57cc351d...bd90 | Grouped Behavior
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Wiper, Ransomware, Trojan

Monitored Processes

Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x6d8 Analysis Target High (Elevated) pg.exe "C:\Users\FD1HVy\Desktop\Pg.exe" -
#2 0xf44 Child Process High (Elevated) cmd.exe "C:\WINDOWS\system32\cmd.exe" #1
#4 0xdd8 Child Process High (Elevated) mode.com mode con cp select=1251 #2
#5 0xd90 Child Process High (Elevated) vssadmin.exe vssadmin delete shadows /all /quiet #2

Behavior Information - Grouped by Category

Process #1: pg.exe
25366 0
»
Information Value
ID #1
File Name c:\users\fd1hvy\desktop\pg.exe
Command Line "C:\Users\FD1HVy\Desktop\Pg.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:02:46, Reason: Analysis Target
Unmonitor End Time: 00:05:20, Reason: Terminated by Timeout
Monitor Duration 00:02:33
OS Process Information
»
Information Value
PID 0x6d8
Parent PID 0x860 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 6C0
0x A28
0x AF0
0x DF8
0x F18
0x D08
0x EA8
0x D7C
0x DA8
0x 200
0x 8E8
0x A7C
0x D6C
0x AC4
0x B84
0x CC4
0x DBC
0x DC0
0x B64
0x A6C
0x 840
0x D88
0x DAC
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
pg.exe 0x00400000 0x00474FFF Relevant Image - 32-bit - False False
buffer 0x001E0000 0x001E9FFF First Execution - 32-bit 0x001E4D14, 0x001E58A4, ... False False
buffer 0x001F0000 0x001F0FFF First Execution - 32-bit 0x001F0000 False False
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\FD1HVy\Desktop\Pg.exe 450.00 KB MD5: 734f9b50616f3b4b7341b86f2b462c0f
SHA1: 364e579f5a7f7b035bfa1156c92170a8f12e2e23
SHA256: 57cc351d441fc30eb7c4f585ee35bfce5b32bb82ec8dd99f004043d5ace7bd90
SSDeep: 12288:+4fEKhSc6BFvAmcKZe/R2woVHFe2Jss2aZPIqvOv0UtDdQ7:pmBcKZlVlebyAJR1W
False
C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-B4197730.[lockhelp@qq.com].jack 378 bytes MD5: 91548264e25370786f6e9c1506aab0e8
SHA1: 280fc21be83774b471c016877b24b45f183f2b23
SHA256: c9ddb5b7b366c624a30dc8f88dc07efc52dd78b9ab63f69419bcde673665cdfe
SSDeep: 6:iKWHTJZqJ1q+ll20E9o3uhTc6WC91uR3oR9/5Q0ag9QsHIHj5zlO0MvZ1:iDH2JpQ9o3uFT103q/5Q0ag9QOGZtqZ1
False
C:\$GetCurrent\SafeOS\preoobe.cmd.id-B4197730.[lockhelp@qq.com].jack 314 bytes MD5: 4e5b789c680e21b4b664b79507810b65
SHA1: 10c2dc854d4d6841e3e4e9bea2427c96fda07491
SHA256: a565f500a1d628ecaeae5842bec9eb4c739a86ab839472f833354c6542fde51c
SSDeep: 6:Jh7EUhb8uRcQlSaPb1uR/Vs3Z/ycC2AOcgnSMCA3TJiOxT/l:TXmaD10/VsUclr1nSMZNiOxLl
False
C:\588bce7c90097ed212\1032\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 84.51 KB MD5: 40b175e30750e313205e99b5e80eb62d
SHA1: c00c825dae32005b81cedd679b760289b1826112
SHA256: bc777f43a7a3f4c39ce13097e6bf744a84714a9b8c503e03f523884a36e91d18
SSDeep: 1536:5ws7e5tpeZxtdqMgGL0trAO8JR6A9T70QumabhCBMW6KCJFQyoHuGteW7t:5/K5tpiXd+07VGBbMj6Nwt
False
C:\588bce7c90097ed212\1035\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 75.46 KB MD5: 7f6a1987d693f3fed5ed1c4321d8b597
SHA1: 6f12f704e90fd29fef456c3634811a793be29633
SHA256: 46bc65584e38b1bcbeeb1149f0602eb1a6f8338dc3b424354e97e5d384f5b50c
SSDeep: 1536:zNTdI1tiVwh8E+DAZZi8VXsdkoz4lvceszzz+TOlPJ34B2Rr:pTdIa/EcWDBsOGneGzz+KH4B2Rr
False
C:\588bce7c90097ed212\1037\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 16.59 KB MD5: 1fc0fa503564f9d45c454dc23a4129b8
SHA1: 630083f215f6ceeb21b54ded5c8e7978371aeae9
SHA256: 0f10bbfb2c3d84b79ac953563a643155a7c2fd45ccac29309b458dbca87ebb98
SSDeep: 384:9BEK/D5cNYiCPKRlpDmdrRmedv+HC0qY3qtOn+U7EsevQp:3EKo4KRlpydrRmed63q4MG
False
C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 70.63 KB MD5: 95ad6090e7e0dc8b4b5869e1e1cb6d69
SHA1: fffac2fc5f17cea739748c38f437bc612c5aaa65
SHA256: ee917adb0809c4704406826e5588e92d4eeab451d1261b0705706481f80e299c
SSDeep: 1536:k4C7dNVbKqpmtu2+vesViiP0Kc/nlTGHeolH:WhEOHsK0G+olH
False
C:\588bce7c90097ed212\Graphics\Print.ico.id-B4197730.[lockhelp@qq.com].jack 1.35 KB MD5: d54f8597db62c197e1faef75ebf1b6f7
SHA1: 47bc4c100fa0374156bef8e50b5a18bca20c712e
SHA256: 734da2340069863ae457d7b392538f090796ec523991b33172ae8ee81fc7d1f7
SSDeep: 24:cuPxHYlV3SHIef1omobfQHjdvVaL0cWM9Ngs2mIyZbva2sU0FAN1wS/xsa7Tgxh4:jxEV3CribfQhvVaL0zMjB+svaFqN1wMj
False
C:\588bce7c90097ed212\Graphics\Rotate3.ico.id-B4197730.[lockhelp@qq.com].jack 1.10 KB MD5: f3758774891bc2f40a3e8562f22f6933
SHA1: 0008da41811bae454783837a12d940471292d549
SHA256: d11ef6e86003e6fb5de9e237761eb1687470c46eb3bd2e81be5c3edd53f9761d
SSDeep: 24:wMXzQImGhXW2PQOuKVG9s/quAmmm5U1vre+zO+pgau57VghUwQ4tzieLl:pC+XWTKA9lnZNuUhU6ke
False
C:\588bce7c90097ed212\Graphics\Save.ico.id-B4197730.[lockhelp@qq.com].jack 1.35 KB MD5: fd8b2fea50b62c7702bf5bc0ec96e6ce
SHA1: 8b9d555c6b6cd5fb66753f2ff2d2c24846997030
SHA256: 6e44f6bec9d6e3ed08543ad192d62d812efce178ca0075134297b98b29aec864
SSDeep: 24:plGMfVI/eOQWQuFq6b2gcY1Bk9HOBd9YL7AbgurBDl2wxjJvyPY4tzieZt:3VKqu9b27oBk9HOBd9YL7GtrWwxMXkw
False
C:\588bce7c90097ed212\netfx_Core.mzz.id-B4197730.[lockhelp@qq.com].jack 173.83 MB MD5: cc75e7bda8993fedfe1a6badcf08dce7
SHA1: 9f7920f930c3874402c2d3c14535e2bdd1fe4eed
SHA256: e104262286e666244be9b1244b073d074f316420ff783d93d664a93ea8c7c99c
SSDeep: 196608:GV04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:z4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp
False
C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id-B4197730.[lockhelp@qq.com].jack 4.62 KB MD5: 144cef8f774ce56843f12001e6562352
SHA1: b7b7ac2706796323236b2a8d6cb46f1c4abfb1a9
SHA256: b7f31630206aa30614c4fb2f94af4357086352f98d9643673ff9fe103d99237a
SSDeep: 96:c5MvtZbvrXBE05Y6i4S61wlUrfa2rSwWKESsKLof5Cf3QGjVf7:c5Mvt9TXz5p3SplUri2UK0EZjx7
False
C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt.id-B4197730.[lockhelp@qq.com].jack 4.37 KB MD5: d868b7d28fc48834e5e1152e181d9d85
SHA1: 404f266596d8e33db7e9eaa6b36e67ee6cc01799
SHA256: edfe8b32fbacf1dd2b228638988c1a155f9946101453c6fc09114242aebe629d
SSDeep: 96:Oy7v3Rm1yCotF0o2Ecq2iRfD9uIHhGwJr2fcJ:Oy7v3RmcCR7Tq20b9u+blvJ
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 211.14 KB MD5: 73f401c03d1adf928c358c8fd0aa5b18
SHA1: 3b471684d0d3d58bd6c99b3655bf5f707c68a31f
SHA256: 829da82b6532398cfcb9b1e73b6e0fc861ef54a620a56b0e232637f07f824960
SSDeep: 6144:H5IvnDTJuc7D01nBT7j+n6eM5+J6n/CR0KFNA+:UPJuED8mn6eGI6/CtZ
False
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id-B4197730.[lockhelp@qq.com].jack 68.33 KB MD5: 7267a42abfab2b6bcf5897c4c7769e0c
SHA1: afd491da41da9dfdf231c23b92a95db2687cc697
SHA256: 950c059733e596303100b13cf488ce48cf00a7c6baa7d6353e375bb00ec074e3
SSDeep: 1536:0xmBeFvruJIC6gLn13GIMnf4ZjPC6djejuhfz:kmg5OIC72IMf6Jd1z
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: 30a23619ba1018e12843b6ab56862168
SHA1: 16fca2ca6e23d1638c489eb6e36962e86fe337a7
SHA256: f3b80ba726f3abdcb00346edc7f1cca4e5deed49fc68b426f00af333c07cf82f
SSDeep: 24:GkWanBdMijS7DHWwJX9jgLz/PXPPbrkNqMbi6czsEyTnydfHf/tJ5:rESS32WX9jgL7PXHbvMbTtEyTG35
False
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id-B4197730.[lockhelp@qq.com].jack 68.33 KB MD5: e44892b9c9e76e3fe35270231a4445ad
SHA1: aa522b6611807f7a14a87d6fde11f36c7f42a096
SHA256: 8264ab6dd16e3c3cc7a6c0642c7ad2bfed2019d3e4befe362090e3efee5d0c0f
SSDeep: 1536:9Ik9vMmJKMyWgxtn5LGjD+UM9Ql5ialc71RuyuNpTW:woKQCtndG2UGQl5ijgyui
False
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: 574eaaf85f8aed9e597046359513b720
SHA1: b1b01e31de821f8f56eb1cbc86358c9983afcae6
SHA256: 43d469cc30a3c29126caa0ae7d56467bbbc5eb93565631af3ebb959228bcadca
SSDeep: 1536:mA6/ccwCxCzuiQeyhicxFQEaGiQ2XfZmIcD39Sp0mEFF9c5u:3eozuieicxFQIiSDtn5c5u
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF.id-B4197730.[lockhelp@qq.com].jack 2.78 KB MD5: 4bfbf49d6832bedd95288513ec819bc6
SHA1: 91a8717a48b13d74e1bac01f737571cc730905e7
SHA256: d332cd5ebdc158bcc06880f1eb02e40505390ef803eac495909916bd3b129e4b
SSDeep: 48:50fuoH+X9fvXSB/UcD/KfiAAs4mayl269Zy51b/D+yv9wes7lkikXVma1wf:qfneXNSB/+i+/5l2mZE1rFw6xYa1wf
False
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.36 KB MD5: 772d7ac23f6e90965f21c5ddcfb727f8
SHA1: 115a145d2ebfc4a9b44c339201f32d12864a6237
SHA256: 2ebb1c9ed997e800e8020da239089d42563eccdb136f4445a59ba4ce939a8afb
SSDeep: 1536:TgukCtONKaJ10IUQijdx313FvNPFN7VRVK6cqodHpLG:s1sLN3R7ZcqP
False
C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[lockhelp@qq.com].jack 41.97 KB MD5: a203b9cde119063c4788c5dbdf50b248
SHA1: 963ce52fb879b6f89df207b3244426ffd84119ae
SHA256: 3bc95a2fb06841652ad960d6279ff35179058fa45a191e0f42a45abf27243fd8
SSDeep: 768:2v4kHEvjcTUcM7trxW5pOOFPc42YmxbZ2G1lHlqy5JS/SROXOJQ09g:2AkHEv4wrfNaNYbYG1Flx5JNRAOJQ09g
False
C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[lockhelp@qq.com].jack 6.14 KB MD5: 854760a2c8caf6eca902a158bd81037e
SHA1: 21dbc3f861ae9cee1339e4dcf0fb9f7b81bcf3da
SHA256: a681f7bb37d61487e7592f601e8ec417788d0f31c293762e5db16c19819af21e
SSDeep: 192:G7Om25bn/n62DuUl3voNknX9NwlYOOsC1ZX:GV25D6quUlfykX9WnOv1J
False
C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id-B4197730.[lockhelp@qq.com].jack 378 bytes MD5: d1b0dbc6eb8e187729b4cd6de783bd24
SHA1: f3da308a199a3131d9e05653a95c2df0add37f4d
SHA256: a737168d330691c4958d14f2cab4d8f4264046425f50b637d1a18a93b6679dbc
SSDeep: 6:pAa8oP92Wjpjj0FVxvrKc9qaUc6WC91uRrTR9/5Q0ag9QsHIHj5zlO0MvZ1:SzoPtjpj4Txvmk2T10j/5Q0ag9QOGZtS
False
C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id-B4197730.[lockhelp@qq.com].jack 320 bytes MD5: fe813ec71cf56729d49a26d32a044e18
SHA1: e19e54c4d5d74be5045eba84b36ef30059db4bcf
SHA256: 42657bbb5d459d3d75c1dd74a3043be2df56f7ee67b3d508110f2c576d2a53ed
SSDeep: 6:c2sXk2O+sKe43cel1DmRH8lD7gP1uRFn7YHnR9/5Q0ag9QsHIHj5zlO0MvZT:cm2O+Fe4n1UH8lIP10d7YHr/5Q0ag9Qy
False
C:\588bce7c90097ed212\1025\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 7.61 KB MD5: 0b7dcc58a072b5833dc28cf1eb07e03b
SHA1: 43b0241cf2995abda796610d624f9a2049817ad0
SHA256: 3a92fdb567d2eb51594029e2213325c1f0561c91f3fae3d9445c6b558c42317c
SSDeep: 192:0sQjTsaGoS84Ry2r/4waSeoKyMe/LDrN4SDmAmIoPuGH:0sQjXBS84Rnr4cmmTNvDmAm6s
False
C:\588bce7c90097ed212\1025\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 72.72 KB MD5: a9dd33f2fa2cc2d733251ef5d0da44e3
SHA1: 8426d5eaee2660a536df9e10e272f8ea1fb11636
SHA256: d44329459f503e5b1b7c3f77b8f494f6a0dabcf3e33697336bebd3869d9a6831
SSDeep: 1536:rGFiy20JKBRYSJugz41oVyQONsIS07aYq4dH6esZ+Dzyg/mGs/:6Fiy5K8S3zhIQ+/aYqi5z5mf/
False
C:\$GetCurrent\SafeOS\SetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack 566 bytes MD5: 65203793f50e404c31bf56a900a04621
SHA1: d7aa83765e1c3a8acefc32cd86f0031e1c96525d
SHA256: d49e9856c123839d4498ef3a9ca117dbd7d0b47ddc3279b3b72ff1baff4bf970
SSDeep: 12:qUVh65U8iC0FmmCjQeKPh62U3iFH8lR107TccQclr1nSMZNiOxHl:qU76yF/Fmn0/sNSFH8lRuHQ4tzieHl
False
C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack 852 bytes MD5: 19b0222263d9961142928d8955845cc2
SHA1: 8f3b884f17491ada7d817f8ba50756b9799aaaff
SHA256: 27544ae6efd611134ee0fefa5f9acb7a101a795e51b51553da581fbf4789061e
SSDeep: 12:V9CjyusZjhPJSpNk6jznAukcMz+o3SpCeDfJ21jTN+ZRUX1UH8lR10h5O4clr1nB:vCYc/bMb3SpHJ217eH8lRQ4tzie5t
False
C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id-B4197730.[lockhelp@qq.com].jack 416 bytes MD5: a50cede8f8250badaf4ad39f661ebcba
SHA1: 72381d0d829a83c0fa2e4e259a464c1dca1508d7
SHA256: 6f787342c3691eeed393b939669fc0138838c7c0fcc3ffeb64d6f42f5ad44e9f
SSDeep: 12:CmDjQrP0EnA//W/laqh10B/5Q0ag9QOGZtqZxl:CajQrsEAm/laqhg/tJj
False
C:\588bce7c90097ed212\1028\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 14.09 KB MD5: 8e1e0baab8e129143f1ed19c3c01a974
SHA1: 47ffa0ba3957bbad71e21d96ac4144ee19ab0330
SHA256: 713c5f962852a747f39404ca345535ad8f69fa26fc8ec6297e2dd0c06c20a7fd
SSDeep: 384:S7ewM93HeX0lzw9G0Ol7gaJA6f+yQF9eHP9TW34bQAg:+ewM931lsnH6f+ysIlvbQN
False
C:\588bce7c90097ed212\1029\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.86 KB MD5: 47c3be714ea70c589a7ac696714ee4bc
SHA1: acf767c5339723cde3ac6b6f1c97d3d9211d27ed
SHA256: ce76341dab70586204a4978a54b2cadae572fbd1cb3581b5a564060473e2ee95
SSDeep: 96:yE+ALntLteFPvbg0vC7lBryyWHfbGrSf+zWEq6ICH:7LtLteZe0tfd7yH
False
C:\588bce7c90097ed212\1030\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.47 KB MD5: c3258e05ce945b9597626629dd0ece06
SHA1: 75241ac7fcb6b4e036f662e6b019f494739c0903
SHA256: 9c982020d82689b5f4fab7ded113787675d6206e45a1bf42b6e26086602b341c
SSDeep: 96:TjTPCR5f5njNOrXYM1E/Fd2uhaYVhrdHSQql9eXY3H:Tj7CnJYXYMi/F8Wr29Q0H
False
C:\588bce7c90097ed212\1030\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 76.18 KB MD5: 1fb51b3381f6d03599cf4c443794c52f
SHA1: 251ed1798143782534705e6fdd54d817a44078a8
SHA256: 7cfdaab17fc5a443b412f73aa4ad441a7cdb954b572202f678476ddeaea74837
SSDeep: 1536:V1rJizbrIwA7fE2StxYONh0a4H95SpnU0HNxaKNmW+8hhCsVuB:VFKX1Oc16taS95SpFk7b7sVuB
False
C:\588bce7c90097ed212\1029\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.09 KB MD5: 144d0cd289b4c58230ca2dc22113aaa7
SHA1: 35ea5560da3201f43b514f3dd5ec2e227672c34e
SHA256: 0347afb72f62c24cd1a07848f169fd017398ce2f71ee547b4223f786ea6baea6
SSDeep: 384:sjqglOUxrbsgAyIfYszO35c5iCVSv64nLjgWN4WO:sWCAzOmiCVSC4P4
False
C:\588bce7c90097ed212\1030\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.09 KB MD5: be921aa2ea33b0402d8cec96fa81a243
SHA1: e8138dc1e0a4d5a15eec3eb11295e3c890520a60
SHA256: 72fb62c7fbad0103bfc6cb4c809bb9f668a110b24f220f252e18f5848a000718
SSDeep: 384:GJl0oTn7MW2mQL57WUjQKQcEajz6Puca+f:G7HGkUJEa36GHc
False
C:\588bce7c90097ed212\1029\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 79.32 KB MD5: d18c126ae830cd265dead647acdfa372
SHA1: 3223b02fc11aeee2a1efe13950098daa29dac3fc
SHA256: d6c89fdffad88aa65171de64914bd6f3c7375dea3e3eccdf6d0c2bc31425d819
SSDeep: 1536:3gVhT4EJwAhoCFheb95VPDtD7/iOZK6Mxzpd9mXgvJt9inYvwgCJiUrYLdhh:3ed7jUp5VrJ7njczp6Xg7g/JikYLd7
False
C:\588bce7c90097ed212\1031\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.57 KB MD5: 76f645641249db5a089a4d55a6e6a486
SHA1: e2832168dc45792cbc6c8700b280b0ddae7c838a
SHA256: 9efdfc216be006015b1f3c11962158bff9b2a1eb20de27193e48bb3f688fe0d8
SSDeep: 48:2uS27YFuOX9ZJPgVb2w6Ieel+kCbduvWAotym88b0JD3mxSY58+8LHBjbvY7qA4N:LS2cTAcw6QEkwBtvgixS+83LJbvL4XwH
False
C:\588bce7c90097ed212\1031\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.59 KB MD5: 318e6f79dce1a6b5bae3a82f26a6ea1d
SHA1: 061e96f3389e1ff01aeb4ca9cfaf16dcaa682c03
SHA256: 79ca4b089e12dbeccaf7b311956ee64bb694feda436f2f62f28c1e4fb4e29eb9
SSDeep: 384:A/ZCwJCSs7pgZL9+ScYBYvA1eOcvdhyeBFMwL8Av:wZCcY7U93cQKBF3
False
C:\588bce7c90097ed212\1025\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 17.09 KB MD5: 907c3c2115bfa8289871ad6a468d55b1
SHA1: 572e8888d303d5680ef06db07788a4b0ece727d0
SHA256: ee3fca68fc7e394b5d544651bf753d61896be83f42747743c19f7850d3409a82
SSDeep: 384:ptUWnrC+NcSKdI10pscfd+i7Pmgr6Er9BRm2je4qVsKJHU0vMp:4WW+NcSKdImsc1+jgls2Hj0v8
False
C:\588bce7c90097ed212\1032\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 19.09 KB MD5: fcbc9b0d30e59e7047ff4a68a73a4fcc
SHA1: 3386250de942cf0293fec4784560c3dfca77349e
SHA256: f5f66fc6b63afe7a34340f88cb7ff14f0ee5411d0523d61fc7982df5455924fa
SSDeep: 384:uoAdqlXdR4MJxladd77LG/CeSU/RksPKGKPjo6aDParv+CD/Hv:ujyv4BJ7L6C9U/dPKTP7oParmE/P
False
C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 17.09 KB MD5: 52b3c6a78947bf2a9d86053ffd6808a3
SHA1: 5f0a7fbd53d5da8188e30b2d5f552236c4b6b110
SHA256: 998841230b7eb8800e7bdfbd907eb7c564dffad2d912871405c8f101bbdff426
SSDeep: 384:VFc5fDGO6nTBCa0dhbwZyIXVPNPV/bPg6r+nXFrQmqI:fSDGOCBCHwy0d/j+nXl7z
False
C:\588bce7c90097ed212\1028\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 59.65 KB MD5: 650fae5e0dc7168a7a35c00ea0f75ced
SHA1: 1b6baa6b9bf76b97985cceeb4e4f7580cdce5f9a
SHA256: b6ddb2143f8baec9fecda9ec09bb1834ad2282ee7b4739959d39261c00ee0fe8
SSDeep: 1536:I5qoY6U6jDepd8WWM90RRE9+LVZ5mPWWF49ASmnKkHENseX:OqgCpGM9+LVj4VF49AS8nHEdX
False
C:\588bce7c90097ed212\1032\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 8.89 KB MD5: 7ce49050ef9555c36744614f4274b2b9
SHA1: a17ce9c2462e1baa1808f08d04af4750808bcc48
SHA256: c261a5ab96b20faa4bcc903b40e6fb0cde5dd38aa50e4bbbf4153ec470a1061e
SSDeep: 192:jIrZ2MBo4EYMfl8YwOGiQVPHSP3Vl+3Uo9NqwX2MyM8KuLeHcYH:jS2LjYMflqNyP3lo9Nb2BTK
False
C:\588bce7c90097ed212\1035\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.09 KB MD5: 31f94730ac6b14b0977a46c908a47550
SHA1: 54df9a1bb050f4226ee20d9dbd3cd24433c0ed20
SHA256: 009564bfabc66cc93308feb05cbfc59215130007dad79aba1a47622aca857a68
SSDeep: 384:I+JSrPxCo1mWGFUzKb9VW+32rk0N1za1ircyxaNBiwdC6W1QVBqgXSPA0vt6d:pJSrPEHFZbL3D0vLzxaawd41QV0gXSPi
False
C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id-B4197730.[lockhelp@qq.com].jack 140.95 KB MD5: a007d96206753ccde244fdb12271f125
SHA1: e2eb0b18e5a9494440169872f92d3bfd7b0d7c5e
SHA256: b576c44fec39cb84524fde95d76e1908e603e344e06b9694e0b22af5ec762597
SSDeep: 3072:kqSSpszIsWg6kwXLaUrvKhPyFPFR/jT+DVefXoVaGJpVLvbl:1nsUJTXLvrviC9Rbi5evoVaAz7bl
False
C:\588bce7c90097ed212\1028\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 6.39 KB MD5: 275fbf0ec086ee82b79d2fc6557d77f1
SHA1: c6687101cb0d2c9cdc0d1a41022085b59cf90136
SHA256: f9319458812bb9c3efe2df990be9220840ef1432f62d8bbf6a22f622ebbae873
SSDeep: 192:BlBPM8WeKurvgQHerM2cqzOF6557asckOnjH:Bw8NJHp23zYKas1ab
False
C:\588bce7c90097ed212\1033\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.35 KB MD5: ec90a1396de3f7f45d44628cd90eeb83
SHA1: 045bab399f81c874f736a79bed635b1bd39d6ce5
SHA256: 12d0a451bfcd5bcab3a8a280145ebc3bf47981b1e3a4df54878e85e3f4745027
SSDeep: 48:DAkSPOa0aHmqTBkmKO3XghwZutuUTdahm82ymWgTWXJLT45450vt905qmCL+83cD:DAz39TnKOStDdavVKm0vE5qmCbf4H
False
C:\588bce7c90097ed212\1038\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.59 KB MD5: 2270234fa89326c79dd89b3b47022e26
SHA1: c4f6541d0470ed52a567de54293fce837d4ca92d
SHA256: 9fd3eaa06564f0f109e1a85bf93216d1e311f3c1f241df05cb5ce1b9e9347bfb
SSDeep: 384:1zD/jOObFJBgZH9bFIbUqkkQOOe+F+rrD6vBBT2H9N4ob/nP5j4ys/Do:1/jOQ0ZdbubXkkQi+FyD4BT2HLnR80
False
C:\588bce7c90097ed212\1035\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.85 KB MD5: d49b8e2326b05df5d0e3ab4ef54b713b
SHA1: 37bffc82269bed0e6da0bace4e2393a14e6a2257
SHA256: 132b23eb8c6ce388cc24e5d0b044587d9000716ef1c4aa61e61bc6c3c8e7b1c3
SSDeep: 96:ofpN8g+twZB5TW1nQEnYWyR9mS7AsGaGJiDQDH:CN87wBpULYzR6s9GDH
False
C:\588bce7c90097ed212\1033\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 75.68 KB MD5: 34d5b31aa8c66fe80ce4044569ba7c24
SHA1: d5c12bda1d24ec5d7257961f54fc4d01cf41b1e9
SHA256: 51b85c403e1f70a38e478011ced6ca87f6af01771a53c06a29f2f3c67aff79c5
SSDeep: 1536:Ufp2E/tus3CPPa/KqnrRb1moyH3ZxWT7MG9qGk3qXmtS0:Ufp2E/5+6ZABH3u7lqGgJ00
False
C:\588bce7c90097ed212\1031\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 80.66 KB MD5: 0ff03310603a4d454ae59348581f76ec
SHA1: f8996bfc0481a9e425d819684e261724db2034da
SHA256: eb49020fdf403ddde1e720cb00de3a8aa6ff6f09b9b4f4da6a21ed07414d05c5
SSDeep: 1536:QelB3Ce6wZPedpMO++mgMuPnuMuy3BfcUoMImQRtcS:QeaexEdmBgPruy3F3ImMtb
False
C:\588bce7c90097ed212\1036\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.59 KB MD5: 41ee4085df8c3f961b053ab04c1f2ccd
SHA1: 97b0662069c74db9fb14ae88e1054072b53ce793
SHA256: 5599b4721888f7b39a9d7ae49d45de6f69a2df4376d93544c96efc196180a74d
SSDeep: 384:tKsNBdmsHtv4IC3+XS4ux3+fvZQPCiJ14a1n2LNbb5HaSXkD:7bmsJ4Mi4q+Xzi/4aJ2pnR6
False
C:\588bce7c90097ed212\1041\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 15.59 KB MD5: 4169be8dd2c46e49a97d0d2e7cdcd442
SHA1: de79bd6d398409569995358620106afd50cd8373
SHA256: e1d8553806b0fdd7db5134cd4e7985657e35cd925b373e8fd3c118aec1274dc1
SSDeep: 192:gtuHLuhlRk6wdaBbvTmwwvgz6M6dbwLekWkoPZ7rGS+56tfmim4xf/prTSsEb+Le:gtWClRjZBz5wvg5IhFNd57rWsWIYSQ
False
C:\588bce7c90097ed212\1036\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 81.27 KB MD5: d4b842918d8e383ce47bb40234dac08d
SHA1: f9d986e191afb92c239e99fafc945d38d9c8bc7e
SHA256: ca7a8917ebd0ea4f72e38e14d06bc42e412226107f2172cf8243ad91f94497af
SSDeep: 1536:RCcrnWsP2QLRh0O0mUDJO5v1iVHaoWkMRsKIqOttblTo2r:RCcLLP2QN3yWQpaoHMoOI
False
C:\588bce7c90097ed212\1042\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 15.09 KB MD5: 0346dc83d46491b2458e02d6b6aa9bc6
SHA1: 70dc9caef0668748e6578179e58ace85176f50aa
SHA256: 65c14317befa92a391a9fd379c3ad6afc624ba04f48fddb9a6bc405e32bc1d6e
SSDeep: 192:kVt3b+3ylMgY282lIRFpzRJPlDL+nz/+FYlAgf5K8zv8BL5okZULRerIu1GqkXUE:yyRLRvwz/bBtL/cYRLyGq9QaPkA+Tk2v
False
C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 19.09 KB MD5: c1cb43ec0a47e959d2de089180636c03
SHA1: 7cbaca5e28b96a762c26ca746f31ce3483346c98
SHA256: 3821596f400a7a0c90f2b89cc5e43d421d4212b31cab684103f002397ae339dc
SSDeep: 384:s21w6QBTHAxNmmaQJbDamJ1u6Ftezm4pCpW5ABTfEx5ofFoczbkAV:zwXTHSzA41u6FE8LBjiqz3
False
C:\588bce7c90097ed212\1046\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.09 KB MD5: 480d2f537f9b3690d45516942e54b30a
SHA1: 27c9d0e6a7bd841ca5f6c6a8c3f3d84cb47df24e
SHA256: c4a714c8bf9b245905947bcb31a3fd710236439bb32f0d6684701ef1eab93f80
SSDeep: 384:pGGNY/bT/Chke+IW6MENuetmL6/JBGQYmdsNfzaiulo:pGGST/skeMENue26JB1969a36
False
C:\588bce7c90097ed212\1045\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.09 KB MD5: f24503051d8fb7176f3dd88fc3aecb3a
SHA1: 5f7bade440083b36c89370514733aedf78032e77
SHA256: cbb28f1a168a94be55e1fbd8b1b28415f8279644ad2634019999d36a33d87dcc
SSDeep: 384:1EhBws7t2HPDNg0k4HGVmUVj5oYqoaxovGzNIjxn:GB2HPRb/HGVhVj5JqBa
False
C:\588bce7c90097ed212\1044\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 17.59 KB MD5: 382404dca474ef13166abe233a073aa2
SHA1: 0a746cac863d905b4626975e1c9ef76fc6b9db17
SHA256: e3a6df369ef06e713d0f4ed8f4b7eba36e3f81ffd97bf975dfab9cfb9c3d910d
SSDeep: 384:gmdxBX9YoxsuT3C7NRb7bL8hYIillLV1xbvI3DZE9ToOIgkaDBJmTDZEGo0:FxBX9PTqNxfi9il51KGkNQCZp
False
C:\588bce7c90097ed212\1040\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.09 KB MD5: f45db681611043c62d483056c0b3878b
SHA1: b6d04fe3a29e10edea255bffb40e74121e6b2226
SHA256: 7db93194fae711f29dbbb8da302b90875a26737ccb74ed635c21b06b18398b0e
SSDeep: 384:v5mohOENyuwPRCwZNkQUsFsbOcDhT++Uz3et8Iq:vLkMwxklOMnDhT++cj
False
C:\588bce7c90097ed212\1049\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.09 KB MD5: b25aecda985407957bbd6d29c3354e95
SHA1: f9d87b55946d05782a3da41d653e366c9bd6ff5b
SHA256: 0fd8432b96ffc90e907759cf33888d87f49837469b66b44f77c2a1339151f592
SSDeep: 384:6RnW1w6/KvVOYTnYSEaI6iHCP+rkPbTh0RRIYXYI6uAnKJu:CW1+gYTYSQ6B+rkvOXYIsl
False
C:\588bce7c90097ed212\1038\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 4.38 KB MD5: 1c09bea492a73b9f3ec2eafd8048b4bb
SHA1: c2754040fcc66e3d94b62cb13ca6ccd3286ce329
SHA256: c7703d629f155a7f2f1a159b6119b1f6e7ce667b16c9c54f6e17e48f004c230e
SSDeep: 96:FpXrIsSFf4Fq0pKjSLM5rWjCBt21hHaYts5QJNfMoOSeVhK/ST4KhRH5H:FAFEajSwrWjCmgYXTMoGKK0qZH
False
C:\588bce7c90097ed212\1053\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 17.59 KB MD5: d60a68e1982f14ebf513c796279a0079
SHA1: 1bfb89cbb9f4fe319ee17aa91dadfb641f4c5c88
SHA256: 697f707582321b4590de19ac40f4d86ddcc06ef75c49667f5a96259bd108c742
SSDeep: 384:U1I/6+O4Nhx9yGEpZI4KxW+1dRgsIUJ4GzgPrGVA+C:8j+H1TBW+hgstaVt
False
C:\588bce7c90097ed212\1040\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.79 KB MD5: 5a27e95733fbea28e56da515e0467697
SHA1: 1e7253237eccd07ca7984773dce83440d9ddf18a
SHA256: 55e3cc5a6830c48c01f898ad039dcba68e04a5d4991a62b8e98545933bc134bc
SSDeep: 96:sHcdpkalow5GgTOtF9dS4qf7lBPmegXMzksAHVXH:ecdp/olSOtFLS/Tl1meOsA1XH
False
C:\588bce7c90097ed212\2070\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.59 KB MD5: 18502f34bcc9fa4b9661c5074dfad1df
SHA1: b295302df288977d7c1f30b6a025f79982dda074
SHA256: e1d21d6e0a92d327189e243a1371ee26ff9b58f67d8d1710369aefb80e9a9282
SSDeep: 384:hnZ14mtCV4CDJR945KbzpodFPIfkjgwPKSBvC4FGtHXt2O7ahVri5fSEvfAp1j:R4sCsdBjx119FGtMOuhVrCf/wz
False
C:\588bce7c90097ed212\2052\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 14.09 KB MD5: 884220fd30b6557332d85b1162d7c2ff
SHA1: 9d1f95c136fb064fa4a2348ea61dc3d9ae528293
SHA256: dfceeb6b46c723c3c9c502ada3bfd63b8bfb0fb6c6c5a3fd1ead906dffd7bf61
SSDeep: 384:I8fFuelpvGpSOIKSP20hAAYjGzmNS8NyN:I8fFuCpvSSXAC6NS8Ni
False
C:\588bce7c90097ed212\1055\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 17.59 KB MD5: 66bd522913e9e026c855c38a4a518e81
SHA1: f6d62a8460d6217f9165c69d17c0eca17131752b
SHA256: 24e9d365541024e8446122d9abbbaad4c01ceb83037c64e4a32ed05ed2982bd5
SSDeep: 384:e674M/tki6tf2tpK6LnsFhZhIWzToUs1/RhMpKm4:e6bui6y8ssFhZhI4TDs1/R6S
False
C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[lockhelp@qq.com].jack 86.71 KB MD5: 6d196f756223269c344789c9ec7d5c64
SHA1: c417602301ac2b1f12c89d0d457c70635392bd63
SHA256: d0c3b43dcafe7599fd40ae311c893809065cc8681f09f2b59b753aaa07e32681
SSDeep: 1536:UlYkxlJ1GXcJiV+bB0DItLwGLH1m/rVyMNX+RMVkO6FvZo/YdKzSU:kRlRzbB0UOiVm/Bzd2RvZo8Kzr
False
C:\588bce7c90097ed212\Graphics\Rotate1.ico.id-B4197730.[lockhelp@qq.com].jack 1.10 KB MD5: 2e002bf6a4c701e789788d5e540caead
SHA1: db4adbd4bb990568efdb473a260f4039e8c0dd70
SHA256: 09fbc588f6cbf3ff33609b8542a9abf9cfbb2a8ea87ae41258cea76fa96ccfea
SSDeep: 24:5/Yx41IvA2y9V1dBb3K5SZLE05cbMOmMZm540Z4tzieLl:NWxuDmSZA058DZm54Zke
False
C:\588bce7c90097ed212\1038\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 84.66 KB MD5: dd8aab6714b9acc12101ffed7a5ded60
SHA1: 8b74e7a3f16af4429a5f9f70957a3107f7d7f198
SHA256: 8d2b65577bdfa864e88d00033f4d01d32e28d29477f8d765cfb313bf4b90d091
SSDeep: 1536:x8Q8ETAklaWYW8sdGmWVelMQgTvVK0angZZDo1YEgjXsqyJb5NR3lPq6kw:UETvbYmoNLVKSZld4qgnR31kw
False
C:\588bce7c90097ed212\1040\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 78.43 KB MD5: ab6f5af8f423ae8f21964b5cd57efcb5
SHA1: 2a7cc8765b6999962ce68cb74b221330e841bc84
SHA256: 3b63ab33f16cb8257045bdf6f128e6d0acad701085c52e1d1d62a6a0f39a1f16
SSDeep: 1536:/g6H+3uVic2T5NIxgi5z0prV+Fiu2IJgg5zSNL2DcWmyswHNPHg:/VP2ti6e0FVwJ5z3DDmyfFA
False
C:\588bce7c90097ed212\1041\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 10.11 KB MD5: 781090792fe8a2a5a6c6c0f9fbd62670
SHA1: eba57fbe6bac2b31af1ca84e8e4cc00a8d75cb72
SHA256: bec4ed8c58fa6bfb686dbb2c03dee885034bc84004f4b66354c9e10b2e2b14b1
SSDeep: 192:G99rPo3Tyc5RKN+WpL/uP48RfIAQ4ZQypRtPT94QA2pfazp6wM6C5aHc6H:GYmc/KN+mqQOf5hZPT94ByKp6d6C5a8Y
False
C:\588bce7c90097ed212\1042\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 12.61 KB MD5: 08456ebee6f1a221ef443260d2575bbc
SHA1: 3995a793cea59cd790986fa13a8b1ba0d98f7d64
SHA256: 0d2b08a196d2de9979ef5c54c996d4dd29ac43f4a7a791d1c40b3fbfc00473fe
SSDeep: 192:qaYx/30TS19B62cZHDgCalP3l8cDpJcLj4k9H7koIXMqXOeeXPdywtH:M30TS198La9jQHLbe8Lfdy0
False
C:\588bce7c90097ed212\3076\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 14.09 KB MD5: bdd942d3b62d8be70732bb3a2aa5c1fb
SHA1: a7df4f3e95ec7774705da215759a870f9e8499db
SHA256: bc92c0e8cbcdf9ec2d3b0c0c4cd3f25ecd3dbff9ed6303dcc63dcc35f3bfbca7
SSDeep: 384:WayWbRtWslMc6C43eX8IcZCqCqTL0DhbkdscOKSwy:Wa3FtRlMcnpXt3M0DBkdscrSj
False
C:\588bce7c90097ed212\3082\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack 18.59 KB MD5: b7a9187df2a73cb22c4d2cb98788636a
SHA1: d6591987c20dc78328f05f9ea26a160aa2888f34
SHA256: 06cb4455d21aac1fcbb104ac5378cb148c94811efaa7e5cd5906007cb2103161
SSDeep: 384:STK5Q1Ydu3UJNiKNL8n4GDUiylVeokb9Rw/1oo9hCSttCqb8g9YrjFB:NQq8kTia8npDUDub9C/1oWtkGNYb
False
C:\588bce7c90097ed212\Graphics\Rotate4.ico.id-B4197730.[lockhelp@qq.com].jack 1.10 KB MD5: 8408f59d7902f54143bc0d8b264b737f
SHA1: 2337064b0f169a033cd2f56ac57c07db0777387e
SHA256: 87c5e0ae56f31325b9c6533115b2c1b04281d923e8fb3b2a60e63cf9a4917362
SSDeep: 24:schM0HX0pjCjLncr7QmT0yqZaYnel7Orh5zyekI4tzieLl:1W0kpjC805nQ7OrLyeknke
False
C:\588bce7c90097ed212\1041\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 66.88 KB MD5: a5eb5bec19a5e570fc2d63383164be38
SHA1: 7e63eb982d7ef511174120954576f770d830aafb
SHA256: b31b793d470d3df0112b6410463f76b223eaf8ed1b24990533a1a40941580237
SSDeep: 1536:tPK3uNkzvuTmoVLyHhAFWj2zBK8QvV2YK:tkzvKVmBA86zTewD
False
C:\588bce7c90097ed212\Graphics\Rotate5.ico.id-B4197730.[lockhelp@qq.com].jack 1.10 KB MD5: eb451b92d8f44058142d1fffc79c0490
SHA1: 23b29b956ad650a3208e6a360eedb18b89010627
SHA256: a2bcca69f9f6f5b6665d7c97c469ef47ba54b6e69c384abdcac3236786fe37c4
SSDeep: 24:myADdFeHt9Ycs24Ej2SRvTbsRfodDIxj4tzieLl:pAOsT2N22TbsR0DIx0ke
False
C:\588bce7c90097ed212\Graphics\Rotate6.ico.id-B4197730.[lockhelp@qq.com].jack 1.10 KB MD5: e1ec38e84c86c3fb1958e0c7346d6200
SHA1: fdb2bf4e3e1e411ba675887ac935becdfa9b5ab0
SHA256: 5c2af2333f942ef8f877d34b9df94e21f1ac629386e12b59da9ae744f85e4ec2
SSDeep: 24:r9v7DhJ9QGhRuFw4bPWgKhe+s8m6rpBt8fVI/zoq4I4tzieLl:JD2G6a6P/8hp3CIEqAke
False
C:\588bce7c90097ed212\1043\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.69 KB MD5: c4bb3756c425937f627933e5f71045cd
SHA1: dfa8415efdb4300a49cf9538e3ed3d86304ffe40
SHA256: 38a1bdb9c520ab556b48d9c0b31b275a62ead501387298dfb15dbd372d21e4a4
SSDeep: 96:pIeP97r+QnUAQLu85kHe97vNtgtqg4Shr7c+L2ToH:L9v+QnUnkHeVw4562MH
False
C:\588bce7c90097ed212\1036\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.68 KB MD5: 1ad92e4f43fa750f8a5acfd88035d54e
SHA1: 443a2904822dec16a545dbe277c02acce6892883
SHA256: f660fbc4e40af8a2934507c322b516afafcb70ed214af403909a650f91207f22
SSDeep: 96:D0FrPw8WI7YEAfMvcXCwh0adrWPG8P8ZHBybizVNH:crDYvkvcXntWPG2EHBdzDH
False
C:\588bce7c90097ed212\1044\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.21 KB MD5: e9beb3e8dc2e1bdff60dece255bcf9f5
SHA1: c67c642bd7fc559be74d6dfd9628a8033bf4f932
SHA256: 3041080bc7ecbf9be74aca13213378788cac816104f3d1fa0a469885c70e493f
SSDeep: 48:aBZCJlHa2k4t0xB3rOCbNmMzAzizlqUIurRpSnXB+Rtolx45dQ1MONwPH:a4NDt0x1rOAAsAzIo7g/SMMj4zMtOPH
False
C:\588bce7c90097ed212\1037\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 6.93 KB MD5: 9e083ed1f5554d5a0f73dc40579e8fd2
SHA1: 18cfccc364ac497017db65dd15d56996bfd941f9
SHA256: 022fb00434d5860c2c30ba9ba959e9ddd46d512b7f45704c1cfd51c052182114
SSDeep: 192:hvZ7jMmIIIhYf+gGjI68L01e1e6zzDZGHdKH:xZvMXIIhekM6F1M1/Zr
False
C:\588bce7c90097ed212\1045\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 4.18 KB MD5: a53392c79cccec20fec0d486a2e2a63e
SHA1: 9b9cac85c1f29b99643bc5e1ef4cb3bc846bcbae
SHA256: 892820e766eb117cf77a7960afe025735476f64149668cc0bcf8600f4a9a6af5
SSDeep: 96:2741jZSlSZU8MAkwwFB5Y5H1XWqPRpw/mep00mAd7Njh+8wKbH:NvMAkwwBY5HphPRMTpn7NjhPbH
False
C:\588bce7c90097ed212\Graphics\Rotate8.ico.id-B4197730.[lockhelp@qq.com].jack 1.10 KB MD5: b651b7aaa19e022850b94943503ed5f6
SHA1: 1951c9d1b46c135db610aa26b29e213886179ccf
SHA256: d7c2fb54b729c1fefb31665750c75bfd206e62c27d64240ee49297bcb9ccb7ae
SSDeep: 24:U9OBzw7TIc+GlLPIkbqIFXHenw2vi6LFPLdJW5JT6UdNE4tzieLl:COBEQgc6FenlimFPvWpNTke
False
C:\588bce7c90097ed212\1044\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 77.69 KB MD5: 7592b6caf7b5561108a545c0c889a08a
SHA1: 5afae8a70e99303a483cc2c3a9bebe9a145f59e4
SHA256: 924face01d7aab2cee7d972031557dedc30ae6be9d870257db6288845d8b0e9c
SSDeep: 1536:9mFHYujWT1VVhzPTBcttC5qLQjm4NXWLstI48Sqoo9GimddvLPcza2tHj9:AHYNpP1ctOHXIpSq9gW9
False
C:\588bce7c90097ed212\Graphics\Setup.ico.id-B4197730.[lockhelp@qq.com].jack 36.08 KB MD5: 1e5e94d316aded18d23aa38eb6e8e36a
SHA1: 4e97742a6d32e54dea7e74f131328319b980b459
SHA256: 5faea06b84050c13053849855990a0fa204c43060a48f0e790e5ba6c4d934048
SSDeep: 768:hQDwxlYFEux2G7Edi3c9PfvrL5HmcSV41LKjWY8A9D7zhMRlS:h1LU7e++vrtHmcSGjc1
False
C:\588bce7c90097ed212\Graphics\stop.ico.id-B4197730.[lockhelp@qq.com].jack 10.13 KB MD5: 56395d91f6f639b85118b790d120845c
SHA1: b365ad671558b74c616fd640b4f13e69781c5685
SHA256: 7b6ff867709326baba351791490f4510587251b130982471854dcf4da59cab03
SSDeep: 192:swsJ1FpV3askJ5+9BsZ8/mlsDhrqKqZgKr54lhSZfeFMc5TH6jaWQDXRopnF4RZP:BsdqsCAsZ8ulgrYp14LOlcZ6C4FwTj
False
C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id-B4197730.[lockhelp@qq.com].jack 1.36 KB MD5: f02bd24e1ac01bc0cd9ee7c287ca1499
SHA1: 92f978721300a0ce4038558fef3b81bdbd5f46ab
SHA256: c645a1fff81ed82d135dfe04e20ed4e21f4bea9d9a80270e2f9e63c0e7b4cc37
SSDeep: 24:hhne7u+I5eJnDj3g8apgZEHAyPl44tXpvDDPhLQqzozauwilDCFsBIROUm4Aahrp:XnEtZ1H1ap3RPl5ZFhpzozajil8sBIRR
False
C:\588bce7c90097ed212\1043\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 78.02 KB MD5: 967f148021bb42d7a9c0f651dcca09dc
SHA1: eb68556d960218e10846e409d1801f0ee8d1e691
SHA256: db87ae5330489e2e87f9959595b4aa2613a0ccbe23ed7298438e97944c3b5c7b
SSDeep: 1536:kJyg4qXJgiK6Cf0azd8kjtrESHLG8zvJsniUo7CR/ZOdi6atP6N11PNgE:lJqXlu0Cd844CbJsiB+RBOdw4nNgE
False
C:\588bce7c90097ed212\Graphics\warn.ico.id-B4197730.[lockhelp@qq.com].jack 10.13 KB MD5: b2277cde82f08116a6de3a96adee2466
SHA1: f0eede8ee8bdcd65e9c468be96559bb7b3c7b2c5
SHA256: 221f570271a4860cacd58da85e96e73d3689f4c124cca710c2b41ea0058ff203
SSDeep: 192:xPoAzBS8fpYqpfL90dYPnUYjcj3VYoHHzhjAtd4PjPfeNbJywp/Owt/WZ:ZoAzw8fxZ+aPQDVhtIGPf9wp26/Y
False
C:\588bce7c90097ed212\1046\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.83 KB MD5: 9b2287d2c5c002861fc88b3511a0c843
SHA1: 282fa74ced54786761e73c7803f41684b51e4e4b
SHA256: ed3f64669427889b58c0e22fba3b1ad465d00e4eb9b2704df3d6036781853c41
SSDeep: 96:78ymxFloS5W+XrF0uUxih4ZvqPa8vC0J9BXnOH:wyUFmuXxnUxzBqP/594H
False
C:\588bce7c90097ed212\1046\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 79.10 KB MD5: 48b10afb6dd901a0ccab838d63063927
SHA1: a5f130497a3eb99e85616665832b429ee9c74923
SHA256: a6be10ebf9f27f1b145c7fbcaa4e3eb673a49f65e67ef9e86a23d2de291ea3a0
SSDeep: 1536:eNzTxc48Nmoy5B1E/v8MIlTBnIevaYpce/Zi4ePjqpkXV13AaiZezW:m/C4qoPlTDge/Z4mGXVTzW
False
C:\588bce7c90097ed212\Graphics\Rotate2.ico.id-B4197730.[lockhelp@qq.com].jack 1.10 KB MD5: 9a3e46518a507f70c92caedf2735752c
SHA1: 178d508805f24cbc9d3761827655546a7e3f01a2
SHA256: 540604c24509501541fdf9697453cf9352c2c8c4a59e855d574e893867894d09
SSDeep: 24:AVMiNlbhGrdkSby8v4zPqNqVUJSKslzsiauMsdSK3244tzieLl:A22wy8v8PTOJSpzs0MsdSK8ke
False
C:\588bce7c90097ed212\1042\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 63.96 KB MD5: 0dbb0d94b09bc575f0469c82b04fcba2
SHA1: 39fc7cc9f9192b761d3a97e664311678e25c66bd
SHA256: d4158148971eadc046fb7b36723f6cb4bbf59a834580f26617a800511d54771d
SSDeep: 1536:PD0OaPAvuo+lzpfYVfg+butMgJ69jsPmjTbQkQAT:P3TkRF+itPw9A+uAT
False
C:\588bce7c90097ed212\1053\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 4.00 KB MD5: 1f928dda5b4c476f5468d3d0fb13fd04
SHA1: f8d1e6e53f250d44e80aa4167d27fbae42b7fb10
SHA256: 05080446f1c11dfc83633ca0fa3947a3e96550d24b958ed2f642c5c9ebfa605a
SSDeep: 96:IZR+eGf7QliIwZik5pjYIjyYO8hv4vP9nFadCR02H:IOeGf7owZL5pjYbBcvsP9IdCS2H
False
C:\588bce7c90097ed212\Graphics\Rotate7.ico.id-B4197730.[lockhelp@qq.com].jack 1.10 KB MD5: 059205fc705710eb8a0bab4c55e7768f
SHA1: c33b0f6c37e700bcea7d0bc5e68ef1bae97aa257
SHA256: 93497ccb852d4c83d55e7862616f45eb6afc9e0662b6f339ff50c57e0fce7399
SSDeep: 24:IcKGeZgbLJpbOJzTPfbjIZKvWFVpjrcrKyL4tzieLl:IcgZg3OJ/PDjIJFVpncrKycke
False
C:\588bce7c90097ed212\1049\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 79.82 KB MD5: 6da847f6d97333365a3ef5d115a72787
SHA1: e08095d3d370ecdad5adc57f9a68cf7534e85f9e
SHA256: 5efdef42f9cc033640fbd7b4bd06c2ed5726516f3d1760e0e96949345604ca21
SSDeep: 1536:LtSCiVfkYzKrMXG7S85k2v/xxBoQedEJaGjL/5mgws5hJ9:RSCmfkYzKS8SeaMTknw/9
False
C:\588bce7c90097ed212\1049\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 53.41 KB MD5: b69ca54114a1f5a59c282a800e96c6ec
SHA1: 1325668cc5e450d636e27ff94dbdaf901e62bd9c
SHA256: 054cc04920b4c191fea9645c7cbf8655cefadf27878be1c26032dfe3ad8e65cb
SSDeep: 768:ozUpQxqTRB4ntE7w2NnkbEaPxLyjZSE51+8YK6n3KJBiIa/hIWzUdUiJQOLs5/Xw:o4qxqFBYf2NG5LcsDfeaOUiJN45vVwF
False
C:\588bce7c90097ed212\1055\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 4.00 KB MD5: d58e37fd6cc08bd13dad59bdbd2a1ad6
SHA1: 9cf19cafd2200ce50b1e05bc04376213b60599db
SHA256: 6224ac615e063a0716609db06fb24d2b5c7c62835686126d9502f416e1139d34
SSDeep: 96:Wv00sCi+5lx331OXx46+adsyVg0xcnw4hAjkVO8pQ1CJcwRvH:X0TR5/331OXx4GdVgOcnw4q2O8kmBFH
False
C:\588bce7c90097ed212\1055\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 75.27 KB MD5: 19a8b65e7f0bc57631377b268f3e9144
SHA1: cbe68d2389bacb952fe2c00362c2f4b713b0c353
SHA256: 6d301c48f19bbbd307017699afb19bae7ae69667e85bddf66544ccaf84aeb4f9
SSDeep: 1536:lAD70/nYXnVrWeetLO+uxBctEofrWuaqf08sjg2VMoX/mTeZaNSpnP:lAk/EnVVetKBwWRqSk65vSzU
False
C:\588bce7c90097ed212\2052\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 59.51 KB MD5: d6e840045dd322ee1e8d8e4433f6d976
SHA1: fc2c9893694d50be814915f12fe4bd8f50227672
SHA256: b31336d46a1236997a46b0bd4ec62942f4bf2480d19bc2f718254378156160d1
SSDeep: 1536:4DWaOo6wyo4ukYRQT17uGEzsxxN7lsMslmQkoDMZ:krL4u9qxuGLxlxGVkSMZ
False
C:\588bce7c90097ed212\2052\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 5.93 KB MD5: d83bd2d605d85cff8d81d7174329ee52
SHA1: 88fb41716d5e12289636fb91ceb3811e72536592
SHA256: f1c60c43707593c486a8e91de67e8059f08e4d971f353d0adf8ef269f88b6cdf
SSDeep: 96:g2Ay3nabJ12NPOOknSInWt450NDS/7pF4yaf8i3DSL8b6EH:gb4Kn2stSCWzNkp2yakizXBH
False
C:\588bce7c90097ed212\1053\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 76.12 KB MD5: 5275cbc5c29309f8d298cc103b936326
SHA1: be9abd3f31355397cec5e598d2fceb579e507e48
SHA256: ae0bb6e89369c8eb9d76d820d927d392da9aab86384bef3916a61f4d6aac00e4
SSDeep: 1536:+0Kp76j1hont1N5/g9MlfoUVdOeTr+bDQChSlttZJXnGxEo7K:OOPwD5/7OJXBKfXYEoe
False
C:\588bce7c90097ed212\2070\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 4.14 KB MD5: d7e4dea3d63aad8a8f1a1e7515c7b852
SHA1: ba5d761d099579b4e9d4cb450e4aeb8504bbd7d9
SHA256: c454fd4ecf3bd0268e9507bb8ccf6bde7539cb08f63d9141174abc39d28c680e
SSDeep: 96:NHcK4lTLFaScnFUIPLYnbEYpCjS9D8mDttrYH:SKKvFaVFJPUbEakSD8mDMH
False
C:\588bce7c90097ed212\3076\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 6.39 KB MD5: 8090eb656b7d05fc7d8cdb62ba5d2440
SHA1: 52574ca6292ae0a26c829efbe7c4504ec72e81c0
SHA256: 01e52ca92cbd0a43b579ab8c7edcfa8f67bd783aa20963faa93f2f8ece01b80f
SSDeep: 192:VyhPxTDoMr6bgwGdQvLJV7rWNWaDXl65Wt/y+GXH:0dxvNr6b1GdQJJ6D4OI
False
C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id-B4197730.[lockhelp@qq.com].jack 1.36 KB MD5: 2165e8033ad534b1eb8d23989a233c01
SHA1: 565e4f5d6ddb80e1023a3ead1a32a6cf00c94ff7
SHA256: bc58fbaf00f45c8f2bedadfcde7270af150a6099b20763505b797176119aafef
SSDeep: 24:yx+IpWpxX2qjJEJpODFG4XAsFqDtvlpCdYpLVGPV0o0KQtk4tziept:yxFWpHEY44XA3DNPCu2PVne5kg
False
C:\588bce7c90097ed212\3076\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 59.65 KB MD5: 35b2e1b7f0ca74d76b8be96de18cc181
SHA1: 02f0f7e75351b82ff5cc5dbd9460569a4eb99285
SHA256: 2aae5a87468b6d61acee2fe545556be2793449b8987062f08b10c0e04e4f11b7
SSDeep: 1536:9tDOkfgR/noWL727dbqNJvsK18vxDtgCTlW8H2qq:Dxa/og727dS1j8JDiSlW8Hy
False
C:\588bce7c90097ed212\1045\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 80.69 KB MD5: 5eb12fa89dec1539e212638687c5046a
SHA1: 832e570d031b5a83a6ea662e0e79fed382a1ef8d
SHA256: e4c3993bd3f3ab926a01b8d526acc17b05fec2f54a116d02bd9284b826ca7f5b
SSDeep: 1536:WX5XLqa3gRWdwBFVZUsKKfnwrhuW5E6CfInrFn1Y+/9Pyb4VAk0/A35RwAu37P:mmyg0d+VkKPw1uMrEqrHtSxA3fu3j
False
C:\588bce7c90097ed212\2070\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 78.62 KB MD5: 2fb837185875a687758362c2451425fb
SHA1: 071efceddf6110ddc1ec490849183628a22a4af8
SHA256: f58998444f59b2ef7c9901db4879aad99fbfca3b0ed9b4ac3ed8ae2e46555074
SSDeep: 1536:qr6gWYvFxsSEky96ZmmSWRsdDHs0RXZJc/fDCk4XcLu8Ya4cFK3Bgmbso:oXWFkFZZSiKRXDcjCau8YOKRtso
False
C:\588bce7c90097ed212\3082\eula.rtf.id-B4197730.[lockhelp@qq.com].jack 3.22 KB MD5: 15421831d835db651ea323a1f62423d2
SHA1: dc7120b7b7f264eab14f59c15f7b5c3f885e9aa8
SHA256: de426a4681b355ad660d78004b2fb8af23a09396811f51b49516017849cb3cb2
SSDeep: 96:OAfHQGgD6a8DwnzH+KYibB5sY5M507ydZN0wkC5H:fXgDisKKYyLs95BZNHk8H
False
C:\588bce7c90097ed212\Client\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack 38.37 KB MD5: 37ae706c49bbfdb19a544d41f2bc9b23
SHA1: d59824c247633744f2df168c0179232ead03dab6
SHA256: 183687bce0fd553394ae5b20d16855a5dfaab1de71e1ce5d60a6d5c4ee960ecd
SSDeep: 768:vdOUo2XGSeUxMDR0tYpdy6mS0/SHNdXhZF343H98c/8VwbqGKAk:jGPUOeAmLSHNLj343d3+vJ
False
C:\588bce7c90097ed212\Client\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack 197.32 KB MD5: 5942d2ad21ca93a4284cedf91b136907
SHA1: 1e0487ba468427001edb095ccabc67b3087bfb5d
SHA256: 0cd3cb94ecc20222e2ac0edf65045b0920d3ed27e7b3cacf9ffc450a22a268ad
SSDeep: 6144:oQs9i+mSoZlfl11cSHsNqgDWHtVTAq+3DVKKyPb9vjL:oQ6y1RMNqqkjTU3d0f
False
C:\588bce7c90097ed212\DHtmlHeader.html.id-B4197730.[lockhelp@qq.com].jack 15.99 KB MD5: fff661ba30b43827a83e383380e2fc49
SHA1: c62c4fe54cf079a27d0ee0f82203f20f6e46e42a
SHA256: 7fbf902c6d60e16fda47c6222fe1aefde3c1cef9089a0eb13407d4a142b5c9f0
SSDeep: 384:z8BoSMgIkHRs9pkJRSUELVxT4x1Q4JDuqfJZhuF2Dl5LfWq8BIt:z8BSmHJJRS1hxyFDbh5x5Leq8BIt
False
C:\588bce7c90097ed212\netfx_Core_x64.msi.id-B4197730.[lockhelp@qq.com].jack 2.56 MB MD5: d01d265384479b3f4b41a72efc46e1b1
SHA1: f8959bf809e586ec891d53e22d1e80dc60a2d5bb
SHA256: 301811edc6471aaeeb39552bdf99498e88d8fc2fa5d990e2fed18e9cab83fc3d
SSDeep: 24576:nc+BQbPyxbs4rONS5voMfjhOGxuk7QyGAgCvD0XnRRqHt6D4HETqkSigZQZ/R:ncxisfQxoMLykcyGADghRqHtGcdk+MR
False
C:\588bce7c90097ed212\Extended\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack 38.37 KB MD5: 1e5ea35f383c92f195e947945d87eb8a
SHA1: 95b29fdc1f6e74e56f25c9b17067c5b51802e536
SHA256: 615c164bf486d9656586a97de79b9cb5d92491802f5606c864b1843b2aeb68bf
SSDeep: 768:GAdA4mgZJsKB4sq0rNf5+1cG1IY+/2UrfsQDogFwlqYleh:Igq0rB5+1x1h++UrfsSogylZlA
False
C:\588bce7c90097ed212\3082\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack 78.37 KB MD5: 61472905ed2200b63d3dddb34ba03898
SHA1: 9bb9459c7a924581e6be2e3938ec42ddd06d99cc
SHA256: 88d2c03d7b44671192e338529d065746c9630042304e482934f6462468985d63
SSDeep: 1536:Rbzut06j+1S0Sf7YJ/JemKCBOnEGLt4bKGfDzXLPRJykZ8BpKZihVWQu:Y06j+1SzfcJMmj8abpXLPRJykGpKZcWB
False
C:\588bce7c90097ed212\ParameterInfo.xml.id-B4197730.[lockhelp@qq.com].jack 265.91 KB MD5: 3d7b07403b19b76d6298968518a4627e
SHA1: fd2fb01335f64900e429ea756f07a50636857ff2
SHA256: 3c8f761bf24e5748ae925e9c7098a3e66c78ff1662da172e2ddda889b59cf70a
SSDeep: 6144:KbPPgsDpxTzOzwQufOC254Ti7fkWBCEe/r0lLH2WUL/u:KbPoepxTzO/wq4Ti7fkWHaAEJbu
False
C:\588bce7c90097ed212\header.bmp.id-B4197730.[lockhelp@qq.com].jack 3.77 KB MD5: 81368747dfc1989b0e0d6a5ff6151a75
SHA1: 5906bfe73a1fb56a0a3e071d12d1aa655266ef42
SHA256: 19e683896f5f85185d526d4abcf584c9742efd0b09d9bb6fa942669a3e350c59
SSDeep: 96:Uw4b73H8PkiOn3RDcwBKS3y2/rIUFBY1Qlg/6zodWb:MH8Mi0RrIAPlmKoob
False
C:\588bce7c90097ed212\SplashScreen.bmp.id-B4197730.[lockhelp@qq.com].jack 40.36 KB MD5: 639444f39aef2b7f3bb262315be50b9a
SHA1: 3bfb360d2273d53776eabd3e2d7725dad8c39bb1
SHA256: f19b6dd9b99aace1e60a93fe9a5cd849643fae8149276443887e8142b07044bd
SSDeep: 768:+azGYl/oCd6HonTZtnYu5N/odFTMMFf+6E5QWBXuGTlDHsxYaOsW:dl/oCd4IZBYuvCMMF2DbZ99F
False
C:\588bce7c90097ed212\Strings.xml.id-B4197730.[lockhelp@qq.com].jack 13.99 KB MD5: 72d0dc892954cee7e3b8789388342dae
SHA1: 4e83a0ea153fb18cad710a6f025291601832dc9e
SHA256: 4943bcac8f1fac168de0322ca2686dbbf3d4168613083a2dbd3226dfeb45f406
SSDeep: 192:zCXrC+IJRtKlhNdVJlaTm4dLRWZKdY7T5L3VA7W4OtZoBimMEBMDgCXCk3S0+BC/:HOdV+mwRMSEMdAoZnM86C6uo
False
C:\588bce7c90097ed212\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack 38.23 KB MD5: db6edaff2f652fcdd68edb6150cf7d77
SHA1: d11778ee08884dbbb54d70a67f12d650cb84a986
SHA256: 7248c3722bae030f88ae07c0868fce2f669abdafab0e91987d06faa8ecdf95a3
SSDeep: 768:kl2mTSwlz2rM/kVk5N1+2s69hEw87vV1iw0NpB/E0P39NWA4NwHl35e3Vcki:O2LCIMMyNM2xjEfuzbBcYWVwF35ccki
False
C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack 91.38 KB MD5: 676837a0a81ea801730c341c95d6bac6
SHA1: 3aafe5ce303db3d994edbe5004a1d4128851eb10
SHA256: f8cfcd10a494b4a60b808ec6a8d2f4bfeb15e7f40aee43292f3049a3410d9917
SSDeep: 1536:8jqG6OHnOaPmCZCAh4Toj6oL5kQujnuwDgBbnEIH3G3w5I4+LAuGADuUpiXMA8Nz:86IXPGhsjP/uDuwKbv3GgCXkuGADul8P
False
C:\Boot\BOOTSTAT.DAT.id-B4197730.[lockhelp@qq.com].jack 64.25 KB MD5: 113957af53b265ead972c87da2a22e8d
SHA1: 981c35233b9a5f524947aaea747b30c03ba151ea
SHA256: 392aed242bba2db7f02f6e86017c232245fc4ec6bc090e75cd604db85d2b2acc
SSDeep: 1536:6AEIw1HwcmaKmEvwnWRJkhCxDZEty4PCN9n37q:6AdwlwcrpEvwnGGuF6CTG
False
C:\588bce7c90097ed212\netfx_Core_x86.msi.id-B4197730.[lockhelp@qq.com].jack 1.11 MB MD5: e4b404b0b40e204f4fbc37ec8059cfb4
SHA1: d822839edbe96136171edf6cd5c0dc7a61b50708
SHA256: bc9b0172a827ceaa0b5c698d1da9259d9f95bc26eb0f4123e95283ecb1f0622d
SSDeep: 24576:w1s9/GSRKvkuvYzAK+xRZ5XURz5V9MzUjBDGoIaTFKl+gIllnEz9QD:UAtLAKMaRFVyAFCRctll8QD
False
C:\588bce7c90097ed212\SetupUi.xsd.id-B4197730.[lockhelp@qq.com].jack 29.65 KB MD5: e04d074370e00ebf447b3aa6f00e1dcb
SHA1: b9ac40e2b129d5e38ac2e24969666c004e0e4550
SHA256: 4ee5c2acbc5a1cf3b0de2923b0e233c6110d990988b34be9ce28679d82041320
SSDeep: 768:w6gq6vdYQ1VCYeQGntpU3iv9m5lRhkaVCZWIjL4F:w6qY+h2USv9mzkMIjL4F
False
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id-B4197730.[lockhelp@qq.com].jack 4.93 KB MD5: cbda84f5fa2edfb4a8203740970d892f
SHA1: 6ec0a45e9ce5a8da4ea37bfd61ae084f3a491dd7
SHA256: 265587f91896f5b22252026e109e78c5e31050b87490e85736bf6e481e7e4f68
SSDeep: 96:wvIUAqN7T4Z1s80rjOrcf4ynjL96qW3KDWOZeRg2mLuWFrtlHzdztpVaCn:cIrqN7T4TFQir5g96qJh8u2mCutlhztn
False
C:\BOOTSECT.BAK.id-B4197730.[lockhelp@qq.com].jack 8.25 KB MD5: cb7238efb6227eabdf15a78fc81cc9ea
SHA1: 6690748ac8ed6d5b993c7ac26a97327a1ba435d0
SHA256: bd580945a657f932fc309b73b59bbd3e44cb8016c1be5b27f3aa43b30e1729e1
SSDeep: 192:73i7MILg7BfqH13/v8tj9O0Rq7UY2tZCh6YdXD2v4heYmvzRwf:736cBiVklRR0Iy9dsPV9G
False
C:\588bce7c90097ed212\watermark.bmp.id-B4197730.[lockhelp@qq.com].jack 101.87 KB MD5: 6e66d62d14d729405c49f7db9b6ef28c
SHA1: 5bb864df600ee5f2372265f669c4e495a4b414e7
SHA256: 6b268af7a1f5b514c26e5c469d20b65d5530500ee934705eee308e2e89be870e
SSDeep: 3072:ttCzZhhHwiEWsGa7nWylajY5e5nWOqsc+4+iuU:qhhQiFoWYak5eMOL4+3U
False
C:\588bce7c90097ed212\netfx_Extended_x86.msi.id-B4197730.[lockhelp@qq.com].jack 484.27 KB MD5: f183d27a64404418411e6614c66a295d
SHA1: 373a5218e8ccbc999c8c257609183c76c245abc6
SHA256: 74bbb55e5a57f99d78d73ff70c415dc36e16db6d707b9b96161743763daecff9
SSDeep: 12288:vL7Z+ddMJBlJgmu++/2IHZXEwac/KweFbOaKJXwQupk:vL7Z+MlN8FZU1c6cJXwQ1
False
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id-B4197730.[lockhelp@qq.com].jack 4.30 KB MD5: b7da398262859ce3a24a68375e496a41
SHA1: 4f9107c6bcc581018c6c8ef6710695823aff0e33
SHA256: b6cd28bb51cb2fe71adba0b2123d25c15223d40cb6b2a46aca99c0194f23136c
SSDeep: 96:mp0lUTXsSdJB6qw1maMt9C33UglxrymkIz0a+GADxmV0nw3Dbj:C0+DsDqUM23kgLemkIzJcmV0nkbj
False
C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.id-B4197730.[lockhelp@qq.com].jack 890 bytes MD5: 75090601a1622349034bbe598469b390
SHA1: 12cf8e1fef241a2ab715a40a1b1c9c663e12002a
SHA256: 5b8ed37f67dba466f0070357c7d2777aca0a9a4f52b2f6637b4557b577724740
SSDeep: 12:99/Lb+yxyJ8GShxQCEnDpqZrkuCASskr4Z/Jtvs5GX85XT10HFwQDx/5Q0ag9QOD:9V+y1x5MDP9O/ccX85jkFwe/tJ1
False
C:\588bce7c90097ed212\netfx_Extended_x64.msi.id-B4197730.[lockhelp@qq.com].jack 852.27 KB MD5: 2b7dd997fcdfc14bbc3af994747bee99
SHA1: b5a658fd7b0683eddbe526ff29d064bbe0353508
SHA256: 7504b11f59c8f21f5792c9289589cdef7762216f33e6e106fe07f5b7305894b9
SSDeep: 24576:WyaboQlG/V9kSNUDm5HAPZjWkb8khqoqZuTzZBHBD:5ab1GbkZDm5VCYG7BD
False
C:\Program Files\desktop.ini.id-B4197730.[lockhelp@qq.com].jack 410 bytes MD5: 9842930ced35aa5d2f9674b135bbd857
SHA1: a69cb87c5ccdf62682c78a4d3c6f27dcfc7ca500
SHA256: a4764f942b6d1b683265363e09c60e847b94814ee2acf4d93879089276dd8419
SSDeep: 12:mzUNYYMZ23IZQvhlR74bT1032vZ/5Q0ag9QOGZtqZ1:mzoy4IZSB4/vh/tJ1
False
C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt.id-B4197730.[lockhelp@qq.com].jack 1.62 KB MD5: 43f9c3d583d518293bf3b1e0f6dc7315
SHA1: 687f9880d965dca406eaa38485a5a8bdde71f12a
SHA256: 01ea0a41ce3216c39279ce1d8b41b61bb6a713c265e588882ea8d8dd54bcd3c8
SSDeep: 48:g2Zxc+h45rlj8tV6udu9soixtJloV9FeKI5UQwJMEwb:3++h0d19PQJl0xMPb
False
C:\588bce7c90097ed212\RGB9RAST_x64.msi.id-B4197730.[lockhelp@qq.com].jack 180.75 KB MD5: a7e150f9ff9d5901d7b6d46836b5efab
SHA1: 52675b87cbac530cc2a10300386b63b939a24e38
SHA256: 2b05cdcd0aa854fc8ce79d0a04672c68e74fef99f0a64245b4d9b18b2775ae41
SSDeep: 3072:hpne7st30vJyHzg8Wr/8xA2sy3glJ2K3gZ6LQMU7dMsZEkcB9j2gYJ+NGTg8gw:vGFvATgnr0xA2twzgZ6jmesykG9j2tgw
False
C:\588bce7c90097ed212\RGB9Rast_x86.msi.id-B4197730.[lockhelp@qq.com].jack 92.75 KB MD5: bef764bbd0db06fa35ff7212a1b940dd
SHA1: f8fc9b51d91d4ac11cf0f27cf67fc5912f9904a1
SHA256: d00a9561bb9908af7f11ce32d0988dffc2a5474fb36f16c4a753157bcdcbbf4f
SSDeep: 1536:GeOecNlq07nPaIhXCvNpds4wgojCI+OC+B+bpcACKkyNRVZ8JoHiGnGvJUJn:GeVcjq07XyvNHsZ+I+OC+B+pbzZWoHzX
False
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id-B4197730.[lockhelp@qq.com].jack 7.87 KB MD5: 126f2e7417f9c3e8d055e1b81a998a37
SHA1: e0ac9fa531b184de7ddad32d0dacc9b2e1d6a675
SHA256: 7bf769a9c90b5c6472302ac0d8459a4c071741051ec28e59fb45ea39c9bf26df
SSDeep: 192:eUO6ySancyVrvEvXOrpxG4abotZZCWv9aTcrHFohh:ejFv5EfOrpxDIWkTL
False
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif.id-B4197730.[lockhelp@qq.com].jack 8.62 KB MD5: 60a55f38fe3bad37ad4155fdccbd24a7
SHA1: a9b7f48cbdafba01533401a697e816c3ad73000c
SHA256: 7f4ac520f47be530c86cd151207eaf32e5c17d924c1295d323d519e30e95932c
SSDeep: 192:cfXmhklgKBafHKnAeqMHRlijmvrXwNtqKsL+n8kb:3hklZBafHwl2QW8u
False
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id-B4197730.[lockhelp@qq.com].jack 12.21 KB MD5: 7917eaac15eac25642072515dbc05746
SHA1: 2a9b676c3a996b2cf0c08acefdd9a211ba698c15
SHA256: c1303a41b1b1371b74d105881853e440462363a5c844fd43bbb55f4fa0cf2a44
SSDeep: 192:RMnzBJywUcg4fvHO/lqf/pc0wljsYXdSkbStz0UwcAR1BfNlbFRORt/C0bR+TzLC:KlJyu/O9qf/p+sYXwk2haNlbDOu0bsTC
False
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif.id-B4197730.[lockhelp@qq.com].jack 404 bytes MD5: a46a6e092c011a285d84b490cfb38267
SHA1: a82b21459b20f23bafec67832ea8ed5544495e96
SHA256: 65631d2f8db257fc06c57b25520334f2360885b7c64375fd3de282edf3346472
SSDeep: 12:cHSTA4UXxL3i1Mfn10WX/X/5Q0ag9QOGZtqZNl:cHgA4u93iKvZvX/tJ3
False
C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif.id-B4197730.[lockhelp@qq.com].jack 15.15 KB MD5: 756044ecb5edae88a91bd4b515761ff8
SHA1: ae4ee81508584544d900c9f2f39cdbd023329605
SHA256: 761a9fa1e59bdae0c5ede8fe827b3d9515b0478bdf1d3e06366e718570722f06
SSDeep: 384:LcIBQNEXhBdh/N8Nugjnf4r1n0sSDuNRsSSXQA/QGHJr:Lc+tXhBdhl+tnfM0+sSSXxQGx
False
C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip.id-B4197730.[lockhelp@qq.com].jack 14.06 KB MD5: 6096dca2e5a860285cb9fc88289843a5
SHA1: 48e7fdac9a8ffd32a8809228e32a8b2a64a69b68
SHA256: dbfe13db90d479e8325289ce423645948c6ba096c69202bd70212c1a119b64e9
SSDeep: 384:aMlrMQpfnAYlNNxo+BCLN1gIsxlOGXnyZZNOB:5MAfflBBCJqfxaZZ0B
False
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack 434 bytes MD5: 91aa5ddf67196dbea2ac20586c952a4a
SHA1: a0896dbc5701e8a46e524e387a7dd63b74e8103f
SHA256: 43f3bd1d4353fc56bd667eb1f9975eff1a271bd337c8689af3bfe09d710e0d52
SSDeep: 6:F0G350sZDYppQ3ilRwtBp3zlUnOClX1uR+uinR9/5Q0ag9QsHIHj5zlO0MvZ9n:FJP1ylaZ3On10+uG/5Q0ag9QOGZtqZ9n
False
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack 434 bytes MD5: fb743d22f9402e10272d04e701e0da9a
SHA1: 58fc605263447fae46d426a8838f5666fb9afae8
SHA256: 661732b18ccc1151a349588e83124198141b6a8dcb885090b3032506a29499d1
SSDeep: 12:Oy64Xa0cUFKrlC4q30an10XTZr/5Q0ag9QOGZtqZ9n:OKq7Uql4+TZr/tJ9n
False
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack 422 bytes MD5: 02e73cb1ff3379996a3b3c0ddb9623ff
SHA1: 567437c9ef123e3e8f1522ad36dda1bb1b50a123
SHA256: 855501ba279e3175b4a8eb1cd12c3c83b1d67c0ac7bbc948686cbb6c4efc4744
SSDeep: 12:DxKv+m0eDZsVd830b5n10Xp/5Q0ag9QOGZtqZLl:8v+m0eDqVo/tJLl
False
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack 418 bytes MD5: d3adc8cb44e1bfd1bbbf266c9ec0d406
SHA1: 7f18b7025e00b259f156ae9bc690d3ff76fef5b2
SHA256: 033f0cf458e2b25de94d9ef9a8732c4ca3f5470d5ae386d03cfdb324db08d6e6
SSDeep: 12:KqmAi/8/P4xpqu9BJt03qn10dtC/5Q0ag9QOGZtqZ9n:UAY8HEjPMtC/tJ9n
False
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack 422 bytes MD5: bfa6c1ea5b5a57a8daed8f02e878cbe0
SHA1: 55ea50b0c2d7151d54c3c3509ed8f4744944c8e3
SHA256: ebe5743bc8f5657710d461b5e7dd5315a0ed90993f11aa31426fd2443ffc9ebf
SSDeep: 12:FkmR+03n8XQaT3H5n10kDW/5Q0ag9QOGZtqZLl:rR+O8AabVlS/tJLl
False
C:\588bce7c90097ed212\Setup.exe.id-B4197730.[lockhelp@qq.com].jack 76.55 KB MD5: d1a0810499a2a6fc0c756cb9aae0962d
SHA1: 6dc3fb8bbf2a432fb72c692e9158110fc17c8b11
SHA256: 1e51675d65e68dad2df537fabcc0488cb349e226b9877c52d4f0ce8180c90741
SSDeep: 1536:KR7qZ47knLpUbjFjN5E2fKMP5a6rkno+aje3OCqVgoLg6MQ:KRx7kLaFjJSMzkhOCy9MQ
False
C:\588bce7c90097ed212\SetupUi.dll.id-B4197730.[lockhelp@qq.com].jack 288.57 KB MD5: e2ab611448f9d8684e30d2b5792cedb6
SHA1: 7e69f20fc9501ed01d4253a626460f01fc6bfed9
SHA256: 74ef4d766af532a35061cee25ca4e39d69c5b85d103c242edbc1b9f4723aca5c
SSDeep: 6144:MmBg0Oc3VG8jNe3HC35dPac6mIo0plY+LUIimiy9uDlvuQ2a:MmBdOca3CJ8c6JvY+LwmiyYd2a
False
C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat.id-B4197730.[lockhelp@qq.com].jack 103.25 KB MD5: 43327a98b3c4520f4d7f524baff03537
SHA1: 111fa903d11c12e498d6f246134b2d37341247f4
SHA256: 19687392ad7c7409c2fa240fa64ced60a2692cbaecf3937e390aa2d43a403d8b
SSDeep: 3072:5D/lk+jhxLdHL2DYMzujHqEemYq+EECykV:5bK+9xLdr2D1zuxdYOjV
False
C:\Program Files\Java\jre1.8.0_144\README.txt.id-B4197730.[lockhelp@qq.com].jack 280 bytes MD5: 40120f1d19ca0fd293fed72c130ec309
SHA1: 10a3e14670ccf3122e31515a63e7337d87e16b87
SHA256: 4bc50b520f9850f51f694344479bc72504e50bdbd51d032c2292876c6feb7525
SSDeep: 6:QALeWSPJ3gdiprI1uRP+nSLOuTR9/5Q0ag9QsHIHj5zlO0MvZb:QgJSx3E8k10VLOuX/5Q0ag9QOGZtqZb
False
C:\588bce7c90097ed212\SetupEngine.dll.id-B4197730.[lockhelp@qq.com].jack 788.58 KB MD5: bd3f208c4a364ef5d9d66df96a31083f
SHA1: f6a1d4f63ff9c3d5ff442ba662a65cab5544a995
SHA256: 6474f18014f095a7138e3129503fb0bf7ef4c8f05a498ab8a795eb30487f259b
SSDeep: 24576:3jTE9mOGhmakN39SGsi6HFKL73Mck8hScXd:3jXkayNSO6HFKLTMcx0cN
False
C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt.id-B4197730.[lockhelp@qq.com].jack 62.71 KB MD5: 7877d03d02b22e44abf3f084c3b73a08
SHA1: 4f51d19104e815c58108ef03dfdc9c4dc61f726f
SHA256: 05cd42a5e6f1246b3161e61455e9dc312a53431aa01e8f116df930995e9c6a45
SSDeep: 1536:Q6ogvwxfVNVn4DIGvV3d+cFE+QzWpTWFIynVHT+idhim/oLUCaRGgf3hbEOI:Q6MfDVn+IGNMcFE2pTUIm1T+irim/oI8
False
C:\588bce7c90097ed212\SetupUtility.exe.id-B4197730.[lockhelp@qq.com].jack 94.08 KB MD5: 0087087fed3f7e84abc7ed4624ecd459
SHA1: 2b135c3efebdaedec32566153d58a1013c06e856
SHA256: d51a7209edbca65c05ac0123707280b72779c6f1d0360e58045cf662a2ca5634
SSDeep: 1536:aEIy3S/vVwG7m5Be4nR7wOTTcJ1/j3fc/nm+Rj2eko5dCnrOTX1GalsB5R:aEIOS3C15Bi2TcL7vcB2ek2CnOX1GqsR
False
C:\588bce7c90097ed212\sqmapi.dll.id-B4197730.[lockhelp@qq.com].jack 141.27 KB MD5: db74b662b89126309f85e257f1e00e53
SHA1: 36c5bab55230541c802710a38ea776446735fb36
SHA256: 72dc6be75bc7b93a13dfb445d342c83687d9a07b6c5ff94778f39ce65a4ae303
SSDeep: 3072:7QmkUsVBSN7xQqvSX4LUvJHDrbE6YAdlo2dr8qBCS9M/eHaFVreZrO6k:7wUxxQqvCwUvJH7Xddl1IqAS9M/eHaq2
False
C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt.id-B4197730.[lockhelp@qq.com].jack 142.04 KB MD5: ed802f32d95bf7c9a5c38b16c35607e7
SHA1: e9c979273c2b26cacfb2c0249ba7fa35ce82d8c2
SHA256: 32963dc90f11c33881b046796381df1b35fb7e6e4a9425ff3828ccc300602da4
SSDeep: 3072:rBRD+r16dASGif9YEKUOtrS9TmAKzelK8HBZtdK:Gr14AVUIgkzaDw
False
C:\Program Files\Java\jre1.8.0_144\Welcome.html.id-B4197730.[lockhelp@qq.com].jack 1.17 KB MD5: 5c9ae0d3fa233b84dfb8cd5bb6ea8f8f
SHA1: ac2eff3ea2c271c85347bfc4c4e60c0d75dab92f
SHA256: e7078478e9a000f68fab510bf2aa212c527b06154cb92c8583df109906285734
SSDeep: 24:yrJ7v4ksUPg1CRFKMNhmBqIC73S21bMvDutAL/tJf:yV7vrxgMjKSU83VivDN7f
False
C:\Program Files\Microsoft Office\FileSystemMetadata.xml.id-B4197730.[lockhelp@qq.com].jack 544 bytes MD5: 25ea08dda6250e8b1b21940af3ad0c88
SHA1: 449b0dd2a769043754ff462706831e30284c3dd1
SHA256: ebdf2d1d2976f22decfb65d8acd273730421dc5b0439ed93a3698bdcdaed7159
SSDeep: 12:yzHj2ZSwRrxqB5jc1jIRs10Vp/5Q0ag9QOGZtqZxl:SpmtLkeCp/tJj
False
C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack 422 bytes MD5: 384e11511e3fd78fd242137f3a7de186
SHA1: 6e1270a3b4a8722b617d96cfa8d703a3296a53c3
SHA256: 547ba59fb6d7ea4a392694a79cc8ed8a9f6f472b1acc40f8af07c823e259c7c8
SSDeep: 12:tMoDe7v3Uakn3vT5n104m3y/5Q0ag9QOGZtqZLl:sLfaVd/tJLl
False
C:\Program Files\Microsoft Office\Office16\OSPP.HTM.id-B4197730.[lockhelp@qq.com].jack 170.68 KB MD5: a2446555ecbe217fe635cf720a947041
SHA1: 7c633978f4cd6fe8aae1cff6b36e11a354227f9f
SHA256: cba3fa869554f99fe7533561e2b847fcf4365d717e4bb11285e055f1526d2510
SSDeep: 3072:T2X4QoqOQcrdPWqO9xjgGu94HUHyC0r2HzOS5eeyPToVbGHF7wm:JQsHrdWZWQr26geh8EHF7z
False
C:\Program Files\Microsoft Office\Office16\OSPP.VBS.id-B4197730.[lockhelp@qq.com].jack 92.49 KB MD5: 8fff2fe3814ef747c915082f4a55abb9
SHA1: 6a737a5574e696c4dd228ccb413493dcdbd1578f
SHA256: 395698886eaf8989370786cd1a810b7b5d7060bfc8dbc0d273a1f48866d192b1
SSDeep: 1536:2EWyULiXzKCnZusIsFJ6VxEoAjTOKu249rHxG8E0Q/AdqfkJuIpDEcLAotjRSHvz:hnZmsz6v8jTp9arRGiQMwWDEcMo1RSO0
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.81 KB MD5: d5880b9d0f9119c0e1efa13517679286
SHA1: 93d596eac3874631107d774ef6f2ead6479c8c34
SHA256: 5001c59b0c4510695e6aa296d636d396df68e6e7da541a658f3b0eef8dd4a24b
SSDeep: 48:gGNYDw4fGKA87BwUCvl7LQ64SaK4AmMrgicaF5:IG76BDC97LnsK8faF5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 378.59 KB MD5: 9e4451bf7c76a3e712d41c620e7a78e5
SHA1: 54bc5897711554d07cd14e7b6469c3f1015f87ff
SHA256: 6fc4cfb6b64175e9f08fdce2ca16573810000c3a7667ca0473a9decf8f5175d5
SSDeep: 6144:X7dkvGaiWkQqbhkazVZCTx2iJk/4Shv2LZHfweEkW6OQl5rCBQjjjjA3WVP0pXlG:X7dWGZHPbisHin+4C2LZHfweEp6Nl5uE
False
C:\Program Files\Microsoft Office\Office16\SLERROR.XML.id-B4197730.[lockhelp@qq.com].jack 35.73 KB MD5: cce0caf20d85c555c648937401956e1a
SHA1: a3a3752c87a82fb11cb7c43210d2b46a628388d1
SHA256: 6a4405d489db68061b67d9eaad8c6bf62776fcdd3c8ccc484c799ddee5e6334c
SSDeep: 768:FQz/NQOm5fPaipdMP0DvU5/liO9jlyJGujqB/RRGdaREFZPKH:v5fPaibY5/liawGuuB/RRGEKQ
False
C:\Program Files\Microsoft Office\AppXManifest.xml.id-B4197730.[lockhelp@qq.com].jack 6.42 MB MD5: 191ddcad545c0dd8317232facb61bd6f
SHA1: a80bc455e305ad8bf0365031add77ec647670810
SHA256: fc7436584637234e0d96fa533d8632fc93dc39f0bb6836a227b27260cefad3c0
SSDeep: 24576:54vzz1Y5Zj9Y6AOwaWVNWWHHzRu1k/L9chbUF/Tx7mWqn3gVtiBwGFwRusBwlNSl:5qk3NIX3NIIawil88POjDSOeJyuB2z
False
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack 2.84 MB MD5: 84aa52c5154e247a11126e67e6aa1454
SHA1: 1080389ce2833051a795dd8bca306f1343415f1a
SHA256: 15b3a905fc3e28db7b2d45c1925bbbb273ec92c2a553cdf564aa66a4365fd6c6
SSDeep: 49152:WV4YaGoDumT1r7AdXZy9KU2KUYxs35DKZ3OIKUJuTZemhSxoMNB4P:WV4Yab1PAdXZzKUYxs3pKZnKUJuT3gqf
False
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack 5.61 MB MD5: 8841691ddd6d14ebf9701e9b906791f4
SHA1: 4ebe1baa5dec5cea0e7e9b18b15fcdf094e15a55
SHA256: 3eeda9c9da0b8e356b72075279650dfea38c9d1dbd157c09ee9a00fcc0a11a69
SSDeep: 98304:Ef0pKGBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDKFfC1PuVSKuIHM:27GBHTK8KXZ4UuY1kB1iKFKFEu4beM
False
C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack 5.71 MB MD5: 02bbdd149120f2c817faa37ba09a7c62
SHA1: 17160cefcf5fc3c563b31eb28295c39abd1a0401
SHA256: 39443826b931e45f2bdd48a3511fd3390df713b23ca02651de5f076b1f251880
SSDeep: 98304:uuEAUjb7BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKj50aWa:e3PBkOK2Knq45mY4H5OMKkKj52a
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: 40185660088267a774d06008f8b25d7a
SHA1: cedeb69a8de967a610157fb699091f1ab4f9cae8
SHA256: c2e5b36d8d63d364d4158add208780b9584aeeb7eb163456110cafc811e0eae1
SSDeep: 24:jIM2Lc7DTpgDswdAMlcvhscFnM20UQZVgPoI/0req0zkVNa5nSA2o/tJ5:MgDTps9dAMl0PG20GQK0K9oUf2s5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: f2ff89cc25d63f6edb32cf3a430e8ac2
SHA1: 5600a1575600b6a0541696b0b0f9c0dafb758245
SHA256: 05e920627dd8da97f1513765717791c25d319bb835b1ec55e6af694c157a2e69
SSDeep: 48:qAKNE1MWeVVsXq4KbfcxZ22NBJ9LNDzA+eiiz5:qy1MWejQBJpND0eiz5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 782.42 KB MD5: 52e9c8b84ad6135da83aedadc75f95fe
SHA1: f57b12b3ee133773ff68a78353a07f8e495c1acb
SHA256: 1034b20efa626fc162731799223a7c29103219c0de8661cd3cfc8fb2d02b5267
SSDeep: 24576:aZSZ8TRwpiKJXRm2aqSWFU/d+M4f+rVscbu:DZAmpimuqnM4gla
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 248.09 KB MD5: cf1bd731f348decbac20074d4cd142e6
SHA1: a413fa246a219b631bfdf0adf957347ff22a2fbe
SHA256: 07e3ecffdfb92ee0d9acb9896cc974d73560975f593017fa39b7d5a4bebd61bc
SSDeep: 6144:jc2GI5Oja6s8wQTBoGl17aditvGduct5I1cRRdpIyDeBAKIic:jctI367wCuGl9ad15sc1pIwkbnc
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: f5b92b02d0d2bf213ba7c0690aa6f31b
SHA1: 5c5061d5aa408419390dde9bd813a73b12c1908d
SHA256: b59e834fb2212895361fe865c65e63cf3749fff0bda8956e68b2c5d170c3af1d
SSDeep: 24:qT6a2Nv9uQ/bOR4YEz/V9+1YVRtZ7nk3P/xKzxPOhzKd/gsKh6+qp/tJ5:KG1u+OyYSVY6tZWXQVPgOSj8+qR5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 745.79 KB MD5: 38a0c4db4c191d2d2af5be51a87335ea
SHA1: bf6e571f69de4643887da5c03e492577c8f45515
SHA256: 4b8a5ed33a5540acecb970a89bb29991e271c57738e200f2da16adb8cdcf5334
SSDeep: 12288:Zhjub1+OlrWrV+m+oHoXmq1wf0noGs2CFwppPhCE/Hyew/9em1koO6RSuALSyqQY:ZYRVpWgmcwsn7tCepPN/Hyew/9et4614
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 19.31 KB MD5: 46e056aae967741036cf93912aee3aa3
SHA1: af7e7539e032e1c13a637cfc2298ae572ffe8c68
SHA256: 8983d69f734515832045dfc7cc9278ccfb4cb02c598ba96ff8041b4a67af8928
SSDeep: 384:RohesTEE49CTS8Uo+NzTZXilp7OsOrCLDKREotZOxDr3rK:ChJEb8zQFyLyWDKRNI2
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 485.20 KB MD5: c10b54efbdff42de52cb95c178fe4496
SHA1: 163f96b7b391d5cdca9fbcd9a254bda849609b6c
SHA256: 7f8206d29b990f02ffa5d172715b74a90a4c47e80f086ae1338b02f0d9b0b7ec
SSDeep: 12288:2cHU2NLkuu1mavjccXAwfkVP//7qowbwAv9B:nH3Kfgc5sJHGoGwWB
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: ff9765b070ecc4d8b267198199d4a01f
SHA1: 345f00fd08ecce0c55ca99038d07ab2c34c23ace
SHA256: 403d2cca323cfd3cc4dbae80a18ced5d7722dfca75acc6ccec4c546209482a15
SSDeep: 24:5rXjxhuyHEV9rW+S2fqZhqIp5p0rgiWuwrgd9ejx3AmKJKIwZwp/tJ5:RTJkV9L/C/qIp5p0rH9/IfSFwCR5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: 913698ea44d482cc2787670d65184854
SHA1: d2ffe4e47ccee61b67ec97e40c151be744cd2f33
SHA256: 647327d65f3860d94bbd39441b5c2a7f4c7e191cb6b8b4be1c248a20e69b18b4
SSDeep: 24:YuMWKGvblci1EQpGfBhUr8PQ6l0+mRoESPuUqFWphzLrdertyOjEEex/tJ5:smvlVihUr8PQ6leRo9PdhnrdzOjNeZ5
False
C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack 2.79 MB MD5: 7cfa274fd14bf5c7d4cc3787fd7c1707
SHA1: df9d66db89b192c2312ea3054ba91ccccbb4faeb
SHA256: 9a284fed19497233be998246f4c5c8666186438c12334f16d950a6e99f835f40
SSDeep: 49152:oJ6tDuv7GuMRau8yuXQFKUYcs3HVKf3rhKj5qi9OufU4vPMLQfK:oJbGnRau84KUYcs31KfFKj5qi979vEkS
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 2.42 KB MD5: c103f049b09c5b596b54e059941ba29e
SHA1: 008479ffe021988a63a6dcada266227640b46521
SHA256: 5671c798b70f7608e785ffde3d354d84c8dcca290da142437ecc0f4daba0ef92
SSDeep: 48:tUz6aFA8P1QAW7J6taLDnbS9iDcNPvBX9eNKHP7bIa8hzUGeFP/iZ5:YA61vIJPLDbSoDc5v3aKjbz8hzUFXiZ5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 2.42 KB MD5: 64c502ccf5655bce4b313c38762a5f8b
SHA1: be70e3dc4d8302b6c132f68f87a6c70bac0a2204
SHA256: 99238f5961c3e28f9cc19938185d6274eb1a2b1e3d20a99ab409a507b76a4311
SSDeep: 48:RYk1hRg2OgclDYoIXXN3hwhnB8m66E9zjNCNkX4eOPTj4h5a5:ek1h+/gUYrN2hnuh6E9NuFe2Tj4h5a5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.07 MB MD5: 643a7f41cfe978eae8c7de4804f3870a
SHA1: d3c3c622cc24f5759ed7415c607d575567fd36cd
SHA256: 8d5070147719731310da2df209b72075fb7f4944245a3b815e6e4a8aef53226d
SSDeep: 24576:EnGQIYpVZt5mFBucXou3LzWq5lf4uayiwsF1PzJgSqmW5ArSMJdR0VMPf:nQbVJaoCzWq5lDadRbymWArDdjf
False
C:\BOOTNXT.id-B4197730.[lockhelp@qq.com].jack 242 bytes MD5: 74178efff6c95680da04757f4e670c49
SHA1: 240ea060b2813615caf49063efd6bf1ecbdf51a8
SHA256: a3c4e9d19a68d46f940504e98fdb9673657d655dd7544fa63f12443e4dddf42b
SSDeep: 3:5M0/9llVst/llzj9Zr2V6FleuRDdpbeaFicCdo8yhAOyRcRDz0yoiuoCA3TJJsOv:5pUlY1uRK3cC2AOcgnSMCA3TJiOxbt
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: d5f45ac2765e6f808500cd8a13558c61
SHA1: d5c2f54a92dd4d7f935d5402cee41a6016646a4b
SHA256: b4ab15561d109da73e96d5743ca422210519b66fe636f57b660d521691563a93
SSDeep: 24:g/K4M443f6DXK9Lvav6Ak9ZkpGKFP8XMadn1oqIc7oS6oLkDFelI+DI/tJ5:g/x4PkCOv6/Jw8X1ojvoLkDsI+DM5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: 0f14fb8438d1f15c422eabe7035f5d0c
SHA1: 033b42c7a444abfac8e9154339290998f0d17dac
SHA256: 63d959ac2a10cc56a67ca6ec93f4b04cbfbe1c29604be333fdb3bc425b597ffd
SSDeep: 24:AFcUBhTjwbQmSD2JfI6eIfbws5x7RRovZ/NFK8OUqfUQ2KzOn9Hoexpsqup/tJ5:AFlBWFmh61TdNRovlNFafUUcuuuR5
False
C:\Logs\Application.evtx.id-B4197730.[lockhelp@qq.com].jack 68.25 KB MD5: d6517bbf510699bee14909e1d8725cce
SHA1: 9aa75f033e767f621d3a4640be42a9d16282f382
SHA256: 1068eaf795aa9c109825b0bd06c1dccfba63f12578f4d28383a23df35ffba4a4
SSDeep: 1536:VXAAokzDDEGdYCPOW1af2T7Yruxl74Y09cg/ZzSgW2Wwp:VXHokz/EGnPOiaa8cV/oxtvX
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 14.89 KB MD5: 7cff7711398b15db3a84e4122c59417a
SHA1: 53b8153a6734cb0aa8cc3c18b1a66662249ec795
SHA256: 05c829b9d32d1d9f75c0c38de6eaed72d25ce5b4fec53e236154fec438effe7b
SSDeep: 384:vFcBvTO8dS9kMpOKJovomXFX2Mjuhn5nj0p:tarO8dS9/OKJ6ogX2Vnt0p
False
C:\Logs\HardwareEvents.evtx.id-B4197730.[lockhelp@qq.com].jack 68.26 KB MD5: fa7843aa6ab635b615209b3957ddd5df
SHA1: 3528259d77253b9769c9dd6e7b7f977d22dfc57a
SHA256: a87aae230d0d3f85a5b7352616eddaec4b9fc52b3585640069927647c931cf76
SSDeep: 1536:Dw7u4jEjxCzLioBLx4xirjbC0ec0r/SjBJLkeketY1+K0ibXk:cQxkbgOjbC0qL6zNBt4Zk
False
C:\Logs\Internet Explorer.evtx.id-B4197730.[lockhelp@qq.com].jack 68.27 KB MD5: c757b93bf893594c0dd95bd55aab4d01
SHA1: ec3ebf154ce21ae6b80261d0d57bce01ac705110
SHA256: df97c81ac0af8f64bf4ed2008f8ebacbd6f9e5757dd243474078a879772dd824
SSDeep: 1536:HA3UKWQbSsXWk1r6yBzkym06z1Hu+BNXmx6hWxs5FZbg8n:gphx1WABizpPN2vs5FZbJn
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 335.61 KB MD5: a4069dee792c2dd15e0796fd588a9a44
SHA1: e092a9f4b39eca071f63f41ca9e7e97b419a4275
SHA256: 6b8e4df8ddcf3b481c06cf3f8202037063dc68add5b27febb7312d0c4d2489f4
SSDeep: 6144:YAM/X+5bCibgB8LZP07bArfnJYfrfCl9TVnVFPxbYoQr3UuxdaRKs:n95bCisBKs4rfaOVnVZ1eU8aRD
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: 6c2985acf22062bfea00c665d608874c
SHA1: dbc381663fd3f85b581d8a5757eeea0f0bc33f88
SHA256: 21f22883e538c7694f2099e94b10a79742b32e6bc859bdd4d4199a30f13ff67e
SSDeep: 48:0p4P1keA8znp4BXFRJ59HUuKqqsEn5dS46xy5:M4dv4FFRtHPzgePxy5
False
C:\Logs\Key Management Service.evtx.id-B4197730.[lockhelp@qq.com].jack 68.28 KB MD5: 9672ca56f76679159287355b97c503e1
SHA1: 106efc369f8f08e28f8afea6d9a6a075ff681aaa
SHA256: 0e8e53e693b19ae3d31aa2259474f654dc8c4bc20021ea23d4f56d04b8489755
SSDeep: 1536:sPCI4ZUDROooqpfe/3XZGI3aX8kqRcHHYdhKWXzlND4FX4H:7UDe/3JTKX4eHYRXzleFIH
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 349.29 KB MD5: bd446e1b319d249e9915206a82b0b5af
SHA1: 355d40409b70b41363cc81de37c9f4045c679c68
SHA256: 04e29366cea50280714b491722a36b084ba54245d41a1293c79c22c53491494f
SSDeep: 6144:LdZHXaPqNK/xunfz6kgegKwqwYZEbDm+jqHd0b2s3Q5lUufvxtKkrEZpPq:RNaPqUxub6kgegKwqhgD529eY7UuxZA4
False
C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 10e087c0cdc248b4127bd2009806b301
SHA1: 14e1b22f792afcd8ae65a7e4a57d26d798f236a3
SHA256: bf733ecbd9e969f853ff07135a776519dbe61f4f13b449cde21441f4c439dbc2
SSDeep: 1536:iMc9zVhaigoloh7D7SlbZfTB1N2J+iKbnkPV9NgXIs8LDfv:NigolWDibZfTB1NSOnkPrbnv
False
C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id-B4197730.[lockhelp@qq.com].jack 68.38 KB MD5: dea6af5552e1bb2cd60041c03ceaba0a
SHA1: 28fd7e63c95b689ac5c9083c91ce5cebe817ab19
SHA256: cf724d13aebc30858226d6a00176cb1ac07e51934129062315809c9b8f9f501f
SSDeep: 1536:vIaQxI+SP82oDhSXTM1W2ukftBM1gC4qShnWBImR2P8:w1InP4DCM82ukf8gInBImRu8
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 63.79 KB MD5: 2de32bd2365f9766ed9921f535cb4aab
SHA1: 5d9ad9886a782cccb3ede6cdf6fe2001ad8684f2
SHA256: 4fc44bf218dd3d564c3051c0738455e75eb897c2b58a1a29d22262ef00ae9364
SSDeep: 1536:GXSZKvQX5LXGsXxzT9QIjxglawsmjUDSocbj:GG5yss0yBsmjuS7j
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: 58fd1cc6b23fa2caf7f1c8450169a711
SHA1: 377cbfb2c06ca9d7e1e17c564acf43eff62e73cf
SHA256: 711053972fa6c88140d9ca329e4603593a5e0a2aa3d442989994e5b1187504e8
SSDeep: 48:GU79rzDJ0ivD7Wsk+01/o6ikH1rBES+g5:JzDVvD7bkdiczES+g5
False
C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: e525787844df9f4d2fd37a8c4719c891
SHA1: 218b32c87bf6fec99394cd6c88ead69b6b43cdbf
SHA256: e288ded8431a41e8177e878edf4485086a4d2721e2f1ef8d4890cc979d1c5b6b
SSDeep: 1536:Lc8zLQjUsEffRsvLRFx/rwSIJiZ8n4rcQamfx4jT:Ltz8EnRsL87J7tQamfk
False
C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: c9be538bf9bf04bda2c354090b936d65
SHA1: 19783e7a852eedb867215084d2fbc3efc380b7df
SHA256: bce73cda238cf7e62debab65077af27bc3b765dac499752442d7a90613633a32
SSDeep: 1536:GtnXVwtuoWfK90OoqcHvQjFMDeQiavS9hU0hCtq+ymp7qt3hqAeP4mhE:mnlSmfi0qcPQjiDeQiavS9hZ80+7WiAZ
False
C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 34fe958768a83b291d4ac0cbb7c4e042
SHA1: e4161d41c79428367f81a0cf8262b21fd45d0bd7
SHA256: e3aa6e3895b84d2d0888d28ac15a9805bb9850d3ce2d8d7de06279ff7af3dcef
SSDeep: 1536:AIyrZUTgmuWNMCVxv7A8yW0LygOIf7a9SsvhR4vucU:/tuWNNxDWW0dNa9S8hR4GF
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: 62ce0923c0821b9aee3426e6ca654b59
SHA1: ae46bcd8e04c3c23c5333e980b60f57d5d27422f
SHA256: 3cbba9bcba9db6531743ae71af33a70d8ea99eb37996edb3d0622d3db90ab726
SSDeep: 24:0dZPXhVpj9pvx487KxRh2QLFpIi/HVN0fBK0LJv6/tJ5:0dZPx62K52QRH8bG5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 9.33 KB MD5: a2e312341b7175fa70d0fad8e9da9ed3
SHA1: 03b39047713c7a16738a5a6831db23c6ebd71f14
SHA256: 7727d3ac956d31d4b7fe09a65e0d95488082aa0289731cfbc767ad34f5f78661
SSDeep: 192:CWLlyETKXIAvF9omwMlzRcDY/cVAWaTyxJaWJj+cwSspzx5:WEWXISFWvMlz6KciaLaWJjl0v
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: 260e4f035be46bdb95287ece5b0575af
SHA1: 296f7fe525e375235f8598986e9792689d3b6cc8
SHA256: 48f8f2848c4ce94efe0872ca4fcc57a45cf0f444538e8f5bc80a5ccea4d47c92
SSDeep: 24:ejg2b8d8vP7SVdX/4Qj/KmsAp+Gk9kpCgT+9ir0dvcOTsnJuYP3tjp+wbMU/tJ5:eM2bmuQjjVp+Z9kp/T+NwJLtjp+PA5
False
C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id-B4197730.[lockhelp@qq.com].jack 68.33 KB MD5: d43aec27195e4e764f7dca874c4f532c
SHA1: 767486169bdfc0a23809a2c18ec6109bfc06758b
SHA256: d1e0eda4bccbf2c7a997b45f4d64a7aca7344388c875cccb879b33943942816c
SSDeep: 1536:OlaeLgC2C1GNYq5PKe0HYfZgQMS7FnLA/7iN12:Ia71CwS/ub7Qd
False
C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: cd10ace6d47e007607c44d066a5b46dd
SHA1: ab9e46376af4d71a690a36333a095cb08f7558fc
SHA256: fd27afbbb1f44144c8720cac51a60ce89ac0a6e6a03bc08aa2372d501bc374e6
SSDeep: 1536:0uLXK1EI5NlPjDxvyD/skWNrHosvCRmq0VyiQxo2l:0MolP5KgkWNE0q0Qa2l
False
C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: db52ea9982472092286f3e192f27dd85
SHA1: ea4b120b9c1b81348d45d2898075fc4e606c9206
SHA256: 0986ecfdb6f2f404b85cbe317d5b10560c333fd8df561ba2ea02a66fa3721fab
SSDeep: 1536:ifGbJZeYiKO7d15enQIGL3fJmVAOTQlANQCN0T4iKL:tbEKOJ15enQIGHO8lANgNI
False
C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 1.00 MB MD5: cf8180c186eccc5fc6ee7ad2d67e66bd
SHA1: 140d6da53fde5bb57fc1779d634c8136157e9727
SHA256: 75fa62f021b453897c1455c00467b686b0032adaaa257f040b78f589837878da
SSDeep: 24576:ug2YsykMZkqkxPsIRxj8Bmz3J6OlAFhTp+KlFikmQmDq:ug/s6ZRkxNxomN6OOQ6okmPG
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 390.48 KB MD5: e2a4d2b90bf222e27137515ed4e1c3ee
SHA1: e0fce5ec9de4116a62e8295da0744895a2947365
SHA256: 54e84d0ea2d59caba8b63b10458fb7b789a783bf2255ae36b1f42dbf4d7136ce
SSDeep: 12288:HRR006dY93N/3saQO3zOexA0fBOvR/KgDv:xkk3WoPDBiK+v
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 3.98 KB MD5: 273ed4bac1b4d2f21a0166576a69d5b0
SHA1: 2a417d15556787b2c454d0a6c52f0717243abf71
SHA256: 12c30387a7e77dfbb0b95449723c690e679da4a2488ae0b7d8afceb4d5d5c60d
SSDeep: 96:LgF52jrf7JanJ5n1c7ShmqtbbyWWMEdI548cMEsuo5:Lp74JV1cfqtbbyWWI53cMNR5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: e1ed9b331c2bf9d4c497a5407c374e20
SHA1: db10bef2d1359c7a6272a123021b20a9cde216bf
SHA256: 161fa24b5476310687625e628e33cba2da95cfb8c3938448fcec9719d066ab3a
SSDeep: 48:4yIf70GvHyLZnvyNBPAuQ1XsRcBecTy5IV7Z5:4yIfbylyNFNMZy5iF5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.73 KB MD5: 1d22d3313599357d16cf0cdda3664bd5
SHA1: bcc8a6ae6aec92af009e537231f27ea1583430e7
SHA256: dc4fa23b731b7388fa6c16205e3d486632355ba916eb23c57195e7a1a3dc365b
SSDeep: 48:UZkzk1glFrKzoprMvnHWgGP8CpKfsDKpTW75:Eko9uwv2gGP81SsTW75
False
C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: 08699d5b3d94435079a8af11612e2a47
SHA1: c654bf5bdc05cfe76055c21f9c3a6b855caa32e9
SHA256: 05258e34820116beba4bda6f4c7d7b31b15961a160c27a74820b3b7a7b8aca5b
SSDeep: 1536:l4l3X+2lff2rUzjAUMpCQHGnmmeKl0J1raqOSBG6nn6DRk:6lH0rLpNGmn403zVnR
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: ba2b34815a7bbd0d631e553c8257968e
SHA1: 780a3bdead0fe52875b803345d4d3022b6d634df
SHA256: 4ba58ffcddd0e1814584a8a4770fa85dfbb898d407f98b9115b66dfd7e2f4096
SSDeep: 24:QA0v+zwEe58xiYGnhnrJ8qswvhR/MConLTUJmq4ChL/srYawzO/tJ5:T0mcv5MRWhnrJHhBM5XUMq4ChFz65
False
C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 1.07 MB MD5: 5d155b3ccbd9cb60b771676f07f57b47
SHA1: 594afa83d09ff9109a5732ca431b224e605f181f
SHA256: c33bc0f6747d55b291e5ac99e10e2ba08c7773463b83dfc4585b560153662c7d
SSDeep: 24576:maOw/Uv3lur5R25hIqtEgWojbbabYPbS4maWVAZ1B4Upx2VtcQQC:lUvVuVM562EgWasT4maWm4UX2VtNQC
False
C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 2.82 MB MD5: 96689e413a9be405ad8a4a6188f7fccb
SHA1: 22320e8d87aa3d8acb5c2f0bce913b5a69255490
SHA256: 27d5de0902c3a097ff27a408423c5bf25aa5e8f8537ca4c94d4caf58ca86d298
SSDeep: 24576:Gaity+Jad4YOrfIYDQCVeZ0QLFKRHLsk2SphC:GN8PONp67KRrsMC
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 515.90 KB MD5: c9522325fe9d71ca1c72e00ec23be893
SHA1: f1bc4fbc00397cd13e2c73758a788398c8e55755
SHA256: f42c0c5c54bfb982351322ae744ba190c6c6c25c51bb2c3e2059c02c7449f8aa
SSDeep: 12288:/aoNmmwhjh0gsBhQ0BVLHD+kcjP30B5ZncUZ33LeJC9:yH1h0zBhQ0fD+hP30Bjn3Bb9
False
C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.35 KB MD5: ea945febe2ea926cdad5cd039c45e7f2
SHA1: 831cfc344d0d7cd8a425c5e6bc5da9cc44115fce
SHA256: d640c5257f610e4c5bc13a9ce2e4b46739471b9fb8b5688b98e893adf8da2292
SSDeep: 1536:W/JJVSz31Myszhuyq2orKcGB+5HJsDTaG/YqW4:WhJV231idj7/cuqHgOG/+4
False
C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 3813a5f60cc5916f5bffef0c027017bd
SHA1: 0939db4226f8dd8d05c1983d5e88475b16ab38ef
SHA256: cd76ae982435d0e7337406b54d68f332878428452e3ff6ef62cb8903404a00f2
SSDeep: 1536:z09Vl6/n0cbUDvY6LcUxhktRyY1rF9luHl5Tt:w9D4bUDeUoB1QV
False
C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: 7eb5ab42a97c23f758045adf9a1e0c1c
SHA1: 3307f45da02de03a0e5c387d9e0dce5396c163b4
SHA256: 4875dab477df29d72ec808f76255b566b7bf6f7001a83575507485c3beb49a08
SSDeep: 1536:P2/fZ5TJfbCczfN9gjGW0+MvvqxX9sTABKNyoXvZ37b27t3C:PA1GcDPZW0BvqxS0BRQxcS
False
C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.35 KB MD5: 85c9b576a2b2b8c2a3f16852b7b675bc
SHA1: 1da1630abed253086abc37a2243927a4ba5b29e4
SHA256: 02215184b5bd5a77d7d0d3f34b33173df7ea45e60e9c8b6ae0412a8168e7cf95
SSDeep: 1536:adqhtuUcPopVsMVKsrmHxhApIZsmEFBcARP/Gh26b:IQZesK0UVs2QuFb
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: b69a24aeddb4244f6608c1bf8767111e
SHA1: 68d138c98d5e125b652fd19fdd40744b42bf37aa
SHA256: 25967a2021e793c2b07acb34f65cbb0646066f8844b143af011c2645d58c4d80
SSDeep: 24:YUX66m1d9DwwYboPjzo+3qeGAq6f3qW96yomaHpzwAteXeCkU/tJ5:Yvr5Pj8eG8f3qW9x6kRL5
False
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: d8fe807e2e1b4ecea25c2b21c913f66d
SHA1: 137349acc78d73b963cfa748e52f7ce8a870307b
SHA256: 72865f8ee949480f2b9d34a826ba39082ca57045c22c93b593eee73b70d8f195
SSDeep: 1536:VJOoVShxTc+tshmUnwqmrE1ye1u5wzE98M619BpD1OBSkSUGEi14:VJOoOHUnwqDy998rcBSrvhq
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 3.61 KB MD5: 04c76d767eed2ce4b46087b7925e43ff
SHA1: 8cc77954cc999264fedf96ddfb8473b81c9405d1
SHA256: 361db54e2a208a3a9360e63a21a5ac108573ed4a8740a4a13f214172347c7de9
SSDeep: 96:zKAufUvBEHzBo1F0jAjgVPyz1wWbvzA5zjFEpk5:zKRUyHyFSAm+jzAnX5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: f78868746b8d714488f4425097e4ec90
SHA1: c31a88ee4e645622f7ca1d26f6f26de1cb183c18
SHA256: 894d9ec037b7185ff6bfe6fe3e6694af403e146bd2942f70efff8f02f61231f3
SSDeep: 24:72wUaYAPo1QEIeqq1NvPPt28W6mMwlCiHAyw9I6mZbgqGigQf/tJ5:72wUWoWheLnv928WuwIixw9yEVPu5
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack 1.54 KB MD5: ce18e136a22ee0338c09f187a8047107
SHA1: 35504ec9b50ec35d113aa2ebbcf069d46f54f928
SHA256: 0fc729709ad079739121ec805099b64dd2e68e64ae917fd371a7ec28c550341a
SSDeep: 24:sxeebxEFICNGdURjg8Mwv9vyGD9he29VPwaHEwS3fPNkyjYVca2lPK2g/tJ5:sxed7RsBSte29xBEZPiyjwePJk5
False
C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: f40ab517039778207d30eed95bb0c71e
SHA1: 55e3618936972a286e37357b2e9fde2ea89fa4a4
SHA256: 843287624171d163655b4e6a57e462e323a29edff3b2e417c3b389d2082210b9
SSDeep: 1536:j1r7QIPpGnFZ5oR/y/gGUKaTrlgSoPRp1evxkUleQDfrlocRpvQdwNj:1EIpEjlgcerijSkUe4xoWH
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF.id-B4197730.[lockhelp@qq.com].jack 9.06 KB MD5: d014634822d17292b75880b4298c1b95
SHA1: 9d699d4cd27d23a6112ce1857ebd006afcccac40
SHA256: 73ded09508c1e6f82afd09943fdf946cc723893729256902d3d05f05049b968b
SSDeep: 192:ELHhUl/wxXIWWaR0/n8czPxgvAMk/H0ywsJlhAqeKn+6UBWWhFp+l33mgQ+VznuW:w5FRN6xWAX/UKJtD+6+WW7QlWghu9wwW
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml.id-B4197730.[lockhelp@qq.com].jack 9.87 KB MD5: 6618095cce1bb750dfdb05933d7da9a8
SHA1: e22f161638659672582abab512753cbd67014307
SHA256: 75f9d79c3a56d4f211f1d55f6d9057b716e800a00cab084612717875493912f0
SSDeep: 192:6cz0WSPvH7mCFEsbZGGqipgkLnBbOHliSYha8SZTgsUEtzLut7PDgwbxJJBWR:l0WS3HbEsdGUpgkLnFYlKa8SZ9vutTDG
False
C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.33 KB MD5: f2fd85bee34268f88c79d278e3483559
SHA1: d2c38a7ffcc82b2c49497e4a4ee9f31de6164544
SHA256: 4a46ae1c2e32c06baf1e5e02009606ad8ba293b705c83491d2603ad895d8b88a
SSDeep: 1536:cx5jgQEqqrJvcFJ9OZ7M/xemK56HMocc7gDbv3NhWLL46qp/L:08QEq0JvOcMpemK+M47OvSY6aj
False
C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: 895ea8e86d4ce996f20558bb402acf2d
SHA1: 551bdbd968ad71434a1c1da86d910d726c4ed058
SHA256: 23a33e95a2625471a526c1f7a08a55df8479b807750ea8307d43e4e7a27981c8
SSDeep: 1536:BOA6jJjnlvt/fSOcBHUYUbgRejl8PLXYHuzuT:sA8qlSgRejlALIHB
False
C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml.id-B4197730.[lockhelp@qq.com].jack 640 bytes MD5: fefaabb6a95b840ca8406a654d76c1af
SHA1: 92ef8adb34b918c5aad30114e8ae82794e4f2b1f
SHA256: 839d382e01cf3983cc1c6226eadfcf7c13d9a14ed83c654eabd27a9396c305c7
SSDeep: 12:QNR+RD7LRjEwO791UX9xWrI5MGTD+F2gxjLq6Ms10jXM/5Q0ag9QOGZtqZxl:bV7ttOR1UXfCAMu8qqR/tJj
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF.id-B4197730.[lockhelp@qq.com].jack 6.76 KB MD5: 1b71f96a772f4c5de8ce14690551005d
SHA1: 7e9f30123102d0d08b498e428677fe8339cb90ef
SHA256: 9b26a3b8bfbe6b09ee96877c40b157226892e5a5c735c07294f4a3ba53f14866
SSDeep: 96:g6dzn0/+//JLGv03gA/OhJk0sLiG1iY0AJvH/fKzrquO2f9Sxn2KcqbOHUszbasu:TnRKsOhJwiY0GH/yzWL2f9Svp0U/Hf
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF.id-B4197730.[lockhelp@qq.com].jack 7.29 KB MD5: 02106c45f5bd5a49368a6d3e7faa6d40
SHA1: 76f3bc9b5271e7c9cb0f2838da1952aae756ba9a
SHA256: d25f11df291d4da85f42803e378db147ad35bcf751ea59837a40ed72f75db607
SSDeep: 192:dz6y2k/BrLbjjOZqoLzwjqkOxS6302iA6XfaE8f:BTbZrXGzeqdS1XyEq
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF.id-B4197730.[lockhelp@qq.com].jack 14.76 KB MD5: 462aae38661fbd4e22ab85223250f203
SHA1: c81685de2a48db82d07ffffd8e2e80b92b595ed0
SHA256: 43b27849312e8f326ffd9b93a33d51c046cf1159dd8903cf1670a78486033f62
SSDeep: 192:Q+LYkkv6QkOVItpBmcj48HPq8MJC0LkatC/8yzetZlfUna0T54RwFLeATF4a06zM:QgLX5PAYrHPgtC18ZlfUtTxLeAhi4o
False
C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 1.00 MB MD5: f56bc03b2fb2ce66b7ce1f52ec39aaf1
SHA1: 02c5c6672788245e7fd648633952eb4ed053c25e
SHA256: c9f59271e261bb1acb45cf9f34cbebf2b4557a8f425f9a875a0172a277bdaf6f
SSDeep: 24576:6cLFaEUCKFYIRgSV+6pS5UZ+FNh+9MM5l4I3o:6zEUdRVV+6DZ2M5l4I3o
False
C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: 1ffe20a08dc38b27551b7e80173b6327
SHA1: beac1eef76334dad5de8959332091bddad438492
SHA256: f3512f83d0e505300dcc4e592963a7c57d6c58dfa14e67b4159464a3845eaac2
SSDeep: 1536:XvSny34ue6uOpneTuzoR/bqJUlcPbxaNU5DBB:XKYbefOcT0oRjqqcPbxa65D3
False
C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.34 KB MD5: a2992abfa964d046bbc726d6fc849d70
SHA1: 6008c18797f7ae12c5764aa505ab79791f9174a7
SHA256: 4117a1f16eeacfeece0872c9c1d6f2ca05f565fda1fbb45bcb52898122b9bafd
SSDeep: 1536:QXDBJiqXKahoWgpNfKfwgGUAgZa4b0LPlSe0cQz0lLqeVCu:ITh85KfwgGMLgLPlgz011VCu
False
C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 62416af0d76b88ab6c256c7d3129bc21
SHA1: 092dd152a672aa392b8b6d3b38ed04416a4c4ef2
SHA256: fd0d97afa7cddcf6c3e40e366b33a7994bb981c45dbca1f8b1bd5158b67aaaed
SSDeep: 1536:ZGOFrLsIG4BCYu3LfDBBsTLnsqdTDqyYRRKm6:ZJJsQk3LfDBBs3hTDqyP
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF.id-B4197730.[lockhelp@qq.com].jack 7.75 KB MD5: 5af786ef868beddcc0d85123f67f092d
SHA1: 856febb79a24e7dc0f16dfa7f559873d25cb73e9
SHA256: 1c479a71458dd854d0afb28a3c450cb313b2e10692cfa8f4a1173316235d6286
SSDeep: 192:120ma1eLt+lgdZMPIt9t3OqkXlpW8/93BS/5BDMZf:3SSgduPKt+qSpvwW
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF.id-B4197730.[lockhelp@qq.com].jack 8.15 KB MD5: 39dbb37d87f538b1bbb59c182c0c1e30
SHA1: 56c296cdcf189e44db3564a49c8c9720e015496b
SHA256: cecca2c9f9afcca585798840a0bc4f60d966b58cb8aaec8bd20527ba79f5b533
SSDeep: 192:n2OmcPlZuLz+Rvr9dW44UbQsN77Uusv28YpqTjZ3Ljf:n2OLZaql7b41sd7Uuse8eAjZ3Lz
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF.id-B4197730.[lockhelp@qq.com].jack 3.42 KB MD5: 7d53acb76aca55a51e5dbf7e07a2d6da
SHA1: 75789788bed2396b547d477970fe4a29fd83e48f
SHA256: 0cf145ef6d6112a8b358fc63235c769ca6805a52e03a4e9b8235b2493638e199
SSDeep: 48:f3NakXz0LKO+rVChHlliaAKQa0hO0XAmagftgcqufWQ2vNsUiFyEi98PeiwDay6f:nO+rVovWxa0hO0wmagV3+fKw8Pry6f
False
C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 3f5dd88d28985152a784d8785d007da1
SHA1: bfd29aa395944d39302ef906f3251c5f3f130b4e
SHA256: 98c4286ea636729737fa833a255d453595caad705658594a5b2968cc89a9cd94
SSDeep: 1536:IZoE2nKAc0Hnhb23r/KRBw2kq0q+L4k7UkJkDoXZ:paAZHhjtMnp
False
C:\Logs\Microsoft-Windows-International%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: 1b9cf6182128b14c703d5f070cf670f6
SHA1: 5f9e549c4c8f7d731505a74214369cfaa2c72b25
SHA256: f9623605134ed1868b8c7d2b658f26876d1eb63e0f7f82a4166c03a28cd522ff
SSDeep: 1536:F4EVPzFRVdTX2fxLDfCLtVsfeIlaxHSH3JSUErOh6Zg1JStkaGuJZjucypcqw:FdVPzFxTmlfk7sftlaSJBUiCgXStHGuB
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF.id-B4197730.[lockhelp@qq.com].jack 11.86 KB MD5: a7443f3bc857a92fa5d1e05e4c01c19d
SHA1: 94b969b1fa38538c09f5763364fd8938666c5ab5
SHA256: 907e733d1527cd2f473f96abf6dc23f334920ba43ff2482e1b062034aa8475e5
SSDeep: 192:bEkH+64wkHJDN+RDVvPI5GikPV+wIP05Bdh4HXLsapslag7LW9cSrBBwgBulCf:bTH+64wkJsBV3bZPUwIcdWHXLsapslaF
False
C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: b2ac4c6756acc4f7013c650ee8c665ba
SHA1: c5519dace553f2e9b3b50b3a47996cf4d3f88628
SHA256: f71ff340e3dfc044216fef5a8648c8bdcc2b5cca4903ac3defbf1e00e9832d50
SSDeep: 1536:Ls4XJgGhnvVQhQ0kSdwBx5E4tpIcueJsx+J7GQI9qYljEQmgLnnZ2UJk264:Ld5jrqQewXd7ScJ7daXhElEnZ2UJk2L
False
C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: baea8945a0163285206fce20be6f415d
SHA1: e805269117c4dafa53123938b1455bfa33e019af
SHA256: 4c8f24282a27b9966e596284cc3aa7df9cdb3f5f3e072216badd9d341264fac0
SSDeep: 1536:8X/Gncl7sj4BnViTQVvBpmWvge71uNTziTjkDXFJs2DQC/KjfIK:8XuclnoTQVZ3gQoHW2nbmgK
False
C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 09100297a3015262020d1a5958066405
SHA1: f4a6fc332c3c58f48977ca30f21813a18bc1aa72
SHA256: a1b4193e1c267f6c331fb1b2cd88a1e90e629472214bfd45ee6c3571714de06c
SSDeep: 1536:VB4ReQhtwOe5JOoWMx+6bnLz69yCD/IExgvLFID8:V+ReQIzWkdnL+pgIgvLiD8
False
C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.33 KB MD5: f2c84a37ff1f087162e21c3f6dbcf3c6
SHA1: 2afba3dca22617d8833269f74b1efac2c7ed692a
SHA256: c7c2973ad54b6998681688926d6920f244d7f64d1d9447e7139a40c7a3f7c7ae
SSDeep: 1536:FBC9ktnnyl22HE7Ezonv6mWaeMTVzwIHh3jrX:zxtt2koMha6wIHhTz
False
C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.33 KB MD5: e83ab76edcace1287ce1fc0e89396b9a
SHA1: 32d340a20fef1ed491fb19dfcf629b473385d807
SHA256: 225b9d2fc1a022fa5e51241bec51f70eddfc6a8a21bda0839a3a4636e1dd707a
SSDeep: 1536:1RcuSggLh9cnQ3W/WLrCOjcdjkBu14FMZRUPz8KWw4GHl:89gecnQ3W/EC/jkBu14URUPIKWRGF
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF.id-B4197730.[lockhelp@qq.com].jack 764 bytes MD5: 53f629cdda2c002e86e931af0aac4e5d
SHA1: a7aac8079432093eb445fc838e0705d24b8ded32
SHA256: 7541ee7d2633651f6bebb88affb1d3368a6aafc83a8fd32d8f345d5c0259e6a2
SSDeep: 12:8pajhiag84m0tNQJ6tuhqjQkxqBh0xFxWmkWxwPMdb10rbVp/5Q0ag9QOGZtqZFl:8pajhiag8WtNQUu2QkxqBGF5k2HxuBpH
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF.id-B4197730.[lockhelp@qq.com].jack 748 bytes MD5: babb9c0d2ec5fe415548b871af5450c1
SHA1: 97e864ceb20e31e3174c39fb104ccd652947b200
SHA256: d881e1e3dc75dfc24274fc6a64aca758a768cd759f257e18d3994915ef126b3a
SSDeep: 12:3Zk5QLzdv995BqsftAqYIXLsO/vzkOTcvNbAlYi6Qp/US+MOYCSi7sOKL+db10m7:+QvfMEAqvbsw1itAl/7p/aPwLAj/tJf
False
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml.id-B4197730.[lockhelp@qq.com].jack 2.82 MB MD5: cd83aa564ed918236e0f37f54f63f041
SHA1: 49de81969cb43f649c896dc6fa922b5ae20526c0
SHA256: b5f77ae90174ddeaf0ad78cb26b6dd57086fa539f35d7142061bd5ec77df23b8
SSDeep: 24576:s0ICYO9+20z2BIXR3+tVhBoJakB0VPPtAHfyY:Vr0KBIh3+n0aW4PwL
False
C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 5343b31352496ec42c57cb1bec4a7c2a
SHA1: 17807f72a3ff2104b71b9b8d5ad8a177ee369e84
SHA256: 331b0fd9fc5a4e505c56492017c4d43ce25bbad9925bfdda6791a4d64c5dd5d5
SSDeep: 1536:Vz0WgloRixz+H+52JSaYxoAHnRDz/SCBiTd/dsI:mWglokU+52/Aog9zPmp
False
C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id-B4197730.[lockhelp@qq.com].jack 1.00 MB MD5: 71552e0abb2fb02f73d2d640361b3487
SHA1: bb06dbbc4d3d9690a5320d61e5ac4b91f3c5289b
SHA256: 80fcc68403245b09c9ee859eac01adad44b1316be7b4bc41935c8b137b24650f
SSDeep: 24576:bCBHtEDo+JlNW04Welqa0OoR2r8uno3u+piNBYlBT:bCBHt+J8rwOoTOo3fABwBT
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF.id-B4197730.[lockhelp@qq.com].jack 12.64 KB MD5: b3d9d1012224c7e616ef2c1ee0c98679
SHA1: 208e4b93491c82e7c43e336d52a3dbf7bfc70064
SHA256: 574a73204d9723512a7e42bcd3f02c06c3186d0bbb43628871ab57c02045271f
SSDeep: 192:libbpGhOwltBJa9HBJQo1AisQJagkAkWNi42HS5bW7tu+jPpVA+vKZnkWppujUcp:libKO8E4b0aqBI42T7tu+lMKF3J1mEH
False
C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: b5e2860c3240331fea258853a35bcf53
SHA1: 754a35e24efae76fb0768f1ee04fd76230313233
SHA256: 28e4f0870ac063338e29e0399218030e5c82945fc07c48d3e2dde99d5732c200
SSDeep: 1536:zv0O0FlXelNkzE8/lkXbIJxWQdBKG7qL5M3tXVsTq2ES8QtBjXp:D6XOzbiKXsBKh5M9lsZERMjXp
False
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: fbf702a278632423f8505a3c7e8b30f9
SHA1: 18265ab7ebbb1efd738953e9094a7cc88aebe961
SHA256: e438b1a1989aa725192225c35f73a4219747f388a9fe41a944ebdf477928fc13
SSDeep: 1536:hm2kvyrPckHyG8M1CsFVocPnVwHFKScztpr1XItsT:h/AybzFtf7Btl1YOT
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF.id-B4197730.[lockhelp@qq.com].jack 3.31 KB MD5: 7eab9fa2675554f3b55f54feca742f3a
SHA1: f6130001f4188203ce28c13caa242340453fce7e
SHA256: 7397a770d40efef1874799022f69b014e6456dd270618a12d52b469774c7be4d
SSDeep: 96:CYZwMJqdA7eRgl7ob99xghCI07CB8+fDMEf:CYZwM427eRgVO9s07Ce+Djf
False
C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 381d1287dc66f57698ac59daf14becbd
SHA1: 28a0b5aa45600537a0ab37dc62d599a6c4f445f9
SHA256: 6b4638f0ed97bc3ba7fb3622aaa20070f21030dc8bb7a86ed88548743e6eff2c
SSDeep: 1536:Nd6XYYrqCqGyKim0r7fIZNE3AfSYR5eCKhqfXvsQ81cb0k:SVqGyKiTUNHfSYRwCKhqf/svebz
False
C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: da319f6c20680b30471cd6a67631e271
SHA1: c6251944ed5a17614c0c00aa376501bd14fe1ac3
SHA256: f419047a6689f6c881a7de7960cb0f52b1d1b2102892313c5a8b41f8ba5fdc2b
SSDeep: 1536:zfPe3HGYJ5ByzPEwsi7UB1K2BL5YMV+wQbVEmzmsV5r6:ze3jzyzXD74KCtYM0zcy52
False
C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: cfd7e1664bf537c873bdd54ead29ef98
SHA1: 8d27878673fba7ec2631e8d70fdac4b1a742b2c5
SHA256: f27068a346d362d44cd8c61ddb854526d76b440723b7f783df22b7c36550c839
SSDeep: 1536:JNo1wdeYxhoUEP8WV3K8dis0IdnTHbQDg858r5ixoLNXBCG2:JSnYxhgvUhuTs8NYxoLJBn2
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF.id-B4197730.[lockhelp@qq.com].jack 12.43 KB MD5: 76a938de58ff9cadd8b0acedaa58236d
SHA1: be1aaff662cd0a4dc8434f1f89eedd96fe9af507
SHA256: 4f81794939ef86c4cb9dde859daaf1862ef0f908044d638011c26c422879c503
SSDeep: 192:dUiosVBkvTXmG1GEJXLPLBm8BKPeNea0mUllJahqC/wyUPM3FYFec42wNfqfZf:mTzmhALtBSeArMhB/wyr1mex2wVq5
False
C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: 5e2d01e04732d69879bfc98c0b19bb15
SHA1: 87932fb3a5ff4d6bec9c154fa8fbe32b076e783f
SHA256: 5f6838446e332fdf2485af0e05dfacb5995ba2a3a1a8a3470ff3b01ead9109b1
SSDeep: 1536:sTJQvtIyx7GslK83GkVjhak9Kdj+2R4KIA2nPSwUIvZRAt1924CfH:sTJQCD2j8em+E4KuPmIvzf
False
C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.29 KB MD5: 35d451f2ecb4d741c2dc3171da5c5844
SHA1: e6d3f734e1cddd110b2b2365ef7fa829790c27fc
SHA256: ce098da2efa612f301d72d70639e368b4674afa61ef3ba043dbfbae99806d1a7
SSDeep: 1536:JYBKpAAPQUz8UdAHgDffpklbs6fUsM1tvC9HvrtTMpMJdi16sdphBRU1:JEKpAAIZia5pMsMLC9PppG1lG
False
C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: 96cb5c7389df7aea2fb2c7a6f552181e
SHA1: 43e6734316c7f132ad0baed1dc4a1c52c0be9d9b
SHA256: 529bc9a2894161346d1551921fb6fe52a8162552cf9e87c2c94a0089315ced2d
SSDeep: 1536:RgLspbJ0zhVU6DFsOp3beMtyz1Nbgnrg91bmWDaolUf7uiR:iL4J0d+odfk1Wrg7bheoOBR
False
C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.id-B4197730.[lockhelp@qq.com].jack 68.29 KB MD5: 0578a6bd3290ac5720b60f7bbf81018e
SHA1: 3c9379361d5c6cc9ad1f43345e2424f5125b8585
SHA256: c28d0f022d51be0aeaff7960865703755f06a0e6dff7b239c953e1a7934ac20f
SSDeep: 1536:+dAxJjBvBe2i9s8pKFTTguF8ucKrsRNutGgpdjEf8dzb6f:mkJVB6Xy37f4RNub/jfd/6f
False
C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: 716deb6fcda7660edce976db034e9d1d
SHA1: ef9bb69b81640969f2be446ded8b1ff373439055
SHA256: 6c3dff9efdb3afec655b32f97bd5fd82b8045e46fd910bdb25bf493d1813f255
SSDeep: 1536:EKXa54aZtjVEdooxFWoe23JWQ5CEG++ax2V4F47S5ctDoOV:N8ZbEdlxFnehQ5Cqx2VN7S5eoOV
False
C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: 954dc15e6893956d517fab8e11a07076
SHA1: ef7a339692ccd9af6edcef752841dcb939a73606
SHA256: 74a94662d0a1ff933f28a3b11bd1d0fa86086c4fd302f151d29c839fb60d2e7d
SSDeep: 1536:kPOBVriyZK2CQn4FbgFYMEKmsNu6LQj4s+Fb:kP4rDZsQ4FbgFYAkfSb
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF.id-B4197730.[lockhelp@qq.com].jack 3.64 KB MD5: b26b21d2ece2a9cb62096002fcc1e236
SHA1: 5acbed5982c2adced89996cc22a08336714ff535
SHA256: 346039ddffa004ce2b8315613408ef0e2d8e9be5723243454e3630ff34f5bc3d
SSDeep: 96:C3zuSw0l4Et/kc3pM1LwmFcViV9McouYoDNHcDyf:0aRmr/kYgLwDViVVYoD+ef
False
C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id-B4197730.[lockhelp@qq.com].jack 68.37 KB MD5: d26ac79334c49876c598c33302b2cc8e
SHA1: e1dfb211b2c5fdf10f4d0f802c818a5a928f25af
SHA256: b243cd4ef46d953bf6307c690d1e3606a08a71199623cca310523cfe83be9d3b
SSDeep: 1536:qcgYafWgiEfVrKGlsrAwjtkTiMxs+WrJl8dQ6MsaEnSc0ya3y6R:mBfWgi+vlFwuiM++WdC13S9FtR
False
C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: bd84f4c00dbed12bc237a7a2fe83b64d
SHA1: ccb55b995746c7aa8fd2a94add248f04f8bebeb4
SHA256: 47ca1b62a230e2fc50ebea9a61d0bca97505011132381d4d4f0bbacc5694a9c5
SSDeep: 1536:pq6Eq6EWXADWDlf4Zs1qO0hDYk5vwFt9eJLCXya1E2ZIF:B/WGWpgGeD6FtwJ/a1jZs
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF.id-B4197730.[lockhelp@qq.com].jack 5.37 KB MD5: 5943ad622f91bc5114fc626e49b4e84c
SHA1: 5dfe9cb012c5994c36f5896cc0b093d84ed5c388
SHA256: 15a46cf71624dbe2025e68897660f841369631611c6e063c72ab6e650ccc02f0
SSDeep: 96:HLlECpgxvOVDcd1NtozsdynxgKWQWH/WAI/TKajL/i5yZNCa2+l9VH9f:HLlECpavOVcziC6gKWQWHfI/GAp24xf
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF.id-B4197730.[lockhelp@qq.com].jack 10.59 KB MD5: fbb36d3e9d858eb2af6101a21e02fcf9
SHA1: 2dddf63b6a4edcf2175e790825d4a439e7ff4305
SHA256: 7ab64a3c082be8327c10205fce0ab21251f180a4fe2f7b31224c0895dd48601a
SSDeep: 192:o4Cqhy3K+pFP++Gz0LPJyuiDybVz56c6y0ymi4PV8cIMGBCr6DoR00VGNDiajf:nC5/Gz0zJhiD2z56c69EMmcJ9GS004Xz
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF.id-B4197730.[lockhelp@qq.com].jack 5.15 KB MD5: 542ef58fb1d08e113523749b1d5f782d
SHA1: 9a15be6611f20c5638769e6af462730508dc7904
SHA256: 3b620fa299423be07c867ede5a0e5558b2ef19296fdb8ab8e9477db19d34967b
SSDeep: 96:vfZKmIdxLHbYVJ5MvF8+XSusMF9hnvjEkANt5QPRTV6nu/af:c9mMvF8HpMF9FvjE/NzXuyf
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF.id-B4197730.[lockhelp@qq.com].jack 5.43 KB MD5: 5cac812474891d8852a671f0c1d81772
SHA1: 1027efc2742756b39825f490337709ef321add2f
SHA256: 15833bb1598a6de3aa5732b724eba2ce1ec1a3b1d020f5adac75c15229c6cd41
SSDeep: 96:M+H71OW26wm+48+isZ3ACixC+zOETu6KDXiomJrZjmkQV63QpbM7++SZt9f:MG111tZ3QB6EdAO5YVmWM2xf
False
C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 235763f4af16d8e64383e2ea91aa169e
SHA1: 086c2e3c55946320f3989bab9646d9ac5581151d
SHA256: 1fdb1b995ff8c43c4f361dad5edd30b614e8bb859ce0023bd82eabcfa9f7ad00
SSDeep: 1536:ie9xUUl3Zknm4NHEwFMhbNoni36Fgu8LKAJwCRjprB4:ie9vJkn/tE1hbNX4oKkVFK
False
C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: df102603e2944f082c530247e0b98846
SHA1: 6597c505e37d54d5552146796d3105da43694a21
SHA256: 481601ce5a4e33f7f447049916b12340111abed84e6109fe29f9030c3320ca26
SSDeep: 1536:Xx4luUhORjToaSJNrahf8slDFTMFfkLoqyZgcbdv:Xm4UhwmnGCslpTMuLlyZgc1
False
C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 9836daeccc07baa2e18dd81889ed1f1a
SHA1: 1beecc173a5250cb167935494d4a036c07c944ac
SHA256: d900245b523ec6f853bd0cfe5aa6ddaafb47902acc936b147e83c03bb552c3ce
SSDeep: 1536:8ZGvtAby11Gmy/wizTdt7bPJ+e9RiOaIWMlWgTyyh6:8ovybuG/wizTXbPJ+5kW7gGv
False
C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.35 KB MD5: b5dd3a4fc5561936cdb27f8b9bdd1b5c
SHA1: fbd859d5b6776cfff6c3ea8f704f6213bd7ad2cc
SHA256: fd433067ce9a7d455e77cb5d9e7ed5ecaf1305c3e4080e8b7f5eea5381972935
SSDeep: 1536:UkOe/O8J97PA2JthXg+c+JDvb7nizvW+ysx8CAy2n67g/n:URe/Jjj3c+JL3nuPafy2nAgf
False
C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 37dd98865edb2fb8752a70e7d9dde1b6
SHA1: 3bb6f821c0d428d53a9c942a8e26effc14f51997
SHA256: 8b76ec096ccfdde7660979d5055e206334766f89c9b373363426ed71dfbdcc7b
SSDeep: 1536:agSYNLLx4mVJSWe3sP7u3dV8HM2TOLs9ly9YOnmXMN4UQtHn:MULjVve3sPYdGHM29/CN2
False
C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: 9d23628ddeebd1421fe629a70fb5d825
SHA1: 465faa8fb249d1ab71b7722aa732a3a8992cd473
SHA256: d8b9b52f2f6d7e999458f5ea3cba32c114bbf492c9219dea8ed78c5cdaa126f5
SSDeep: 1536:133u1vI0r8BPr48o2Vaie6pYFeQaH2Sx8PP0GyH+SL:1uLr8i8poSpGiWSx830mSL
False
C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: b963ac6503691369373509fa42f21c2f
SHA1: e145b21462759832d336c711cbd18d3007b8f333
SHA256: e0ee5ce40177e1f7b3fdac728bcb53abd00892f0dccf78b15072be17c77d847a
SSDeep: 1536:+FC78rLXQ9chAEVVHF6OLpnCNiJU6nU1cU5ztCv+av8Pp7:+F0wXQAAELHkmNW6PU5EGavo
False
C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: a1c44600950ab0b4b0c3deb85bdbc373
SHA1: d38ada6bd30110b8fd48dd31ef5442bc77ae0f8c
SHA256: b761d4cc445820854644da70fe94193faac48c9f973fa6b0721e550ecfb25eea
SSDeep: 1536:7nC0Ia9HggNTjz9eMN4JU5Cu8o1VJH56TI2dJJ1MfiNL:7nCna9xNkUoul1fH5MI2t1Mfid
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF.id-B4197730.[lockhelp@qq.com].jack 7.64 KB MD5: dde01cadb3581f2ef5cf54b7c38095b5
SHA1: 49d4fe859c80c44125a8de6d1a50ea51bbada962
SHA256: 145042e501f0b6114baa2e7f04fbc2159c55346b7d0d5d9096f58b2e0f0821c9
SSDeep: 192:K6yx3RArH1Uk4TZ9E0tPNi0cKX9+vUrIq0PxHFUZPHIX8pH/Of:0xhM1Uk2XLtPfluuIq05uZAs9/c
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF.id-B4197730.[lockhelp@qq.com].jack 1.36 KB MD5: 67ec25615d1a1d0a61ae26be8f6a6abf
SHA1: e4532d14f97a446272477383c948e8a2500b1772
SHA256: dec9d531cb36e24ebdfb1e931e637e0062de27bfab1747e88b5e7b78b63f6bd3
SSDeep: 24:t5Y+GntY4MCv2E7CVBjZtCcCOvmu7n1UGn136Cdv2HMmByJUDOxp/tJf:t5jGntJv/2V1ZtW6mu7n1hl7dOH6U6xJ
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF.id-B4197730.[lockhelp@qq.com].jack 5.07 KB MD5: aca2aacbb0d02204dc68626e9ee65221
SHA1: be0a8f9de683f9d780bcbe3d92bfe51c02af60f1
SHA256: 2aa832f8638bafdabd1e52157b02d7c7083893bcea89a4e92304ea3a3bb6eadf
SSDeep: 96:tt1hXUXWNefaq0SEfIwQdyMHXdVMvfZIclhM0ed01Yvn2r0Mu1d/qRDlhrf:tvhXgoeBnEfI5dyM/8ZIcPBedcYv2r0I
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF.id-B4197730.[lockhelp@qq.com].jack 15.18 KB MD5: fdbcae17818a74245dd6c02c37a9441d
SHA1: d7dc62e2a3d1e675ebb565d8acd977afe4743a5c
SHA256: 1d93edd9719f9f899f081b25526e461f94610b623b77e90b272328c822a56b2a
SSDeep: 384:l1LkVzk5GzMtQ9OqYNMFHLxfXtVryLrEUls6eoTghTz15:l2Vw5lQNFH11VryvZa6evn15
False
C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.id-B4197730.[lockhelp@qq.com].jack 1.00 MB MD5: d1526540f0f28f9d882b026002696aee
SHA1: e6ec9330f8329e67313c387087f07ec720942387
SHA256: ad60f14a630b7aef4ba52298eb7eb5cb9b07275a7691bd6f8b6e1969f68949c2
SSDeep: 12288:l6op5lmpBt7bb27YdHkVpDKDNaBR/iHrjDYLuZrL3FjSGV3yOG+73q7yZL5DPE6c:Upr67swRYjtZrL3tSGV3HXa7gmPB2rDw
False
C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: a31f3d7a095ec37ecbf23d3878ca4270
SHA1: 6be287f47095e67e19e8d27e0c2cbfc7c7725445
SHA256: 0afa6a34e65ced6b09cd5c5223fd0c4395efa2c34bccd534fbfea79674508a97
SSDeep: 1536:Fo3LwfCo7/jDcdaczX1HQ/bexzu0GrJK3i0ETL1tgqTLa/Xvk:FEUrDS7wbOyprJK3i0w1ev8
False
C:\Logs\Microsoft-Windows-Store%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: 66cc5c2ac39f70d1b76e15edb649d24e
SHA1: 28f1a25fc4b00d92a678bbaf4aedc9a9f66a6ded
SHA256: a7e568639aa51b8966afeec3d62e2a9bd5cde1e43d3366100bcd715d798a903f
SSDeep: 1536:jGDtJB1M2k877xn5Ne3Jv+Q2dtNLDpuFXj+sNSgv9WT:CDXw+ZG3JgfDpuAy1A
False
C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: 02392272c8aedf09b16ebdb0dcaf2ebb
SHA1: 0443c0093db70e43e3c2f5e2cff109482c2fee30
SHA256: 54c9372562abcf157a2eea7bf0295948c3fbb157bcd1371dec4e281b471c108c
SSDeep: 1536:ybl21BTgSHFU3OHJEjMPM9ezY2sTk+hXUsnY+bpGfXHTyKDoW0dZLEImVwvRhRqk:ybl21JnHueHcZezYD7XG+ArWLXv0Eky
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF.id-B4197730.[lockhelp@qq.com].jack 7.06 KB MD5: bf6015e2ea022e00c7e6b789671778a8
SHA1: 560ee2c05eeaf7a3f1919bad1f9978806f8c7cc8
SHA256: f3e7a336899e2cfb9dd89b08cabb5d5538b9112abbc92356220451509fcb7504
SSDeep: 192:QVCa/ClvrDq+WKpBdDXbC3qetCmFL7txK1glkVXbf:QUFlvf4Kp7TbC3qRmFL7tx9ar
False
C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 2b7985c86a76e7963852a0327ea73260
SHA1: ff4df498ecb199ea2450573f3b0df5e2fc44f4bb
SHA256: 0d650fc306d23a724681d2f92cd4826376b6bc78ac27935b8e475a857e1bccaa
SSDeep: 1536:HkyzMeSoHOBddKHjOgSDkdjWhxzH9ZFZtR62kFm18p52MFW8Gg:HPVOQjmkdUFrwis2h8Gg
False
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack 68.35 KB MD5: afc214da648d375712d14bb1020ab93e
SHA1: ea0b9caae906a8b329184bcba530b2f4464c0315
SHA256: cb718316cecbe880c7840eb74d20ea225f89bedb43a184b2bbd71a5e8723d6a4
SSDeep: 1536:+SD4zwrPGWlHSPAZiSzHbYt2/fN2+zX2nPDKF5zc:+ZwTlyP43Qt2HN2C2nPDWY
False
C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.36 KB MD5: 1102059c9334e2a34554363ecc3cc969
SHA1: 79768d61a407fa601752374da2da3afbfead62aa
SHA256: b80b3bc8699510e550b378a0c86d07fe8e9529f5950609622f2c8b0beac6c23b
SSDeep: 1536:a7uPyrf8qbcFmAHPKHtQ+ABTvdCKo9KZzqVAdlEPqt2DxVYzIKP:aKPyYqbcKHjqTpzZmVwlQ/G
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF.id-B4197730.[lockhelp@qq.com].jack 5.01 KB MD5: 6923b42087313345c0eef2e99fc7443c
SHA1: 82de6f2b227c04bec4fdedf2ef90b1b687cb47c4
SHA256: d37662af0aedcbf6aee84290438e88d57fe0e0e8416cb4211ee51cd681e527d2
SSDeep: 96:TatvmA49ZN3WJclDcH/vQKoiJoKDIBv7Q2opVPhvyf:MvmB9Zw2cLth0v7xwV4f
False
C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: bc9bad03fb778c9aa0aabb798e22e36f
SHA1: 523b3bd8905c6006003964ace39403a853ae69da
SHA256: ed658147137d84683df04beb069f5c96627293b646d048d04029b12df4ca1b31
SSDeep: 1536:dtcoAq9FiUjD9RCagtlFxZL7BjKgaJ94wLDcIeItSQVOD:3FiUjDrVgt/TPBaDcIeCOD
False
C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.33 KB MD5: ad48f8b874dcca1d7eaadfc7adfedab6
SHA1: 6c78bf6bdca31e6eace3e09b484557358bfed9ba
SHA256: b102ffc1545d112858e977e1f83022a88c4bf51f30bd6792b087540b9907e2a7
SSDeep: 1536:4VPrdkmVFS01qzlBIZ1OW0rq1xO/j9cmdW3v1o277PI0R:4HxVFS00B8Of2+erv
False
C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.37 KB MD5: 03283974fa18da67e650adf6264551d8
SHA1: d63437608ca13ee8ca1e92952eccff5a7b5555ff
SHA256: ce9124036cfd9935e9b895281666a7274cfc9192a77ae7c4bcc26eee75de1a9e
SSDeep: 1536:rGWsCBosMxskjm/GlILQ6zf+TfxqbIZVEQDEQVtob7OH8Dyk:9uR1jmOoQ6Kf0bIzDEytgOcuk
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF.id-B4197730.[lockhelp@qq.com].jack 9.28 KB MD5: aacdad37914bf800433f758be164cc4b
SHA1: e42439587287fdcfa8e23f3ddd75064fb3e24318
SHA256: 9610a0983c5cb90af1801bf48f4e38fbfa0d62fb7625af6c184b2a881d31804d
SSDeep: 192:mwCwMU1KVweflCRPoFLVwGXjFapMRuwFcF+gv+X4KpWxW8ZcB1pf:mDwMUEVXtQAFLikjFFFcwgv+oKcpZ81R
False
C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 9052e2fb6b96774b476f6b42bf9e9b4a
SHA1: 7433bc6b3a4fbb214e60c51d1bfc25968f1b8202
SHA256: 033d3acefd2e7b6c0de3251966fda8148764c6cda3e787125bc02db0f3ae61f7
SSDeep: 1536:FYYIw02q6fGnQoqdfgjPFG1MsdRflw66J6S:e2788YLUq6k6S
False
C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: b2d972c2ab7bafce01b778db95683789
SHA1: 484e50f4b65547698b249ccda60226133bc03b25
SHA256: 9ce5f2c6ba8f7809995653d94e1eaeafe1afa9bd6205cab75bb5f11a817bcf54
SSDeep: 1536:fY9L7JQ7KrmGP+YxKe2zm/QZJM6HbduWB3:fY594KiGP+YxXf4BHpuC
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF.id-B4197730.[lockhelp@qq.com].jack 13.18 KB MD5: 5ca639eb287953c63645f66a3e4e29ae
SHA1: 1ac83339f4df820cbddb0124542744c3c972beda
SHA256: b33c5bb00ffb1019be215c82f6f64a809c691b60cb5a3c0edd40ff8bb7210bb9
SSDeep: 384:jIyOvGIUzXrQFjST7EofpACT/0mIBO9lpEW:+GIUXQATwoxACTPIBOpB
False
C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: aac8692456082a1e29bf0f5e7ffb7a1f
SHA1: 9d9db7a4be68b47c87c87a90c95b94ee5267c015
SHA256: d09735f7e2d4ed6a9637976bf20c53429df20971c9d83ae323d962bf1d3eeeb8
SSDeep: 1536:FcYqTNy9WmPVFV6yZzW7lkTm3h4+eFf2s1J5cuF6qjLXWgds:mYqU9/PjRZ67ljhUFf2s1JXFjX3O
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF.id-B4197730.[lockhelp@qq.com].jack 5.48 KB MD5: a16809d7d41d852a81d6b8a5d1064fda
SHA1: fd70374c03df60e240e3633d9764e05fe0c3dc75
SHA256: 217652ce566f4a77e6d64cac3661ad74e3123de4af6c14012a0c222af310c2cb
SSDeep: 96:XZxFDa5nsyQsqNGr/MkPqI5ndn13zSvOwVTlbupwi2jqd3CiMB8UzPP4HsQGlf:j+n9q+R1p1yTlCprd37UzPPKof
False
C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.33 KB MD5: 2c28ecf337e4a72fd3ca6ebe4011c904
SHA1: a260fee6c64eadfa310ec5303cc2f98e689c796a
SHA256: 0d4cc9b440583454add2b59fd855776c2a0f3f6daabc3606949efdb67d4c65cb
SSDeep: 768:UkXGWPqtGfBppUugH+ShS5976eHzKf7LyrUfxVeR/qhSUj3BorCSzuxxHHYbQGOd:Ti+gHbg9WeHeMw7e0H5SyoplBWYZFjRi
False
C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.30 KB MD5: 8636d809c4762cd736acfc8fa8556233
SHA1: 62e58cb768557251c19705584ce050ba74901b4d
SHA256: 0891a7a75a2cec04d993e978b7fdcdec6265eb9e692a6ff1dc7107fa979f079a
SSDeep: 1536:KvJ8unEEMTwkdjF2wuSt4P1+lPue0V1f+3ydJZEoYC:IE7IwakFha23GZEg
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF.id-B4197730.[lockhelp@qq.com].jack 4.53 KB MD5: 90bdc64073af7bfbb71ce38142567fb2
SHA1: c38acce9ca503d630ffb4af9e5c74a7c1140312f
SHA256: 0edb5375632a671b8db0f9e340d71a58f409b92e34bce5f3ddad880c56d899ce
SSDeep: 96:NvYt6F8uXiS3AIDxMSoXhwKEEu+Y42JDmzwhuY6ahbUAehtf:NYsQIQxZT9vPzYuGJUAKf
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF.id-B4197730.[lockhelp@qq.com].jack 8.62 KB MD5: ded398339d38c99914f7b423736733fe
SHA1: 2fc87e6569c32a7fe80a803f5f50710d7150cf8f
SHA256: 61d43caa938328a08be56a6c0898e6b5017abd314210c032e393d02e1e797bd2
SSDeep: 192:yHxhUV37BLubiKNL/R+cRPoDi3Wt81PKvtdqV+kG3DlXhf:yHD6RuJRtoDi3WSNKvtQTQXZ
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF.id-B4197730.[lockhelp@qq.com].jack 5.14 KB MD5: a3c567701b2e46f9ee9d14cc9d87094e
SHA1: 3105cf16703c3475a973946da0c74b40f13b9ee5
SHA256: b6775a7f634632f176c5c4b3fc3f55918aca4c7a76bda6a16c903b7353e175a8
SSDeep: 96:nFVngUeNQLIa/PaQ3BxYnyC8wacNelM+PCytnLsuEP2Sw7DEXG+7DwTU4UKbRb68:jiNYIGPlYngXoelNCytLsfY8QThUaRb7
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF.id-B4197730.[lockhelp@qq.com].jack 4.11 KB MD5: 76a940874f6545b1c85866d79e84fc10
SHA1: d78d1dd438cd5dc5ed88efc5b24a27d5504c1e13
SHA256: 4a183987071f1272e008db40eefbb81aa1029533e32e29283391b8cd1fa20153
SSDeep: 96:OM/CeNnNsWuSTNOoGRcajDmNtgB/wg4a3RxDikhl81ww/GCziu9gjsJss4B4f:6e9OWXINcSBIg40R5iwlLeZzp9g4Jmqf
False
C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx.id-B4197730.[lockhelp@qq.com].jack 68.38 KB MD5: 48a828405cca170f08c1152a2a436369
SHA1: ddcb08fe7837368c0879933c62d0272be75ef479
SHA256: 883b7e13a07a92e69d2f0d8caa3a4d9df735716e84d165d1d671806d8b60bf44
SSDeep: 1536:pSQg8AOR7AiiZ0dNt/wJPjqZYlWTrItjDpUe8H9+KF3b2xxI4:dBAaAskJPjikamjDpUeJKF3CR
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF.id-B4197730.[lockhelp@qq.com].jack 3.29 KB MD5: 468fa13669d3dd7a1b293aba154fdcc9
SHA1: 9f9b74210b3b956b60490df0c94f99e9d41c447a
SHA256: 83a2d900b3f3dd6b3ca6f132b058b000a8baee50ff5ef0a686e215f8f19cea9f
SSDeep: 96:IITjboJB7yNHlWQu54bMxkX6L7H1tid/aEXMrf:IZBisp4bMxkX6L7ofQf
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF.id-B4197730.[lockhelp@qq.com].jack 4.86 KB MD5: 33df7ca5da446b9d97720c0c6bef6fc6
SHA1: 5f214ad9b3e32ed2a72c50da63a62e238abf1711
SHA256: 2fb8d1065a1309a3a1326c44ffdef09d009b10b2fdd4edc35e96583809eaefa1
SSDeep: 96:E14JxQ1H0TYJMmNqnbWl/JE2/VMM8NldbvwcYRy1dBrSXHKVDPqr7w+f:E1441HAYJMbiJEqGM8NlBKEdpOHKtIf
False
C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx.id-B4197730.[lockhelp@qq.com].jack 68.31 KB MD5: 2d89694241e8150e5a6f1b95f84b3069
SHA1: 96881d3bf4093fb20a9a47e67a9e5fbd97ddd930
SHA256: aaad1edfa41ac2bbbad6080892ee50ede9fd38ccd29687a59ed8ae4130d37c05
SSDeep: 1536:Oxd0MK9URpS1z7yIQPPZb+kgM/m7BBGZUWknwwJ2vvKJhwKdc6Cew1vmVb6:OLFK9UREyIQPhC7OMILgwwwpuQe16
False
C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx.id-B4197730.[lockhelp@qq.com].jack 68.33 KB MD5: 2f261a8bc8bb9504f7049168d2332f87
SHA1: ddeb1d7b4ba797ff3b2f6c4f3613808fb8a05aab
SHA256: f62887a59ac03683cbc819def38f51eb2c2b7235f452394d5b8be6a901ab449b
SSDeep: 1536:BwhSHKGt4NYx2hTu6l3OtrHRG3Vfnssh5ENaJg668CuSTm2a6ePW/+T9cQlA:BTKGWoYTurEVkW2Yg668QTMRXtA
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF.id-B4197730.[lockhelp@qq.com].jack 20.34 KB MD5: 73751c86151cf0a7460909d5afe5bbe7
SHA1: 37c6d48a213c791a7f880b23a3583275f23721b0
SHA256: 3ed09aeed3def83ea6ba3e0d7700192188dc516316f91126c8961c82089f04ce
SSDeep: 384:+xSaRyfGb+TmfeDO5A3MCp9QiWMNnkPNy075zpmeKUqDZefGgX32keK+ZM:+4MwmGC5A3MCpPZajKm3HqC
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF.id-B4197730.[lockhelp@qq.com].jack 5.79 KB MD5: 11b8d272b0135dd1066bb28b4befa7b3
SHA1: 04e4418c718531c1fb27de5685fdb0b91e46cbcb
SHA256: 8d501b6eba7307de835f46b673f0a8603d543aaf19e3ce8709e1f5ff11f67ab3
SSDeep: 96:ak4S2ZtZOYegR9W3f4tXFQrLV8JH99/Fdi5TJ0NylILIXIr4gfjw7W6Bsu1mf:ak4S2ZtZOBu9iKXQV+HfPi5TJxgIXqfr
False
C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack 68.32 KB MD5: 2d0d040864ebb078f15c6391156e2d78
SHA1: f2adc59e2d4d3929e950fcfa3e79978c0dab2e20
SHA256: ec197e87cfde3f46f99ecad97efc9638cd49a833b9359d0d1629132283331e9f
SSDeep: 1536:GVjlwXO31PA+9aYa+1XjIzrjJGLxtdTdBMuOVr572gfnv1WIpWgcR:0jlR31Pj9aY6rotDtOVn0+WgcR
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF.id-B4197730.[lockhelp@qq.com].jack 3.54 KB MD5: 0ac84a9b2d32eb4f8ba4033663e562bd
SHA1: b845898b5e095d4d89933ac3d760dd0af94a73a1
SHA256: 00fd9600724f89b6d3eadf30c228697b59b79ce9b3771d77fef767bf914fe84d
SSDeep: 96:KbG0LHPFfbdpIhwpzYvC/+nYOqvoJchDvSf:KbNzdfbTxZYvaRJ1DKf
False
C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF.id-B4197730.[lockhelp@qq.com].jack 3.20 KB MD5: e7f274a486d4ab0749e61cafbd6a8a01
SHA1: 263955327c1c2c501bf54d5044de5691433e4182
SHA256: ddf89a9d88e67df37fe7aaa54b0e8d447c7630cd209870efe05f3da3ebe40005
SSDeep: 96:7ycjX0+ZiyD7kWPwrGO+oz9Tiy2ILXJX1Tf:7ZbAGOjz9TpLNRf
False
Host Behavior
COM (1)
»
Operation Class Interface Additional Information Success Count Logfile
Create 0002DF01-0000-0000-C000-000000000046 00000000-0000-0000-C000-000000000046 - False 1
Fn
File (3688)
»
Operation Filename Additional Information Success Count Logfile
Create C:\Users\FD1HVy\Desktop\Pg.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
Create C:\WINDOWS\System32\Pg.exe desired_access = GENERIC_WRITE True 1
Fn
Create C:\Users\FD1HVy\Desktop\Pg.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 2
Fn
Create C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pg.exe desired_access = GENERIC_WRITE True 1
Fn
Create C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Pg.exe desired_access = GENERIC_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\preoobe.cmd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\SetupComplete.cmd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\GetCurrentRollback.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-18\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-18\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1025\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1025\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1025\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1025\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1028\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1028\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1028\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1025\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1025\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1028\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\SetupComplete.cmd desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\SetupComplete.cmd.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\preoobe.cmd desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\preoobe.cmd.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\$WINRE_BACKUP_PARTITION.MARKER desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1025\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1029\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\GetCurrentRollback.ini desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1029\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1029\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1028\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1029\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1028\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1028\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1029\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1030\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1030\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1030\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1030\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1030\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1030\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1029\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1029\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1030\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1030\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1030\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1031\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1031\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1031\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1029\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1029\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1031\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1031\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1031\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1031\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1031\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1031\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1032\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1032\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1032\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1025\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1025\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1033\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1033\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1028\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1028\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1035\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1035\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1035\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1036\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1036\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1036\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1032\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1032\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1032\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1032\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1032\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1032\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1037\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1037\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1037\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1038\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1038\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1038\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1033\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1033\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1033\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1033\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1033\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1033\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1035\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1035\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1035\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1040\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1035\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1035\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1035\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1041\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1041\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1041\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1036\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1036\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1036\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1036\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1036\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1036\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1042\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1042\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1042\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1037\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1037\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1037\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1043\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1043\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1044\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1044\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1044\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1037\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1037\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1045\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1045\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1045\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1046\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1046\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1046\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1040\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1040\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1049\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1049\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1049\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1053\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1053\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1053\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1055\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1055\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1055\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1038\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1038\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1038\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2052\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2052\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2052\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2070\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2070\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2070\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1038\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1038\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1038\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3076\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3076\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3076\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1040\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1040\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1040\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1040\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1040\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1040\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3082\SetupResources.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3082\SetupResources.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3082\SetupResources.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\DisplayIcon.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\DisplayIcon.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Print.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate1.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate1.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate1.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Print.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Print.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate2.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate2.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate2.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate3.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate3.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate3.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1041\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1041\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1041\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate4.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1041\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1041\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1041\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1042\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1042\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1042\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate4.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate4.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1042\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1042\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1042\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate5.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate5.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate5.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate6.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate6.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate6.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate7.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate7.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate7.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1043\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate8.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1043\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1043\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1043\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1043\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1043\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Save.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate8.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Rotate8.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Save.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Save.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1044\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1044\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1044\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1044\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1044\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1044\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1045\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1045\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1045\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1045\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Setup.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Setup.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\Setup.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\stop.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\stop.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\stop.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\SysReqMet.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\SysReqMet.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1046\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1046\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1046\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\warn.ico desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\warn.ico desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Graphics\warn.ico.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1046\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1046\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1046\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1049\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1049\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1049\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1049\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1049\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1049\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Core.mzz desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Core.mzz.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\588bce7c90097ed212\1053\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1053\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1053\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1053\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1053\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1053\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1055\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1055\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1055\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1055\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1055\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1055\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2052\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2052\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2052\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2052\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2052\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2052\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Core_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Core_x64.msi.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\588bce7c90097ed212\2070\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2070\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2070\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2070\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3076\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3076\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3076\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3076\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3076\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3076\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2070\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\2070\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1045\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\1045\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Core_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Core_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Core_x86.msi.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3082\eula.rtf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3082\eula.rtf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3082\eula.rtf.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3082\LocalizedData.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Client\Parameterinfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Client\Parameterinfo.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Client\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Client\UiInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Client\UiInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Client\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Extended.mzz desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Extended.mzz.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\588bce7c90097ed212\DHtmlHeader.html desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\DHtmlHeader.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\DHtmlHeader.html.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Extended\Parameterinfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Extended\Parameterinfo.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3082\LocalizedData.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\3082\LocalizedData.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Extended\UiInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Extended\UiInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Extended\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\header.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\ParameterInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\ParameterInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\ParameterInfo.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\header.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\header.bmp.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupUi.xsd desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupUi.xsd desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupUi.xsd.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SplashScreen.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SplashScreen.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SplashScreen.bmp.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Strings.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Strings.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Strings.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\UiInfo.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\UiInfo.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\UiInfo.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\watermark.bmp desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\watermark.bmp desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\watermark.bmp.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\BCD.LOG desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\BOOTSTAT.DAT desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\BOOTSTAT.DAT desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\BOOTSTAT.DAT.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\updaterevokesipolicy.p7b desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\BOOTSECT.BAK desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Extended_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\BOOTSECT.BAK desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\BOOTSECT.BAK.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Extended_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Extended_x64.msi.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Extended_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Extended_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\netfx_Extended_x86.msi.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\Content.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\Content.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\RGB9RAST_x64.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\RGB9RAST_x64.msi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\RGB9RAST_x64.msi.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Common Files\System\ado\adovbs.inc desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\desktop.ini.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Common Files\System\ado\adovbs.inc desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\RGB9Rast_x86.msi desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\RGB9Rast_x86.msi desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\RGB9Rast_x86.msi.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Setup.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Setup.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Setup.exe.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupEngine.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupEngine.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupEngine.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupUi.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupUi.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupUi.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\README.txt desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\README.txt desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\README.txt.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupUtility.exe desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupUtility.exe desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\SetupUtility.exe.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\sqmapi.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\sqmapi.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\sqmapi.dll.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\Welcome.html desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\Welcome.html desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\Welcome.html.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\AppXManifest.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\AppXManifest.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\Program Files\Microsoft Office\FileSystemMetadata.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\FileSystemMetadata.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\FileSystemMetadata.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office16\OSPP.HTM desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office16\OSPP.HTM desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office16\OSPP.HTM.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office16\OSPP.VBS desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office16\OSPP.VBS desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office16\OSPP.VBS.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office16\SLERROR.XML desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office16\SLERROR.XML desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\Office16\SLERROR.XML.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Boot\BCD desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\BCD.LOG1 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\BCD.LOG2 desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\bg-BG\bootmgr.exe.mui desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\bootspaces.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\bootspaces.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\bootvhd.dll desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\bootvhd.dll desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\Fonts\meiryon_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\Fonts\meiryo_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\Fonts\msjhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\Fonts\msjh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\Fonts\msyhn_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Boot\Fonts\msyh_boot.ttf desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\bootmgr desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\BOOTNXT.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\hiberfil.sys desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Create C:\Logs\Application.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Application.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Application.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\HardwareEvents.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\HardwareEvents.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\HardwareEvents.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Internet Explorer.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Key Management Service.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Key Management Service.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Key Management Service.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE, GENERIC_READ True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-International%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-International%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-International%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Known Folders API Service.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Known Folders API Service.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Known Folders API Service.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-MUI%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-MUI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-MUI%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-MUI%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-MUI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-MUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Store%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Store%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-Store%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
Create C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx.id-B4197730.[lockhelp@qq.com].jack desired_access = GENERIC_WRITE True 1
Fn
Read C:\$Recycle.Bin\S-1-5-18\desktop.ini size = 1048560, size_out = 129 True 1
Fn
Data
Read C:\$Recycle.Bin\S-1-5-18\desktop.ini size = 1048560, size_out = 0 True 1
Fn
Read C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini size = 1048560, size_out = 129 True 1
Fn
Data
Read C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini size = 1048560, size_out = 0 True 1
Fn
Write C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-B4197730.[lockhelp@qq.com].jack size = 144 True 1
Fn
Data
Write C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-B4197730.[lockhelp@qq.com].jack size = 234 True 1
Fn
Data
Write C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id-B4197730.[lockhelp@qq.com].jack size = 144 True 1
Fn
Data
Write C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id-B4197730.[lockhelp@qq.com].jack size = 234 True 1
Fn
Data
Write C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id-B4197730.[lockhelp@qq.com].jack size = 4784 True 1
Fn
Data
Write C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id-B4197730.[lockhelp@qq.com].jack size = 260 True 1
Fn
Data
Write C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id-B4197730.[lockhelp@qq.com].jack size = 4464 True 1
Fn
Data
Write C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id-B4197730.[lockhelp@qq.com].jack size = 264 True 1
Fn
Data
Write C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi size = 4144 True 1
Fn
Data
Write C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi size = 256 True 1
Fn
Data
Write C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.id-B4197730.[lockhelp@qq.com].jack size = 656 True 1
Fn
Data
Write C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini.id-B4197730.[lockhelp@qq.com].jack size = 234 True 1
Fn
Data
Write C:\Program Files\desktop.ini.id-B4197730.[lockhelp@qq.com].jack size = 176 True 1
Fn
Data
Write C:\Program Files\desktop.ini.id-B4197730.[lockhelp@qq.com].jack size = 234 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif size = 184848 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt.id-B4197730.[lockhelp@qq.com].jack size = 1424 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt.id-B4197730.[lockhelp@qq.com].jack size = 232 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif size = 244 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id-B4197730.[lockhelp@qq.com].jack size = 7808 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id-B4197730.[lockhelp@qq.com].jack size = 246 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif.id-B4197730.[lockhelp@qq.com].jack size = 8592 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif.id-B4197730.[lockhelp@qq.com].jack size = 232 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id-B4197730.[lockhelp@qq.com].jack size = 12256 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id-B4197730.[lockhelp@qq.com].jack size = 252 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 160 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 244 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif.id-B4197730.[lockhelp@qq.com].jack size = 15280 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif.id-B4197730.[lockhelp@qq.com].jack size = 238 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip.id-B4197730.[lockhelp@qq.com].jack size = 14160 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip.id-B4197730.[lockhelp@qq.com].jack size = 234 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 176 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 258 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 176 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 258 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 160 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 262 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 160 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 258 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 160 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 262 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt.id-B4197730.[lockhelp@qq.com].jack size = 4240 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt.id-B4197730.[lockhelp@qq.com].jack size = 238 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat.id-B4197730.[lockhelp@qq.com].jack size = 105504 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat.id-B4197730.[lockhelp@qq.com].jack size = 228 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\README.txt.id-B4197730.[lockhelp@qq.com].jack size = 48 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\README.txt.id-B4197730.[lockhelp@qq.com].jack size = 232 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt.id-B4197730.[lockhelp@qq.com].jack size = 63936 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt.id-B4197730.[lockhelp@qq.com].jack size = 280 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt.id-B4197730.[lockhelp@qq.com].jack size = 145184 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt.id-B4197730.[lockhelp@qq.com].jack size = 266 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\Welcome.html.id-B4197730.[lockhelp@qq.com].jack size = 960 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\Welcome.html.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\FileSystemMetadata.xml.id-B4197730.[lockhelp@qq.com].jack size = 288 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\FileSystemMetadata.xml.id-B4197730.[lockhelp@qq.com].jack size = 256 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 160 True 1
Fn
Data
Write C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif.id-B4197730.[lockhelp@qq.com].jack size = 262 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office16\OSPP.HTM.id-B4197730.[lockhelp@qq.com].jack size = 174544 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office16\OSPP.HTM.id-B4197730.[lockhelp@qq.com].jack size = 228 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office16\OSPP.VBS.id-B4197730.[lockhelp@qq.com].jack size = 94480 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office16\OSPP.VBS.id-B4197730.[lockhelp@qq.com].jack size = 228 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1536 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 387360 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office16\SLERROR.XML.id-B4197730.[lockhelp@qq.com].jack size = 36352 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\Office16\SLERROR.XML.id-B4197730.[lockhelp@qq.com].jack size = 234 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\AppXManifest.xml.id-B4197730.[lockhelp@qq.com].jack size = 786700 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\AppXManifest.xml.id-B4197730.[lockhelp@qq.com].jack size = 262144 True 3
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 800880 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 253728 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 763376 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1048560 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 19456 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 496528 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 2160 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 2160 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 2
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 76384 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 215888 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 14928 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 343344 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 357360 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 65008 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 9232 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 399536 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 3760 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1456 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 527968 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 1264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 3376 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml.id-B4197730.[lockhelp@qq.com].jack size = 384 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml.id-B4197730.[lockhelp@qq.com].jack size = 256 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.id-B4197730.[lockhelp@qq.com].jack size = 318 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 9040 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml.id-B4197730.[lockhelp@qq.com].jack size = 9840 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml.id-B4197730.[lockhelp@qq.com].jack size = 262 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 6688 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 7232 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 14880 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 7696 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 8112 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 3264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 11904 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml.id-B4197730.[lockhelp@qq.com].jack size = 786714 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 528 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 512 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 12704 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml.id-B4197730.[lockhelp@qq.com].jack size = 262144 True 3
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 3152 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 12496 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 3488 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 5264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 2608 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 10608 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 5040 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 5328 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 7584 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 1152 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 4960 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 15312 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 13264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 6992 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 4896 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 9264 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 5376 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 4400 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF size = 8592 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 5024 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 3968 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 3136 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF.id-B4197730.[lockhelp@qq.com].jack size = 4736 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF.id-B4197730.[lockhelp@qq.com].jack size = 20592 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF.id-B4197730.[lockhelp@qq.com].jack size = 5696 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 3392 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF.id-B4197730.[lockhelp@qq.com].jack size = 3040 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF.id-B4197730.[lockhelp@qq.com].jack size = 236 True 1
Fn
Data
Write C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00914_.WMF.id-B4197730.[lockhelp@qq.com].jack size = 10848 False 1
Fn
Delete C:\588bce7c90097ed212\1049\LocalizedData.xml - True 1
Fn
Delete C:\588bce7c90097ed212\1055\LocalizedData.xml - True 1
Fn
For performance reasons, the remaining 2629 entries are omitted.
The remaining entries can be found in glog.xml.
Registry (8)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = 83, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ True 1
Fn
Write Value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run value_name = Pg.exe, data = C:\WINDOWS\System32\Pg.exe, size = 52, type = REG_SZ True 1
Fn
Process (2127)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\cmd.exe os_pid = 0xf44, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE True 1
Fn
Enumerate Processes - - True 2097
Fn
Enumerate Processes - - False 29
Fn
Module (65)
»
Operation Module Additional Information Success Count Logfile
Load api-ms-win-core-synch-l1-2-0 base_address = 0x74ea0000 True 2
Fn
Load api-ms-win-core-fibers-l1-1-1 base_address = 0x74ea0000 True 2
Fn
Load api-ms-win-core-localization-l1-2-1 base_address = 0x74ea0000 True 1
Fn
Load KERNEL32.dll base_address = 0x75e90000 True 1
Fn
Get Handle c:\windows\syswow64\kernel32.dll base_address = 0x75e90000 True 17
Fn
Get Handle c:\windows\syswow64\ntdll.dll base_address = 0x77bb0000 True 3
Fn
Get Handle c:\windows\syswow64\advapi32.dll base_address = 0x761b0000 True 2
Fn
Get Handle c:\users\fd1hvy\desktop\pg.exe base_address = 0x400000 True 1
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\pg.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Pg.exe, size = 260 True 1
Fn
Get Filename - process_name = c:\users\fd1hvy\desktop\pg.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Pg.exe, size = 32767 True 1
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = InitializeCriticalSectionEx, address_out = 0x74f97060 True 2
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = FlsAlloc, address_out = 0x74f9bea0 True 2
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = FlsSetValue, address_out = 0x74f92550 True 2
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = FlsGetValue, address_out = 0x74f870c0 True 1
Fn
Get Address c:\windows\syswow64\kernelbase.dll function = LCMapStringEx, address_out = 0x74f7ed00 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetNativeSystemInfo, address_out = 0x75ea5130 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetProcAddress, address_out = 0x75ea51b0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LoadLibraryA, address_out = 0x75ea5a80 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = WaitForSingleObject, address_out = 0x75efeca0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = InitializeCriticalSectionAndSpinCount, address_out = 0x75efebb0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = LeaveCriticalSection, address_out = 0x77bfb250 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = GetLastError, address_out = 0x75ea5010 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = EnterCriticalSection, address_out = 0x77bfb2d0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = ReleaseMutex, address_out = 0x75efec20 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = CloseHandle, address_out = 0x75efeab0 True 1
Fn
Get Address c:\windows\syswow64\kernel32.dll function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 True 16
Fn
Service (87)
»
Operation Additional Information Success Count Logfile
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 3
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 3
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 3
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 3
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE False 1
Fn
Enumerate database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 3
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 2
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 3
Fn
Open Manager database_name = SERVICES_ACTIVE_DATABASE True 1
Fn
System (397)
»
Operation Additional Information Success Count Logfile
Get Computer Name result_out = NQDPDE True 1
Fn
Get Cursor x_out = 1053, y_out = 121 True 3
Fn
Sleep duration = -1 (infinite) True 1
Fn
Sleep duration = -1 (infinite) False 1
Fn
Sleep duration = 500 milliseconds (0.500 seconds) True 28
Fn
Sleep duration = 100 milliseconds (0.100 seconds) True 67
Fn
Get Time type = Ticks, time = 175781 True 1
Fn
Get Time type = Ticks, time = 180671 True 1
Fn
Get Time type = System Time, time = 2019-05-15 00:26:58 (UTC) True 1
Fn
Get Time type = Performance Ctr, time = 18432709218 True 1
Fn
Get Time type = Ticks, time = 184296 True 3
Fn
Get Time type = Ticks, time = 188343 True 2
Fn
Get Time type = Ticks, time = 189734 True 4
Fn
Get Time type = Ticks, time = 190187 True 2
Fn
Get Time type = Ticks, time = 190531 True 2
Fn
Get Time type = Ticks, time = 190656 True 2
Fn
Get Time type = Ticks, time = 191140 True 4
Fn
Get Time type = Ticks, time = 191750 True 2
Fn
Get Time type = Ticks, time = 192312 True 4
Fn
Get Time type = Ticks, time = 192843 True 2
Fn
Get Time type = Ticks, time = 193328 True 4
Fn
Get Time type = Ticks, time = 193750 True 2
Fn
Get Time type = Ticks, time = 194265 True 2
Fn
Get Time type = Ticks, time = 194671 True 4
Fn
Get Time type = Ticks, time = 196187 True 4
Fn
Get Time type = Ticks, time = 196500 True 2
Fn
Get Time type = Ticks, time = 197828 True 4
Fn
Get Time type = Ticks, time = 198000 True 2
Fn
Get Time type = Ticks, time = 198109 True 2
Fn
Get Time type = Ticks, time = 198218 True 2
Fn
Get Time type = Ticks, time = 198421 True 2
Fn
Get Time type = Ticks, time = 198890 True 4
Fn
Get Time type = Ticks, time = 199203 True 2
Fn
Get Time type = Ticks, time = 199687 True 2
Fn
Get Time type = Ticks, time = 199984 True 4
Fn
Get Time type = Ticks, time = 200453 True 2
Fn
Get Time type = Ticks, time = 200734 True 2
Fn
Get Time type = Ticks, time = 200953 True 2
Fn
Get Time type = Ticks, time = 201062 True 4
Fn
Get Time type = Ticks, time = 201718 True 2
Fn
Get Time type = Ticks, time = 202062 True 2
Fn
Get Time type = Ticks, time = 202359 True 4
Fn
Get Time type = Ticks, time = 203187 True 2
Fn
Get Time type = Ticks, time = 203546 True 4
Fn
Get Time type = Ticks, time = 203656 True 2
Fn
Get Time type = Ticks, time = 203765 True 2
Fn
Get Time type = Ticks, time = 203875 True 2
Fn
Get Time type = Ticks, time = 203984 True 2
Fn
Get Time type = Ticks, time = 204125 True 2
Fn
Get Time type = Ticks, time = 204484 True 2
Fn
Get Time type = Ticks, time = 204625 True 4
Fn
Get Time type = Ticks, time = 204750 True 2
Fn
Get Time type = Ticks, time = 204859 True 2
Fn
Get Time type = Ticks, time = 204968 True 2
Fn
Get Time type = Ticks, time = 205125 True 2
Fn
Get Time type = Ticks, time = 205234 True 2
Fn
Get Time type = Ticks, time = 205578 True 2
Fn
Get Time type = Ticks, time = 205687 True 4
Fn
Get Time type = Ticks, time = 205796 True 2
Fn
Get Time type = Ticks, time = 205906 True 2
Fn
Get Time type = Ticks, time = 206015 True 2
Fn
Get Time type = Ticks, time = 206125 True 2
Fn
Get Time type = Ticks, time = 206234 True 2
Fn
Get Time type = Ticks, time = 206343 True 2
Fn
Get Time type = Ticks, time = 206453 True 2
Fn
Get Time type = Ticks, time = 206562 True 2
Fn
Get Time type = Ticks, time = 206671 True 2
Fn
Get Time type = Ticks, time = 206781 True 4
Fn
Get Time type = Ticks, time = 206906 True 2
Fn
Get Time type = Ticks, time = 207015 True 2
Fn
Get Time type = Ticks, time = 209343 True 4
Fn
Get Time type = Ticks, time = 209640 True 2
Fn
Get Time type = Ticks, time = 209984 True 2
Fn
Get Time type = Ticks, time = 210093 True 2
Fn
Get Time type = Ticks, time = 210218 True 2
Fn
Get Time type = Ticks, time = 210328 True 2
Fn
Get Time type = Ticks, time = 210437 True 4
Fn
Get Time type = Ticks, time = 210578 True 2
Fn
Get Time type = Ticks, time = 210671 True 2
Fn
Get Time type = Ticks, time = 212703 True 4
Fn
Get Time type = Ticks, time = 212812 True 2
Fn
Get Time type = Ticks, time = 212921 True 2
Fn
Get Time type = Ticks, time = 213031 True 2
Fn
Get Time type = Ticks, time = 214140 True 4
Fn
Get Time type = Ticks, time = 214484 True 2
Fn
Get Time type = Ticks, time = 214593 True 2
Fn
Get Time type = Ticks, time = 214703 True 2
Fn
Get Time type = Ticks, time = 214812 True 2
Fn
Get Time type = Ticks, time = 214921 True 2
Fn
Get Time type = Ticks, time = 215046 True 2
Fn
Get Time type = Ticks, time = 215156 True 4
Fn
Get Time type = Ticks, time = 215265 True 2
Fn
Get Time type = Ticks, time = 215375 True 2
Fn
Get Time type = Ticks, time = 215484 True 2
Fn
Get Time type = Ticks, time = 215593 True 2
Fn
Get Time type = Ticks, time = 215734 True 2
Fn
Get Time type = Ticks, time = 215843 True 2
Fn
Get Time type = Ticks, time = 215953 True 2
Fn
Get Time type = Ticks, time = 216062 True 2
Fn
Get Time type = Ticks, time = 216171 True 4
Fn
Get Time type = Ticks, time = 216281 True 2
Fn
Get Time type = Ticks, time = 216390 True 2
Fn
Get Time type = Ticks, time = 216500 True 2
Fn
Get Time type = Ticks, time = 216609 True 2
Fn
Get Time type = Ticks, time = 216734 True 2
Fn
Get Time type = Ticks, time = 216843 True 2
Fn
Get Time type = Ticks, time = 216953 True 2
Fn
Get Time type = Ticks, time = 217062 True 2
Fn
Get Time type = Ticks, time = 217171 True 2
Fn
Get Time type = Ticks, time = 217281 True 4
Fn
Get Time type = Ticks, time = 217390 True 2
Fn
Get Time type = Ticks, time = 217531 True 2
Fn
Get Time type = Ticks, time = 217625 True 2
Fn
Get Time type = Ticks, time = 217734 True 2
Fn
Get Time type = Ticks, time = 217843 True 2
Fn
Get Time type = Ticks, time = 217953 True 2
Fn
Get Time type = Ticks, time = 218078 True 2
Fn
Get Time type = Ticks, time = 218187 True 2
Fn
Get Time type = Ticks, time = 218296 True 4
Fn
Get Time type = Ticks, time = 218406 True 2
Fn
Get Time type = Ticks, time = 218562 True 2
Fn
Get Time type = Ticks, time = 218687 True 2
Fn
Get Time type = Ticks, time = 218796 True 2
Fn
Get Time type = Ticks, time = 218906 True 2
Fn
Get Time type = Ticks, time = 219015 True 2
Fn
Get Time type = Ticks, time = 219125 True 2
Fn
Get Time type = Ticks, time = 219234 True 2
Fn
Get Time type = Ticks, time = 219343 True 4
Fn
Get Time type = Ticks, time = 219453 True 2
Fn
Get Info type = Hardware Information True 2
Fn
Get Info type = Operating System True 1
Fn
Get Info type = Operating System True 2
Fn
Mutex (4)
»
Operation Additional Information Success Count Logfile
Create mutex_name = Global\syncronize_N7AZK6A True 1
Fn
Create mutex_name = Global\syncronize_N7AZK6U True 1
Fn
Open mutex_name = Global\syncronize_N7AZK6A, desired_access = SYNCHRONIZE False 1
Fn
Open mutex_name = Global\syncronize_N7AZK6U, desired_access = SYNCHRONIZE False 1
Fn
Environment (1)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 1
Fn
Data
Process #2: cmd.exe
249 0
»
Information Value
ID #2
File Name c:\windows\system32\cmd.exe
Command Line "C:\WINDOWS\system32\cmd.exe"
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:03:09, Reason: Child Process
Unmonitor End Time: 00:05:20, Reason: Terminated by Timeout
Monitor Duration 00:02:10
OS Process Information
»
Information Value
PID 0xf44
Parent PID 0x6d8 (c:\users\fd1hvy\desktop\pg.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D3C
0x DEC
Host Behavior
File (188)
»
Operation Filename Additional Information Success Count Logfile
Get Info C:\Users\FD1HVy\Desktop type = file_attributes True 2
Fn
Get Info STD_OUTPUT_HANDLE type = file_type True 11
Fn
Get Info STD_INPUT_HANDLE type = file_type True 5
Fn
Open STD_OUTPUT_HANDLE - True 28
Fn
Open STD_INPUT_HANDLE - True 72
Fn
Read STD_INPUT_HANDLE size = 1, size_out = 1 True 60
Fn
Data
Write STD_OUTPUT_HANDLE size = 38 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 2 True 4
Fn
Data
Write STD_OUTPUT_HANDLE size = 52 True 1
Fn
Data
Write STD_OUTPUT_HANDLE size = 24 True 3
Fn
Data
Write STD_OUTPUT_HANDLE size = 36 True 1
Fn
Data
Registry (17)
»
Operation Key Additional Information Success Count Logfile
Open Key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System - False 1
Fn
Open Key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor - True 1
Fn
Open Key HKEY_CURRENT_USER\Software\Microsoft\Command Processor - True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 4, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Read Value HKEY_CURRENT_USER\Software\Microsoft\Command Processor value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Process (4)
»
Operation Process Additional Information Success Count Logfile
Create C:\WINDOWS\system32\mode.com os_pid = 0xdd8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Create C:\WINDOWS\system32\vssadmin.exe os_pid = 0xd90, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL True 1
Fn
Get Info C:\WINDOWS\system32\mode.com type = PROCESS_BASIC_INFORMATION True 1
Fn
Get Info C:\WINDOWS\system32\vssadmin.exe type = PROCESS_BASIC_INFORMATION True 1
Fn
Memory (2)
»
Operation Process Additional Information Success Count Logfile
Read C:\WINDOWS\system32\mode.com address = 747455586304, size = 1952 True 1
Fn
Data
Read C:\WINDOWS\system32\vssadmin.exe address = 587268820992, size = 1952 True 1
Fn
Data
Module (10)
»
Operation Module Additional Information Success Count Logfile
Load NTDLL.DLL base_address = 0x7ff931f40000 True 1
Fn
Get Handle c:\windows\system32\cmd.exe base_address = 0x7ff7c18e0000 True 1
Fn
Get Handle c:\windows\system32\kernel32.dll base_address = 0x7ff92fdd0000 True 2
Fn
Get Filename - process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetThreadUILanguage, address_out = 0x7ff92fdea990 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = CopyFileExW, address_out = 0x7ff92fdee830 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = IsDebuggerPresent, address_out = 0x7ff92fdee300 True 1
Fn
Get Address c:\windows\system32\kernel32.dll function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 True 1
Fn
Get Address c:\windows\system32\ntdll.dll function = NtQueryInformationProcess, address_out = 0x7ff931fe56b0 True 1
Fn
System (1)
»
Operation Additional Information Success Count Logfile
Get Info type = Operating System True 1
Fn
Environment (25)
»
Operation Additional Information Success Count Logfile
Get Environment String - True 8
Fn
Data
Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps True 3
Fn
Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 3
Fn
Get Environment String name = PROMPT False 1
Fn
Get Environment String name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe True 1
Fn
Get Environment String name = KEYS False 1
Fn
Get Environment String name = PROMPT, result_out = $P$G True 2
Fn
Set Environment String name = PROMPT, value = $P$G True 1
Fn
Set Environment String name = =C:, value = C:\Users\FD1HVy\Desktop True 1
Fn
Set Environment String name = COPYCMD True 2
Fn
Set Environment String name = =ExitCode, value = 00000000 True 1
Fn
Set Environment String name = =ExitCodeAscii True 1
Fn
Process #4: mode.com
0 0
»
Information Value
ID #4
File Name c:\windows\system32\mode.com
Command Line mode con cp select=1251
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:03:26, Reason: Child Process
Unmonitor End Time: 00:03:31, Reason: Self Terminated
Monitor Duration 00:00:04
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xdd8
Parent PID 0xf44 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 174
0x F74
Process #5: vssadmin.exe
0 0
»
Information Value
ID #5
File Name c:\windows\system32\vssadmin.exe
Command Line vssadmin delete shadows /all /quiet
Initial Working Directory C:\Users\FD1HVy\Desktop\
Monitor Start Time: 00:03:36, Reason: Child Process
Unmonitor End Time: 00:05:20, Reason: Terminated by Timeout
Monitor Duration 00:01:44
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0xd90
Parent PID 0xf44 (c:\windows\system32\cmd.exe)
Bitness 64-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username NQDPDE\FD1HVy
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D10
0x B60
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image