B4
0x
A2B8
0x
A2BC
0x
A2C0
0x
A2C4
0x
A2C8
0x
A2CC
0x
A2D0
0x
A2D4
0x
A2D8
0x
A2DC
0x
A2E0
0x
A2E4
0x
A2E8
0x
A2EC
0x
A2F0
0x
A2F4
0x
A2F8
0x
A2FC
0x
A300
0x
A304
0x
A308
0x
A30C
0x
A310
0x
A314
0x
A318
0x
A31C
0x
A320
0x
A324
0x
A328
0x
A3A4
0x
A3A8
0x
A3AC
0x
A3B0
0x
A3B4
0x
A3B8
0x
A3BC
0x
A3C0
0x
A3C4
0x
A3C8
0x
A3CC
0x
A3D0
0x
A3D4
0x
A3D8
0x
A3DC
0x
A3E0
0x
A3E4
0x
A3E8
0x
A3EC
0x
A3F0
0x
A3F4
0x
A3F8
0x
A3FC
0x
7EC
0x
574
0x
614
0x
684
0x
A078
0x
A2B0
0x
A404
0x
A408
0x
A40C
0x
A410
0x
A414
0x
A490
0x
A494
0x
A498
0x
A49C
0x
A4A0
0x
A4A4
0x
A4A8
0x
A4AC
0x
A4B0
0x
A4B4
0x
A4B8
0x
A4BC
0x
A4C0
0x
A4C4
0x
A4C8
0x
A4CC
0x
A4D0
0x
A4D4
0x
A4D8
0x
A4DC
0x
A4E0
0x
A4E4
0x
A4E8
0x
A4EC
0x
A4F0
0x
A4F4
0x
A4F8
0x
A4FC
0x
A500
0x
A504
0x
A508
0x
A50C
0x
A510
0x
A574
0x
A578
0x
A57C
0x
A580
0x
A584
0x
A588
0x
A58C
0x
A590
0x
A594
0x
A598
0x
A59C
0x
A5A0
0x
A5A4
0x
A5A8
0x
A5AC
0x
A5B0
0x
A5B4
0x
A5B8
0x
A5BC
0x
A5C0
0x
A5C4
0x
A5C8
0x
A5CC
0x
A5D0
0x
A5D4
0x
A5D8
0x
A5DC
0x
A5E0
0x
A5E4
0x
A5E8
0x
A5EC
0x
A5F0
0x
A5F4
0x
A5F8
0x
A5FC
0x
A690
0x
A694
0x
A698
0x
A69C
0x
A6A0
0x
A6A4
0x
A6A8
0x
A6AC
0x
A6B0
0x
A6B4
0x
A6B8
0x
A6BC
0x
A6C0
0x
A6C4
0x
A6C8
0x
A6CC
0x
A6D0
0x
A6D4
0x
A6D8
0x
A6DC
0x
A6E0
0x
A6E4
0x
A6E8
0x
A6EC
0x
A6F0
0x
A6F4
0x
A6F8
0x
A6FC
0x
A700
0x
A704
0x
A708
0x
A70C
0x
A710
0x
A714
0x
A718
0x
A71C
0x
A7B8
0x
A7BC
0x
A7C0
0x
A7C4
0x
A7C8
0x
A7CC
0x
A7D0
0x
A7D4
0x
A7D8
0x
A7DC
0x
A7E0
0x
A7E4
0x
A7E8
0x
A7EC
0x
A7F0
0x
A7F4
0x
A7F8
0x
A7FC
0x
A48C
0x
A804
0x
A808
0x
A80C
0x
A810
0x
A814
0x
A818
0x
A81C
0x
A820
0x
A824
0x
A828
0x
A82C
0x
A830
0x
A834
0x
A8B8
0x
A8BC
0x
A8C0
0x
A8C4
0x
A8C8
0x
A8CC
0x
A8D0
0x
A8D4
0x
A8D8
0x
A8DC
0x
A8E0
0x
A8E4
0x
A8E8
0x
A8EC
0x
A8F0
0x
A8F4
0x
A98C
0x
A990
0x
A994
0x
A998
0x
A99C
0x
A9A0
0x
A9A4
0x
A9A8
0x
A9AC
0x
A9B0
0x
A9B4
0x
A9B8
0x
A9BC
0x
A9C0
0x
A9C4
0x
A9C8
0x
A9CC
0x
A9D0
0x
AA68
0x
AA6C
0x
AA70
0x
AA74
0x
AA78
0x
AA7C
0x
AA80
0x
AA84
0x
AA88
0x
AA8C
0x
AA90
0x
AA94
0x
AA98
0x
AA9C
0x
AAA0
0x
AAA4
0x
AB28
0x
AB2C
0x
AB30
0x
AB34
0x
AB38
0x
AB3C
0x
AB40
0x
AB44
0x
AB48
0x
AB4C
0x
AB50
0x
AB54
0x
AB58
0x
AB5C
0x
AB60
0x
AB64
0x
AB68
0x
AB6C
0x
AB70
0x
AB74
0x
AB78
0x
ABF4
0x
ABF8
0x
ABFC
0x
A570
0x
A56C
0x
A2AC
0x
9FAC
0x
9FA8
0x
A484
0x
A074
0x
AC04
0x
AC08
0x
AC0C
0x
AC10
0x
AC14
0x
AC18
0x
AC1C
0x
AC20
0x
AC24
0x
ACA8
0x
ACAC
0x
ACB0
0x
ADA8
0x
ADAC
0x
ADB0
0x
ADB4
0x
ADB8
0x
ADBC
0x
ADC0
0x
ADC4
0x
ADC8
0x
ADCC
0x
ADD0
0x
ADD4
0x
ADD8
0x
ADDC
0x
ADE0
0x
AE50
0x
AE54
0x
AE58
0x
AE5C
0x
AE60
0x
AE64
0x
AE68
0x
AE6C
0x
AE70
0x
AE74
0x
AE78
0x
AE7C
0x
AE80
0x
AE84
0x
AE88
0x
AE8C
0x
AE90
0x
AE94
0x
AE98
0x
AE9C
0x
AEA0
0x
AEA4
0x
AEA8
0x
AF20
0x
AF24
0x
AF28
0x
AF2C
0x
AF30
0x
AF34
0x
AF38
0x
AF3C
0x
AF40
0x
AF44
0x
AF48
0x
AF4C
0x
AF50
0x
AF54
0x
AF58
0x
AF5C
0x
AF60
0x
AF64
0x
AFCC
0x
AFD0
0x
AFD4
0x
AFD8
0x
AFDC
0x
AFE0
0x
AFE4
0x
AFE8
0x
AFEC
0x
AFF0
0x
AFF4
0x
AFF8
0x
AFFC
0x
AC2C
0x
AB7C
0x
AC28
0x
A3A0
0x
A39C
0x
A7B4
0x
A488
0x
ADA4
0x
B004
0x
B008
0x
B00C
0x
B010
0x
B014
0x
B018
0x
B044
0x
B048
0x
B04C
0x
B050
0x
B054
0x
B058
0x
B05C
0x
B060
0x
B064
0x
B068
0x
B06C
0x
B070
0x
B074
0x
B078
0x
B07C
0x
B080
0x
B084
0x
B088
0x
B08C
0x
B090
0x
B094
0x
B098
0x
B09C
0x
B0A0
0x
B0A4
0x
B0A8
0x
B0AC
0x
B0B8
0x
B0BC
0x
B0C0
0x
B0C4
0x
B0C8
0x
B0CC
0x
B0D0
0x
B0D4
0x
B0D8
0x
B0DC
0x
B0E0
0x
B0E4
0x
B0E8
0x
B0EC
0x
B0F0
0x
B0F4
0x
B0F8
0x
B0FC
0x
B100
0x
B104
0x
B108
0x
B10C
0x
B110
0x
B114
0x
B118
0x
B11C
0x
B120
0x
B124
0x
B128
0x
B178
0x
B17C
0x
B180
0x
B184
0x
B188
0x
B18C
0x
B190
0x
B194
0x
B198
0x
B19C
0x
B1A0
0x
B1A4
0x
B1A8
0x
B1AC
0x
B1B0
0x
B1B4
0x
B1B8
0x
B1BC
0x
B1C0
0x
B1C4
0x
B1C8
0x
B1CC
0x
B1D0
0x
B1D4
0x
B1D8
0x
B1DC
0x
B1E0
0x
B1E4
0x
B1E8
0x
B1EC
0x
B1F0
0x
B1F4
0x
B1F8
0x
B1FC
0x
B200
0x
B204
0x
B208
0x
B20C
0x
B210
0x
B214
0x
B218
0x
B21C
0x
B220
0x
B224
0x
B228
0x
B22C
0x
B230
0x
B234
0x
B238
0x
B23C
0x
B240
0x
B244
0x
B248
0x
B24C
0x
B250
0x
B254
0x
B258
0x
B25C
0x
B260
0x
B264
0x
B268
0x
B26C
0x
B270
0x
B274
0x
B278
0x
B27C
0x
B280
0x
B284
0x
B288
0x
B28C
0x
B290
0x
B294
0x
B298
0x
B29C
0x
B2A0
0x
B2A4
0x
B2A8
0x
B2AC
0x
B2B0
0x
B2B4
0x
B2B8
0x
B2BC
0x
B2C0
0x
B2C4
0x
B2C8
0x
B2CC
0x
B2D0
0x
B2D4
0x
B2D8
0x
B2DC
0x
B2E0
0x
B2E4
0x
B2E8
0x
B2EC
0x
B2F0
0x
B2F4
0x
B2F8
0x
B2FC
0x
B300
0x
B304
0x
B308
0x
B30C
0x
B310
0x
B314
0x
B318
0x
B31C
0x
B320
0x
B324
0x
B328
0x
B32C
0x
B330
0x
B334
0x
B338
0x
B384
0x
B388
0x
B38C
0x
B390
0x
B394
0x
B398
0x
B39C
0x
B3A0
0x
B3A4
0x
B3A8
0x
B3AC
0x
B3B0
0x
B3B4
0x
B3B8
0x
B3BC
0x
B3C0
0x
B3C4
0x
B3C8
0x
B3CC
0x
B3D0
0x
B3D4
0x
B3D8
0x
B3DC
0x
B3E0
0x
B3E4
0x
B3E8
0x
B3EC
0x
B3F0
0x
B3F4
0x
B3F8
0x
B3FC
0x
344
0x
1D8C
0x
B020
0x
B01C
0x
ACA4
0x
AD2C
0x
AD28
0x
AEAC
0x
ADA0
0x
B404
0x
B408
0x
B40C
0x
B410
0x
B414
0x
B418
0x
B41C
0x
B420
0x
B424
0x
B428
0x
B42C
0x
B430
0x
B434
0x
B438
0x
B43C
0x
B440
0x
B444
0x
B448
0x
B44C
0x
B450
0x
B454
0x
B458
0x
B45C
0x
B460
0x
B464
0x
B468
0x
B46C
0x
B470
0x
B474
0x
B478
0x
B47C
0x
B480
0x
B484
0x
B488
0x
B48C
0x
B490
0x
B494
0x
B498
0x
B49C
0x
B4E8
0x
B4EC
0x
B4F0
0x
B4F4
0x
B4F8
0x
B4FC
0x
B500
0x
B504
0x
B508
0x
B50C
0x
B510
0x
B514
0x
B518
0x
B51C
0x
B520
0x
B524
0x
B528
0x
B52C
0x
B530
0x
B534
0x
B538
0x
B53C
0x
B540
0x
B544
0x
B548
0x
B54C
0x
B550
0x
B554
0x
B558
0x
B55C
0x
B560
0x
B564
0x
B568
0x
B56C
0x
B570
0x
B574
0x
B578
0x
B57C
0x
B580
0x
B584
0x
B588
0x
B58C
0x
B590
0x
B594
0x
B598
0x
B59C
0x
B5A0
0x
B5A4
0x
B5A8
0x
B5AC
0x
B5B0
0x
B5B4
0x
B5B8
0x
B5BC
0x
B5C0
0x
B5C4
0x
B5C8
0x
B5CC
0x
B5D0
0x
B5D4
0x
B5D8
0x
B5DC
0x
B5E0
0x
B5E4
0x
B5E8
0x
B5EC
0x
B5F0
0x
B5F4
0x
B5F8
0x
B5FC
0x
B600
0x
B604
0x
B608
0x
B60C
0x
B610
0x
B614
0x
B618
0x
B61C
0x
B620
0x
B624
0x
B628
0x
B62C
0x
B630
0x
B634
0x
B638
0x
B63C
0x
B640
0x
B644
0x
B648
0x
B64C
0x
B650
0x
B654
0x
B658
0x
B65C
0x
B660
0x
B664
0x
B668
0x
B66C
0x
B670
0x
B674
0x
B678
0x
B67C
0x
B680
0x
B684
0x
B688
0x
B68C
0x
B690
0x
B694
0x
B698
0x
B69C
0x
B6A0
0x
B6A4
0x
B6A8
0x
B6AC
0x
B6B0
0x
B6B4
0x
B6B8
0x
B6BC
0x
B6C0
0x
B6C4
0x
B6C8
0x
B6CC
0x
B6D0
0x
B6D4
0x
B6D8
0x
B6DC
0x
B6E0
0x
B6E4
0x
B6E8
0x
B6EC
0x
B6F0
0x
B6F4
0x
B6F8
0x
B6FC
0x
B700
0x
B704
0x
B708
0x
B70C
0x
B710
0x
B714
0x
B718
0x
B71C
0x
B720
0x
B724
0x
B728
0x
B72C
0x
B730
0x
B734
0x
B738
0x
B73C
0x
B740
0x
B744
0x
B748
0x
B74C
0x
B750
0x
B754
0x
B758
0x
B75C
0x
B760
0x
B764
0x
B768
0x
B76C
0x
B770
0x
B774
0x
B778
0x
B77C
0x
B780
0x
B784
0x
B788
0x
B78C
0x
B790
0x
B794
0x
B798
0x
B79C
0x
B7A0
0x
B7A4
0x
B7A8
0x
B7AC
0x
B7B0
0x
B7B4
0x
B7B8
0x
B7BC
0x
B7C0
0x
B7C4
0x
B7C8
0x
B7CC
0x
B7D0
0x
B7D4
0x
B7D8
0x
B7DC
0x
B7E0
0x
B7E4
0x
B7E8
0x
B7EC
0x
B7F0
0x
B7F4
0x
B7F8
0x
B7FC
0x
704
0x
B804
0x
B808
0x
B80C
0x
B810
0x
B814
0x
B818
0x
B81C
0x
B820
0x
B824
0x
B828
0x
B82C
0x
B830
0x
B834
0x
B838
0x
B83C
0x
B840
0x
B844
0x
B848
0x
B84C
0x
B850
0x
B854
0x
B858
0x
B85C
0x
B860
0x
B864
0x
B868
0x
B86C
0x
B870
0x
B874
0x
B878
0x
B87C
0x
B880
0x
B884
0x
B888
0x
B88C
0x
B96C
0x
B970
0x
B974
0x
B978
0x
B97C
0x
B980
0x
B984
0x
B988
0x
B98C
0x
B990
0x
B994
0x
B998
0x
B99C
0x
B9A0
0x
B9A4
0x
B9A8
0x
B9AC
0x
B9B0
0x
B9B4
0x
B9B8
0x
B9BC
0x
B9C0
0x
B9C4
0x
B9C8
0x
B9CC
0x
B9D0
0x
B9D4
0x
B9D8
0x
B9DC
0x
B9E0
0x
B9E4
0x
B9E8
0x
B9EC
0x
B9F0
0x
B9F4
0x
B9F8
0x
B9FC
0x
BA00
0x
BA04
0x
BA08
0x
BA0C
0x
BA10
0x
BA14
0x
BA18
0x
BA1C
0x
BA20
0x
BA24
0x
BA28
0x
BA2C
0x
BA30
0x
BA34
0x
BA38
0x
BA3C
0x
BA40
0x
BA44
0x
BA48
0x
BA98
0x
BA9C
0x
BAA0
0x
BAA4
0x
BAA8
0x
BAAC
0x
BAB0
0x
BAB4
0x
BAB8
0x
BABC
0x
BAC0
0x
BAC4
0x
BAC8
0x
BACC
0x
BAD0
0x
BAD4
0x
BB3C
0x
BB40
0x
BB44
0x
BB48
0x
BB4C
0x
BB50
0x
BB54
0x
BB58
0x
BB5C
0x
BB60
0x
BB64
0x
BB68
0x
BB6C
0x
BB70
0x
BB74
0x
BB78
0x
BBD8
0x
BBDC
0x
BBE0
0x
BBE4
0x
BBE8
0x
BBEC
0x
BBF0
0x
BBF4
0x
BA88
0x
BA7C
0x
BA84
0x
BA50
0x
BA4C
0x
BA64
0x
BA54
0x
BA94
0x
BA8C
0x
BA74
0x
2FA4
0x
2FD0
0x
BBF8
0x
BA5C
0x
BA78
0x
BA60
0x
5854
0x
884
0x
BC0C
0x
BC14
0x
BC1C
0x
BC24
0x
BC2C
0x
BC34
0x
BC3C
0x
BC44
0x
BC4C
0x
BC54
0x
BC60
0x
BC64
0x
BC70
0x
BC74
0x
BC78
0x
BC7C
0x
BC80
0x
BC84
0x
BC88
0x
BC8C
0x
BC90
0x
BC94
0x
BC98
0x
BC9C
0x
BCA0
0x
BCA4
0x
BCA8
0x
BCAC
0x
BCB0
0x
BCB4
0x
BCB8
0x
BCBC
0x
BCC0
0x
BCC4
0x
BCC8
0x
BCCC
0x
BCD0
0x
BCD4
0x
BCE8
0x
BCFC
0x
BD00
0x
BD04
0x
BD08
0x
BD0C
0x
BD10
0x
BD14
0x
BD18
0x
BD1C
0x
BD20
0x
BD24
0x
BD28
0x
BD2C
0x
BD30
0x
BD34
0x
BD38
0x
BD3C
0x
BD40
0x
BD44
0x
BD48
0x
BD4C
0x
BD7C
0x
BD80
0x
BD84
0x
BD88
0x
BD8C
0x
BD90
0x
BD94
0x
BD98
0x
BD9C
0x
BDA0
0x
BDA4
0x
BDA8
0x
BDB4
0x
BDB8
0x
BDBC
0x
BDC0
0x
BDC4
0x
BDC8
0x
BDCC
0x
BDD0
0x
BDD4
0x
BDD8
0x
BDDC
0x
BDE0
0x
BDE4
0x
BDE8
0x
BDEC
0x
BDF0
0x
BDF4
0x
BDF8
0x
BDFC
0x
BE00
0x
BE04
0x
BE08
0x
BE0C
0x
BE10
0x
BE14
0x
BE18
0x
BE1C
0x
BE20
0x
BE24
0x
BE28
0x
BE2C
0x
BE30
0x
BE34
0x
BE38
0x
BE3C
0x
BE40
0x
BE44
0x
BE48
0x
BE4C
0x
BE50
0x
BE54
0x
BE58
0x
BE5C
0x
BE60
0x
BE64
0x
BE68
0x
BE6C
0x
BE70
0x
BF68
0x
BF6C
0x
BF70
0x
BF74
0x
BF78
0x
BF7C
0x
BF80
0x
BF84
0x
BF88
0x
BF8C
0x
BF90
0x
BF94
0x
BF98
0x
BF9C
0x
BFA0
0x
BFA4
0x
BFA8
0x
BFAC
0x
BFB0
0x
BFB4
0x
BFB8
0x
BFBC
0x
BFC0
0x
BFC4
0x
BFC8
0x
BFD0
0x
BFD4
0x
BFD8
0x
BFDC
0x
BFE0
0x
BFE4
0x
BFE8
0x
C02C
0x
C030
0x
C034
0x
C038
0x
C03C
0x
C040
0x
C044
0x
C048
0x
C04C
0x
C050
0x
C054
0x
C058
0x
C05C
0x
C060
0x
C064
0x
C068
0x
C06C
0x
C070
0x
C074
0x
C078
0x
C07C
0x
C080
0x
C084
0x
C088
0x
C08C
0x
C144
0x
C148
0x
C14C
0x
C150
0x
C154
0x
C158
0x
C15C
0x
C160
0x
C164
0x
C168
0x
C16C
0x
C170
0x
C174
0x
C178
0x
C17C
0x
C180
0x
C184
0x
C188
0x
C18C
0x
C190
0x
C194
0x
C198
0x
C19C
0x
C1A0
0x
C1A4
0x
C1A8
0x
C1AC
0x
C1B0
0x
C1B4
0x
C1B8
0x
C1BC
0x
C1C0
0x
C1C4
0x
C1C8
0x
C1CC
0x
C1D0
0x
C1D4
0x
C1D8
0x
C1DC
0x
C1E0
0x
C1E4
0x
C1E8
0x
C1EC
0x
C1F0
0x
C1F8
0x
C1FC
0x
C2BC
0x
C2C0
0x
C2C4
0x
C2C8
0x
C2D0
0x
C2D4
0x
C2D8
0x
C2DC
0x
C2E0
0x
C2E4
0x
C2E8
0x
C2EC
0x
C2F0
0x
C2F4
0x
C2F8
0x
C2FC
0x
C300
0x
C304
0x
C308
0x
C314
0x
C318
0x
C31C
0x
C320
0x
C324
0x
C328
0x
C32C
0x
C330
0x
C334
0x
C338
0x
C33C
0x
C340
0x
C344
0x
C348
0x
C34C
0x
C350
0x
C354
0x
C358
0x
C35C
0x
C360
0x
C364
0x
C368
0x
C36C
0x
C370
0x
C374
0x
C378
0x
C37C
0x
C380
0x
C384
0x
C388
0x
C38C
0x
C390
0x
C394
0x
C398
0x
C39C
0x
C3A0
0x
C3A4
0x
C3A8
0x
C3AC
0x
C3B0
0x
C3B4
0x
C3B8
0x
C3C0
0x
C3C4
0x
C3C8
0x
C3CC
0x
C3D0
0x
C3D4
0x
C3D8
0x
C3DC
0x
C3E0
0x
C3E4
0x
C3E8
0x
C3EC
0x
C3F0
0x
C3F4
0x
C3F8
0x
C420
0x
C424
0x
C428
0x
C42C
0x
C558
0x
C55C
0x
C560
0x
C564
0x
C568
0x
C56C
0x
C570
0x
C574
0x
C578
0x
C57C
0x
C580
0x
C584
0x
C588
0x
C58C
0x
C590
0x
C5B8
0x
C5BC
0x
C5C0
0x
C5C4
0x
C5C8
0x
C5CC
0x
C5D0
0x
C5D4
0x
C5D8
0x
C5DC
0x
C5E0
0x
C5E4
0x
C5E8
0x
C5EC
0x
C5F0
0x
C5F4
0x
C650
0x
C654
0x
C658
0x
C724
0x
C728
0x
C72C
0x
C730
0x
C734
0x
C738
0x
C73C
0x
C740
0x
C744
0x
C748
0x
C74C
0x
C750
0x
C754
0x
C758
0x
C75C
0x
C760
0x
C764
0x
C768
0x
C76C
0x
C770
0x
C774
0x
C778
0x
C77C
0x
C780
0x
C784
0x
C788
0x
C78C
0x
C790
0x
C794
0x
C798
0x
C79C
0x
C7DC
0x
C7E0
0x
C7E4
0x
C7E8
0x
C844
0x
C848
0x
C84C
0x
C850
0x
C948
0x
C94C
0x
C950
0x
C954
0x
C958
0x
C95C
0x
C960
0x
C964
0x
C968
0x
C96C
0x
C970
0x
C974
0x
C978
0x
C97C
0x
C980
0x
C984
0x
C988
0x
C98C
0x
C990
0x
C994
0x
C998
0x
C99C
0x
C9A0
0x
C9D0
0x
C9D4
0x
C9D8
0x
C9DC
0x
C9E0
0x
C9E4
0x
C9E8
0x
C9EC
0x
C9F0
0x
C9F4
0x
C9F8
0x
C9FC
0x
CA00
0x
CA04
0x
CA3C
0x
CA40
0x
CA44
0x
CA48
0x
CA4C
0x
CA50
0x
CA54
0x
CA58
0x
CA98
0x
CA9C
0x
CAA0
0x
CAA4
0x
CAA8
0x
CAAC
0x
CAB0
0x
CAB4
0x
CAB8
0x
CABC
0x
CAC0
0x
CAC4
0x
CAC8
0x
CB20
0x
CB24
0x
CB28
0x
CB2C
0x
CB30
0x
CB34
0x
CB38
0x
CB3C
0x
CB40
0x
CB44
0x
CB48
0x
CB6C
0x
CB70
0x
CB74
0x
CB78
0x
CB7C
0x
CB80
0x
CB84
0x
CBA0
0x
CBA4
0x
CBA8
0x
CBAC
0x
CBB0
0x
CBB4
0x
CBB8
0x
CBBC
0x
CBC0
0x
CBC4
0x
CBC8
0x
CBCC
0x
CBD0
0x
CBD4
0x
CBF0
0x
CBF4
0x
CBF8
0x
CBFC
0x
CA04
0x
CAD0
0x
CC04
0x
CC08
0x
CC0C
0x
CC10
0x
CC64
0x
CC68
0x
CC6C
0x
CC70
0x
CC74
0x
CC78
0x
CC7C
0x
CC80
0x
CC84
0x
CC88
0x
CCE8
0x
CCEC
0x
CCF0
0x
CCF4
0x
CCF8
0x
CCFC
0x
CD00
0x
CD04
0x
CD08
0x
CD0C
0x
CD10
0x
CD14
0x
CD18
0x
CD1C
0x
CD20
0x
CD24
0x
CD28
0x
CD2C
0x
CD30
0x
CD34
0x
CD38
0x
CD3C
0x
CD40
0x
CD44
0x
CD5C
0x
CD60
0x
CD64
0x
CD68
0x
CD6C
0x
CD70
0x
CD74
0x
CD78
0x
CD7C
0x
CDA8
0x
CDAC
0x
CDB0
0x
CDB4
0x
CDB8
0x
CDBC
0x
CDC0
0x
CDF4
0x
CDF8
0x
CDFC
0x
CE00
0x
CE04
0x
CE08
0x
CE0C
0x
CE30
0x
CE34
0x
CE38
0x
CE3C
0x
CE40
0x
CE44
0x
CE48
0x
CE4C
0x
CE50
0x
CE54
0x
CE58
0x
CE5C
0x
CE60
0x
CE64
0x
CE68
0x
CE6C
0x
CE70
0x
CE74
0x
CE90
0x
CE94
0x
CE98
0x
CE9C
0x
CEA0
0x
CEA4
0x
CEA8
0x
CEAC
0x
CEB0
0x
CEB4
0x
CEB8
0x
CEBC
0x
CEC0
0x
CEC4
0x
CEC8
0x
CECC
0x
CED0
0x
CED4
0x
CED8
0x
CEDC
0x
CEE0
0x
CEF8
0x
CEFC
0x
CF00
0x
CF04
0x
CF74
0x
CF78
0x
CF7C
0x
CF80
0x
CF84
0x
CF88
0x
CF8C
0x
CF90
0x
CF94
0x
CF98
0x
CF9C
0x
CFA0
0x
CFA4
0x
CFA8
0x
CFAC
0x
CFB0
0x
CFB4
0x
CFB8
0x
CFBC
0x
CFC0
0x
CFC4
0x
CFC8
0x
CCE4
0x
CC60
0x
CA60
0x
CB9C
0x
D004
0x
D008
0x
D00C
0x
D010
0x
D014
0x
D068
0x
D06C
0x
D070
0x
D074
0x
D078
0x
D07C
0x
D080
0x
D0AC
0x
D0B0
0x
D0B4
0x
D0B8
0x
D0BC
0x
D0C0
0x
D0E0
0x
D0E4
0x
D0E8
0x
D0EC
0x
D0F0
0x
D0F4
0x
D0F8
0x
D0FC
0x
D100
0x
D104
0x
D108
0x
D10C
0x
D110
0x
D114
0x
D118
0x
D11C
0x
D120
0x
D124
0x
D128
0x
D12C
0x
D130
0x
D134
0x
D138
0x
D13C
0x
D140
0x
D170
0x
D174
0x
D178
0x
D17C
0x
D180
0x
D184
0x
D188
0x
D18C
0x
D190
0x
D194
0x
D198
0x
D19C
0x
D1A0
0x
D1A4
0x
D1A8
0x
D1AC
0x
D1DC
0x
D1E0
0x
D1E4
0x
D1E8
0x
D1EC
0x
D1F0
0x
D1F4
0x
D1F8
0x
D1FC
0x
D200
0x
D204
0x
D208
0x
D20C
0x
D210
0x
D214
0x
D218
0x
D21C
0x
D220
0x
D24C
0x
D250
0x
D254
0x
D258
0x
D25C
0x
D260
0x
D264
0x
D268
0x
D26C
0x
D270
0x
D2C8
0x
D2CC
0x
D2D0
0x
D2D4
0x
D2D8
0x
D304
0x
D308
0x
D30C
0x
D310
0x
D314
0x
D318
0x
D31C
0x
D320
0x
D324
0x
D328
0x
D33C
0x
D340
0x
D344
0x
D348
0x
D34C
0x
D350
0x
D354
0x
D358
0x
D35C
0x
D360
0x
D364
0x
D368
0x
D36C
0x
D370
0x
D37C
0x
D380
0x
D384
0x
D388
0x
D38C
0x
D390
0x
D394
0x
D398
0x
C7D4
0x
C7CC
0x
C530
0x
C528
0x
C5A8
0x
C594
0x
CCE0
0x
CA5C
0x
CACC
0x
D404
0x
D408
0x
D40C
0x
D410
0x
D414
0x
D418
0x
D41C
0x
D420
0x
D424
0x
D428
0x
D470
0x
D474
0x
D478
0x
D47C
0x
D480
0x
D484
0x
D488
0x
D48C
0x
D490
0x
D494
0x
D498
0x
D49C
0x
D4A0
0x
D4A4
0x
D524
0x
D528
0x
D52C
0x
D530
0x
D534
0x
D538
0x
D574
0x
D578
0x
D57C
0x
D580
0x
D584
0x
D588
0x
D58C
0x
D590
0x
D594
0x
D598
0x
D59C
0x
D5A0
0x
D5A4
0x
D5FC
0x
D600
0x
D604
0x
D608
0x
D60C
0x
D610
0x
D614
0x
D618
0x
D61C
0x
D620
0x
D624
0x
D628
0x
D62C
0x
D630
0x
D634
0x
D638
0x
D63C
0x
D640
0x
D644
0x
D648
0x
D64C
0x
D650
0x
D654
0x
D6BC
0x
D6C0
0x
D6C4
0x
D6C8
0x
D6CC
0x
D6D0
0x
D6D4
0x
D6D8
0x
D6DC
0x
D6E0
0x
D6E4
0x
D6E8
0x
D6EC
0x
D6F0
0x
D768
0x
D76C
0x
D770
0x
D774
0x
D778
0x
D77C
0x
D780
0x
D784
0x
D788
0x
D78C
0x
D790
0x
D794
0x
D798
0x
D79C
0x
D7A0
0x
D7A4
0x
D7A8
0x
D7AC
0x
D7B0
0x
D7B4
0x
D818
0x
D81C
0x
D820
0x
D824
0x
D828
0x
D82C
0x
D830
0x
D834
0x
D838
0x
D83C
0x
D840
0x
D844
0x
D8B0
0x
D8B4
0x
D8B8
0x
D8BC
0x
D8C0
0x
D8C4
0x
D8C8
0x
D8CC
0x
D8D0
0x
D8D4
0x
D8D8
0x
D8DC
0x
D8E0
0x
D8E4
0x
D8E8
0x
D8EC
0x
D8F0
0x
D8F4
0x
D95C
0x
D960
0x
D964
0x
D968
0x
D96C
0x
D970
0x
D974
0x
D978
0x
D97C
0x
D980
0x
D984
0x
D988
0x
D98C
0x
D990
0x
D994
0x
D998
0x
D99C
0x
D9A0
0x
D9A4
0x
D9A8
0x
D9AC
0x
D9B0
0x
D9B4
0x
D9B8
0x
DA28
0x
DA2C
0x
DA30
0x
DA34
0x
DA38
0x
DA3C
0x
DA40
0x
DA44
0x
DA48
0x
DA4C
0x
DA50
0x
DA54
0x
DA58
0x
DA5C
0x
DA60
0x
DA64
0x
DA68
0x
DA6C
0x
DA70
0x
DA74
0x
DA78
0x
DA7C
0x
DA80
0x
DA84
0x
DA88
0x
DA8C
0x
DB04
0x
DB08
0x
DB0C
0x
DB10
0x
DB14
0x
DB18
0x
DB1C
0x
DB20
0x
DB24
0x
DB28
0x
DB2C
0x
DB30
0x
DB34
0x
DB38
0x
DB3C
0x
DB40
0x
DB44
0x
DB48
0x
DB4C
0x
DB50
0x
DB54
0x
DB58
0x
DB5C
0x
DB60
0x
DBD0
0x
DBD4
0x
DBD8
0x
DBDC
0x
DBE0
0x
DBE4
0x
DBE8
0x
DBEC
0x
DBF0
0x
DBF4
0x
DBF8
0x
DBFC
0x
D65C
0x
D658
0x
D3FC
0x
D5A8
0x
D3F8
0x
D570
0x
D42C
0x
D814
0x
DC04
0x
DC08
0x
DC80
0x
DC84
0x
DC88
0x
DC8C
0x
DC90
0x
DC94
0x
DC98
0x
DC9C
0x
DCA0
0x
DCA4
0x
DCA8
0x
DCAC
0x
DCB0
0x
DCB4
0x
DCB8
0x
DCBC
0x
DCC0
0x
DCC4
0x
DCC8
0x
DCCC
0x
DCD0
0x
DCD4
0x
DCD8
0x
DCDC
0x
DCE0
0x
DD54
0x
DD58
0x
DD5C
0x
DD60
0x
DD64
0x
DD68
0x
DD6C
0x
DD70
0x
DD74
0x
DD78
0x
DD7C
0x
DD80
0x
DD84
0x
DD88
0x
DD8C
0x
DD90
0x
DD94
0x
DD98
0x
DD9C
0x
DDA0
0x
DDA4
0x
DDA8
0x
DDAC
0x
DDB0
0x
DDB4
0x
DDB8
0x
DE2C
0x
DE30
0x
DE34
0x
DE38
0x
DE3C
0x
DE40
0x
DE44
0x
DE48
0x
DE4C
0x
DE50
0x
DE54
0x
DE58
0x
DE5C
0x
DE60
0x
DE64
0x
DE68
0x
DE6C
0x
DE70
0x
DE74
0x
DE78
0x
DE7C
0x
DE80
0x
DE84
0x
DE88
0x
DE8C
0x
DEF0
0x
DEF4
0x
DEF8
0x
DEFC
0x
DF00
0x
DF04
0x
DF08
0x
DF0C
0x
DF10
0x
DF14
0x
DF18
0x
DF1C
0x
DF20
0x
DF24
0x
DF28
0x
DF2C
0x
DF30
0x
DF34
0x
DF38
0x
DF3C
0x
DF40
0x
DF44
0x
DF48
0x
DF4C
0x
DFBC
0x
DFC0
0x
DFC4
0x
DFC8
0x
DFCC
0x
DFD0
0x
DFD4
0x
DFD8
0x
DFDC
0x
DFE0
0x
DFE4
0x
DFE8
0x
DFEC
0x
DFF0
0x
DFF4
0x
DFF8
0x
DFFC
0x
640
0x
61C
0x
DC7C
0x
2B4
0x
55C
0x
7D0
0x
6A98
0x
974
0x
40C
0x
DE28
0x
E054
0x
E058
0x
E05C
0x
E060
0x
E064
0x
E068
0x
E06C
0x
E070
0x
E074
0x
E078
0x
E07C
0x
E080
0x
E084
0x
E088
0x
E08C
0x
E090
0x
E094
0x
E098
0x
E09C
0x
E0A0
0x
E0A4
0x
E0A8
0x
E0AC
0x
E0B0
0x
E0B4
0x
E120
0x
E124
0x
E128
0x
E12C
0x
E130
0x
E134
0x
E138
0x
E13C
0x
E140
0x
E144
0x
E148
0x
E14C
0x
E150
0x
E154
0x
E158
0x
E15C
0x
E160
0x
E164
0x
E168
0x
E16C
0x
E170
0x
E174
0x
E178
0x
E17C
0x
E180
0x
E184
0x
E1DC
0x
E1E0
0x
E1E4
0x
E1E8
0x
E1EC
0x
E1F0
0x
E1F4
0x
E1F8
0x
E1FC
0x
E200
0x
E204
0x
E208
0x
E20C
0x
E210
0x
E214
0x
E218
0x
E21C
0x
E220
0x
E224
0x
E228
0x
E22C
0x
E230
0x
E234
0x
E238
0x
E23C
0x
E24C
0x
E250
0x
E254
0x
E258
0x
E25C
0x
E260
0x
E264
0x
E268
0x
E26C
0x
E270
0x
E274
0x
E278
0x
E27C
0x
E280
0x
E284
0x
E288
0x
E28C
0x
E290
0x
E294
0x
E298
0x
E29C
0x
E2A0
0x
E2A4
0x
E2A8
0x
E2AC
0x
E2E0
0x
E2E4
0x
E2E8
0x
E2EC
0x
E2F0
0x
E2F4
0x
E2F8
0x
E2FC
0x
E300
0x
E304
0x
E308
0x
E30C
0x
E310
0x
E314
0x
E318
0x
E31C
0x
E320
0x
E324
0x
E328
0x
E32C
0x
E330
0x
E334
0x
E338
0x
E33C
0x
E340
0x
E378
0x
E37C
0x
E380
0x
E384
0x
E388
0x
E38C
0x
E390
0x
E394
0x
E398
0x
E39C
0x
E3A0
0x
E3A4
0x
E3A8
0x
E3AC
0x
E3B0
0x
E3B4
0x
E3B8
0x
E3BC
0x
E3C0
0x
E3C4
0x
E3C8
0x
E3CC
0x
E3D0
0x
E3D4
0x
E3FC
0x
DD50
0x
DE24
0x
D764
0x
D760
0x
DBCC
0x
D810
0x
E404
0x
E408
0x
E40C
0x
E410
0x
E414
0x
E418
0x
E41C
0x
E420
0x
E424
0x
E428
0x
E42C
0x
E430
0x
E434
0x
E438
0x
E43C
0x
E440
0x
E444
0x
E494
0x
E498
0x
E49C
0x
E4A0
0x
E4A4
0x
E4A8
0x
E4AC
0x
E4B0
0x
E4B4
0x
E4B8
0x
E4BC
0x
E4C0
0x
E508
0x
E50C
0x
E510
0x
E514
0x
E518
0x
E51C
0x
E520
0x
E524
0x
E528
0x
E52C
0x
E548
0x
E54C
0x
E550
0x
E554
0x
E558
0x
E55C
0x
E560
0x
E564
0x
E568
0x
E56C
0x
E570
0x
E574
0x
E578
0x
E57C
0x
E580
0x
E584
0x
E588
0x
E58C
0x
E590
0x
E594
0x
E598
0x
E59C
0x
E5A0
0x
E5A4
0x
E5A8
0x
E5AC
0x
E5B0
0x
E5B4
0x
E5B8
0x
E5BC
0x
E5C0
0x
E5C4
0x
E5C8
0x
E5CC
0x
E5D0
0x
E5D4
0x
E5D8
0x
E5DC
0x
E5E0
0x
E5E4
0x
E5E8
0x
E5EC
0x
E5F0
0x
E5F4
0x
E5F8
0x
E5FC
0x
E600
0x
E604
0x
E608
0x
E60C
0x
E610
0x
E614
0x
E618
0x
E61C
0x
E620
0x
E624
0x
E684
0x
E688
0x
E68C
0x
E690
0x
E694
0x
E698
0x
E69C
0x
E6A0
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe | 0xa38 | address = 0x13f612470 |
|
1 |
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA3e3XC[2].png.RYK | 0.58 KB |
MD5:
f7ef239e5078bb661f0c02627b7f2731
SHA1: 39fb7af2262d9e2d6723c6a4fd2f9288a8ef35c7 SHA256: 2931093682c2ae3f5745033bfd83f8b191ee13f8c3aabc18574f8afdf26cc609 SSDeep: 12:4R/kAxlTSAp6SNqt20erli9DafYGLo6UEpaM3Id7yJWWjFFAr:GkQTFnNc20D9DafYf6JpaL9WjO |
|
|
| C:\RyukReadMe.html | 0.61 KB |
MD5:
c9454ce5d55e3af854f51e1f84866d24
SHA1: cddf6063c72a73f84f0cc6734f2464b5cb983a8f SHA256: 17f05a63f4d1f913974e115b740260533bcda57096f72b2a10cde0578903b39a SSDeep: 12:kJlzqUMyTv2/3av2/6bHeIH/GJHbr+OsKXUM:kJlXVTvmKvmwHzbM |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\postmessageRelay[1].htm.RYK | 0.77 KB |
MD5:
110ca1b8093b6aa8c4dc9ba5c99975ce
SHA1: 338a79a09154b7872eee3b1dcb3674c149bff447 SHA256: 8274bac0969571c403baea3659dabf1692924af0a50c2f03875374c2997ece1b SSDeep: 24:FbvAG5yfYGGX2lto1ncng7L8/mEKrZ1tG:FTAMyfYGGXsmxHYKbtG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\Passport[1].htm.RYK | 0.60 KB |
MD5:
5ea606a25f8ea184de912719bdd0cca7
SHA1: 2713121af46783dfed363719c81fa0aa6249958b SHA256: 372eaca327c5f624664efecc90a308dc6a8e825ba0683d78c0157bde30009baf SSDeep: 12:S3eguxCSyF6Oda8HMHl/te0r/w8jdi+2pH8Cis3nriT6Zdz5qHERMhC+R:Q0CfFfHYtes52t66Zdz5qHL/ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\uid[1].htm.RYK | 2.83 KB |
MD5:
c69616382736c53364be2d8f1ef1ec48
SHA1: b50a09e388a0702d1b3b3fa38cf4edc8b51ccf01 SHA256: 84b1dd6c3ba10ca8d2327ef48798c790afc436176b7f81d21a9b12e23af9a295 SSDeep: 48:EH48qxcXQek3fNmUYif2MYfBHIgBGrTT44fySNqgMimg/gJYxHC6KDfJZmthDltb:6qaXQ13Dfw11a3TfySggMy/gQHC99Ytx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\msn[1].htm.RYK | 2.56 KB |
MD5:
bde92dc94f92e4a506b9d1519fd521fc
SHA1: be5cac1f52f159dc584c6a4b941b91d9ec9ba609 SHA256: bd013dcc27000dce28a2e71558f2aaf3e6cf4c438226dc092d77b9715b9d2b2e SSDeep: 48:7ICWuYN0HE76L1nPNB3v20qevaBEGPmFiYX5aPmQqeJDVITLB3BFNZK:0CWb0k765nVB3v20wBkH5awVpBFNg |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini.RYK | 0.35 KB |
MD5:
35b203700c78eecaf354da76937d032e
SHA1: da5fffc5a93d9b5990a9c688b8c821ddb89d4a85 SHA256: 00fef89646ea438067a427c9eaa06ad12d2e69abed1ea4cbb260b131e2ffcb10 SSDeep: 6:m5ewbaG/E2NOFzmW8c1UXkPggZpRZARHsOynfKBKIQnfiNKflWJ794bprx:O5+wb4FyqU04ERZ0+yhNNKflG94bJx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[1].RYK | 11.74 KB |
MD5:
31f36956f50bdcb2f3ce08cd8d098697
SHA1: a146b5ef49d7ba1368f450d76b61a6073f3d3194 SHA256: 40005ced0e6322ba2b5f49c001f9dee3bbc2d1c83c86c7d6a288818c59ecca0a SSDeep: 192:d/VPr5qHusiWkNbIRBRQQltTaGizMfVL/IVCfiX9P9/Il/o7dEa5szw0TMM:3VqH1VAQRjlOIfVL/I9t19BIzwMF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\index.dat.RYK | 336.28 KB |
MD5:
09f9b9bc943449bc892df376db9300fa
SHA1: 5b81f54141a01666e0b356f1c72540c540c4fdd6 SHA256: 3d5e505d2175da776ba2dbd509b5c5e3c93cb6f5916d59a87ba5ba7d8dab075d SSDeep: 6144:FEIfWlOozREXknfKijwQ7WQXR71EpbKHSZhSZnJn3yoZCo2TI2EC17wy:FxMOozCknfKijb7WQXR76JKyZhoF+/Ic |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ga[1].js.RYK | 42.35 KB |
MD5:
0116f60d8ab7f2263000f44b1592f872
SHA1: abc91d2f8068978b020609be92c2e1e0626c0016 SHA256: 0da1553a832fb3812005605486dbd1a51ca36d470ffccef5d8444a3bda812476 SSDeep: 768:Uu1n8U+5H04hEU3VmiFd5SoWRHKFbIfhoykKdDZ0zlOnbvnp322PqwAth:UCLvU3FqoWRH+sfagDZulOnbkKSh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\js[2].RYK | 1.63 KB |
MD5:
0de080906627444030d391b5022df9bc
SHA1: 2bba64846e19ac74cbca712eabd761733ff070c9 SHA256: 68200187b977117a9785c36b9ef4a0dd880c763b58232fc2ff4b1d37e45cb14b SSDeep: 48:rofzQyUSiuQfDl08FWTjhor2Xe7itqHDiZuvvrk5A:roESKfDvEiR7itqHuZuvvY5A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\js[1].RYK | 1.47 KB |
MD5:
b609441d3cf8214fe73f673c59734d48
SHA1: 779ccc1417b841f1b221f7b70c952d3c7462ed09 SHA256: 3a8e6996806884326c23466c702cc9598970bc043ca937e7c9b1ac9fdcfa825d SSDeep: 24:vNkt04SXuQwcjxIRD+gKPdKEp8iKobPaMzJ1h2mZAFEiinU2ZkYuQ9Kr1CT4tCH:vNujxKxKzGjymeFEi8GY2rHy |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\js[1].RYK | 1.46 KB |
MD5:
5ee438a1ad19264d25d5391fbcd9eaee
SHA1: 72ec648f005b09cd07a1dddbecc343c6226ed366 SHA256: cc438492dcc23afe46bba9d8d9aaf3ebe536f82288ccb6a35f87d6b4a961ba2d SSDeep: 24:I9na/gRLIbTXhMGi0xPYCirUxJkfCXnQq397bNpMt4tgU0RfcGmeMk/TfUijIK:I9n3RLEXhMQpYfw0snZdntgUtvk/rUi9 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.RYK | 28.28 KB |
MD5:
86d067ad62f750d36aa9291532e92af3
SHA1: e9a49f28cfcc9216a82431793bc1cb254ff38415 SHA256: b69b5efbc253f7f089241b68088a3e96232747be8a42660003f384a0a3b54038 SSDeep: 768:Pb5iPPjeNH0L/1IROyNnGpP3IphBYL5vY+n/6UE87Za:Pb5iUULtEe/coLJJndB0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.RYK | 28.28 KB |
MD5:
2e664bf2dac750f39285ea8a2bbfb332
SHA1: 96eeda87b8a5359a7679954eed084d68daba3261 SHA256: 055b5ef0a21626009da4b4dfe66b2d55412aeb26eaa902145b61bb5eae29faa8 SSDeep: 768:rJjClNg1r93Bm4EiesDA24djsSsgiywMVV9npJs+W+N:rJjxDakYxsSdLJBpJM+N |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\11_All_Pictures.wpl.RYK | 0.85 KB |
MD5:
24c07b9d15d4f7efa07482e62aafc60d
SHA1: 606e82f4145fd25d9ebe76e85c6bc73c9dddf1c0 SHA256: 5e23c1b0cebfbb454b3837ed83c08070671644895f12c91b6f413d4e7e2970f9 SSDeep: 24:P/9C3NngHHvI+EoLiRtkLSeqsVa+ib2wD:P8daw+7iZspk2wD |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\js[2].RYK | 1.22 KB |
MD5:
7dd2443b2b47035077e49250152452f7
SHA1: 1e037f2c81dc4946f9dbad3e7b220eb4ef94e365 SHA256: 0a6b7ce9c5bec3754897bbbb0c2edf110accc35dbd545f82245d402bfe8a47f5 SSDeep: 24:0a6nydDDnTxBt+5btHlb5II/Ri31cUnrW1vXy5G3K4t42cdotEV:0arDDTxsbTDZi31nI65mxydoGV |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\v2[1].RYK | 13.06 KB |
MD5:
c312f567980bcea6abab864f6acd8786
SHA1: a179cbabb1f123c6a8b28d1fa333bcee81bc7bf9 SHA256: c87d350f059f53fcdf97fe208a401b7a84cb6f8f897bf69d39d6f956e72e6281 SSDeep: 384:C5e5RBtM/l2G6eH/AC8+a1rX+m8xyu4+3tzJ+9zk:mL66pyYmUtE9zk |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig.RYK | 0.41 KB |
MD5:
81d9f2fe9520e068dccd67f34f0e0419
SHA1: f50d5db24dd21232659496ca717170a06d7e8a16 SHA256: ba60f3462e1fcf2e5faff5ce35b3f33e0e3f76e5b0ca41072e034104a3e73a56 SSDeep: 6:T4l+vuFhNNk1uCnEvImJbKKAImCEM2Bl5RnZgDD8R7iguO5oUckPGhHrg1DKm8:sl5hNN82bTmMSbRnyDYruUoUVJ1f8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStore.RYK | 2.02 MB |
MD5:
230ff90a137580d2a0d510ed297526e9
SHA1: 108faaf9f83d3add3b86f7a478cff8def1dd3b99 SHA256: e999e396380618178e7f56803dd223e4b564e15328bb0b85e38d24e25d3f8efc SSDeep: 49152:b5BYkXKb9JgoEyN4Vm03Wq3ZE/JMcKX8/CN7gTQNAyAYzVEG:b5BYk6bLN4VDWiC/y4CxAQNZEG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\10_All_Music.wpl.RYK | 1.31 KB |
MD5:
0db232563a6bd5d732374b9b3d4396e2
SHA1: 590d62d4337a90de3e8c83da29ac114111290a17 SHA256: dfca30441984a26bf1016cc3112ab1456b9765e7803d6bfbea1e7d3ad8329d1f SSDeep: 24:j0LWucjXNRRAHco2OKdXqbwgQOTvLqGsypQ6EOE5ndOK8zPcEXC5tHgjXZ:oLWlDNRRVob5wgQ/G9SzdObPc8CiXZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini.RYK | 0.35 KB |
MD5:
88a11cd7acfff99e5b57d7339f76c152
SHA1: cbc7f8a2e7ea9b547c75756059e428cc741ac04f SHA256: 402e670cc13b75742e7f751d8ae7296d4d33a9ed0728346581a8a3b97eb1a1b5 SSDeep: 6:MAsG7NIQcc3ElkrvWtKiWWPhnTxAjiQjGz3m4z1mGNGcXii7RM/KBuyrNDEd8oB:MAv7NIQcc33i4wxxO1uzjQQiieRyhjoB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini.RYK | 0.35 KB |
MD5:
619a72be13d8cadac6802e28efa3bca6
SHA1: 4ccecf8d3e1ea56e1d2d72d8390e51e4c4eddba0 SHA256: c0fb55a05191bc4c1624bced801aed1f4d9e329446d5c6e0754f7fe3c2b28232 SSDeep: 6:kzihVlig0Eg3hoyeRH766AhKIZU5Pt2T7oJnbEhL6eRlU9wSoDtRl:kehVHg3hoyOHsEISF2X6gheeT5SoZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini.RYK | 0.35 KB |
MD5:
64ff4e3c64dce3f857aa833e98af0b0e
SHA1: ae30f7f820d71b0ea0d84020bf73af8c1adb2c55 SHA256: e3a16e41bd9efc5a954262baab0df0e4e5d722f7bc8a9ac1ab1a05d8b6ae979a SSDeep: 6:6tmpBuAK8EXT2QSmYJAQ1WCwgQ814hqASt649N79aSbQUcYJnHFIKk5S:bvG2QZ0AT4f1s5StzvQUcYJnHFIE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini.RYK | 0.35 KB |
MD5:
ca7e7fc8eaeea249568df1c6f985b3a3
SHA1: 135769aa4783fde91b43420f5344729c5818a4bb SHA256: 3f62b68aa69a369278a039387fb41a72a594c0c226d7d5d82665ec15363e008a SSDeep: 6:VRYT6AgUemZg07HIlQSNFkzF9iPeWdQpUhq9vyzuAqBFpSFm2gDNzG2zdkcGFbbR:LYNLrbPSNiAQporzuAqBeNgpzGwmVbbR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBNiEo[1].jpg.RYK | 10.46 KB |
MD5:
066c2e425c6233c231c5a0a5efaf44a5
SHA1: 71115326f00a94e282b18cb6b49fe1b7b3897ca3 SHA256: fe1f7bcf7c55b9f2991836b2813b1dde4dd7423c2bdbf851774fe3be895e3e4e SSDeep: 192:ly0xH0d9rAGX1ocS01sr1oMneW8fRDh9PxqvpA7K+HxJCY6+eSZPmvjpb9mZih9:U00LtXWcS0LMnfQDDPxqv1kEp+euPCV |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BB6Ma4a[1].png.RYK | 0.66 KB |
MD5:
44725f1d87179a699d092dca2dd9f42c
SHA1: ba8a048192519e0a4c0ccee9b30fac14ab7c9572 SHA256: 02a82f01fedd6f225e34f875b5b805ed2fbcf5d2a45c8663cf3dc43ea6b3b56d SSDeep: 12:CuLaeRkP0mgnXbWDjphQx/qt4SDPdxMBfrh8uPl32vNqOV70DJxnFhM9s7lZ9oY4:zRk8mgnyDtiRAdahrPlcNh6PFhM969fW |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\async_usersync[2].RYK | 1.58 KB |
MD5:
c1252c94dd7ea14c5fb769c55dc5c328
SHA1: 4934dd26665353de50181f65719201ab64eba725 SHA256: cd627099f199f19d3e15e8a1094679f0bb5e8f65f58ee47501a078b44fc12907 SSDeep: 48:p0kYEiBa7ZNYWG2s98o81Sg4jI6BvAUA+bNcL7A3:p0LTBaV02No+QU6B4UT |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BB1CcOi[1].png.RYK | 0.74 KB |
MD5:
4a2f61408d9df4b22b1d89c2a9808f7f
SHA1: 8d41f5b88c9565b55935672c8d6b11a521ecebc6 SHA256: ad86cf53d7f93b0776a99e07d2e45c472b9e228e3a27f20c982e3989c266e257 SSDeep: 12:HSpOJlS1TIqWthQ72duzfLGu3OFU1coW+OyxLyDEzeKoFS2iru4lVYYgV1n97Pru:AOnvJQ7NSuaU1w+ffxoSa4lVpgfZPuUS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\async_usersync[1].RYK | 1.28 KB |
MD5:
263f6387e83348469aa6fe6ad5b2526e
SHA1: 1e1e4da123da8407c0acd181c0551e49a0f10b5f SHA256: e2c05975e98f89dab72e124826b6d9c25756c97cfed9b4744d30ff19acc819ff SSDeep: 24:7c3ncndZOSu0WEabs/2dWAeUFVgvbT3J3PlXFXnICTiXd537kgs:7c3E4SHwb82dWKFVuZ/lXFXICuRkgs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBO3tl[1].jpg.RYK | 24.80 KB |
MD5:
e0f4fd9dbf1a33c55ad4373ee3ad6246
SHA1: b0c663cf9e60f8c15d564547199f86ca336b2f07 SHA256: 5b69cb4fc3ba6b828872119a8742740b2dd31af353aad52340b561b7ce95acdb SSDeep: 768:i8j6RTjYkbTAG5Zw2owElKTlZadiIfOVJ:/mTlsG5Gae634iIfO3 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA54rQj[1].png.RYK | 0.67 KB |
MD5:
f45fa736378081094b7dbca4c4940dbe
SHA1: f6c4fd5f6b33eac76852252b07985475a28b63a0 SHA256: 9857250408e09afad90748d312dcbbc6036ffb9acc6aa3954c68d0d710e22eff SSDeep: 12:ROqqBsMLVHDba1c7wLZ7FzBRN8xLUrwMzTekiLsajSdebm:R3qeYVje1DZ7PRNqLdATekixSUK |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\advertisement.ad[1].js.RYK | 0.30 KB |
MD5:
880786da67fb81abfaa994dca7ab3b46
SHA1: d647be6db4b945129af3cb79a7f35d3d7d2f8925 SHA256: bb13c42713ba5825c616ab074911d498e88ad9d61e813131fa20d07c0a05126b SSDeep: 6:WinKG4nxNLZQvOe2f9s7y+8XSibg1gRfJ8JHt1Sr39KLDjq:gJLLZrfW7tvibWgR+dtUrgnjq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA42EP9[1].png.RYK | 0.72 KB |
MD5:
2d3787e587794f331086ea8468368166
SHA1: 0ae33d0b870e7aad96dce511b63be87ca04c1870 SHA256: 747536742efb157b1569a5d52106946bd2b7c20f0d1cfafa807bfcab91f00120 SSDeep: 12:5fqqPt48xuc05CzUsJqO7RuY8JsB9sK00dGbfsj2ibKtaLJTb8mjK1K33UG8:5fqqVj4r5AUsJqOFuYzsF0dPjHbKtK1G |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\28-8f3193-f30905ea[1].RYK | 231.60 KB |
MD5:
8aec8c80dd176ff559e36473b3a3ff00
SHA1: cc62e135acaa58ca81c8af938b1c336323d71177 SHA256: 60a261abd23cc6ac59d975600ca7d17ebf6870d15c1f24159c578db1a36cc78c SSDeep: 3072:LnU+XuYXB8z2FmfnRYM1Jjs6pLdTI8l+JjGg+B5gTHVLsGV8KnzUnnq4xNMmtoqG:LnpX2zUmfnnssMdE5eHjnzgx3pinLp |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\print[1].txt.RYK | 0.44 KB |
MD5:
809598165b1572edbb2215a4d02c8bd0
SHA1: ed36952e23d5e9be6c4f9d8e58f600b53b0b9011 SHA256: 8f49f607f9be884142f00a92fab756e5d3ac4c302ac64bb803fbeba9ba9cf494 SSDeep: 6:85Of30bVHudpv+5CyJFQLwf9zkVRkMWKrqDffDcp/9ZaTfEYKa9SKqhxw8FgC0Bk:Tf8804G9zGRk/Wof7cpVI4Y7SxvV1t |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBE9wSt[1].jpg.RYK | 2.00 KB |
MD5:
0472b5113eae80246fa4f97bca8d5fbc
SHA1: f7a80577ff53f6d16d137f0bad1d878d2e45acf6 SHA256: dc7a822781f9e85aa5b8d9b611a7cff4f737adf20f1640073a839e1c701e9770 SSDeep: 24:zY7PGZZ7tzPfCUA8Kb4polg0eoHfEYxlCWwDn9KPYJ8ife/tM8TCulvg51pe:zyPGZZ7FPfDAFmolbT/H+RkPLkIR8pe |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\ie8[1].txt.RYK | 0.38 KB |
MD5:
8c1494e92e299df5594538c6b41c3895
SHA1: 7d5d63e8a209e53357b3774bcc65090a20f33e71 SHA256: 535693ff85de8c3630e6cde952c6874c7b9f1f0ec712a75fd327e79df866a8c7 SSDeep: 6:4uIjBKBawZHJ2tkjdADWMjq+G/FkNo2qo74pVgI6Ob+Kg1fY2W74hwd3y3CcHDd:4HjB1+J2wCnao7kqIK1fY2WFoZDd |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdXJj[1].jpg.RYK | 1.91 KB |
MD5:
4ec3f33b0d983ce29277c4b0aafd184a
SHA1: eae573f761d3f3e59b3d9b6e360fbfda32d03986 SHA256: dcaf33fb4577a2d97a4e8fa2c8777e68cfc377508b8629f0e30d7223020f279c SSDeep: 48:sXQssPnf2SyHB733UVd7GIr/8T/OGJRSuM0b3G:cQsenf27rW7GIr/8vRHc |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEcHle[1].jpg.RYK | 2.46 KB |
MD5:
329cb900214732e98ce1761926746d93
SHA1: f022203b009af2b1de9fb8f017514c6070eda222 SHA256: 86ca9a67f6392957037007e56ef304742667fad439b487d4bd05827d7a9450be SSDeep: 48:KPObPkh3R613fhMVwfPluX/O3mD/vb/g4R+A0G6f2z8EZ7J4Zz3Hq:iSOQ13TP0D/bdRzdfZ7JuXq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\fallback_728x90[1].jpg.RYK | 32.14 KB |
MD5:
f9877debde7da784391e6e350e1632b8
SHA1: 5e7c1a2e02fec82884d616417452250a8991282e SHA256: 5d5c5ac475728fbc541ce24bbbc287c2f3f4a77f2ca48304dddd80903273a47a SSDeep: 384:gwv+xr+57ReJnB/PR4SJDDySOzhf41rDwsCD5HNIMs9vac4XvDcWvJZR93jZNcZ1:z+lg7gnxc4pD5sH6Yt5RZDz7Ob2QcLc |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEeTuf[1].jpg.RYK | 13.30 KB |
MD5:
09508fb66ca768c0fd5f2a4730207f95
SHA1: da601224d1d02798e672ee0004e1b38ed231cd58 SHA256: fe274899236e163d1070c178cedee5765fc5bb4db454c71657599a8dd3449757 SSDeep: 384:wf1Y+kgcrKH9UcR6yXrq1sNlzbOGP53bWjXuL:wf16KdB5rq1sbRRCj6 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\Standard[1].RYK | 85.31 KB |
MD5:
f7109293dacd0f5385d9e64322819736
SHA1: 5fcb102b285a847c24f98d439f20e2fcaff9f8f5 SHA256: 28e559d3fae83d1e06331469795c06b067b3675eaecc53978654d58c8e2f10d3 SSDeep: 1536:mBGY3iovqCtqOqWNo1a8bpgoF+CYjDHeK5owBt1jl0VJ3QKGE2aYHX1q/5os:m53JqOXy15NkCkDH9Bt1j0JzMaY31qWs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdoQv[1].jpg.RYK | 2.64 KB |
MD5:
bf2d0d28a37eb4f64b5c3a8df03ec317
SHA1: ee6c42e9fd521ea638ccffb22ee604dd23a5bd93 SHA256: 3a2ac32c8ee3b60201912e470007c3a4e7317c1884a94d83909db452d21498ae SSDeep: 48:CVTSZhtxqBwhR+0QJM2G2mIQ1DRuqjbZWhpv6qeVVw7Uxbyb1zRRxMZG9wYTd7:CqtxqBw3+0QJFLP2R/jbI8VVD0bFRRxZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdtWw[1].jpg.RYK | 1.99 KB |
MD5:
45f46952a8d279369fa59e321e769ee1
SHA1: 5f066dca01ef2631ac9644e41b75ccf74baa23b9 SHA256: 41317485e0626677e81a30322a06eca50067eca72eb700356a9d2892619c1154 SSDeep: 24:ULL2jzN1VUqpYM3XDQ/2JEbmpr6WPRTRE73swdPv7aJCMQPTUUrJsSXGKQrovoQP:j3vVfpYcUkESr6awrdHA8Ld0PrtQJF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini.RYK | 0.35 KB |
MD5:
2909dab32d1e64912b01baffba9cc4a9
SHA1: f5850e9daba3253b495efb573e68122fd49c6549 SHA256: 4c8d27e46be5a7cc62617ccf319c72ce90e683f73ecb21860f7cdb4218eae4d6 SSDeep: 6:EYQXDCCpp/a9sobEwCbqiqgZjYIwbZu3xInnUSuKp9u48JgRgo6h:mXhASGUbev1bZISnUSuG93pRgr |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdqEy[1].jpg.RYK | 1.92 KB |
MD5:
57c59d72f1971dcc18703663cd57ac3f
SHA1: 29dc76624db4d28886727f70df23d039bb7cf8ad SHA256: 831e95631515b3fcfb2fe2a2e4c7e944256b0b3cdb11c064b10ce80f7dec1684 SSDeep: 48:qXZeWCatm+D28eN6occXYyIz0EBWt6AAo8vI79:4XA82noSorzPQt96gJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA429NP[1].png.RYK | 0.88 KB |
MD5:
1ff4c25dae2642fc0720fd61cae36521
SHA1: 2dff6350d7a902ad3bcfe4c73e55054426e7cb79 SHA256: ee1890ce7ca4e438b75b1632d521893be6de78ceaa2f897df86dedc1ac2aa7b5 SSDeep: 24:h/2PR2Ucsbxy7UAWU6uWtHPwBgkPXSJsIC:hsbcixIutv92SJLC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adfscript[1].RYK | 10.39 KB |
MD5:
9938f3976f57441f01314f84feec203e
SHA1: 6a8ab316c260caa5873e860d63582f5d021cd6be SHA256: c9984ca386f71b092aebea19f3ed2b70566fadbb33a75ebdc9690c2c3b397cf6 SSDeep: 192:YB9gjuK9BTNKRK/QAlZrZnDjq8B4M2x3yCK8n95HBap97cmiDh/lyZ/:11hNZnDGnoCK8ntapa9g |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\26158[1].png.RYK | 48.36 KB |
MD5:
70f03023750bfbeb16f3d991ed932ce1
SHA1: 5a4cfc4f3ab5703170d2173d815bbd6158283cbc SHA256: 8b57a65c2b19f96a2cab593c1f054e66d77695780c81d29e84458a4841f185ce SSDeep: 1536:p9D/3oUReW3khc6lIEYhp+qnsZAvgJ7DOVMY:p9TNehhc0swAoBG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA42pjY[1].png.RYK | 0.86 KB |
MD5:
db27a22470fd3aebee79a555e495720f
SHA1: 496af368a7dadc749d410b9acfd459c8ccd8629c SHA256: d429d55c8a3814b7593764298a5b335897396463d821bb6f19b658a8a61123f1 SSDeep: 24:mzg5Pv2SimJT4J8Bcpnf7oZF+PAf4wKwfyoNOp:mzgtv5jJUJgcpnTonbpVfyKOp |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA3e1oO[1].png.RYK | 0.92 KB |
MD5:
5c1fbcd3b7495a3f427759e5fdbc513f
SHA1: 76ef7499a1be65aa64302a296e323187200980ff SHA256: 799cbaf1ef016c93e5c8aca89a8a2814d0e262ecfb874436f0e6c868d469efa9 SSDeep: 24:wAQnJkIJAn1MsOzObRzIOCZH+RmC1RvTmTu0P5:2Jk+An1MsOzObRzIvR+lRvTmTB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adex[1].js.RYK | 36.74 KB |
MD5:
b9a2c0b8600260359c7475293bda7703
SHA1: 2b13d307c04339e97fa0e2130ffd772196f025e5 SHA256: dfaede56c1dece48e25c1bf840505acda138f63362cd48589d670a6feb55e08c SSDeep: 768:EVn2oI+AR1iZMCnR8Z/2XEYMUkTxFoRW8v6+S+rVPyzJ4U4Gk0/qpe+q:yn2dSnR8Z/2X4UMC6+NpPyeAGC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\css[1].txt.RYK | 154.71 KB |
MD5:
3c43a845ec2fcd2b688d1e11457ecd17
SHA1: 7946719c11882f2ef925661a43ea096ca2eadcb5 SHA256: 6526e4f5a5359c975da3c31d93efe9a5a3d9a29248a621a620edcea25add5615 SSDeep: 3072:7xDMEXs6Fqf/p5i3xVKYX7IQ5GE0Qz0mic3D3lutl2beUbkFUjL+khqOdfhzdji0:7CEX1AAxIUD5z/T3lujaePKjLbhP3xjJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[2].js.RYK | 24.10 KB |
MD5:
ec512ae1fbd3ff9a80adbd2215261ea4
SHA1: 128abfde797eb1975b93393afc5079d94282b988 SHA256: 25ab9f4a8947239292d5b5131492a2fdafb1f414c9ba83183dcab19594a43779 SSDeep: 384:ZrdzVl3tx2JIE+071LFsIJJCUNjC5votz7xe6gXI0TV0zddQJjIKidVpS:P7cIE+M15sIJgUNjCRUzgFXjVadlKis |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini.RYK | 0.35 KB |
MD5:
25785bcbe739a6e9c54f62b9077f38ae
SHA1: aa876596e94a6e59321f3d3bfeb39262c0dac778 SHA256: 6057b5dba962e01755165df768e228eed456f884dbeb89aa78ac05d58ce8add6 SSDeep: 6:e1aCwJDq0rMLbtVP8qF4XmoEnMpf6TZvRz6ggRgPrO9XmGIoe:iv2MLbtSqF42xYCdRzfgRgqcGfe |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\core[1].css.RYK | 165.10 KB |
MD5:
11ba7955a5bfd5ff8e662ed4f4cea3b2
SHA1: d1df3bfcee915d629806396ee0d9583c277abff6 SHA256: 87ed9c37dcb3ff48a44a9ead76597491e558539e5fb73e79fbc6ee2836879326 SSDeep: 3072:8488wLqXK9Z3buY/ZxDjxEzNTcuRYi7956aH+8fek6PJLHSkUdgPM2g23B8G8rTA:8488w5Z/Z1tEzCu/7956Wfe35ZPPR8z4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[1].js.RYK | 27.13 KB |
MD5:
4506a5d330af3ed8190371eb981cf720
SHA1: 2d5812c11cbb369bb4f0df640d751eec75c7a6c8 SHA256: d8234b15186eac0cad343638e6fca809fc1bb818930a7052bb037f1d222e03f3 SSDeep: 768:AvrXIB2wEkXAuFi6IpfD93gPEn4V1zj6Map0TR:yzIU8G68D9FnuPBN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\meversion[1].RYK | 4.66 KB |
MD5:
b9cd78feb018e580480ea686d1ead955
SHA1: 4f36b2134cdab7699e4eaae2eaf907c816a897fe SHA256: 3db1eae2df8388dfb92fac081851f69448ed2a7cbabbca7aef529b9eb4ba0d01 SSDeep: 96:ntzBcYEGfVX/Tx2DesZLL+aFkAsYGj0e3541kExT1wGE:ntzZE4VvT4DrZPvFUPSUx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\th[1].jpg.RYK | 2.55 KB |
MD5:
3822e63bf4a7db6bd008ef450f91a44c
SHA1: 68289bee98ee699c469c31ca0e446e8c125f41fe SHA256: 142c072b246fcf98bce7d85f2e9a337ce303eb432b0d814e26a1879617987164 SSDeep: 48:PM0VfQMOj15jZJ7C5++EIkYYM3JxNDUtANg+FRZGDch8wInA:PM8mzjjn3IkW37NXNJRZ7h8A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBPUFJ[1].jpg.RYK | 8.00 KB |
MD5:
90d17620fd95ee95a6f5376495d1c495
SHA1: a4ff0b3babbee5810f3071bac74c810a2878bdc0 SHA256: 6c7ddaac18ac9af776546f50f6c67cb74241e5d7864c5ef3b69feaaae3981ea3 SSDeep: 192:wCnUoZzGsz47Z9+mWrA9xdOlCmOCE85sHgdP6ypj7y:wCUo8v+mWoxdO0mHFsH26yp7y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.RYK | 1.97 KB |
MD5:
ee7028da33082058abe1d6d6b84e192e
SHA1: a47441bc8a2b8b75b153a47af272bb31699e97ed SHA256: 07bfc7b20662e27620eea206990cc06b3d5dbce4fd9ffff5ed76335f858988f9 SSDeep: 48:Rya3TrE2oKksDUX6gDqxvjZIEL2J7VWtNTiDvjwK39L:R13To2NksYqVjUoze4y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.RYK | 1.75 KB |
MD5:
871eae09f0173a3cf375cfc98584130e
SHA1: e83702818a6b7eaf539233829cb88b4ae3f7aae8 SHA256: 1343cee6db51e1e9d083de268e4476b7c155ea32aae7a264b708f4a12a6b5ef1 SSDeep: 24:DSB0PmKqWoyDg1081xVHFbRyn/vVgKhpleOlbGiAAOjpoamcpsxuubPNI0eGCAn:2kZvXDgy8Xbcn/ve9cSFAt5xu0DCAn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.RYK | 0.94 KB |
MD5:
03f788b413e3c17914952453df1af5cb
SHA1: f13476d149b88636aedcfe0e200a49f81adedad0 SHA256: 9b9725b5991025b6e29ccf0261230389ee1c3d5b4c16417efac82c98483dcc9a SSDeep: 24:9skhuG9YZ7hXnR490uvf6vU3a04ln4tCiY16bSqRUX8x39GH3:9skE7pnCfV5tCiYGysl0H3 |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA3e3XC[2].png.RYK | 0.58 KB |
MD5:
f7ef239e5078bb661f0c02627b7f2731
SHA1: 39fb7af2262d9e2d6723c6a4fd2f9288a8ef35c7 SHA256: 2931093682c2ae3f5745033bfd83f8b191ee13f8c3aabc18574f8afdf26cc609 SSDeep: 12:4R/kAxlTSAp6SNqt20erli9DafYGLo6UEpaM3Id7yJWWjFFAr:GkQTFnNc20D9DafYf6JpaL9WjO |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\postmessageRelay[1].htm.RYK | 0.77 KB |
MD5:
110ca1b8093b6aa8c4dc9ba5c99975ce
SHA1: 338a79a09154b7872eee3b1dcb3674c149bff447 SHA256: 8274bac0969571c403baea3659dabf1692924af0a50c2f03875374c2997ece1b SSDeep: 24:FbvAG5yfYGGX2lto1ncng7L8/mEKrZ1tG:FTAMyfYGGXsmxHYKbtG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\Passport[1].htm.RYK | 0.60 KB |
MD5:
5ea606a25f8ea184de912719bdd0cca7
SHA1: 2713121af46783dfed363719c81fa0aa6249958b SHA256: 372eaca327c5f624664efecc90a308dc6a8e825ba0683d78c0157bde30009baf SSDeep: 12:S3eguxCSyF6Oda8HMHl/te0r/w8jdi+2pH8Cis3nriT6Zdz5qHERMhC+R:Q0CfFfHYtes52t66Zdz5qHL/ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\uid[1].htm.RYK | 2.83 KB |
MD5:
c69616382736c53364be2d8f1ef1ec48
SHA1: b50a09e388a0702d1b3b3fa38cf4edc8b51ccf01 SHA256: 84b1dd6c3ba10ca8d2327ef48798c790afc436176b7f81d21a9b12e23af9a295 SSDeep: 48:EH48qxcXQek3fNmUYif2MYfBHIgBGrTT44fySNqgMimg/gJYxHC6KDfJZmthDltb:6qaXQ13Dfw11a3TfySggMy/gQHC99Ytx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\msn[1].htm.RYK | 2.56 KB |
MD5:
bde92dc94f92e4a506b9d1519fd521fc
SHA1: be5cac1f52f159dc584c6a4b941b91d9ec9ba609 SHA256: bd013dcc27000dce28a2e71558f2aaf3e6cf4c438226dc092d77b9715b9d2b2e SSDeep: 48:7ICWuYN0HE76L1nPNB3v20qevaBEGPmFiYX5aPmQqeJDVITLB3BFNZK:0CWb0k765nVB3v20wBkH5awVpBFNg |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini.RYK | 0.35 KB |
MD5:
35b203700c78eecaf354da76937d032e
SHA1: da5fffc5a93d9b5990a9c688b8c821ddb89d4a85 SHA256: 00fef89646ea438067a427c9eaa06ad12d2e69abed1ea4cbb260b131e2ffcb10 SSDeep: 6:m5ewbaG/E2NOFzmW8c1UXkPggZpRZARHsOynfKBKIQnfiNKflWJ794bprx:O5+wb4FyqU04ERZ0+yhNNKflG94bJx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\v2[1].RYK | 11.74 KB |
MD5:
31f36956f50bdcb2f3ce08cd8d098697
SHA1: a146b5ef49d7ba1368f450d76b61a6073f3d3194 SHA256: 40005ced0e6322ba2b5f49c001f9dee3bbc2d1c83c86c7d6a288818c59ecca0a SSDeep: 192:d/VPr5qHusiWkNbIRBRQQltTaGizMfVL/IVCfiX9P9/Il/o7dEa5szw0TMM:3VqH1VAQRjlOIfVL/I9t19BIzwMF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\index.dat.RYK | 336.28 KB |
MD5:
09f9b9bc943449bc892df376db9300fa
SHA1: 5b81f54141a01666e0b356f1c72540c540c4fdd6 SHA256: 3d5e505d2175da776ba2dbd509b5c5e3c93cb6f5916d59a87ba5ba7d8dab075d SSDeep: 6144:FEIfWlOozREXknfKijwQ7WQXR71EpbKHSZhSZnJn3yoZCo2TI2EC17wy:FxMOozCknfKijb7WQXR76JKyZhoF+/Ic |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\ga[1].js.RYK | 42.35 KB |
MD5:
0116f60d8ab7f2263000f44b1592f872
SHA1: abc91d2f8068978b020609be92c2e1e0626c0016 SHA256: 0da1553a832fb3812005605486dbd1a51ca36d470ffccef5d8444a3bda812476 SSDeep: 768:Uu1n8U+5H04hEU3VmiFd5SoWRHKFbIfhoykKdDZ0zlOnbvnp322PqwAth:UCLvU3FqoWRH+sfagDZulOnbkKSh |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\js[2].RYK | 1.63 KB |
MD5:
0de080906627444030d391b5022df9bc
SHA1: 2bba64846e19ac74cbca712eabd761733ff070c9 SHA256: 68200187b977117a9785c36b9ef4a0dd880c763b58232fc2ff4b1d37e45cb14b SSDeep: 48:rofzQyUSiuQfDl08FWTjhor2Xe7itqHDiZuvvrk5A:roESKfDvEiR7itqHuZuvvY5A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\js[1].RYK | 1.47 KB |
MD5:
b609441d3cf8214fe73f673c59734d48
SHA1: 779ccc1417b841f1b221f7b70c952d3c7462ed09 SHA256: 3a8e6996806884326c23466c702cc9598970bc043ca937e7c9b1ac9fdcfa825d SSDeep: 24:vNkt04SXuQwcjxIRD+gKPdKEp8iKobPaMzJ1h2mZAFEiinU2ZkYuQ9Kr1CT4tCH:vNujxKxKzGjymeFEi8GY2rHy |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\yg1r61z8\desktop.ini | 0.35 KB |
MD5:
410e76f243fdbf37bc21a1137bf8ce49
SHA1: a3b431b6d2cffdb36cdae8423f71893440673af6 SHA256: d8fb056c920901f8ca39661e3dfd86abbe179331cf2b5fc06dc7e3bce78a0c60 SSDeep: 6:AGkgYPifZuGwDS9m4qtZCZ9ivJV7Sf/9sEn5ilRswI5pMtdQvvZFAFHpLoeudXm:dkgh4GwDOecyJ0f/C05ilRswEeOFAFJv |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\js[1].RYK | 1.46 KB |
MD5:
5ee438a1ad19264d25d5391fbcd9eaee
SHA1: 72ec648f005b09cd07a1dddbecc343c6226ed366 SHA256: cc438492dcc23afe46bba9d8d9aaf3ebe536f82288ccb6a35f87d6b4a961ba2d SSDeep: 24:I9na/gRLIbTXhMGi0xPYCirUxJkfCXnQq397bNpMt4tgU0RfcGmeMk/TfUijIK:I9n3RLEXhMQpYfw0snZdntgUtvk/rUi9 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.RYK | 28.28 KB |
MD5:
86d067ad62f750d36aa9291532e92af3
SHA1: e9a49f28cfcc9216a82431793bc1cb254ff38415 SHA256: b69b5efbc253f7f089241b68088a3e96232747be8a42660003f384a0a3b54038 SSDeep: 768:Pb5iPPjeNH0L/1IROyNnGpP3IphBYL5vY+n/6UE87Za:Pb5iUULtEe/coLJJndB0 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.RYK | 28.28 KB |
MD5:
2e664bf2dac750f39285ea8a2bbfb332
SHA1: 96eeda87b8a5359a7679954eed084d68daba3261 SHA256: 055b5ef0a21626009da4b4dfe66b2d55412aeb26eaa902145b61bb5eae29faa8 SSDeep: 768:rJjClNg1r93Bm4EiesDA24djsSsgiywMVV9npJs+W+N:rJjxDakYxsSdLJBpJM+N |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\11_All_Pictures.wpl.RYK | 0.85 KB |
MD5:
24c07b9d15d4f7efa07482e62aafc60d
SHA1: 606e82f4145fd25d9ebe76e85c6bc73c9dddf1c0 SHA256: 5e23c1b0cebfbb454b3837ed83c08070671644895f12c91b6f413d4e7e2970f9 SSDeep: 24:P/9C3NngHHvI+EoLiRtkLSeqsVa+ib2wD:P8daw+7iZspk2wD |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\js[2].RYK | 1.22 KB |
MD5:
7dd2443b2b47035077e49250152452f7
SHA1: 1e037f2c81dc4946f9dbad3e7b220eb4ef94e365 SHA256: 0a6b7ce9c5bec3754897bbbb0c2edf110accc35dbd545f82245d402bfe8a47f5 SSDeep: 24:0a6nydDDnTxBt+5btHlb5II/Ri31cUnrW1vXy5G3K4t42cdotEV:0arDDTxsbTDZi31nI65mxydoGV |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\v2[1].RYK | 13.06 KB |
MD5:
c312f567980bcea6abab864f6acd8786
SHA1: a179cbabb1f123c6a8b28d1fa333bcee81bc7bf9 SHA256: c87d350f059f53fcdf97fe208a401b7a84cb6f8f897bf69d39d6f956e72e6281 SSDeep: 384:C5e5RBtM/l2G6eH/AC8+a1rX+m8xyu4+3tzJ+9zk:mL66pyYmUtE9zk |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig.RYK | 0.41 KB |
MD5:
81d9f2fe9520e068dccd67f34f0e0419
SHA1: f50d5db24dd21232659496ca717170a06d7e8a16 SHA256: ba60f3462e1fcf2e5faff5ce35b3f33e0e3f76e5b0ca41072e034104a3e73a56 SSDeep: 6:T4l+vuFhNNk1uCnEvImJbKKAImCEM2Bl5RnZgDD8R7iguO5oUckPGhHrg1DKm8:sl5hNN82bTmMSbRnyDYruUoUVJ1f8 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStore.RYK | 2.02 MB |
MD5:
230ff90a137580d2a0d510ed297526e9
SHA1: 108faaf9f83d3add3b86f7a478cff8def1dd3b99 SHA256: e999e396380618178e7f56803dd223e4b564e15328bb0b85e38d24e25d3f8efc SSDeep: 49152:b5BYkXKb9JgoEyN4Vm03Wq3ZE/JMcKX8/CN7gTQNAyAYzVEG:b5BYk6bLN4VDWiC/y4CxAQNZEG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\10_All_Music.wpl.RYK | 1.31 KB |
MD5:
0db232563a6bd5d732374b9b3d4396e2
SHA1: 590d62d4337a90de3e8c83da29ac114111290a17 SHA256: dfca30441984a26bf1016cc3112ab1456b9765e7803d6bfbea1e7d3ad8329d1f SSDeep: 24:j0LWucjXNRRAHco2OKdXqbwgQOTvLqGsypQ6EOE5ndOK8zPcEXC5tHgjXZ:oLWlDNRRVob5wgQ/G9SzdObPc8CiXZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini.RYK | 0.35 KB |
MD5:
88a11cd7acfff99e5b57d7339f76c152
SHA1: cbc7f8a2e7ea9b547c75756059e428cc741ac04f SHA256: 402e670cc13b75742e7f751d8ae7296d4d33a9ed0728346581a8a3b97eb1a1b5 SSDeep: 6:MAsG7NIQcc3ElkrvWtKiWWPhnTxAjiQjGz3m4z1mGNGcXii7RM/KBuyrNDEd8oB:MAv7NIQcc33i4wxxO1uzjQQiieRyhjoB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini.RYK | 0.35 KB |
MD5:
619a72be13d8cadac6802e28efa3bca6
SHA1: 4ccecf8d3e1ea56e1d2d72d8390e51e4c4eddba0 SHA256: c0fb55a05191bc4c1624bced801aed1f4d9e329446d5c6e0754f7fe3c2b28232 SSDeep: 6:kzihVlig0Eg3hoyeRH766AhKIZU5Pt2T7oJnbEhL6eRlU9wSoDtRl:kehVHg3hoyOHsEISF2X6gheeT5SoZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini.RYK | 0.35 KB |
MD5:
64ff4e3c64dce3f857aa833e98af0b0e
SHA1: ae30f7f820d71b0ea0d84020bf73af8c1adb2c55 SHA256: e3a16e41bd9efc5a954262baab0df0e4e5d722f7bc8a9ac1ab1a05d8b6ae979a SSDeep: 6:6tmpBuAK8EXT2QSmYJAQ1WCwgQ814hqASt649N79aSbQUcYJnHFIKk5S:bvG2QZ0AT4f1s5StzvQUcYJnHFIE |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini.RYK | 0.35 KB |
MD5:
ca7e7fc8eaeea249568df1c6f985b3a3
SHA1: 135769aa4783fde91b43420f5344729c5818a4bb SHA256: 3f62b68aa69a369278a039387fb41a72a594c0c226d7d5d82665ec15363e008a SSDeep: 6:VRYT6AgUemZg07HIlQSNFkzF9iPeWdQpUhq9vyzuAqBFpSFm2gDNzG2zdkcGFbbR:LYNLrbPSNiAQporzuAqBeNgpzGwmVbbR |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBNiEo[1].jpg.RYK | 10.46 KB |
MD5:
066c2e425c6233c231c5a0a5efaf44a5
SHA1: 71115326f00a94e282b18cb6b49fe1b7b3897ca3 SHA256: fe1f7bcf7c55b9f2991836b2813b1dde4dd7423c2bdbf851774fe3be895e3e4e SSDeep: 192:ly0xH0d9rAGX1ocS01sr1oMneW8fRDh9PxqvpA7K+HxJCY6+eSZPmvjpb9mZih9:U00LtXWcS0LMnfQDDPxqv1kEp+euPCV |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BB6Ma4a[1].png.RYK | 0.66 KB |
MD5:
44725f1d87179a699d092dca2dd9f42c
SHA1: ba8a048192519e0a4c0ccee9b30fac14ab7c9572 SHA256: 02a82f01fedd6f225e34f875b5b805ed2fbcf5d2a45c8663cf3dc43ea6b3b56d SSDeep: 12:CuLaeRkP0mgnXbWDjphQx/qt4SDPdxMBfrh8uPl32vNqOV70DJxnFhM9s7lZ9oY4:zRk8mgnyDtiRAdahrPlcNh6PFhM969fW |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\async_usersync[2].RYK | 1.58 KB |
MD5:
c1252c94dd7ea14c5fb769c55dc5c328
SHA1: 4934dd26665353de50181f65719201ab64eba725 SHA256: cd627099f199f19d3e15e8a1094679f0bb5e8f65f58ee47501a078b44fc12907 SSDeep: 48:p0kYEiBa7ZNYWG2s98o81Sg4jI6BvAUA+bNcL7A3:p0LTBaV02No+QU6B4UT |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BB1CcOi[1].png.RYK | 0.74 KB |
MD5:
4a2f61408d9df4b22b1d89c2a9808f7f
SHA1: 8d41f5b88c9565b55935672c8d6b11a521ecebc6 SHA256: ad86cf53d7f93b0776a99e07d2e45c472b9e228e3a27f20c982e3989c266e257 SSDeep: 12:HSpOJlS1TIqWthQ72duzfLGu3OFU1coW+OyxLyDEzeKoFS2iru4lVYYgV1n97Pru:AOnvJQ7NSuaU1w+ffxoSa4lVpgfZPuUS |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\async_usersync[1].RYK | 1.28 KB |
MD5:
263f6387e83348469aa6fe6ad5b2526e
SHA1: 1e1e4da123da8407c0acd181c0551e49a0f10b5f SHA256: e2c05975e98f89dab72e124826b6d9c25756c97cfed9b4744d30ff19acc819ff SSDeep: 24:7c3ncndZOSu0WEabs/2dWAeUFVgvbT3J3PlXFXnICTiXd537kgs:7c3E4SHwb82dWKFVuZ/lXFXICuRkgs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBO3tl[1].jpg.RYK | 24.80 KB |
MD5:
e0f4fd9dbf1a33c55ad4373ee3ad6246
SHA1: b0c663cf9e60f8c15d564547199f86ca336b2f07 SHA256: 5b69cb4fc3ba6b828872119a8742740b2dd31af353aad52340b561b7ce95acdb SSDeep: 768:i8j6RTjYkbTAG5Zw2owElKTlZadiIfOVJ:/mTlsG5Gae634iIfO3 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA54rQj[1].png.RYK | 0.67 KB |
MD5:
f45fa736378081094b7dbca4c4940dbe
SHA1: f6c4fd5f6b33eac76852252b07985475a28b63a0 SHA256: 9857250408e09afad90748d312dcbbc6036ffb9acc6aa3954c68d0d710e22eff SSDeep: 12:ROqqBsMLVHDba1c7wLZ7FzBRN8xLUrwMzTekiLsajSdebm:R3qeYVje1DZ7PRNqLdATekixSUK |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\advertisement.ad[1].js.RYK | 0.30 KB |
MD5:
880786da67fb81abfaa994dca7ab3b46
SHA1: d647be6db4b945129af3cb79a7f35d3d7d2f8925 SHA256: bb13c42713ba5825c616ab074911d498e88ad9d61e813131fa20d07c0a05126b SSDeep: 6:WinKG4nxNLZQvOe2f9s7y+8XSibg1gRfJ8JHt1Sr39KLDjq:gJLLZrfW7tvibWgR+dtUrgnjq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\AA42EP9[1].png.RYK | 0.72 KB |
MD5:
2d3787e587794f331086ea8468368166
SHA1: 0ae33d0b870e7aad96dce511b63be87ca04c1870 SHA256: 747536742efb157b1569a5d52106946bd2b7c20f0d1cfafa807bfcab91f00120 SSDeep: 12:5fqqPt48xuc05CzUsJqO7RuY8JsB9sK00dGbfsj2ibKtaLJTb8mjK1K33UG8:5fqqVj4r5AUsJqOFuYzsF0dPjHbKtK1G |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\28-8f3193-f30905ea[1].RYK | 231.60 KB |
MD5:
8aec8c80dd176ff559e36473b3a3ff00
SHA1: cc62e135acaa58ca81c8af938b1c336323d71177 SHA256: 60a261abd23cc6ac59d975600ca7d17ebf6870d15c1f24159c578db1a36cc78c SSDeep: 3072:LnU+XuYXB8z2FmfnRYM1Jjs6pLdTI8l+JjGg+B5gTHVLsGV8KnzUnnq4xNMmtoqG:LnpX2zUmfnnssMdE5eHjnzgx3pinLp |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\9qh4s0gz\bbboe7c[1].jpg | 11.66 KB |
MD5:
47da2f0df13190ac8d45901b28f9a040
SHA1: cf53f074f9dc25a2267367f3ebe95633b1fbf0c6 SHA256: b52073f39c389c74345ef50db774bb34e0770535133dd16a926b1e407f460a8d SSDeep: 192:xqx31GyanSHVKNLFbr7Mvr0HEIB7OVxnb8VYe8EsRvcEbJmXcU4ZwMIy18tUvja6:wx31i3NJbr4voJ2Le8vv39Uc/YyC+7a6 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\abv8l7my\000000929096[1].gif | 57.36 KB |
MD5:
07328d2d791ccdba704063afa60421d0
SHA1: 960503989fa9b476fb5b7099e58f74274171619a SHA256: 1997b2a8f40f037ff60a8ff50c046d86b3835bdce28cb3c757e83ecb8778a716 SSDeep: 1536:UVFh66UfB57ut6N3UPRzpincMH5+goLnjYKXqzY8rJ61:4FufuIkZpEZvoLnjXXqzY8d0 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\9qh4s0gz\bbeep0k[1].jpg | 9.47 KB |
MD5:
e1eb1dc26e2e65aecb74aebf17ca9644
SHA1: 6859b98531c2d5e757f7285f4f385099db01c124 SHA256: c643e22b4f2f82ac8320d7f96203653e46204f08875084da150af9cc8993b539 SSDeep: 192:0uvVr8+w7OCpBKniJjmmd2JXnklp+iWyrkUmGOq9:FpRw7OCpBaKqJXklp+ifrkvGOk |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\9qh4s0gz\bbede0f[1].jpg | 8.41 KB |
MD5:
657868d0403fad0a95db4ce8389bf0a0
SHA1: 4a7a5594b9497c6c9a01a83ac9476fa21d496055 SHA256: d78df46b0278f624574d41069c3cafc81c9cb84b44ef89dd59c8001e7232698b SSDeep: 192:OROn2FI8AlhoYnLfK1kgQtIo/mgjxZSjVyoFljlfauyfmpYvw0Ukkt:OROcfARO1kTj+g1kJOu4v1q |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\9qh4s0gz\aadavrm[1].png | 1.10 KB |
MD5:
59885d38b0bb32315f369db08a480728
SHA1: 696843b0734996457b66db13a7c283a569796ca1 SHA256: 6f2888cbc335f13123d1ec6aea7e057f12651eaa9961b4d2663af377e9efd60c SSDeep: 24:4robxnzGZ1ynXyr/O4ozep2/WUZVLGaWx0X+suGS/3:DYZ1ynQ/voi2/WkGaWUuGu3 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\9qh4s0gz\aa61yi9[1].png | 0.67 KB |
MD5:
0da0a1356ed1a72e3e65e891e25bed37
SHA1: 15573ad5779ddf735752e4ef6d5eb3134c888619 SHA256: af0f3c8d66acacd30d16f6d51111d1b546c68682ebddb2230b5e7c2ac4e3d388 SSDeep: 12:3+S08I97/ilhoehVbS9KAYf2qk2jhJ3dtRtyPVE++OnKJY58gt:uR84iYehcYC2dFvyEQtvt |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\print[1].txt.RYK | 0.44 KB |
MD5:
809598165b1572edbb2215a4d02c8bd0
SHA1: ed36952e23d5e9be6c4f9d8e58f600b53b0b9011 SHA256: 8f49f607f9be884142f00a92fab756e5d3ac4c302ac64bb803fbeba9ba9cf494 SSDeep: 6:85Of30bVHudpv+5CyJFQLwf9zkVRkMWKrqDffDcp/9ZaTfEYKa9SKqhxw8FgC0Bk:Tf8804G9zGRk/Wof7cpVI4Y7SxvV1t |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBE9wSt[1].jpg.RYK | 2.00 KB |
MD5:
0472b5113eae80246fa4f97bca8d5fbc
SHA1: f7a80577ff53f6d16d137f0bad1d878d2e45acf6 SHA256: dc7a822781f9e85aa5b8d9b611a7cff4f737adf20f1640073a839e1c701e9770 SSDeep: 24:zY7PGZZ7tzPfCUA8Kb4polg0eoHfEYxlCWwDn9KPYJ8ife/tM8TCulvg51pe:zyPGZZ7FPfDAFmolbT/H+RkPLkIR8pe |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\ie8[1].txt.RYK | 0.38 KB |
MD5:
8c1494e92e299df5594538c6b41c3895
SHA1: 7d5d63e8a209e53357b3774bcc65090a20f33e71 SHA256: 535693ff85de8c3630e6cde952c6874c7b9f1f0ec712a75fd327e79df866a8c7 SSDeep: 6:4uIjBKBawZHJ2tkjdADWMjq+G/FkNo2qo74pVgI6Ob+Kg1fY2W74hwd3y3CcHDd:4HjB1+J2wCnao7kqIK1fY2WFoZDd |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdXJj[1].jpg.RYK | 1.91 KB |
MD5:
4ec3f33b0d983ce29277c4b0aafd184a
SHA1: eae573f761d3f3e59b3d9b6e360fbfda32d03986 SHA256: dcaf33fb4577a2d97a4e8fa2c8777e68cfc377508b8629f0e30d7223020f279c SSDeep: 48:sXQssPnf2SyHB733UVd7GIr/8T/OGJRSuM0b3G:cQsenf27rW7GIr/8vRHc |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEcHle[1].jpg.RYK | 2.46 KB |
MD5:
329cb900214732e98ce1761926746d93
SHA1: f022203b009af2b1de9fb8f017514c6070eda222 SHA256: 86ca9a67f6392957037007e56ef304742667fad439b487d4bd05827d7a9450be SSDeep: 48:KPObPkh3R613fhMVwfPluX/O3mD/vb/g4R+A0G6f2z8EZ7J4Zz3Hq:iSOQ13TP0D/bdRzdfZ7JuXq |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\fallback_728x90[1].jpg.RYK | 32.14 KB |
MD5:
f9877debde7da784391e6e350e1632b8
SHA1: 5e7c1a2e02fec82884d616417452250a8991282e SHA256: 5d5c5ac475728fbc541ce24bbbc287c2f3f4a77f2ca48304dddd80903273a47a SSDeep: 384:gwv+xr+57ReJnB/PR4SJDDySOzhf41rDwsCD5HNIMs9vac4XvDcWvJZR93jZNcZ1:z+lg7gnxc4pD5sH6Yt5RZDz7Ob2QcLc |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEeTuf[1].jpg.RYK | 13.30 KB |
MD5:
09508fb66ca768c0fd5f2a4730207f95
SHA1: da601224d1d02798e672ee0004e1b38ed231cd58 SHA256: fe274899236e163d1070c178cedee5765fc5bb4db454c71657599a8dd3449757 SSDeep: 384:wf1Y+kgcrKH9UcR6yXrq1sNlzbOGP53bWjXuL:wf16KdB5rq1sbRRCj6 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\Standard[1].RYK | 85.31 KB |
MD5:
f7109293dacd0f5385d9e64322819736
SHA1: 5fcb102b285a847c24f98d439f20e2fcaff9f8f5 SHA256: 28e559d3fae83d1e06331469795c06b067b3675eaecc53978654d58c8e2f10d3 SSDeep: 1536:mBGY3iovqCtqOqWNo1a8bpgoF+CYjDHeK5owBt1jl0VJ3QKGE2aYHX1q/5os:m53JqOXy15NkCkDH9Bt1j0JzMaY31qWs |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdoQv[1].jpg.RYK | 2.64 KB |
MD5:
bf2d0d28a37eb4f64b5c3a8df03ec317
SHA1: ee6c42e9fd521ea638ccffb22ee604dd23a5bd93 SHA256: 3a2ac32c8ee3b60201912e470007c3a4e7317c1884a94d83909db452d21498ae SSDeep: 48:CVTSZhtxqBwhR+0QJM2G2mIQ1DRuqjbZWhpv6qeVVw7Uxbyb1zRRxMZG9wYTd7:CqtxqBw3+0QJFLP2R/jbI8VVD0bFRRxZ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdtWw[1].jpg.RYK | 1.99 KB |
MD5:
45f46952a8d279369fa59e321e769ee1
SHA1: 5f066dca01ef2631ac9644e41b75ccf74baa23b9 SHA256: 41317485e0626677e81a30322a06eca50067eca72eb700356a9d2892619c1154 SSDeep: 24:ULL2jzN1VUqpYM3XDQ/2JEbmpr6WPRTRE73swdPv7aJCMQPTUUrJsSXGKQrovoQP:j3vVfpYcUkESr6awrdHA8Ld0PrtQJF |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini.RYK | 0.35 KB |
MD5:
2909dab32d1e64912b01baffba9cc4a9
SHA1: f5850e9daba3253b495efb573e68122fd49c6549 SHA256: 4c8d27e46be5a7cc62617ccf319c72ce90e683f73ecb21860f7cdb4218eae4d6 SSDeep: 6:EYQXDCCpp/a9sobEwCbqiqgZjYIwbZu3xInnUSuKp9u48JgRgo6h:mXhASGUbev1bZISnUSuG93pRgr |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBEdqEy[1].jpg.RYK | 1.92 KB |
MD5:
57c59d72f1971dcc18703663cd57ac3f
SHA1: 29dc76624db4d28886727f70df23d039bb7cf8ad SHA256: 831e95631515b3fcfb2fe2a2e4c7e944256b0b3cdb11c064b10ce80f7dec1684 SSDeep: 48:qXZeWCatm+D28eN6occXYyIz0EBWt6AAo8vI79:4XA82noSorzPQt96gJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA429NP[1].png.RYK | 0.88 KB |
MD5:
1ff4c25dae2642fc0720fd61cae36521
SHA1: 2dff6350d7a902ad3bcfe4c73e55054426e7cb79 SHA256: ee1890ce7ca4e438b75b1632d521893be6de78ceaa2f897df86dedc1ac2aa7b5 SSDeep: 24:h/2PR2Ucsbxy7UAWU6uWtHPwBgkPXSJsIC:hsbcixIutv92SJLC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adfscript[1].RYK | 10.39 KB |
MD5:
9938f3976f57441f01314f84feec203e
SHA1: 6a8ab316c260caa5873e860d63582f5d021cd6be SHA256: c9984ca386f71b092aebea19f3ed2b70566fadbb33a75ebdc9690c2c3b397cf6 SSDeep: 192:YB9gjuK9BTNKRK/QAlZrZnDjq8B4M2x3yCK8n95HBap97cmiDh/lyZ/:11hNZnDGnoCK8ntapa9g |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\26158[1].png.RYK | 48.36 KB |
MD5:
70f03023750bfbeb16f3d991ed932ce1
SHA1: 5a4cfc4f3ab5703170d2173d815bbd6158283cbc SHA256: 8b57a65c2b19f96a2cab593c1f054e66d77695780c81d29e84458a4841f185ce SSDeep: 1536:p9D/3oUReW3khc6lIEYhp+qnsZAvgJ7DOVMY:p9TNehhc0swAoBG |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA42pjY[1].png.RYK | 0.86 KB |
MD5:
db27a22470fd3aebee79a555e495720f
SHA1: 496af368a7dadc749d410b9acfd459c8ccd8629c SHA256: d429d55c8a3814b7593764298a5b335897396463d821bb6f19b658a8a61123f1 SSDeep: 24:mzg5Pv2SimJT4J8Bcpnf7oZF+PAf4wKwfyoNOp:mzgtv5jJUJgcpnTonbpVfyKOp |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\AA3e1oO[1].png.RYK | 0.92 KB |
MD5:
5c1fbcd3b7495a3f427759e5fdbc513f
SHA1: 76ef7499a1be65aa64302a296e323187200980ff SHA256: 799cbaf1ef016c93e5c8aca89a8a2814d0e262ecfb874436f0e6c868d469efa9 SSDeep: 24:wAQnJkIJAn1MsOzObRzIOCZH+RmC1RvTmTu0P5:2Jk+An1MsOzObRzIvR+lRvTmTB |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\adex[1].js.RYK | 36.74 KB |
MD5:
b9a2c0b8600260359c7475293bda7703
SHA1: 2b13d307c04339e97fa0e2130ffd772196f025e5 SHA256: dfaede56c1dece48e25c1bf840505acda138f63362cd48589d670a6feb55e08c SSDeep: 768:EVn2oI+AR1iZMCnR8Z/2XEYMUkTxFoRW8v6+S+rVPyzJ4U4Gk0/qpe+q:yn2dSnR8Z/2X4UMC6+NpPyeAGC |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\css[1].txt.RYK | 154.71 KB |
MD5:
3c43a845ec2fcd2b688d1e11457ecd17
SHA1: 7946719c11882f2ef925661a43ea096ca2eadcb5 SHA256: 6526e4f5a5359c975da3c31d93efe9a5a3d9a29248a621a620edcea25add5615 SSDeep: 3072:7xDMEXs6Fqf/p5i3xVKYX7IQ5GE0Qz0mic3D3lutl2beUbkFUjL+khqOdfhzdji0:7CEX1AAxIUD5z/T3lujaePKjLbhP3xjJ |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[2].js.RYK | 24.10 KB |
MD5:
ec512ae1fbd3ff9a80adbd2215261ea4
SHA1: 128abfde797eb1975b93393afc5079d94282b988 SHA256: 25ab9f4a8947239292d5b5131492a2fdafb1f414c9ba83183dcab19594a43779 SSDeep: 384:ZrdzVl3tx2JIE+071LFsIJJCUNjC5votz7xe6gXI0TV0zddQJjIKidVpS:P7cIE+M15sIJgUNjCRUzgFXjVadlKis |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini.RYK | 0.35 KB |
MD5:
25785bcbe739a6e9c54f62b9077f38ae
SHA1: aa876596e94a6e59321f3d3bfeb39262c0dac778 SHA256: 6057b5dba962e01755165df768e228eed456f884dbeb89aa78ac05d58ce8add6 SSDeep: 6:e1aCwJDq0rMLbtVP8qF4XmoEnMpf6TZvRz6ggRgPrO9XmGIoe:iv2MLbtSqF42xYCdRzfgRgqcGfe |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\core[1].css.RYK | 165.10 KB |
MD5:
11ba7955a5bfd5ff8e662ed4f4cea3b2
SHA1: d1df3bfcee915d629806396ee0d9583c277abff6 SHA256: 87ed9c37dcb3ff48a44a9ead76597491e558539e5fb73e79fbc6ee2836879326 SSDeep: 3072:8488wLqXK9Z3buY/ZxDjxEzNTcuRYi7956aH+8fek6PJLHSkUdgPM2g23B8G8rTA:8488w5Z/Z1tEzCu/7956Wfe35ZPPR8z4 |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\player[1].js.RYK | 27.13 KB |
MD5:
4506a5d330af3ed8190371eb981cf720
SHA1: 2d5812c11cbb369bb4f0df640d751eec75c7a6c8 SHA256: d8234b15186eac0cad343638e6fca809fc1bb818930a7052bb037f1d222e03f3 SSDeep: 768:AvrXIB2wEkXAuFi6IpfD93gPEn4V1zj6Map0TR:yzIU8G68D9FnuPBN |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\meversion[1].RYK | 4.66 KB |
MD5:
b9cd78feb018e580480ea686d1ead955
SHA1: 4f36b2134cdab7699e4eaae2eaf907c816a897fe SHA256: 3db1eae2df8388dfb92fac081851f69448ed2a7cbabbca7aef529b9eb4ba0d01 SSDeep: 96:ntzBcYEGfVX/Tx2DesZLL+aFkAsYGj0e3541kExT1wGE:ntzZE4VvT4DrZPvFUPSUx |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\th[1].jpg.RYK | 2.55 KB |
MD5:
3822e63bf4a7db6bd008ef450f91a44c
SHA1: 68289bee98ee699c469c31ca0e446e8c125f41fe SHA256: 142c072b246fcf98bce7d85f2e9a337ce303eb432b0d814e26a1879617987164 SSDeep: 48:PM0VfQMOj15jZJ7C5++EIkYYM3JxNDUtANg+FRZGDch8wInA:PM8mzjjn3IkW37NXNJRZ7h8A |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\BBBPUFJ[1].jpg.RYK | 8.00 KB |
MD5:
90d17620fd95ee95a6f5376495d1c495
SHA1: a4ff0b3babbee5810f3071bac74c810a2878bdc0 SHA256: 6c7ddaac18ac9af776546f50f6c67cb74241e5d7864c5ef3b69feaaae3981ea3 SSDeep: 192:wCnUoZzGsz47Z9+mWrA9xdOlCmOCE85sHgdP6ypj7y:wCUo8v+mWoxdO0mHFsH26yp7y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.RYK | 1.97 KB |
MD5:
ee7028da33082058abe1d6d6b84e192e
SHA1: a47441bc8a2b8b75b153a47af272bb31699e97ed SHA256: 07bfc7b20662e27620eea206990cc06b3d5dbce4fd9ffff5ed76335f858988f9 SSDeep: 48:Rya3TrE2oKksDUX6gDqxvjZIEL2J7VWtNTiDvjwK39L:R13To2NksYqVjUoze4y |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.RYK | 1.75 KB |
MD5:
871eae09f0173a3cf375cfc98584130e
SHA1: e83702818a6b7eaf539233829cb88b4ae3f7aae8 SHA256: 1343cee6db51e1e9d083de268e4476b7c155ea32aae7a264b708f4a12a6b5ef1 SSDeep: 24:DSB0PmKqWoyDg1081xVHFbRyn/vVgKhpleOlbGiAAOjpoamcpsxuubPNI0eGCAn:2kZvXDgy8Xbcn/ve9cSFAt5xu0DCAn |
|
|
| C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.RYK | 0.94 KB |
MD5:
03f788b413e3c17914952453df1af5cb
SHA1: f13476d149b88636aedcfe0e200a49f81adedad0 SHA256: 9b9725b5991025b6e29ccf0261230389ee1c3d5b4c16417efac82c98483dcc9a SSDeep: 24:9skhuG9YZ7hXnR490uvf6vU3a04ln4tCiY16bSqRUX8x39GH3:9skE7pnCfV5tCiYGysl0H3 |
|
|
Host Behavior
File (6694)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
2 | |
| Create | C:\users\Public\sys | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_HIDDEN |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
24 | |
| Create | C:\Boot\cs-CZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\da-DK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\de-DE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\el-GR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\es-ES\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fi-FI\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\fr-FR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\hu-HU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\it-IT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ja-JP\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ko-KR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nb-NO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\nl-NL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pl-PL\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-BR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\pt-PT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\ru-RU\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\sv-SE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\tr-TR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-CN\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-HK\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\zh-TW\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Config.Msi\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG1.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BCD.LOG2.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\BOOTSECT.BAK.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
12 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\UserCache.bin.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\ACECache11.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-1jPtqir3151Mm1.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-wD1CtzoKAaqRQ.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2N8XoM8KdtEKR3l.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6Xzko9PES.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9WqOaVZQQXr80Vx9E.png.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aD6vbI_L fbZ9ov.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DAWmK.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DOFJFpLhODvfDEn.pdf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ekU6o.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\e_emDq.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\fsVeUQ3vvXBdb.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\i7hPXw2ABInk5.odp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JwUco-T9UIE0RtuaL_E1.gif.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ku4FJybSEU_gTLXa4Ki.rtf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\LUmqNJWc-x1pVYRe1Bl.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mELW3sX.flv.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\oFV7p3fp.odt.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\p3RBIS7TpgYpC eu54.wav.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RUuQyHR7-6IM-BJ.docx.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\s9CZ4O ljxCp.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sZHi jusNhd6.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UgVxY.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WdoxaNgwfJgc.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wTpNmmdXLi4UIyadv.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\X4M1Ejkgszn5vH.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\XNlF1fAZqiwMihZ5.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xohqs4vrtY1de wn.pps.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
20 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IME12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP8_1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP9_0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\Acrobat\10.0\SharedDataEvents.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Publisher\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TaskSchedulerConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
12 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn2\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Themes\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.pat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9WqOaVZQQXr80Vx9E.png.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DAWmK.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DOFJFpLhODvfDEn.pdf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ekU6o.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\e_emDq.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\fsVeUQ3vvXBdb.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\i7hPXw2ABInk5.odp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JwUco-T9UIE0RtuaL_E1.gif.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ku4FJybSEU_gTLXa4Ki.rtf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\LUmqNJWc-x1pVYRe1Bl.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mELW3sX.flv.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\oFV7p3fp.odt.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\p3RBIS7TpgYpC eu54.wav.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RUuQyHR7-6IM-BJ.docx.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\s9CZ4O ljxCp.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sZHi jusNhd6.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UgVxY.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WdoxaNgwfJgc.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wTpNmmdXLi4UIyadv.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\X4M1Ejkgszn5vH.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\XNlF1fAZqiwMihZ5.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
6 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.MSO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.Word\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
4 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-1jPtqir3151Mm1.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-wD1CtzoKAaqRQ.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2N8XoM8KdtEKR3l.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6Xzko9PES.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aD6vbI_L fbZ9ov.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xohqs4vrtY1de wn.pps.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
20 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IME12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP8_1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP9_0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\3LKBQZJ3\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\8NES5H33\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\FKLUIDU0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\OWLVMZRC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\ieonline.microsoft[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Publisher\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TaskSchedulerConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
11 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn2\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Themes\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\edb00001.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.pat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Gadgets\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Hand Prints.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\HandPrints.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Orange Circles.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Soft Blue.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.MSMessageStore.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.pat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.DTD.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\12.0\WMSDKNS.XML.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Sidebar\Settings.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-1jPtqir3151Mm1.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\-wD1CtzoKAaqRQ.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\2N8XoM8KdtEKR3l.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\6Xzko9PES.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\9WqOaVZQQXr80Vx9E.png.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aD6vbI_L fbZ9ov.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeARM.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Cookies\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DAWmK.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DOFJFpLhODvfDEn.pdf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ekU6o.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\e_emDq.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\fsVeUQ3vvXBdb.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\FXSAPIDebugLogFile.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\i7hPXw2ABInk5.odp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JwUco-T9UIE0RtuaL_E1.gif.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ku4FJybSEU_gTLXa4Ki.rtf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\LUmqNJWc-x1pVYRe1Bl.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\mELW3sX.flv.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\oFV7p3fp.odt.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\p3RBIS7TpgYpC eu54.wav.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RUuQyHR7-6IM-BJ.docx.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\s9CZ4O ljxCp.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\sZHi jusNhd6.mp3.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.MSO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.Word\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\AntiPhishing\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Virtualized\C\Users\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\VirtualStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\6NG60CXZ.9GJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\CJW3O3KP.BX7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\UgVxY.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WdoxaNgwfJgc.bmp.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wTpNmmdXLi4UIyadv.avi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\X4M1Ejkgszn5vH.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\XNlF1fAZqiwMihZ5.m4a.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\xohqs4vrtY1de wn.pps.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\MSIMGSIZ.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Deployment\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\CrashReports\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
18 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Event Viewer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\DQQ19BCJ.JAX\YVORLGOR.PNT\manifests\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\GDIPFONTCACHEV1.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\MSHist012019042420190425\index.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\MSHist012017071220170713\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IME12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP12\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP8_1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IMJP9_0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\fwlink[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\ieonline.microsoft[1].RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FORMS\FRMCACHE.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\3LKBQZJ3\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\8NES5H33\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\FKLUIDU0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\OWLVMZRC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\8NES5H33\get.adobe[1].xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\frameiconcache.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\CurrentDatabase_372.wmdb.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\01_Music_auto_rated_at_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\02_Music_added_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\03_Music_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\04_Music_played_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Transcoded Files Cache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\System\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\05_Pictures_taken_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\06_Pictures_rated_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\07_TV_recorded_in_the_last_week.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\08_Video_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\09_Music_played_the_most.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\10_All_Music.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\11_All_Pictures.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\0000E713\12_All_Video.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\01_Music_auto_rated_at_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\02_Music_added_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\03_Music_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\04_Music_played_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\05_Pictures_taken_in_the_last_month.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\06_Pictures_rated_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\07_TV_recorded_in_the_last_week.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\08_Video_rated_at_4_or_5_stars.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\09_Music_played_the_most.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\10_All_Music.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\11_All_Pictures.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\Sync Playlists\en-US\00010C6E\12_All_Video.wpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Publisher\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\TaskSchedulerConfig\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
11 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1024\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\1033\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn1\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn2\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\GameExplorer\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012019042420190425\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.sig | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\ONetConfig\350db95df4cbd94b2a1c300510e12e11.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\mapisvc.inf.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\Outlook.sharing.xml.obi.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\content14.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Visio\thumbs.dat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\History.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.MSO\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.Word\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
5 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Virtualized\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Virtualized\C\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Themes\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ERC\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\ReportArchive\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WER\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\edb00001.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.MSMessageStore | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Backup\old\WindowsMail.pat.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Garden.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Hand Prints.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\HandPrints.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Orange Circles.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Peacock.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htm.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg.RYK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\IKQEEPZR\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 67, size_out = 67 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\9QH4S0GZ\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\ABV8L7MY\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\1NBUR4HR\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\6ASVN7J7\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\D68G7BIJ\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\KQMHSVKD\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\History\History.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\03J4UQW0\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\KETAJP6D\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\VB18B0KB\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Temporary Internet Files\Content.IE5\XT1RPYG9\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Read | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini.RYK | size = 25, size_out = 25 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 80 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5\YG1R61Z8\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | size = 224 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini | size = 416 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini | size = 268 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini | size = 288 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini | size = 6 |
|
1 | |
| Write | C:\Documents and Settings\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini | size = 268 |
|
1 | |
|
For performance reasons, the remaining 4000 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (520)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | net | show_window = SW_HIDE |
|
10 | |
| Enumerate Processes | - | - |
|
500 | |
| Enumerate Processes | - | - |
|
10 |
Module (78)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76e30000 |
|
1 | |
| Load | mpr.dll | base_address = 0x7fefa380000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x7fefdbf0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7fefe2b0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x7fefe4c0000 |
|
1 | |
| Load | Iphlpapi.dll | base_address = 0x7fefa840000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address_out = 0x76e47070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLastError, address_out = 0x76e52dd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualFree, address_out = 0x76e41260 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptExportKey, address_out = 0x7fefdbf8140 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = DeleteFileW, address_out = 0x76e3ad90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetDriveTypeW, address_out = 0x76e4bdf0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address_out = 0x76e4c480 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address_out = 0x76e48070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindNextFileW, address_out = 0x76e41910 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address_out = 0x76e467a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7fefdbfdc20 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ExitProcess, address_out = 0x76f740f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76e7bb30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessA, address_out = 0x76ec8840 |
|
1 | |
| Get Address | c:\windows\system32\iphlpapi.dll | function = GetIpNetTable, address_out = 0x7fefa84e558 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetVersionExW, address_out = 0x76e3d910 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76e7bb40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x76e394e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7fefdc01fd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ReadFile, address_out = 0x76e41500 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefdc0c480 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CloseHandle, address_out = 0x76e52f80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address_out = 0x7fefdc01ed0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefdc10710 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileA, address_out = 0x76ec5620 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesW, address_out = 0x76e437a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WinExec, address_out = 0x76ec8d80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDeriveKey, address_out = 0x7fefdc2b6b0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGenKey, address_out = 0x7fefdbf19bc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Sleep, address_out = 0x76e52b70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address_out = 0x76e45cf0 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteW, address_out = 0x7fefe4d983c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSize, address_out = 0x76e3f9d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address_out = 0x76e380c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindClose, address_out = 0x76e4bd60 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x76e41170 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76e464a0 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = ShellExecuteA, address_out = 0x7fefe71ec80 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleHandleA, address_out = 0x76e465e0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address_out = 0x76e47700 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileA, address_out = 0x76e531f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address_out = 0x76e39b30 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WriteFile, address_out = 0x76e535a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetLogicalDrives, address_out = 0x76e3b930 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetEnumResourceW, address_out = 0x7fefa3841a0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7fefdc106f0 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetCloseEnum, address_out = 0x7fefa3842dc |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetWindowsDirectoryW, address_out = 0x76e382b0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFileAttributesA, address_out = 0x76e32d50 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefdc0b5f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointer, address_out = 0x76e41150 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetTickCount, address_out = 0x76e52b00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address_out = 0x76e4bdd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address_out = 0x76e4bd80 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7fefdbfd98c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = MoveFileExW, address_out = 0x76e33060 |
|
1 | |
| Get Address | c:\windows\system32\mpr.dll | function = WNetOpenEnumW, address_out = 0x7fefa383e00 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitialize, address_out = 0x7fefe2ca51c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDecrypt, address_out = 0x7fefdc2b6d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptImportKey, address_out = 0x7fefdbfaf6c |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetFilePointerEx, address_out = 0x76e3af00 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileW, address_out = 0x76e392d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = FreeLibrary, address_out = 0x76e46620 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateProcessW, address_out = 0x76e51bb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address_out = 0x76e3ad70 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateThread, address_out = 0x76e46580 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyKey, address_out = 0x7fefdbfafa0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7fefe2d7490 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CreateFileW, address_out = 0x76e41870 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = GetFileAttributesA, address_out = 0x76e413e0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptEncrypt, address_out = 0x7fefdc2b650 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegDeleteValueW, address_out = 0x7fefdbfbbb0 |
|
1 |
Service (30)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeBackupPrivilege, luid = 17 |
|
1 |
System (34)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 5000 milliseconds (5.000 seconds) |
|
1 | |
| Sleep | duration = 25000 milliseconds (25.000 seconds) |
|
2 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Sleep | duration = 150 milliseconds (0.150 seconds) |
|
10 | |
| Sleep | duration = 50000 milliseconds (50.000 seconds) |
|
10 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
3 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\Windows |
|
5 |
Process #7: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:50, Reason: Child Process |
| Unmonitor | End Time: 00:00:52, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaa0 |
| Parent PID | 0xa80 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AA4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffd60000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:39:19 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 112960 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16357272546 |
|
1 |
Process #8: net1.exe
50
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "audioendpointbuilder" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:51, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaa8 |
| Parent PID | 0xa68 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AAC
|
Host Behavior
File (32)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
15 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 169 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
7 | |
| Write | STD_OUTPUT_HANDLE | size = 16 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 37 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 1 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 53 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 54 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 70 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffd60000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (10)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
3 | |
| Get Display Name | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Info | service_name = AUDIOENDPOINTBUILDER |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 2500 milliseconds (2.500 seconds) |
|
2 | |
| Get Time | type = System Time, time = 2019-04-24 06:39:19 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 113007 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16363208168 |
|
1 |
Process #9: net.exe
0
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:00, Reason: Child Process |
| Unmonitor | End Time: 00:01:02, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb4c |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B50
|
Process #10: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:01, Reason: Child Process |
| Unmonitor | End Time: 00:01:02, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb64 |
| Parent PID | 0xb4c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B68
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffe70000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:39:28 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 122491 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17312607544 |
|
1 |
Process #11: net.exe
0
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:10, Reason: Child Process |
| Unmonitor | End Time: 00:01:11, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xba4 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BA8
|
Process #12: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:10, Reason: Child Process |
| Unmonitor | End Time: 00:01:11, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbd4 |
| Parent PID | 0xba4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BD8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff9b0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:39:36 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 130635 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18276683737 |
|
1 |
Process #13: net.exe
0
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:12, Reason: Child Process |
| Unmonitor | End Time: 00:01:14, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x37c |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
380
|
Process #14: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:13, Reason: Child Process |
| Unmonitor | End Time: 00:01:14, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb5c |
| Parent PID | 0x37c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B64
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff880000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:39:39 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 133318 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18544935636 |
|
1 |
Process #15: net.exe
0
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:20, Reason: Child Process |
| Unmonitor | End Time: 00:01:23, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1114 |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1118
|
Process #16: net.exe
0
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:20, Reason: Child Process |
| Unmonitor | End Time: 00:01:23, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1294 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1298
|
Process #17: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:21, Reason: Child Process |
| Unmonitor | End Time: 00:01:22, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x12dc |
| Parent PID | 0x1114 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
12E0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff2e0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:39:47 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 141804 |
|
1 | |
| Get Time | type = Performance Ctr, time = 19397885961 |
|
1 |
Process #18: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:22, Reason: Child Process |
| Unmonitor | End Time: 00:01:23, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1670 |
| Parent PID | 0x1294 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1674
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff690000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:39:48 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 142584 |
|
1 | |
| Get Time | type = Performance Ctr, time = 19476018604 |
|
1 |
Process #19: net.exe
0
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:23, Reason: Child Process |
| Unmonitor | End Time: 00:01:25, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x188c |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1890
|
Process #20: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:23, Reason: Child Process |
| Unmonitor | End Time: 00:01:25, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1920 |
| Parent PID | 0x188c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
1924
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffe10000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:39:49 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 143442 |
|
1 | |
| Get Time | type = Performance Ctr, time = 19562701131 |
|
1 |
Process #21: net.exe
0
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:31, Reason: Child Process |
| Unmonitor | End Time: 00:01:35, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x2fc8 |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2FCC
|
Process #22: net.exe
0
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:32, Reason: Child Process |
| Unmonitor | End Time: 00:01:35, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3088 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
308C
|
Process #23: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:33, Reason: Child Process |
| Unmonitor | End Time: 00:01:34, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x31bc |
| Parent PID | 0x2fc8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
31C0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff470000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:39:59 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 153723 |
|
1 | |
| Get Time | type = Performance Ctr, time = 20590909239 |
|
1 |
Process #24: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:34, Reason: Child Process |
| Unmonitor | End Time: 00:01:35, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3250 |
| Parent PID | 0x3088 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3254
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xfff00000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:00 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 154269 |
|
1 | |
| Get Time | type = Performance Ctr, time = 20645381369 |
|
1 |
Process #25: net.exe
0
0
| Information | Value |
|---|---|
| ID | #25 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:34, Reason: Child Process |
| Unmonitor | End Time: 00:01:36, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x32d8 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
32DC
|
Process #26: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:35, Reason: Child Process |
| Unmonitor | End Time: 00:01:36, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3344 |
| Parent PID | 0x32d8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3348
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff440000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:01 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 154986 |
|
1 | |
| Get Time | type = Performance Ctr, time = 20716180739 |
|
1 |
Process #27: net.exe
0
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:43, Reason: Child Process |
| Unmonitor | End Time: 00:01:45, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x33f0 |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
33F4
|
Process #28: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:43, Reason: Child Process |
| Unmonitor | End Time: 00:01:45, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x12c |
| Parent PID | 0x33f0 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3014
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff520000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:08 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 162116 |
|
1 | |
| Get Time | type = Performance Ctr, time = 21610102683 |
|
1 |
Process #29: net.exe
0
0
| Information | Value |
|---|---|
| ID | #29 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:45, Reason: Child Process |
| Unmonitor | End Time: 00:01:46, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x31bc |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
30C8
|
Process #30: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #30 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:45, Reason: Child Process |
| Unmonitor | End Time: 00:01:46, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3290 |
| Parent PID | 0x31bc (c:\windows\system32\net1.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3254
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff7f0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:09 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 163520 |
|
1 | |
| Get Time | type = Performance Ctr, time = 21751528991 |
|
1 |
Process #31: net.exe
0
0
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:47, Reason: Child Process |
| Unmonitor | End Time: 00:01:48, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7dc |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3254
|
Process #32: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:47, Reason: Child Process |
| Unmonitor | End Time: 00:01:48, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3084 |
| Parent PID | 0x7dc (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
2FCC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff580000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:11 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 165501 |
|
1 | |
| Get Time | type = Performance Ctr, time = 21949388734 |
|
1 |
Process #33: net.exe
0
0
| Information | Value |
|---|---|
| ID | #33 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:54, Reason: Child Process |
| Unmonitor | End Time: 00:01:55, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x36e8 |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
36EC
|
Process #34: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:55, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x37f0 |
| Parent PID | 0x36e8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
37F4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff1c0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:19 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 173270 |
|
1 | |
| Get Time | type = Performance Ctr, time = 22725856532 |
|
1 |
Process #35: net.exe
0
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:55, Reason: Child Process |
| Unmonitor | End Time: 00:01:58, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x38c0 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
38C4
|
Process #36: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:56, Reason: Child Process |
| Unmonitor | End Time: 00:01:58, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3aa4 |
| Parent PID | 0x38c0 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3AA8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffb40000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:21 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 175235 |
|
1 | |
| Get Time | type = Performance Ctr, time = 22922215018 |
|
1 |
Process #37: net.exe
0
0
| Information | Value |
|---|---|
| ID | #37 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:58, Reason: Child Process |
| Unmonitor | End Time: 00:02:00, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3ef8 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3EFC
|
Process #38: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:00, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x44f0 |
| Parent PID | 0x3ef8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
44F4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffef0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:24 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 178168 |
|
1 | |
| Get Time | type = Performance Ctr, time = 23216300771 |
|
1 |
Process #39: net.exe
0
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:05, Reason: Child Process |
| Unmonitor | End Time: 00:02:08, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x57d4 |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
57D8
|
Process #40: net.exe
0
0
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:07, Reason: Child Process |
| Unmonitor | End Time: 00:02:09, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5b84 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5B88
|
Process #41: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #41 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:07, Reason: Child Process |
| Unmonitor | End Time: 00:02:08, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5c04 |
| Parent PID | 0x57d4 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5C08
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff200000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:31 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 185828 |
|
1 | |
| Get Time | type = Performance Ctr, time = 23981423140 |
|
1 |
Process #42: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #42 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:08, Reason: Child Process |
| Unmonitor | End Time: 00:02:09, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5fb4 |
| Parent PID | 0x5b84 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5FB8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffd40000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:33 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 186998 |
|
1 | |
| Get Time | type = Performance Ctr, time = 24098773451 |
|
1 |
Process #43: net.exe
0
0
| Information | Value |
|---|---|
| ID | #43 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:09, Reason: Child Process |
| Unmonitor | End Time: 00:02:12, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6298 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
629C
|
Process #44: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:11, Reason: Child Process |
| Unmonitor | End Time: 00:02:12, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6878 |
| Parent PID | 0x6298 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
687C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xfff30000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:35 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 189650 |
|
1 | |
| Get Time | type = Performance Ctr, time = 24364622151 |
|
1 |
Process #45: net.exe
0
0
| Information | Value |
|---|---|
| ID | #45 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:16, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7c20 |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7C24
|
Process #46: net.exe
0
0
| Information | Value |
|---|---|
| ID | #46 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:18, Reason: Child Process |
| Unmonitor | End Time: 00:02:21, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6298 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6380
|
Process #47: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #47 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:18, Reason: Child Process |
| Unmonitor | End Time: 00:02:19, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x80cc |
| Parent PID | 0x7c20 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
80D0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff0e0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:43 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 197076 |
|
1 | |
| Get Time | type = Performance Ctr, time = 25108162625 |
|
1 |
Process #48: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #48 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:20, Reason: Child Process |
| Unmonitor | End Time: 00:02:21, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8098 |
| Parent PID | 0x6298 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
80D0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff210000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:44 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 198292 |
|
1 | |
| Get Time | type = Performance Ctr, time = 25228970267 |
|
1 |
Process #49: net.exe
0
0
| Information | Value |
|---|---|
| ID | #49 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:20, Reason: Child Process |
| Unmonitor | End Time: 00:02:23, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x86cc |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
86D0
|
Process #50: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #50 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:22, Reason: Child Process |
| Unmonitor | End Time: 00:02:23, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8c98 |
| Parent PID | 0x86cc (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8C9C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff070000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:47 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 200991 |
|
1 | |
| Get Time | type = Performance Ctr, time = 25500881244 |
|
1 |
Process #51: net.exe
0
0
| Information | Value |
|---|---|
| ID | #51 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:28, Reason: Child Process |
| Unmonitor | End Time: 00:02:31, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9fa8 |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9FAC
|
Process #52: net.exe
0
0
| Information | Value |
|---|---|
| ID | #52 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:29, Reason: Child Process |
| Unmonitor | End Time: 00:02:33, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa39c |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A3A0
|
Process #53: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #53 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:30, Reason: Child Process |
| Unmonitor | End Time: 00:02:31, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa56c |
| Parent PID | 0x9fa8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A570
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff6b0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:54 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 208510 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26255374988 |
|
1 |
Process #54: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #54 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:32, Reason: Child Process |
| Unmonitor | End Time: 00:02:33, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xac28 |
| Parent PID | 0xa39c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AC2C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xfff50000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:56 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 210320 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26435153571 |
|
1 |
Process #55: net.exe
0
0
| Information | Value |
|---|---|
| ID | #55 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:32, Reason: Child Process |
| Unmonitor | End Time: 00:02:35, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xad28 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AD2C
|
Process #56: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #56 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:33, Reason: Child Process |
| Unmonitor | End Time: 00:02:34, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb01c |
| Parent PID | 0xad28 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B020
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffbd0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:40:58 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 212301 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26634392362 |
|
1 |
Process #57: net.exe
0
0
| Information | Value |
|---|---|
| ID | #57 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:39, Reason: Child Process |
| Unmonitor | End Time: 00:02:41, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xba4c |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BA50
|
Process #58: net.exe
0
0
| Information | Value |
|---|---|
| ID | #58 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:40, Reason: Child Process |
| Unmonitor | End Time: 00:02:41, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xba68 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BA6C
|
Process #59: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #59 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:40, Reason: Child Process |
| Unmonitor | End Time: 00:02:41, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xba84 |
| Parent PID | 0xba4c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BA88
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff170000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:41:04 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 218370 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27240740999 |
|
1 |
Process #60: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #60 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:40, Reason: Child Process |
| Unmonitor | End Time: 00:02:41, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xba90 |
| Parent PID | 0xba68 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BA94
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff610000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:41:04 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 218495 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27253271824 |
|
1 |
Process #61: net.exe
0
0
| Information | Value |
|---|---|
| ID | #61 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:43, Reason: Child Process |
| Unmonitor | End Time: 00:02:43, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbbfc |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5854
|
Process #62: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #62 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:43, Reason: Child Process |
| Unmonitor | End Time: 00:02:44, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x884 |
| Parent PID | 0xbbfc (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BA78
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff580000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:41:07 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 221459 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27548928924 |
|
1 |
Process #63: net.exe
0
0
| Information | Value |
|---|---|
| ID | #63 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:50, Reason: Child Process |
| Unmonitor | End Time: 00:02:54, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc28c |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C290
|
Process #64: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #64 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:51, Reason: Child Process |
| Unmonitor | End Time: 00:02:53, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc30c |
| Parent PID | 0xc28c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C310
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff5b0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:41:17 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 230975 |
|
1 | |
| Get Time | type = Performance Ctr, time = 28529656425 |
|
1 |
Process #65: net.exe
0
0
| Information | Value |
|---|---|
| ID | #65 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:55, Reason: Child Process |
| Unmonitor | End Time: 00:03:00, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc528 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C52C
|
Process #66: net.exe
0
0
| Information | Value |
|---|---|
| ID | #66 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:55, Reason: Child Process |
| Unmonitor | End Time: 00:03:00, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc530 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C534
|
Process #67: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #67 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:58, Reason: Child Process |
| Unmonitor | End Time: 00:03:00, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc7cc |
| Parent PID | 0xc528 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C7D0
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffa00000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:41:23 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 237386 |
|
1 | |
| Get Time | type = Performance Ctr, time = 29172201506 |
|
1 |
Process #68: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #68 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:59, Reason: Child Process |
| Unmonitor | End Time: 00:03:00, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xc7d4 |
| Parent PID | 0xc530 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
C7D8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xffa00000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:41:23 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 237433 |
|
1 | |
| Get Time | type = Performance Ctr, time = 29176131264 |
|
1 |
Process #69: net.exe
0
0
| Information | Value |
|---|---|
| ID | #69 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:02, Reason: Child Process |
| Unmonitor | End Time: 00:03:04, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xca5c |
| Parent PID | 0x50c (c:\windows\system32\taskeng.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CA60
|
Process #70: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #70 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:03, Reason: Child Process |
| Unmonitor | End Time: 00:03:04, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcce0 |
| Parent PID | 0xca5c (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CCE4
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff0c0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:41:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 241395 |
|
1 | |
| Get Time | type = Performance Ctr, time = 29572961165 |
|
1 |
Process #71: net.exe
0
0
| Information | Value |
|---|---|
| ID | #71 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:05, Reason: Child Process |
| Unmonitor | End Time: 00:03:08, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd3f8 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D3FC
|
Process #72: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #72 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:06, Reason: Child Process |
| Unmonitor | End Time: 00:03:07, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd658 |
| Parent PID | 0xd3f8 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D65C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b50000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff180000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:41:31 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 244952 |
|
1 | |
| Get Time | type = Performance Ctr, time = 29929163949 |
|
1 |
Process #73: net.exe
0
0
| Information | Value |
|---|---|
| ID | #73 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:07, Reason: Child Process |
| Unmonitor | End Time: 00:03:09, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd760 |
| Parent PID | 0xa34 (c:\users\5p5nrgjn0js halpmcxz\desktop\zzzavxu.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D764
|
Process #74: net1.exe
20
0
| Information | Value |
|---|---|
| ID | #74 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 stop "samss" /y |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:08, Reason: Child Process |
| Unmonitor | End Time: 00:03:09, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xde24 |
| Parent PID | 0xd760 (c:\windows\system32\net.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DE28
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 71 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NETMSG | base_address = 0x74b60000 |
|
1 | |
| Get Handle | c:\windows\system32\net1.exe | base_address = 0xff0e0000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\net1.exe, file_name_orig = C:\Windows\system32\net1.exe, size = 260 |
|
1 |
Service (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | service_name = SAMSS |
|
1 | |
| Get Service Name | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-04-24 06:41:32 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 246575 |
|
1 | |
| Get Time | type = Performance Ctr, time = 30090172952 |
|
1 |
